Comment 2 for bug 692406

Revision history for this message
Jamie Strandboge (jdstrand) wrote : Re: aa-logprog forces network connection

Thank you for using Ubuntu and filing a bug. You have reported many issues in one bug report which makes it very difficult to address your issues. You may find it helpful to read 'How to report bugs effectively' http://www.chiark.greenend.org.uk/~sgtatham/bugs.html.

I will attempt to answer your questions:
1. the aa-logprof issues surrounding making a network connection and user sound like they are the result of the repository being enabled. You can disable this by editing /etc/apparmor/repository.conf to have:
[repository]
  enabled = no

The repository used to be a way to share profiles, but the opensuse site has been disabled. We are in the process of creating a new method of sharing profiles. We should probably disable this in logprof for now, so others don't get in the same situation you did.

2. logprof should not add any new rules to the policies for you, but it may rearrange the rules when it is telling you it is updating the profile

3. the system freezing sounds like bug #387657

4. The firefox profile and its intent is detailed in https://wiki.ubuntu.com/SecurityTeam/Specifications/Karmic/AppArmorFirefoxProfile and https://wiki.ubuntu.com/SecurityTeam/FAQ#Firefox%20AppArmor%20profile. Firefox can do much more then just display html pages, so in the default profile it must be allowed to launch other helper applications. If those applications do not have an apparmor profile, they must be able to run unconfined. I encourage you to read the FAQ entry above, and utilize aa-update-browser if you want to further limit firefox.

5. You mentioned the abstractions use 'ux', but they actually use 'Ux' which enables glibc's secure execution (cleaning of the environment) and the executed programs are not subject to various tricks such as manipulating LD_PRELOAD. I encourage you to read the FAQ entry above, and utilize aa-update-browser if you want to further limit firefox.

6. Firefox including redundant abstractions is a bug and should be cleaned up. However, the policy is not any larger as a result as the parser will merge all the rules into a minimal profile before loading it into the kernel.