@Thomas Mayer (thomas303)
Using your profile in #21, also, I take FF in enforce mode but partly always fall back to unconfined mode while the apparmor_status shows the complete FF in enforced mode. The download and upload only to and from a special folder does not work.
Part of kern.log:
Jan 31 21:10:17 tom kernel: [127276.261000] audit: type=1400 audit(1485893417.670:57134): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=27913 comm="apparmor_parser"
Jan 31 21:10:17 tom kernel: [127276.276889] audit: type=1400 audit(1485893417.686:57135): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/firefox/firefox{,*[^s][^h]}//browser_java" pid=27913 comm="apparmor_parser"
Jan 31 21:10:17 tom kernel: [127276.276914] audit: type=1400 audit(1485893417.686:57136): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/firefox/firefox{,*[^s][^h]}//browser_openjdk" pid=27913 comm="apparmor_parser"
Jan 31 21:10:17 tom kernel: [127276.276925] audit: type=1400 audit(1485893417.686:57137): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/firefox/firefox{,*[^s][^h]}//lsb_release" pid=27913 comm="apparmor_parser"
Jan 31 21:10:17 tom kernel: [127276.276936] audit: type=1400 audit(1485893417.686:57138): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/firefox/firefox{,*[^s][^h]}//sanitized_helper" pid=27913 comm="apparmor_parser"
Jan 31 21:10:24 tom kernel: [127282.852615] audit: type=1400 audit(1485893424.262:57139): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/firefox/firefox{,*[^s][^h]}" pid=27918 comm="apparmor_parser"
Jan 31 21:10:24 tom kernel: [127282.876766] audit: type=1400 audit(1485893424.286:57140): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/firefox/firefox{,*[^s][^h]}//browser_java" pid=27918 comm="apparmor_parser"
Jan 31 21:10:24 tom kernel: [127282.877369] audit: type=1400 audit(1485893424.286:57141): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/firefox/firefox{,*[^s][^h]}//browser_openjdk" pid=27918 comm="apparmor_parser"
Jan 31 21:10:24 tom kernel: [127282.877675] audit: type=1400 audit(1485893424.286:57142): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/firefox/firefox{,*[^s][^h]}//lsb_release" pid=27918 comm="apparmor_parser"
Jan 31 21:10:24 tom kernel: [127282.877960] audit: type=1400 audit(1485893424.286:57143): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/firefox/firefox{,*[^s][^h]}//sanitized_helper" pid=27918 comm="apparmor_parser"
@Thomas Mayer (thomas303)
Using your profile in #21, also, I take FF in enforce mode but partly always fall back to unconfined mode while the apparmor_status shows the complete FF in enforced mode. The download and upload only to and from a special folder does not work.
Part of kern.log: 7.670:57134) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="/ usr/lib/ firefox/ firefox{ ,*[^s][ ^h]}" pid=27913 comm="apparmor_ parser" 7.686:57135) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="/ usr/lib/ firefox/ firefox{ ,*[^s][ ^h]}//browser_ java" pid=27913 comm="apparmor_ parser" 7.686:57136) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="/ usr/lib/ firefox/ firefox{ ,*[^s][ ^h]}//browser_ openjdk" pid=27913 comm="apparmor_ parser" 7.686:57137) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="/ usr/lib/ firefox/ firefox{ ,*[^s][ ^h]}//lsb_ release" pid=27913 comm="apparmor_ parser" 7.686:57138) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="/ usr/lib/ firefox/ firefox{ ,*[^s][ ^h]}//sanitized _helper" pid=27913 comm="apparmor_ parser" 4.262:57139) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="/ usr/lib/ firefox/ firefox{ ,*[^s][ ^h]}" pid=27918 comm="apparmor_ parser" 4.286:57140) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="/ usr/lib/ firefox/ firefox{ ,*[^s][ ^h]}//browser_ java" pid=27918 comm="apparmor_ parser" 4.286:57141) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="/ usr/lib/ firefox/ firefox{ ,*[^s][ ^h]}//browser_ openjdk" pid=27918 comm="apparmor_ parser" 4.286:57142) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="/ usr/lib/ firefox/ firefox{ ,*[^s][ ^h]}//lsb_ release" pid=27918 comm="apparmor_ parser" 4.286:57143) : apparmor="STATUS" operation= "profile_ replace" profile= "unconfined" name="/ usr/lib/ firefox/ firefox{ ,*[^s][ ^h]}//sanitized _helper" pid=27918 comm="apparmor_ parser"
Jan 31 21:10:17 tom kernel: [127276.261000] audit: type=1400 audit(148589341
Jan 31 21:10:17 tom kernel: [127276.276889] audit: type=1400 audit(148589341
Jan 31 21:10:17 tom kernel: [127276.276914] audit: type=1400 audit(148589341
Jan 31 21:10:17 tom kernel: [127276.276925] audit: type=1400 audit(148589341
Jan 31 21:10:17 tom kernel: [127276.276936] audit: type=1400 audit(148589341
Jan 31 21:10:24 tom kernel: [127282.852615] audit: type=1400 audit(148589342
Jan 31 21:10:24 tom kernel: [127282.876766] audit: type=1400 audit(148589342
Jan 31 21:10:24 tom kernel: [127282.877369] audit: type=1400 audit(148589342
Jan 31 21:10:24 tom kernel: [127282.877675] audit: type=1400 audit(148589342
Jan 31 21:10:24 tom kernel: [127282.877960] audit: type=1400 audit(148589342