fix: Added apparmor profile for proper sandboxing #220
Conversation
…ccess issues still unresolved
- Access to /home/fossterer/.pki/nssdb/cert9.db
- Access to /home/fossterer/.pki/nssdb/key4.db
- Receiving D-Bus signals from UPower (PropertiesChanged signal)
**TODOs:**
- Document the apparmor profile better
- Download Chromium source and proceed with https://github.com/browseros-ai/BrowserOS/blob/main/CONTRIBUTING.md#browser-development
- Test both .AppImage (requires explicit documentation) and .deb pakcages
- Reorganize files and cleanup the TODO from `linux.py`
|
CLA Assistant Lite bot ✅ All contributors have signed the CLA. Thank you for helping make BrowserOS better! |
|
I have read the CLA Document and I hereby sign the CLA |
| # application a name instead of having the label "unconfined" | ||
|
|
||
|
|
||
| profile browseros /tmp/.mount_Brows*/opt/browseros/browseros flags=(complain) { |
There was a problem hiding this comment.
This path is reflective of how AppImage is mounted. DEB does not use this path
|
To validate that my changes here get into the resulting However, as I used Can you share the current build steps please? Thanks |
|
For the record, in the mean time, I went ahead with Step-1 - Checkout Chromium source and I am blocked as described in https://groups.google.com/a/chromium.org/g/build/c/LWfZvpZIeok. I don't think that is a necessary step for this MR though. Please let me know if that is an incorrect assumption. Thanks |
|
@fossterer thank you so much for contributing! I'll test it out and merge. My bad, I'll update the contributing guide. It's slightly outdated. Sorry about that. |
2 participants
FIXES #165
Added apparmor profile in complain mode in view of the below 3 access issues still unresolved
TODOs:
linux.pyNOTE: I haven't abandoned this :). I will resume work here in a week