From 7167de932cc3f2678b0b496e9fa9f84bde79b0ba Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Mon, 23 Dec 2024 22:17:35 +0100 Subject: [PATCH] feat(profile): firefox: restric access to /tmp --- apparmor.d/groups/browsers/firefox | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox index 27eb0d54..dfaff606 100644 --- a/apparmor.d/groups/browsers/firefox +++ b/apparmor.d/groups/browsers/firefox @@ -59,9 +59,8 @@ profile firefox @{exec_path} flags=(attach_disconnected) { owner @{user_share_dirs}/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml.* rw, owner @{tmp}/.xfsm-ICE-@{rand6} rw, - owner @{tmp}/@{rand6}.tmp r, - owner @{tmp}/@{rand8}.txt w, - owner @{tmp}/* w, # file downloads (to anywhere) + owner @{tmp}/@{rand8}.* rw, # file downloads (to anywhere) + owner @{tmp}/@{uuid}.zip{,.tmp} rw, owner @{tmp}/Mozilla@{uuid}-cachePurge-{@{hex15},@{hex16}} rwk, owner @{tmp}/mozilla* rw, owner @{tmp}/mozilla*/ rw,