I’ve always had trouble with the pre-installed apparmor profiles, even today.
I would prefer if the software packages were separated into a minimal package and various optional packages. When I update with pacman, files are installed in /etc/apparmor.d that I don’t actually want.
On my laptop, I only want to use profiles created with aa-genprof/aa-logprof for the browsers I use.
Today’s example, after watching a music video in the browser (actually, I had hoped that my profile was already fully trained):
# aa-logprof
Profile: /usr/lib/firefox/firefox
Path: /dev/video0
New Mode: r
Severity: unknown
[1 - include <abstractions/ubuntu-browsers.d/multimedia>]
2 - include <abstractions/video>
3 - /dev/video0 r,
(A)llow / [(D)eny] / (I)gnore / (G)lob / Glob with (E)xtension / (N)ew / Audi(t) / Abo(r)t / (F)inish
Adding include <abstractions/ubuntu-browsers.d/multimedia> to profile.
= Changed Local Profiles =
The following local profiles were changed. Would you like to save them?
[1 - /usr/lib/firefox/firefox]
(S)ave Changes / Save Selec(t)ed Profile / [(V)iew Changes] / View Changes b/w (C)lean profiles / Abo(r)t
Writing updated profile for /usr/lib/firefox/firefox.
profile /usr/lib/firefox/firefox: has merged rule /usr/bin/pulseaudio with conflicting x modifiers
ERROR merging rules for profile /usr/lib/firefox/firefox, failed to load
My response to the problem was to follow the advice in the header of abstractions/ubuntu-browsers.d/multimedia and also added
include <abstractions/ubuntu-helpers>
to my Firefox profile, but that didn’t make it better.
So, I went back to my backed up version of my firefox profile and started aa-logprof again. Instead of including the suggested files from the abstractions folder, I used the suggested alternative 3, allowing /dev/video0 and subsequently /dev/video1. I think this is simpler but sufficient.
