Attempt on making it work.
Breaks connectivity. No apparmor denied messages.
Why did you give it a bunch of capabilities? That’s extremely dangerous.
This pull request should fix connectivity.
1 Like
Testing only. Trying to somehow make it work.
1 Like
madaidan via Whonix Forum:
This pull request should fix connectivity.
Connectivity still broken. No apparmor denied messages. Would be cool if
you could remove the unneeded capabilities and fix this. Maybe would be
required to compare with other Firefox profiles.
Also since this weakens (more permissions on top) the Tor Browser
profile, would be cool if we could move the current profile to apparmor
abstractions and then have separate profiles, one for Tor Browser, one
for SecBrowser.
Similar to:
1 Like
Try adding
#include <abstractions/nameservice>
The nameservice abstraction includes many networking related permissions.
1 Like
Still same as before.
1 Like
The default apparmor profile denies access to some files given through the nameservice abstraction. Try commenting/removing
deny /etc/host.conf r,
deny /etc/hosts r,
deny /etc/nsswitch.conf r,
deny /etc/resolv.conf r,
deny /etc/passwd r,
deny /etc/group r,
deny /etc/udev/udev.conf r,
deny /etc/mailcap r,
deny /etc/fstab r,
1 Like
madaidan via Whonix Forum:
The default apparmor profile denies access to some files given through the nameservice abstraction. Try commenting/removing
Removed all the deny. That indeed worked. Now, there is a ton of
DENIED messages that need fixing.
1 Like