Thanks Simon, now I did some changes in "user-files":
# Allow read to all files user has DAC access to and write access to all # files owned by the user in $HOME. @{HOME}/ r,
#Changed by me, do not allow free access to whole home! #@{HOME}/** r, #owner @{HOME}/** w,
# For uploading files from Desktop: owner @{HOME}/Desktop/ r, owner @{HOME}/Desktop/** r,
# For downloading: owner @{HOME}/Downloads/ r, owner @{HOME}/Downloads/** rwk,
Now Firefox is confined enough, for my taste at least.
So it's like.. no a bug, it's by design? Though these explicit real rules in usr.bin.firefox looks very misleading in this case.
Thanks Simon, now I did some changes in "user-files":
# Allow read to all files user has DAC access to and write access to all
# files owned by the user in $HOME.
@{HOME}/ r,
#Changed by me, do not allow free access to whole home!
#@{HOME}/** r,
#owner @{HOME}/** w,
# For uploading files from Desktop:
owner @{HOME}/Desktop/ r,
owner @{HOME}/Desktop/** r,
# For downloading: /Downloads/ ** rwk,
owner @{HOME}/Downloads/ r,
owner @{HOME}
Now Firefox is confined enough, for my taste at least.
So it's like.. no a bug, it's by design? Though these explicit real rules in usr.bin.firefox looks very misleading in this case.