Add missing firefox profile from previous commit

2025-08-30 05:47:59 +00:00 · 2008-11-21 11:26:27 +00:00 · 2008-11-21 11:26:27 +00:00 · f1348fb693
commit f1348fb693
parent 1e3e427263
2 changed files with 61 additions and 110 deletions
--- a/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox
+++ b/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox
@ -0,0 +1,61 @@
+# Last Modified: Wed Nov  5 03:45:39 2008
+#include <tunables/global>
+
+/usr/lib/firefox/firefox {
+  #include <abstractions/base>
+  #include <abstractions/bash>
+  #include <abstractions/consoles>
+  #include <abstractions/dbus>
+  #include <abstractions/fonts>
+  #include <abstractions/gnome>
+  #include <abstractions/kde>
+  #include <abstractions/nameservice>
+  #include <abstractions/user-download>
+  #include <abstractions/user-write>   
+
+
+  deny /usr/lib/firefox/firefox.sh x,
+
+  /bin/bash rix,
+  /usr/lib/firefox/firefox rix,
+
+  /etc/gai.conf r,
+  /etc/gnome-vfs-2.0/modules/ r,
+  /etc/gre.d/ r,
+  /etc/gre.d/* r,
+  /etc/mailcap r,
+  /etc/mime.types r,
+  /etc/mtab r,
+  /etc/opt/kde3/share/applications/ r,
+  /etc/opt/kde3/share/applications/mimeinfo.cache r,
+
+  /opt/kde3/share/applications/ r,
+  /opt/kde3/share/applications/mimeinfo.cache r,
+
+  owner @{proc}/*/mounts r,
+  @{proc}/meminfo r,
+  @{proc}/sys/kernel/ngroups_max r,
+
+  /usr/lib/**.so mr,
+
+  /usr/share/applications/ r,
+  /usr/share/applications/* r,
+  /usr/share/gvfs/remote-volume-monitors/ r,
+  /usr/share/gvfs/remote-volume-monitors/* r,
+  /usr/share/locale-bundle/**.mo r,
+  /usr/share/mime/**.xml r,
+  /usr/share/mozilla/extensions/** r,
+
+  /var/cache/gio-2.0/defaults.list r,
+  /var/cache/libx11/compose/* r,
+
+  owner /var/run/gdm/*/database r,
+  owner @{HOME}/.ICEauthority r,
+  owner @{HOME}/.beagle/ToIndex/* rw,
+  owner @{HOME}/.fontconfig/* r,
+  owner @{HOME}/.mozilla/extensions/** rw,
+  owner @{HOME}/.mozilla/firefox/** rw,
+  owner @{HOME}/.mozilla/firefox/*/*.sqlite k,
+  owner @{HOME}/.mozilla/firefox/*/.parentlock k,
+
+}
--- a/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox-bin
+++ b/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox-bin
@ -1,110 +0,0 @@
-# vim:syntax=apparmor
-# Last Modified: Fri Feb 17 17:48:58 2006
-# $Id$
-# ------------------------------------------------------------------
-#
-#    Copyright (C) 2002-2005 Novell/SUSE
-#
-#    This program is free software; you can redistribute it and/or
-#    modify it under the terms of version 2 of the GNU General Public
-#    License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-#include <tunables/global>
-
-/usr/lib/firefox/firefox-bin {
-  #include <abstractions/X>
-  #include <abstractions/audio>
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/consoles>
