lp:~jdstrand/firefox/firefox-3.5-apparmor

Branch merges

Propose for merging

No branches dependent on this one.

Merged into lp:firefox/3.5

Alexander Sack (community): Approve on 2009-09-14

Diff: None lines api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #382917: ship opt-in enforcing apparmor profile for firefox	Wishlist	Fix Released
Bug #428071: Apparmor profile does not recognize plugins in .mozilla	Low	Fix Released
Bug #429061: Apparmor profile forbids Gnash	Medium	Fix Released

Link a bug report

Related blueprints

465. By Jamie Strandboge on 2009-09-14

[ Jamie Strandboge <email address hidden> ]
* debian/usr.bin.firefox-3.5:
  - allow gnash (LP: #429061)
  - allow access to plugins directory (LP: #428071)
  - allow access to abstractions/ubuntu-console-email,
    abstractions/ubuntu-email and abstractions/ubuntu-gnome-terminal
    for mailto:. Add commented section for using xterm and konsole

464. By Jamie Strandboge on 2009-09-14

merge from trunk

463. By Jamie Strandboge on 2009-09-14

merge from trunk

462. By Jamie Strandboge on 2009-09-03

debian/firefox-3.5.preinst.in: allow for when apparmor is not installed

461. By Jamie Strandboge on 2009-09-03

merge from trunk

460. By Jamie Strandboge on 2009-09-02

fix typo in changelog

459. By Jamie Strandboge on 2009-09-02

generalize apparmor profile packaging:
- debian/rules:
 - use .in files for firefox-3.5.postrm, firefox-3.5.preinst,
   usr.bin.firefox.apparmor, README.Debian.in
 - cp instead of dh_install the profile, since we need to rename
- debian/README.Debian.in: use @APPNAME@
- debian/firefox-3.5.postinst.in: use @APPNAME@
- debian/firefox-3.5.postrm.in: use @APPNAME@
- debian/firefox-3.5.preinst.in: use @APPNAME@
- debian/usr.bin.firefox.apparmor.in: use @APPNAME@

debian/apport/firefox-3.5.py: add apparmor info if profile is not disabled

458. By Jamie Strandboge on 2009-08-26

add missing LP reference

457. By Jamie Strandboge on 2009-08-26

adjust profile for sun java:
- add network inet6 stream and proc entries for ipv6
- access to @{HOME}/.java
- access to /etc/java-*-sun/**
- access to /usr/lib/jvm/java-*-sun-1.*/jre/bin/java

reduce noise:
- deny write access to /usr/lib/firefox-3.*/**, /usr/lib/firefox-addons/** and
  deny /usr/lib/xulrunner-addons/**

work for new user (allow access to /bin/which)

mozplugger improvements (/etc/mozpluggerr and /usr/bin/mplayer)

adjust access to evince to be PUxr (ie use a profile if it is there, otherwise
run unconfined)

456. By Jamie Strandboge on 2009-08-26

add access to /proc/filesystems