[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

SecBrowser AppArmor Profile - Help Wanted!

Attempt on making it work.

Breaks connectivity. No apparmor denied messages.

1 Like

Why did you give it a bunch of capabilities? That’s extremely dangerous.

This pull request should fix connectivity.

1 Like

Testing only. Trying to somehow make it work.

1 Like

madaidan via Whonix Forum:

This pull request should fix connectivity.

Connectivity still broken. No apparmor denied messages. Would be cool if
you could remove the unneeded capabilities and fix this. Maybe would be
required to compare with other Firefox profiles.

Also since this weakens (more permissions on top) the Tor Browser
profile, would be cool if we could move the current profile to apparmor
abstractions and then have separate profiles, one for Tor Browser, one
for SecBrowser.

Similar to:

1 Like

Try adding

#include <abstractions/nameservice>

The nameservice abstraction includes many networking related permissions.

1 Like

Still same as before.

1 Like

The default apparmor profile denies access to some files given through the nameservice abstraction. Try commenting/removing

deny /etc/host.conf r,
deny /etc/hosts r,
deny /etc/nsswitch.conf r,
deny /etc/resolv.conf r,
deny /etc/passwd r,
deny /etc/group r,
deny /etc/udev/udev.conf r,
deny /etc/mailcap r,
deny /etc/fstab r,
1 Like

madaidan via Whonix Forum:

The default apparmor profile denies access to some files given through the nameservice abstraction. Try commenting/removing

Removed all the deny. That indeed worked. Now, there is a ton of
DENIED messages that need fixing.

1 Like