Hi!
Im trying to setup apparmor on my computer.
Im trying to confine firefox-esr to just the necessary staff.
Config files and Download, Desktop directory.
This is my config file and i cant understand why it doesn't work. It
allows me to save everywhere i want.
I attach my apparmor profile
Thanks in Advance!!
# Last Modified: Fri Feb 8 16:08:56 2019
#include <tunables/global>
/usr/lib/firefox-esr/firefox-esr flags=(complain) {
#include <abstractions/base>
#include <abstractions/fonts>
#include <abstractions/lightdm>
deny "/home/*/Computer Science/**" rw,
deny /home/*/Data/** rw,
deny /home/*/Data/Security/** rw,
deny /home/*/Documents/** rw,
deny /home/*/Music/** rw,
deny /home/*/Pictures/** rw,
deny /home/*/Public/** rw,
deny /home/*/Templates/** rw,
deny /home/*/Videos/** rw,
/home/*/Desktop/** rw,
/home/*/Downloads/** rw,
"/home/*/.mozilla/firefox/Crash Reports/*" r,
"/home/*/.mozilla/firefox/Pending Pings/" r,
/dev/shm/org.chromium.* rw,
/home/*/ r,
/home/*/** rwk,
/home/*/.ICEauthority r,
/home/*/.Xauthority r,
/home/*/.bash_history r,
/home/*/.bash_logout r,
/home/*/.bashrc r,
/home/*/.cache/* rwk,
/home/*/.cache/fontconfig/* r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/ r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/.startup-incomplete w,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/activity-stream.tippytop.json
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/cache2/ r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/cache2/doomed/ r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/cache2/doomed/* w,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/cache2/entries/* rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/cache2/index rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/cache2/index.log rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/cache2/index.tmp rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-backup/ rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/ rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/allow-flashallow-digest256.pset
w,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/allow-flashallow-digest256.sbstore
w,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/base-track-digest256.pset
w,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/base-track-digest256.sbstore
w,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/block-flash-digest256.pset
w,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/block-flash-digest256.sbstore
w,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/block-flashsubdoc-digest256.pset
w,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/block-flashsubdoc-digest256.sbstore
w,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/except-flash-digest256.pset
w,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/except-flash-digest256.sbstore
w,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/except-flashallow-digest256.pset
w,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/except-flashallow-digest256.sbstore
w,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/except-flashsubdoc-digest256.pset
w,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/except-flashsubdoc-digest256.sbstore
w,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/google4/
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/mozplugin-block-digest256.pset
w,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/mozplugin-block-digest256.sbstore
w,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/mozstd-trackwhite-digest256.pset
w,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/mozstd-trackwhite-digest256.sbstore
w,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-block-simple-1.sbstore
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-block-simple.pset
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-block-simple.sbstore
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-harmful-simple-1.sbstore
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-harmful-simple.pset
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-harmful-simple.sbstore
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-malware-simple-1.sbstore
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-malware-simple.pset
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-malware-simple.sbstore
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-phish-simple-1.sbstore
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-phish-simple.pset
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-phish-simple.sbstore
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-track-simple-1.sbstore
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-track-simple.pset
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-track-simple.sbstore
