hi all ! Since I'm newbie in AppArmor, I need community help in building a good AppArmored FireFox profile. The reason: openSUSE Community needs response to the Vistas "IE7-protected mode" as written here: https://bugzilla.novell.com/show_bug.cgi?id=255541 The best answer is AppArmored FireFox, which I try to build. Current Status: 1. Basically the idea is to have 2 versions of FireFox installed by default: One is normal FireFox and other is highly-secure FireFox. 2. We have a potential icon for the thing (but need approvement from Mozilla) 3. Today I have succeded in building Alpha-version of profile. The profile: currently it works, *but*: a. Only in normal user mode (not root mode) b. Can only save in /home/*/downloads and other log files. c. supports some extensions and plugins (KPDF) d. Can read only the necessary files to load itself. The problems: 1. My current profile (Alpha1) contains a LOT of bugs 2. I would like to see support for more plugins and extensions (those needs to be added to the profile) 3. Standard firefox starts from shell script, but as I understand AppArmor does not supports shellscripts, only executables. I need more info on that topic. To play with my profile you need: 1. download my Alpha1 profile and put to /etc/apparmor.d/ link: https://bugzilla.novell.com/attachment.cgi?id=136242 2. open konsole with 2 tabs: 1 oin root mode and other with normal user. The tab with root account should play with apparmor service: rcapparmor start rcapparmor stop rcapparmor restart and the tab with normal user account should launch firefox via command line: "/usr/lib/firefox/firefox-bin" 3. When you run firefox AND have apparmor service running, you should NOT be able view or save in your home directory. To save in Home directory, do "rcapparmor stop" and continue browsing in normal mode. I call for community help. I need help improving the profile *and* contacting Mozilla to allow us to use the nice AppArmored-FireFox icon here: https://bugzilla.novell.com/attachment.cgi?id=125341 -- -Alexey Eremenko "Technologov" --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org