AppArmor prevent program from reading dirs/files I haven't explicitly allowed?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I don't want programs to be able to read my whole home directory. For example, I'd like to have firefox's read ability restricted to:
owner @HOME/Downloads/ r,
owner @HOME/Downloads/** rwk,
owner @HOME/.mozilla/ r,
owner @HOME/.mozilla/** rwk,
- plus all the appropriate dirs in .cache, .config etc
Thing about is that apparmor gives my user's reading rights, meaning ff can read everything unless I say
deny @HOME/Documents/ rwk,
Documents will be available for firefox.
Is there no way of denying the reading rights to everything in the home dir with the exceptions being the files I list in the profile?
firefox profile apparmor
add a comment |Â
up vote
0
down vote
favorite
I don't want programs to be able to read my whole home directory. For example, I'd like to have firefox's read ability restricted to:
owner @HOME/Downloads/ r,
owner @HOME/Downloads/** rwk,
owner @HOME/.mozilla/ r,
owner @HOME/.mozilla/** rwk,
- plus all the appropriate dirs in .cache, .config etc
Thing about is that apparmor gives my user's reading rights, meaning ff can read everything unless I say
deny @HOME/Documents/ rwk,
Documents will be available for firefox.
Is there no way of denying the reading rights to everything in the home dir with the exceptions being the files I list in the profile?
firefox profile apparmor
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I don't want programs to be able to read my whole home directory. For example, I'd like to have firefox's read ability restricted to:
owner @HOME/Downloads/ r,
owner @HOME/Downloads/** rwk,
owner @HOME/.mozilla/ r,
owner @HOME/.mozilla/** rwk,
- plus all the appropriate dirs in .cache, .config etc
Thing about is that apparmor gives my user's reading rights, meaning ff can read everything unless I say
deny @HOME/Documents/ rwk,
Documents will be available for firefox.
Is there no way of denying the reading rights to everything in the home dir with the exceptions being the files I list in the profile?
firefox profile apparmor
I don't want programs to be able to read my whole home directory. For example, I'd like to have firefox's read ability restricted to:
owner @HOME/Downloads/ r,
owner @HOME/Downloads/** rwk,
owner @HOME/.mozilla/ r,
owner @HOME/.mozilla/** rwk,
- plus all the appropriate dirs in .cache, .config etc
Thing about is that apparmor gives my user's reading rights, meaning ff can read everything unless I say
deny @HOME/Documents/ rwk,
Documents will be available for firefox.
Is there no way of denying the reading rights to everything in the home dir with the exceptions being the files I list in the profile?
firefox profile apparmor
firefox profile apparmor
asked 3 mins ago
thebunnyrules
387210
387210
add a comment |Â
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f479526%2fapparmor-prevent-program-from-reading-dirs-files-i-havent-explicitly-allowed%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password