Why do I have to enable the AppArmor profile for Firefox? Why isn't it "on" by default?

firefox apparmor

I have a pretty standard default install of 11.10 (Unity 3D).

I'm trying to understand a bit about AppArmor. sudo aa-status shows me that the available Firefox profile isn't being enforced (since it isn't listed).

Am I right in using sudo aa-enforce /etc/apparmor.d/usr.bin.firefox and then rebooting to start the enforcement (immunization)?

Is it correct that the Firefox profile isn't active by default since the current version number (now 7.0.1) is part of the profile? /usr/lib/firefox-7.0.1/ appears several times. In other words, users will have to be aware of this and bump the version number (correctly) each time it changes? Is that the only reason the profile isn't enforced by default?

Or is there something else I need to do before enforcing the default Firefox profile? Will just editing /etc/apparmor.d/usr.bin.firefox with each change in version number be sufficient?


In theory you don't have to do anything when the firefox version changes as the AA profile is updated too.

"Activating" the FF AppArmor profile via sudo aa-enforce /etc/apparmor.d/usr.bin.firefox will enforce the policies right away, no need to reboot.

Related

How Do I Stop The Service Sudo?
How do I settle Havarl?
What is the Sheikah Slate update you get from Symin?
How can I change my horse's equipment?
How does Treasury in Heroes IV work?
I'm stuck at the chasm in Scanner Sombre
Disconnect active Controller from Nintendo Switch
Where to find rare fish?
Do strategic resource bonuses automatically apply to ships etc?
What do steamworks modes do?
Can Doomfist punch Junkrat's RIP-Tire?
Is there a reward for beating levels with every weapon in Splatoon 2?