> The second rule allows firefox to load and run code from that location.
> But doesn't allow firefox to write to it. So if there is malware [...]
That's correct for the added rule, but the profile also has
owner @{HOME}/.{firefox,mozilla}/** rw,
which means firefox _can_ write to that location.
However, this doesn't make the new rule for @{HOME}/.mozilla/firefox
/*/gmp-widevinecdm/*/lib*so m, too bad because the profile also allows m
for plugins already.
owner @{HOME}/.{firefox,mozilla}/plugins/** rm,
owner @{HOME}/.{firefox,mozilla}/**/plugins/** rm,
which already allows to run code from more writeable locations.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1777070
Title:
firefox plugin libwidevinecdm.so crashes due to apparmor denial
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1777070/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
