I think I'm misunderstanding something in the profiles. Does the "#" in front of the "include tunables" and "include abstactions" entries actually mean those profiles are being used? Code: Last Modified: Sat Nov 2 09:10:59 2019 #include <tunables/global> /opt/firefox/firefox-bin { #include <abstractions/base> #include <abstractions/lightdm> #include <abstractions/totem> #include <abstractions/ubuntu-konsole> I've always thought the "#" in front of a line means it's commented out. The reason I ask is because I'm able to save files to my usb drive, but I don't have a rule for that in my profile. There is a rule in the lightdm profile under the abstractions directory. However, when I placed a "#" in front of that entry and reloaded the profiles, I was still able to write to my usb drive. There must be a rule somewhere then that's alowing me to write to my usb drive. EDIT: I figured it out. I have a rule "owner /{media,mnt,opt,srv}/** mrwk," in my opt.firefox.firefox-bin that allows to write to usb drives. It's's also a rule included in the "lighdm" profile under the "abstractions" directory. So I guess the "#" in front of abstractions or tunables does include those profiles.
Yes, it's not easy. I have Firefox running with its individual AA profile and firejailed. The AA profile has the following rules concerning firejail (cat /etc/apparmor.d/usr.lib.firefox.firefox | grep firejail): Code: /run/firejail/lib/lib*so* mr, /run/firejail/mnt/fslogger r, /usr/bin/firejail mrix, owner /run/firejail/mnt/seccomp/seccomp.postexec r, This seems to work so far. It's getting complicated if you want to open, e.g., PDF files with okular or documents with LibreOffice. If you don't create your own AA profiles for those helper applications and add them with Px you clutter your FF profile with a lot of additional rules ... Btw.: In order to make life a bit easier I've added the following to my .bashrc: Code: alias aas="sudo aa-status" alias aal="sudo aa-logprof" alias aar="sudo systemctl reload apparmor" function aac() { sudo aa-complain /etc/apparmor.d/$1 && sudo systemctl reload apparmor } function aae() { sudo aa-enforce /etc/apparmor.d/$1 && sudo systemctl reload apparmor } function aad() { sudo aa-disable /etc/apparmor.d/$1 && sudo systemctl reload apparmor } So you could just execute, e.g., aac *.firefox in order to put the FF profile into complain mode. If you prefer to work in a root shell you can add this code to /root/.bashrc (without sudo, of course). Don't forget to execute source .bashrc to make these changes immediately available.
Given that there's apparenty lots of overlap between Apparmor and firejail, I think I will just stick with apparmor for firefox and maybe everything else in firejail, although I might *probably* will create a profile for Thunderbird. The one included for Thunderbird doesn't work well. Thank you for your feedback. You definitely have a way above average grasp of Apparmor
Well, as mentioned my Firefox profile works as expected with those additions. Regarding Thunderbird: That's actually more complicated. If I click a link in an email it does not open in Firefox with the standard Firejail profile for Thunderbird. In that profile the developers write: But that's not what I want (and other solutions that used to work previously don't work anymore). It does work, however, when adding /usr/lib/firefox/firefox Px, to the Thunderbird AA profile (provided that that FF profile exists, of course) - but only if seccomp is disabled in its Firejail profile. So at the moment my Thunderbird FJ profile contains only one entry, namely: Code: dns ::1 This makes sure that that all DNS requests go through dnscrypt-proxy which uses ::1 as its listen address. You might also want to add this to your FF profile (to avoid DoH) or to /etc/firejail/globals.local to make sure that it's applied to all firejailed applications. You're welcome! Unfortunately, my knowledge is only limited as I'm not really familiar with newer AA enhancements (e.g., signal, hats, ptrace). I have to dig more thoroughly into that stuff. One more caveat: I think Ubuntu comes with AA profiles for Firefox, Thunderbird and LibreOffice which are enforced by default. The apparmor package for other distros does not contain them (although there are addtional profiles in /usr/share/apparmor/extra-profiles). I don't know about Linux MX - but if it comes with those 3 profiles as well and the apparmor package gets an update, your individual profiles will be overwritten! So making backups of them is surely a good idea. It is also wise to add divergences form the default profiles to the respective profiles in /etc/apparmor.d/local as those local profiles remain untouched by updates. Unfortunately, this cannot be done automatically by aa-logprof. Hence, suggestions by aa-logprof should be ignored and rather manually pasted to the respective local profile.