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-trackwhite-simple-1.sbstore
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-trackwhite-simple.pset
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-trackwhite-simple.sbstore
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-unwanted-simple-1.sbstore
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-unwanted-simple.pset
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing-updating/test-unwanted-simple.sbstore
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/ rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/allow-flashallow-digest256.pset
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/allow-flashallow-digest256.sbstore
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/base-track-digest256.pset
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/base-track-digest256.sbstore
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/block-flash-digest256.pset
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/block-flash-digest256.sbstore
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/block-flashsubdoc-digest256.pset
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/block-flashsubdoc-digest256.sbstore
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/except-flash-digest256.pset
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/except-flash-digest256.sbstore
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/except-flashallow-digest256.pset
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/except-flashallow-digest256.sbstore
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/except-flashsubdoc-digest256.pset
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/except-flashsubdoc-digest256.sbstore
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/google4/ r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/mozplugin-block-digest256.pset
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/mozplugin-block-digest256.sbstore
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/mozstd-trackwhite-digest256.pset
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/mozstd-trackwhite-digest256.sbstore
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-block-simple.pset
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-block-simple.sbstore
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-harmful-simple.pset
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-harmful-simple.sbstore
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-malware-simple.pset
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-malware-simple.sbstore
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-phish-simple.pset
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-phish-simple.sbstore
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-track-simple.pset
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-track-simple.sbstore
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-trackwhite-simple.pset
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-trackwhite-simple.sbstore
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-unwanted-simple.pset
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/safebrowsing/test-unwanted-simple.sbstore
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/startupCache/scriptCache-child-current.bin
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/startupCache/scriptCache-current.bin
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/startupCache/scriptCache-new.bin
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/startupCache/scriptCache.bin
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/startupCache/startupCache.*.little
r,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/startupCache/urlCache-current.bin
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/startupCache/urlCache-new.bin
rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/startupCache/urlCache.bin rw,
/home/*/.cache/mozilla/firefox/jjdjufjv.default/startupCache/webext.sc.lz4 r,
/home/*/.config/dconf/user r,
/home/*/.config/gtk-3.0/bookmarks r,
/home/*/.config/mimeapps.list r,
/home/*/.config/user-dirs.dirs r,
/home/*/.dmrc r,
/home/*/.local/share/* rw,
/home/*/.local/share/applications/ r,
/home/*/.local/share/applications/mimeapps.list r,
/home/*/.local/share/applications/mimeinfo.cache r,
/home/*/.local/share/gvfs-metadata/*.log r,
/home/*/.local/share/gvfs-metadata/home r,
/home/*/.local/share/mime/mime.cache r,
/home/*/.mozilla/firefox/jjdjufjv.default/ r,
/home/*/.mozilla/firefox/jjdjufjv.default/*.db rwk,
/home/*/.mozilla/firefox/jjdjufjv.default/.parentlock wk,
/home/*/.mozilla/firefox/jjdjufjv.default/AlternateServices.txt rw,
