Ubuntu
firefox-3.5 package

ship opt-in enforcing apparmor profile for firefox

Bug #382917 reported by Jamie Strandboge
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox-3.5 (Ubuntu)
Fix Released
Wishlist
Jamie Strandboge
Ubuntu karmic-alpha-6

Bug Description

Binary package hint: firefox-3.5

firefox users should have the option of protecting firefox with an enforcing apparmor profile. See https://wiki.ubuntu.com/SecurityTeam/Specifications/AppArmorFirefoxProfile

Jamie Strandboge (jdstrand)
Changed in firefox-3.5 (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → Wishlist
milestone: none → karmic-alpha-6
status: New → Triaged
Jamie Strandboge (jdstrand)
summary: - ship enforcing apparmor profile for firefox
+ ship opt-in enforcing apparmor profile for firefox
Jamie Strandboge (jdstrand)
Changed in firefox-3.5 (Ubuntu):
status: Triaged → In Progress
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Updated bzr branch to actually add the new files. Also updated changelog.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Updated profile for /usr/bin/totem too.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Made a few more tweaks today. Please use revision 458 from lp:~jdstrand/firefox/firefox-3.5-apparmor. Deleting the debdiff, since you can pull the latest from bzr.

Jamie Strandboge (jdstrand)
Changed in firefox-3.5 (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package firefox-3.5 - 3.5.3+build1+nobinonly-0ubuntu2

---------------
firefox-3.5 (3.5.3+build1+nobinonly-0ubuntu2) karmic; urgency=low

  * security/stability update v3.5.3 build1 (FIREFOX_3_5_3_BUILD1)
    - see USN-821-1
    - fix LP: #333127 - Firefox 3.5 and above crash on full screen flash video
    - fix LP: #236853 - firefox crashed with SIGSEGV in NSSRWLock_LockRead_Util()

  [ Alexander Sack <email address hidden> ]
  * fix LP: #422365 - apport hook fails because profiles_d is not initialized
    in add_info if no profiles.ini exist; we ensure that profiles_d gets instantiated
    as an empty map even if no profiles.ini exist.
    - update debian/apport/firefox-3.5.py
  * hook firefox-addons/searchplugins as the distribution/searchplugins
    directory to support localized distro search engines.
    - update debian/rules
  * in case localized search engines are available the main searchplugins
    directory is not scanned anymore; to fix this we provide a compatibility
    link /usr/lib/firefox-addons/searchplugins/common => /usr/lib/firefox-addons/searchplugins
    - update debian/firefox-3.5.links
  * fix localized search engine upstream code to properly deal with general.useragent.locale
    being a complex pref; also change plugin dir order to allow locale specific searchplugins
    to overlay the ones shipped in "searchplugins/common"
    - add debian/patches/fix_complex_locale_distro_searchplugins.patch
    - update debian/patches/series

  [ Jamie Strandboge <email address hidden> ]
  * add AppArmor profile (disabled by default) (LP: #382917)
    - debian/firefox-3.5.dirs: add etc/apparmor.d/disable
    - add debian/firefox-3.5.preinst.in: disable the profile on new installs
      and upgrades to this version
    - debian/firefox-3.5.postinst.in: reload profile
    - add debian/firefox-3.5.postrm.in: cleanup force-complain and disable
      directories
    - add debian/usr.bin.firefox.apparmor.in
    - debian/rules: install profile
    - add debian/README.Debian.in with note about AppArmor
    - debian/apport/firefox-3.5.py: add AppArmor information if the profile is
      not disabled
    - debian/firefox-3.5.preinst.in: allow for when apparmor is not installed

 -- Alexander Sack <email address hidden> Thu, 03 Sep 2009 10:03:08 +0200

Changed in firefox-3.5 (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related blueprints

Remote bug watches

Bug watches keep track of this bug in other bug trackers.