https://bugzilla.novell.com/show_bug.cgi?id=255541 ------- Comment #10 from seth.arnold@novell.com 2007-03-20 14:01 MST ------- (In reply to comment #8)
Now, let's speak of AppArmored rules:
-ability to write only to ~/downloads (and maybe ~/.AppArmoredFireFox ?) (since this is different version, it must have different settings directory in $HOME. )
I had actually been thinking of granting it read-only access to the standard firefox directory of config files. (At least, I assume firefox has tolerable behaviour when it can't update config files. :) Using a different directory completely would mean changes like font sizes and customized .css files and so forth would have to be duplicated. (Handling it in firefox looks relatively easy, if the 'firefox' script is the only place that sets which directory to use..) But the different directory does mean the 'armored' version couldn't steal data out of the 'wide open' version. (My Firefox, for example, logs me into bugzilla automatically through a greasemonkey script.. this username and password are therefore stored in a way that an armored firefox could still report my username/password to other entities..)
-read from: ~/.AppArmoredFireFox ~/downloads Make it possible to use Flash and Java and Adobe Reader plugins. Make it possible to use FFox extensions. ...something else ?
I'm of two minds about the plugs; on the one hand, I _really_ want a confined firefox for flash and acroread :) on the other hand, if we prevent them from running out of the box, then users would have to enable the plugins that they personally use -- which would be more tight, if less usable. Maybe making sure all the extensions that ship with openSUSE would make the most sense. But we certainly can't make every feature of every extension work. (IIRC, acroread has a button that'll start up a configured mail: handler... a little annoying to handle kmail, evolution, sylpheed, etc. "out of the box" for this.)
What do you think of it?
Thanks for bringing it up well before the first beta. :) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.