Maybe if I get more familiar with apparmor, I'll try those with firejail. It's just I'm getting the occasional little problems, usually solved by running aa-logprof again, but last night my lastpass addon disappeared completely, there was nothing related to it in aa-logproff, although I was able to re-install it and my preferences were retained, as well as my sign-in email, so maybe it wasn't apparmor-related afterall. Okay thanks. Once again, maybe wwhen I get more comfortable with apparmor, I'll try a thunderbird profile, keeping in mind your solutions. Thanks again. So far there is no firefox profile included with MX, not even in the extras, and I do back up all my latest proiles for safekeeping.
Originally I wasn't planning to post the profile, but changed my mimd... Code: # Last Modified: Fri Nov 1 15:17:37 2019 #include <tunables/global> /opt/firefox/firefox { #include <abstractions/base> /opt/firefox/firefox mr, /opt/firefox/firefox-bin Px, } Code: # Last Modified: Sun Nov 10 11:50:55 2019 #include <tunables/global> /opt/firefox/firefox-bin { #include <abstractions/lightdm> /home/*/Documents/libreoffice.profile r, /home/*/Documents/loffice.profile r, /proc/cpuinfo r, /proc/filesystems r, /proc/sys/crypto/fips_enabled r, /var/cache/fontconfig/ mrwk, owner "/home/*/.mozilla/firefox/Crash Reports/InstallTime*" rw, owner "/home/*/.mozilla/firefox/Crash Reports/LastCrash" rw, owner "/home/*/.mozilla/firefox/Crash Reports/events/" r, owner "/home/*/.mozilla/firefox/Crash Reports/pending/*.extra" w, owner "/home/*/.mozilla/firefox/Pending Pings/" r, owner /home/*/.ICEauthority r, owner /home/*/.Xauthority r, owner /home/*/.bash_history r, owner /home/*/.bash_logout r, owner /home/*/.bashrc r, owner /home/*/.cache/fontconfig/*-*-*-*-*-*.cache-* r, owner /home/*/.cache/fontconfig/*-*.cache-* rw, owner /home/*/.cache/mesa_shader_cache/index rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/ r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/.startup-incomplete w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/OfflineCache/index.sqlite rwk, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/OfflineCache/index.sqlite-journal rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/activity-stream.discovery_stream.json rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/activity-stream.discovery_stream.json.tmp rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/cache2/ r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/cache2/* rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/cache2/doomed/ rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/cache2/doomed/* rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/cache2/entries/ rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/cache2/entries/* rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-backup/ rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/ rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/ads-track-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/ads-track-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/allow-flashallow-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/allow-flashallow-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/analytics-track-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/analytics-track-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/base-cryptomining-track-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/base-cryptomining-track-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/base-fingerprinting-track-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/base-fingerprinting-track-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/base-track-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/base-track-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/block-flash-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/block-flash-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/block-flashsubdoc-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/block-flashsubdoc-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/content-track-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/content-track-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/except-flash-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/except-flash-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/except-flashallow-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/except-flashallow-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/except-flashsubdoc-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/except-flashsubdoc-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/google4/ rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/google4/goog-badbinurl-proto-1.vlpset rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/google4/goog-badbinurl-proto.metadata w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/google4/goog-badbinurl-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/google4/goog-downloadwhite-proto.metadata w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/google4/goog-downloadwhite-proto.vlpset w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/google4/goog-malware-proto-1.vlpset rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/google4/goog-malware-proto.metadata w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/google4/goog-malware-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/google4/goog-phish-proto-1.vlpset rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/google4/goog-phish-proto.metadata w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/google4/goog-phish-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/google4/goog-unwanted-proto-1.vlpset rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/google4/goog-unwanted-proto.metadata w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/google4/goog-unwanted-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/mozplugin-block-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/mozplugin-block-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/mozstd-trackwhite-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/mozstd-trackwhite-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/social-track-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/social-track-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/social-tracking-protection-*-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/social-tracking-protection-*-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/social-tracking-protection-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing-updating/social-tracking-protection-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/ rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/ads-track-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/ads-track-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/allow-flashallow-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/allow-flashallow-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/analytics-track-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/analytics-track-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/base-cryptomining-track-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/base-cryptomining-track-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/base-fingerprinting-track-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/base-fingerprinting-track-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/base-track-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/base-track-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/block-flash-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/block-flash-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/block-flashsubdoc-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/block-flashsubdoc-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/content-track-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/content-track-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/except-flash-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/except-flash-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/except-flashallow-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/except-flashallow-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/except-flashsubdoc-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/except-flashsubdoc-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/google4/ r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/google4/goog-badbinurl-proto.metadata r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/google4/goog-badbinurl-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/google4/goog-downloadwhite-proto.metadata rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/google4/goog-downloadwhite-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/google4/goog-malware-proto.metadata rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/google4/goog-malware-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/google4/goog-phish-proto.metadata r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/google4/goog-phish-proto.vlpset r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/google4/goog-unwanted-proto.metadata r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/google4/goog-unwanted-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/mozplugin-block-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/mozplugin-block-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/mozstd-trackwhite-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/mozstd-trackwhite-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/social-track-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/social-track-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/social-tracking-protection-*-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/social-tracking-protection-*-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/social-tracking-protection-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/safebrowsing/social-tracking-protection-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/settings/main/public-suffix-list/dafsa.bin rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/settings/main/public-suffix-list/dafsa.bin.tmp rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/startupCache/scriptCache-child-current.bin rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/startupCache/scriptCache-child-new.bin rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/startupCache/scriptCache-child.bin rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/startupCache/scriptCache-current.bin rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/startupCache/scriptCache-new.bin rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/startupCache/scriptCache.bin rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/startupCache/startupCache.*.little rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/startupCache/urlCache-current.bin rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/startupCache/urlCache-new.bin rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/startupCache/urlCache.bin rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/startupCache/webext.sc.l* rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/thumbnails/ r, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/thumbnails/*.png rw, owner /home/*/.cache/mozilla/firefox/jy8kmldv.default-release/thumbnails/*.png.tmp rw, owner /home/*/.config/dconf/user r, owner /home/*/.config/gtk-3.0/bookmarks r, owner /home/*/.config/gtk-3.0/gtk.css r, owner /home/*/.config/gtk-3.0/whisker-tweak.css r, owner /home/*/.config/mimeapps.list r, owner /home/*/.config/user-dirs.dirs r, owner /home/*/.dmrc r, owner /home/*/.fonts/ r, owner /home/*/.fonts/.uuid r, owner /home/*/.local/share/applications/ r, owner /home/*/.local/share/gvfs-metadata/*.log r, owner /home/*/.local/share/gvfs-metadata/home r, owner /home/*/.local/share/recently-used.xbel rw, owner /home/*/.local/share/recently-used.xbel.* rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/ r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/*.txt rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/.parentlock wk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/addonStartup.json.l* rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/addons.json rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/addons.json.tmp rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/blocklist.xml r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/blocklist.xml w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/blocklist.xml.tmp w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/bookmarkbackups/ r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/bookmarkbackups/bookmarks-20*.jsonl* rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/bookmarkbackups/bookmarks-20*.jsonl*.tmp rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/broadcast-listeners.json rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/broadcast-listeners.json.corrupt w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/broadcast-listeners.json.tmp rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/cert*.db rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/cert*.db-journal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/compatibility.ini rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/containers.json r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/content-prefs.sqlite rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/content-prefs.sqlite-journal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/cookies.sqlite rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/cookies.sqlite-wal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/crashes/events/ r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/crashes/events/* rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/crashes/store.json.mozl* rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/datareporting/aborted-session-ping w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/datareporting/aborted-session-ping.tmp rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/datareporting/archived/ r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/datareporting/archived/20*/ r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/datareporting/archived/20*/*.crash.jsonl*.tmp w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/datareporting/archived/20*/*.event.jsonl* rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/datareporting/archived/20*/*.event.jsonl*.tmp rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/datareporting/archived/20*/*.first-shutdown.jsonl* r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/datareporting/archived/20*/*.health.jsonl* rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/datareporting/archived/20*/*.health.jsonl*.tmp rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/datareporting/archived/20*/*.main.jsonl* rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/datareporting/archived/20*/*.main.jsonl*.tmp rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/datareporting/archived/20*/*.modules.jsonl* r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/datareporting/archived/20*/*.modules.jsonl*.tmp w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/datareporting/archived/20*/*.new-profile.jsonl* r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/datareporting/session-state.json rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/datareporting/session-state.json.tmp rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/datareporting/state.json r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/extension-preferences.json rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/extension-preferences.json.tmp rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/extension-settings.json rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/extension-settings.json.tmp rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/extensions.json rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/extensions.json.tmp rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/extensions/ r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/extensions/\{23336f66-94ea-4796-a6f2-93717a004760\}.xpi r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/extensions/\{73a6fe31-595d-460b-a920-fcc0f8843232\}.xpi rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/extensions/jid1-MnnxcxisBPnSXQ@jetpack.xpi rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/extensions/staged/ rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/extensions/staged/\{73a6fe31-595d-460b-a920-fcc0f8843232\}.xpi rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/extensions/staged/jid1-MnnxcxisBPnSXQ@jetpack.xpi rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/extensions/staged/support@lastpass.com.xpi rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/extensions/support@lastpass.com.xpi rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/extensions/trash/ rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/extensions/trash/\{73a6fe31-595d-460b-a920-fcc0f8843232\}.xpi rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/extensions/trash/support@lastpass.com.xpi rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/extensions/uBlock0@raymondhill.net.xpi r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/favicons.sqlite rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/favicons.sqlite-wal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/features/*/ rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/features/\{20c45ef9-8925-452f-bbe2-34b7b23dffa3\}/staged/doh-rollout@mozilla.org.xpi w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/features/\{9f8026e4-f410-4d9d-86e6-9e815c210d2d\}/staged/doh-rollout@mozilla.org.xpi w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/features/\{b315fb0b-cae8-47e5-803f-a668bc1508ac\}/staged/doh-rollout@mozilla.org.xpi w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/formhistory.sqlite rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/formhistory.sqlite-journal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/gmp-gmpopenh*/*.*.*.*/gmpopenh*.info r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/gmp-widevinecdm/*.*.*.*/manifest.json r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/gmp-widevinecdm/*/libwidevinecdm.so mr, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/gmp/Linux_x86_64-gcc3/ rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/ rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/id/ rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/id/*/ rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/id/*/origin rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/id/*/salt rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/id/*/topLevelOrigin rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/storage/ rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/storage/*/ w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/storage/*/* rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/handlers.json r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/key*.db rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/lock w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/logins.json rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/logins.json.tmp rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/mediacapabilities/data.mdb rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/mediacapabilities/lock.mdb rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/minidumps/*.dmp rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/minidumps/*.extra w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/permissions.sqlite rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/permissions.sqlite-journal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/places.sqlite rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/places.sqlite-wal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/pluginreg.dat r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/prefs-1.js rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/prefs.js rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/protections.sqlite rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/protections.sqlite-journal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/saved-telemetry-pings/ r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/saved-telemetry-pings/* rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/saved-telemetry-pings/*.tmp rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/search.json.mozl* rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/sessionCheckpoints.json rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/sessionCheckpoints.json.tmp rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/sessionstore-backups/ rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/sessionstore-backups/recovery.bakl* w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/sessionstore-backups/recovery.jsonl* rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/sessionstore-backups/recovery.jsonl*.tmp rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/sessionstore.jsonl* w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/sessionstore.jsonl*.tmp rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/shield-preference-experiments.json r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage-sync.sqlite rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage.sqlite rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage.sqlite-journal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/ r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/*/idb/*.files/ rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/http*.com/cache/caches.sqlite-wal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.