[opensuse-factory] Public development of AppArmored FireFox
hi all ! Since I'm newbie in AppArmor, I need community help in building a good AppArmored FireFox profile. The reason: openSUSE Community needs response to the Vistas "IE7-protected mode" as written here: https://bugzilla.novell.com/show_bug.cgi?id=255541 The best answer is AppArmored FireFox, which I try to build. Current Status: 1. Basically the idea is to have 2 versions of FireFox installed by default: One is normal FireFox and other is highly-secure FireFox. 2. We have a potential icon for the thing (but need approvement from Mozilla) 3. Today I have succeded in building Alpha-version of profile. The profile: currently it works, *but*: a. Only in normal user mode (not root mode) b. Can only save in /home/*/downloads and other log files. c. supports some extensions and plugins (KPDF) d. Can read only the necessary files to load itself. The problems: 1. My current profile (Alpha1) contains a LOT of bugs 2. I would like to see support for more plugins and extensions (those needs to be added to the profile) 3. Standard firefox starts from shell script, but as I understand AppArmor does not supports shellscripts, only executables. I need more info on that topic. To play with my profile you need: 1. download my Alpha1 profile and put to /etc/apparmor.d/ link: https://bugzilla.novell.com/attachment.cgi?id=136242 2. open konsole with 2 tabs: 1 oin root mode and other with normal user. The tab with root account should play with apparmor service: rcapparmor start rcapparmor stop rcapparmor restart and the tab with normal user account should launch firefox via command line: "/usr/lib/firefox/firefox-bin" 3. When you run firefox AND have apparmor service running, you should NOT be able view or save in your home directory. To save in Home directory, do "rcapparmor stop" and continue browsing in normal mode. I call for community help. I need help improving the profile *and* contacting Mozilla to allow us to use the nice AppArmored-FireFox icon here: https://bugzilla.novell.com/attachment.cgi?id=125341 -- -Alexey Eremenko "Technologov" --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
OK, now I have built AppArmored FireFox profile - Alpha2 This version in addition to Alpha1 features, received some testing and Java plugin support. That means that now Java is available from both Normal and AppArmored FireFox. With some community help, we can get even more plugins to work. links: https://bugzilla.novell.com/show_bug.cgi?id=255541 https://bugzilla.novell.com/attachment.cgi?id=136249&action=view -- -Alexey Eremenko "Technologov" --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
ICONS: Since I want to push this icon as official: https://bugzilla.novell.com/attachment.cgi?id=125341 I believe we should re-contact Mozilla. Now, I know there is a Novell guy in existence who contacted Mozilla to ask them use branding for Normal FireFox. Now I would like to find that Novell guy and ask him to re-contact Mozilla about the AppArmored FireFox icon license. I really do not wish another Bon Echo or IceWeasel here. -- -Alexey Eremenko "Technologov" --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
OK, I have written a draft letter to Mozilla corporation to allows us use their trademarks, but I'm not a diplomat, just a community-member, so it may look not very professional. Please check my letter and make suggestion for improvements, before we send to Mozilla. ===================================================================== Dear Mozilla Corporation ! There is an ongoing project that may be interesting for you to know about, called "AppArmored FireFox". This project is led by the openSUSE community in an effort to make an Open-Source response to the Vista's "Protected-Mode Internet Explorer 7". This project aims to use Novell's AppArmor technology, to make FireFox's security stronger by applying additional rules or profile, that say what the application can do, or cannot do. This technology can eliminate some risks with zero-day attacks and undiscovered vulnerabilities in the FireFox browser. Most of the changes are going to the AppArmor profile, but still small changes in the FireFox itself may be required to successfully accomplish this project. Since this project is modified FireFox, I would like to give credit to you, and make the icon easy recognizeble, that our project is based on the original but it is not the original thing. Basically, I would like to ask for a permission to use modified Mozilla FireFox artwork, and trademarks, and in exchange I would give the Mozilla corporation "the Quality Control" of this interesting effort, that is a possibility to cast "veto" on radical changes in this interesting and future-oriented project. Now, I understand that having modified FireFox with official branding is controversial, but this is important for us to save the official branding, and I guarantee that users of AppArmored FireFox understand that is project is based-upon FireFox, but *not* the original one. For more info about AppArmored FireFox look here: https://bugzilla.novell.com/show_bug.cgi?id=255541 The potential (and the problematic one) icon for this: (the one where I would really need your "OK") https://bugzilla.novell.com/attachment.cgi?id=125341 -Alexey Eremenko "Technologov", The Open-Source community member. 29.04.2007. ============================================================== -- -Alexey Eremenko "Technologov" --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (1)
-
Alexey Eremenko