/home/*/.mozilla/firefox/jjdjufjv.default/SecurityPreloadState.txt rw,
/home/*/.mozilla/firefox/jjdjufjv.default/SiteSecurityServiceState.txt rw,
/home/*/.mozilla/firefox/jjdjufjv.default/TRRBlacklist.txt rw,
/home/*/.mozilla/firefox/jjdjufjv.default/addonStartup.json.lz4 r,
/home/*/.mozilla/firefox/jjdjufjv.default/addons.json r,
/home/*/.mozilla/firefox/jjdjufjv.default/blocklist.xml r,
/home/*/.mozilla/firefox/jjdjufjv.default/bookmarkbackups/ r,
/home/*/.mozilla/firefox/jjdjufjv.default/browser-extension-data/* r,
/home/*/.mozilla/firefox/jjdjufjv.default/browser-extension-data/** rw,
/home/*/.mozilla/firefox/jjdjufjv.default/compatibility.ini r,
/home/*/.mozilla/firefox/jjdjufjv.default/containers.json r,
/home/*/.mozilla/firefox/jjdjufjv.default/content-prefs.sqlite rwk,
/home/*/.mozilla/firefox/jjdjufjv.default/cookies.sqlite rwk,
/home/*/.mozilla/firefox/jjdjufjv.default/cookies.sqlite-shm rwk,
/home/*/.mozilla/firefox/jjdjufjv.default/cookies.sqlite-wal rw,
/home/*/.mozilla/firefox/jjdjufjv.default/datareporting/aborted-session-ping
w,
/home/*/.mozilla/firefox/jjdjufjv.default/datareporting/aborted-session-ping.tmp
rw,
/home/*/.mozilla/firefox/jjdjufjv.default/datareporting/archived/ r,
/home/*/.mozilla/firefox/jjdjufjv.default/datareporting/archived/** rw,
/home/*/.mozilla/firefox/jjdjufjv.default/datareporting/archived/*/ r,
/home/*/.mozilla/firefox/jjdjufjv.default/datareporting/session-state.json rw,
/home/*/.mozilla/firefox/jjdjufjv.default/datareporting/session-state.json.tmp
rw,
/home/*/.mozilla/firefox/jjdjufjv.default/datareporting/state.json r,
/home/*/.mozilla/firefox/jjdjufjv.default/extension-settings.json r,
/home/*/.mozilla/firefox/jjdjufjv.default/extensions.json r,
/home/*/.mozilla/firefox/jjdjufjv.default/extensions/ r,
/home/*/.mozilla/firefox/jjdjufjv.default/extensions/*.xpi r,
/home/*/.mozilla/firefox/jjdjufjv.default/favicons.sqlite rwk,
/home/*/.mozilla/firefox/jjdjufjv.default/favicons.sqlite-shm rwk,
/home/*/.mozilla/firefox/jjdjufjv.default/favicons.sqlite-wal rw,
/home/*/.mozilla/firefox/jjdjufjv.default/handlers.json r,
/home/*/.mozilla/firefox/jjdjufjv.default/lock w,
/home/*/.mozilla/firefox/jjdjufjv.default/permissions.sqlite rwk,
/home/*/.mozilla/firefox/jjdjufjv.default/pkcs11.txt r,
/home/*/.mozilla/firefox/jjdjufjv.default/places.sqlite rwk,
/home/*/.mozilla/firefox/jjdjufjv.default/places.sqlite-shm rwk,
/home/*/.mozilla/firefox/jjdjufjv.default/places.sqlite-wal rw,
/home/*/.mozilla/firefox/jjdjufjv.default/pluginreg.dat r,
/home/*/.mozilla/firefox/jjdjufjv.default/prefs-1.js rw,
/home/*/.mozilla/firefox/jjdjufjv.default/prefs.js rw,
/home/*/.mozilla/firefox/jjdjufjv.default/revocations.txt r,
/home/*/.mozilla/firefox/jjdjufjv.default/saved-telemetry-pings/ r,
/home/*/.mozilla/firefox/jjdjufjv.default/search.json.mozlz4 r,
/home/*/.mozilla/firefox/jjdjufjv.default/sessionCheckpoints.json rw,
/home/*/.mozilla/firefox/jjdjufjv.default/sessionCheckpoints.json.tmp rw,
/home/*/.mozilla/firefox/jjdjufjv.default/storage-sync.sqlite rwk,
/home/*/.mozilla/firefox/jjdjufjv.default/storage-sync.sqlite-journal rw,
/home/*/.mozilla/firefox/jjdjufjv.default/storage.sqlite rwk,
/home/*/.mozilla/firefox/jjdjufjv.default/storage/permanent/chrome/ r,
/home/*/.mozilla/firefox/jjdjufjv.default/storage/permanent/chrome/.metadata-v2
r,
/home/*/.mozilla/firefox/jjdjufjv.default/storage/permanent/chrome/idb/ r,
/home/*/.mozilla/firefox/jjdjufjv.default/storage/permanent/chrome/idb/*.sqlite
rwk,
/home/*/.mozilla/firefox/jjdjufjv.default/storage/permanent/chrome/idb/*.sqlite-shm
rwk,
/home/*/.mozilla/firefox/jjdjufjv.default/storage/permanent/chrome/idb/*.sqlite-wal
rw,
/home/*/.mozilla/firefox/jjdjufjv.default/times.json r,
/home/*/.mozilla/firefox/jjdjufjv.default/webappsstore.sqlite rwk,
/home/*/.mozilla/firefox/jjdjufjv.default/webappsstore.sqlite-shm rwk,
/home/*/.mozilla/firefox/jjdjufjv.default/webappsstore.sqlite-wal rw,
/home/*/.mozilla/firefox/jjdjufjv.default/xulstore.json rw,
/home/*/.mozilla/firefox/jjdjufjv.default/xulstore.json.tmp rw,
/home/*/.mozilla/firefox/profiles.ini r,
/home/*/.profile r,
/home/*/.xfce4-session.verbose-log r,
/home/*/.xfce4-session.verbose-log.last r,
/home/*/.xsession-errors r,
/lib/x86_64-linux-gnu/ld-*.so mr,
/proc/*/fd/ r,
/proc/*/maps r,
/proc/*/mountinfo r,
/proc/*/net/arp r,
/proc/*/net/route r,
/proc/*/stat r,
/proc/*/task/*/stat r,
/proc/filesystems r,
/run/user/*/dconf/user rw,
/sys/devices/pci0000:00/0000:00:02.0/config r,
/sys/devices/pci0000:00/0000:00:02.0/uevent r,
/tmp/** rwk,
/tmp/*/ rw,
/usr/bin/lsb_release Px,
/usr/share/firefox-esr/browser/chrome/icons/default/*.png r,
/usr/share/mozilla/extensions/\{ec8030f7-c20a-464f-9b0e-13a3a9e97384\}/ r,
/var/** mrwk,
/{usr/,}lib{,32,64}/** mr,
}
