Comment 1 for bug 1662501

12:54 <rbasak> I believe that's by design.

12:54 <rbasak> Restricting Firefox makes sense, but it destroys considerable functionality. So there's a trade-off.

12:54 <rbasak> If various functional parts of Firefox don't work by default because the profile is too restrictive, then users wouldn't use Ubuntu.

12:55 <rbasak> AFAIK, the profile is not enabled by default anyway for this reason.

12:55 <rbasak> Also the bug is against the wrong package. It's the firefox package that ships the AppArmor profile, not apparmor.

12:55 <rbasak> So I'll move it and flag it as security as that's your concern, and the security team can triage it.

12:56 <rbasak> We have a better way of containing browsers BTW. Use a snap instead. I don't know if there's one for Firefox yet.

12:57 <rbasak> https://blog.mozilla.org/futurereleases/2016/04/21/firefox-default-browser-for-linux-users-ubuntu-new-snap-format-coming-soon/

12:57 <rbasak> "Firefox is the default browser for Linux users on Ubuntu, new snap format coming soon"
12:58 <blackflow> rbasak: no the report is against AppArmor, because the real issue is in the ubuntu-browsers abstraction

12:58 <blackflow> if the profile is not enabled by default, then all the more reason to make it stricter and those users who are aware and explicitly enable it, will have saner defaults

12:58 <rbasak> Oh, fair enough.

12:59 <rbasak> But really, if you care about this stuff, you should look into snaps.