-  #include <abstractions/gnome>
-  #include <abstractions/kde>
-  #include <abstractions/nameservice>
-  #include <abstractions/user-download>
-  #include <abstractions/user-write>
-
-  capability sys_nice,
-
-  /bin/bash mixr,
-  /bin/ps mixr,
-  /bin/grep mixr,
-  /bin/netstat Px,
-  /etc/SuSE-release r,
-  /etc/X11/.kstylerc.lock rw,
-  /etc/X11/.qt_plugins_*rc.lock rw,
-  /etc/X11/.qtrc.lock rw,
-  /etc/X11/fs/config r,
-  /etc/ld.so.cache mr,
-  /etc/mailcap r,
-  /etc/mime.types r,
-  /etc/mozpluggerrc r,
-  /etc/gnome-vfs-*/modules r,
-  /etc/gnome-vfs-*/modules/*.conf r,
-  /etc/pango/* r,
-  /etc/opt/kde3/share/applications/mimeinfo.cache r,
-  /etc/rpc r,
-  /etc/sysconfig/clock r,
-  /usr/lib/GConf/2/gconfd-2 Px,
-  /usr/lib/gnome-vfs-*/modules/*.so mr,
-  /usr/lib/gtk-*/**.so* mr,
-  /usr/lib/pango/**.so mr,
-  /usr/share/applications/*.desktop r,
-  /usr/share/applications/defaults.list r,
-  /usr/share/applications/mimeinfo.cache r,
-  /usr/share/icons r,
-  /usr/share/icons/** r,
-  /usr/share/locale/** r,
-  /usr/share/pixmaps r,
-  /usr/share/themes/** r,
-  /opt/kde3/bin/kde-config mixr,
-  /opt/kde3/share/applications/**.desktop r,
-  /opt/kde3/share/applications/mimeinfo.cache r,
-  @{PROC}/[0-9]*/cmdline r,
-  @{PROC}/[0-9]*/maps r,
-  @{PROC}/[0-9]*/stat r,
-  @{PROC}/net/if_inet6 r,
-  @{PROC}/sys/vm/heap-stack-gap r,
-  /usr/bin/m4 rmix,
-  /usr/bin/mozplugger-helper rmix,
-  /usr/java/jre*/plugin/*/ns*/libjavaplugin_oji.so mr,
-  /usr/lib/browser-extensions/firefox r,
-  /usr/lib/browser-plugins r,
-  /usr/lib/browser-plugins/*.so mr,
-  /usr/lib/browser-plugins/*.xpt r,
-  /usr/lib/firefox/** r,
-  /usr/lib/firefox/**.so mr,
-  /usr/lib/firefox/firefox-bin mixr,
-  /usr/lib/jvm/java-*/** r,
-  /usr/lib/jvm/java-*/**.so mr,
-  /usr/lib/jvm/java-*/jre/bin/java_vm mixr,
-  /usr/lib/ooo-*/share/fonts/** r,
-  /usr/share/applications/*.desktop r,
-  /usr/share/applications/mimeinfo.cache r,
-  /usr/share/ghostscript/fonts r,
-  /usr/share/icons r,
-  /usr/share/mime/** r,
-  /usr/share/zoneinfo r,
-  /var/X11R6/compose-cache/* r,
-  /var/run/dbus/system_bus_socket w,
-  @{HOME}/.fonts r,
-  @{HOME}/.fonts.cache-1 r,
-  @{HOME}/.gnome2_private w,
-  @{HOME}/.gtk_qt_engine_rc lrw,
-  @{HOME}/.icons r,
-  @{HOME}/.java/deployment/cache/javapi/** lrw,
-  @{HOME}/.java/deployment/log/* lw,
-  @{HOME}/.java/deployment/* r,
-  @{HOME}/.kde/share/config/* r,
-  @{HOME}/.kde/share/config/gtkrc-* r,
-  @{HOME}/.macromedia/** r,
-  "@{HOME}/.macromedia/Macromedia/Flash Player/**" rw,
-  @{HOME}/.mailcap r,
-  @{HOME}/.mime.types r,
-  @{HOME}/.mozilla/appreg rw,
-  @{HOME}/.mozilla/firefox/** lrw,
-  @{HOME}/.mozilla/plugins r,
-  @{HOME}/.mozilla/plugins/** mlrw,
-  /tmp/hsperfdata_*/[0-9]*  m,
-}