• 1 Post
  • 3 Comments
Joined 4 years ago
Cake day: November 3rd, 2021
  • kixik@lemmy.mltoLinux@lemmy.mlLibreWolf support for appamor
    112·
    18 days ago

    apparmor comes with several profiles, and if in your distro it doesn’t include one for librewolf, you can use the firefox one. And if there’s no available one and you would be interested in combine it with firejail then most probably firejail will come with with a profile for firefox or librewolf and usually with support for apparmor. Regardless of the distros, the arch wiki can guide you with apparmor and firejail. I recommend becoming familiar with both. Another option if there’s no profile on your distro is to look into another distro’s profile. ubuntu used include some software with apparmor out of the box so perhaps it’s a good source of profiles…

    Also in this same community there’s an old post precisely about what you’re asking for, though it’s a bit dated, you may want to scroll for some time until getting to it.

    Edit:

    Firejail is insecure, my bad. Better to use bubblewrap (I didn’t know about bubblejail). The thing is that firejail offers profiles combined with apparmor which might have solved the lack of apparmor profiles. For my personal purposes I hope to take a look at bubblejail to have an easier way to do sandboxing. You can see the arch wiki bubblewrap examples to notice how bubblewrap doesn’t help with apparmor profiles though. According to the arch wiki for bubblejail or the GH page for bubblejail profiles are used and can easily be created, however I have no idea of the interaction with apparmor, and if as with firejail such profiles include apparmor stuff, but intuitively I guess it doesn’t.

    Going back to apparmor, which is MAC enforcement, if no profiles available on your distro for librewolf neither firefox, then looking at other distros is OK, and also one can create profiles as well as one can also modify existent or available ones. See for example the arch wiki for apparmor.