The Firefox AppArmor profile isn't enabled by default because it forces the user to change how they interact with their browser.
Consider that the profile really allows downloads only into ~/Downloads/ directories. (There's other places that are writable, but even less suitable for downloads.) Many users prefer to download directly to their existing directory structure. Consider the wide variety of plugins that may supply helper executables. Plugins failing without a good interface in the browser to know why they have failed would be very confusing. Consider the huge number of applications that people install to handle mime types. People want to be able to click a link to any random file and have the browser offer to launch the helper. People who are fine with all these impositions in how they can use Firefox can enable the Firefox profile. They'll know how to debug issues when they arise, and furthermore, probably already have a workflow that makes it easy to work with the AppArmor policy restrictions. But most Ubuntu users are completely unaware that they're running AppArmor on many of their services. Surely some of this group would like to use it more, if only they knew about it, but also many people just need their computers to keep working as they always have. If we enable this one profile, we run the serious risk that users will disable AppArmor entirely. Thanks ** Package changed: apparmor (Ubuntu) => firefox (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1914148 Title: Firefox connstantly disabled on Apparmor Status in firefox package in Ubuntu: New Bug description: Once again Apparmor policies are constantly disabled for Firefox. -I've reported this bug in December, then came a patch, then for the last month of January - regardless of updates, Firefox profiles are skipped. - You cannot be serious? -This is a consistent seccurity issue! - Please write rules that consistently work or teach us how to do so / deal with Mozilla "Feb 02 00:17:24 USER apparmor.systemd[1117]: Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox Feb 02 00:17:24 USER apparmor.systemd[1118]: Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd Feb 02 00:17:24 USER systemd[1]: Finished Load AppArmor profiles. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1914148/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