*.ca^userContextId=5/idb/*.sqlite k, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.*.ca^userContextId=5/idb/*.sqlite-journal w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.*.ca^userContextId=5/ls/usage w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.*.com/cache/ rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.*.com/cache/morgue/**.tmp rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.*.com/cache/morgue/*/*.final rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.ca/idb/*.sqlite-wal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.ca/idb/*_rsot.sqlite rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.ca/idb/*_rsot.sqlite-journal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.ca/ls/data.sqlite k, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.ca/ls/usage w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.ca^userContextId=5/idb/*_rsot.sqlite rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.com/ rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.com/.metadata-v* rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.com/cache/.padding rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.com/cache/caches.sqlite rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.com/cache/caches.sqlite-journal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.com/cache/context_open.marker w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.com/cache/morgue/*/ rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.com/idb/*..sqlite rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.com/idb/*..sqlite-wal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.com/idb/*.sqlite rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.com/idb/*.sqlite-wal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.com/ls/usage w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.net/ls/usage w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.org/idb/*-rf.sqlite rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.org/idb/*-rf.sqlite-wal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*.org/ls/usage w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*/.metadata-v* rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https*/ls/usage w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https+++*.*.ca/ rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https+++*.*.ca/idb/ rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https+++*.*.com/idb/ r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https+++*.*.com/idb/ w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https+++*.*.com/idb/*..sqlite-journal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https+++addons.mozilla.org/ w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https+++addons.mozilla.org/idb/ w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/https+++addons.mozilla.org/idb/*.sqlite-journal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/moz-extension*/.metadata-v* rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/moz-extension*/idb/*.files/* rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/moz-extension*/idb/*.files/journals/* w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/moz-extension*/idb/*.sqlite rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/moz-extension*/idb/*.sqlite-journal r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/moz-extension*/idb/*.sqlite-wal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/moz-extension*/ls/data.sqlite-journal w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/moz-extension*/ls/usage w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/moz-extension+++*/ r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/moz-extension+++*/idb/ r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/default/moz-extension+++*/idb/*.files/journals/ r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/permanent/ r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/permanent/chrome/ r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/permanent/chrome/.metadata-v2 r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/permanent/chrome/idb/ r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/permanent/chrome/idb/*--epcr.sqlite rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/permanent/chrome/idb/*--epcr.sqlite-wal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/permanent/chrome/idb/*-es.sqlite rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/permanent/chrome/idb/*-es.sqlite-wal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/permanent/chrome/idb/*.files/ rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/permanent/chrome/idb/*.sqlite rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/permanent/chrome/idb/*.sqlite-journal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/permanent/chrome/idb/*.sqlite-wal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/permanent/chrome/idb/idb-deleting-* w, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/storage/temporary/ r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/times.json r, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/weave/failed/tabs.json rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/weave/failed/tabs.json.tmp rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/weave/toFetch/tabs.json rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/weave/toFetch/tabs.json.tmp rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/webappsstore.sqlite rwk, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/webappsstore.sqlite-wal rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/xulstore.json rw, owner /home/*/.mozilla/firefox/jy8kmldv.default-release/xulstore.json.tmp rw, owner /home/*/.mozilla/firefox/profiles.ini r, owner /home/*/.profile r, owner /home/*/.xscreensaver r, owner /home/*/.xsession-errors r, owner /home/*/Documents/*.pdf w, owner /home/*/Documents/bookmark*.html w, owner /home/*/Documents/usr.local.bin.firefox r, owner /home/*/Downloads/*.pdf w, owner /home/*/Downloads/*.txt w, owner /opt/firefox/fonts/** mrwk, owner /proc/*/maps r, owner /proc/*/mountinfo r, owner /proc/*/smaps r, owner /proc/*/stat r, owner /proc/*/statm r, owner /proc/*/status r, owner /proc/*/task/*/stat r, owner /{media,mnt,opt,srv}/** rw, } The emphasis is on extensive granularity, but with some liberal use of wildcards as well. it's a work in progress, but I think it's close to final. I've tightened some areas up in the opt.firefox.firefox-bin profile, using only: #include <tunables/global> #include <abstractions/lightdm> Wherever there was reference to include dbus or Dbus-sessiion, I have changed those to the more restrictive Dbus-Session-strict. I also removed read access to the entire file system under the <abstractions/Totem > profile. EDIT: re-posted updaed opt.firefox.firefox-bin profile with several Widevine related entries to allow playback of Netflix content. Disabling some of the abstractions has required further log-profiling to fix issues. I have also just spotted some "r" and "w" duplicate entries that I can combine into one rule. EDIT#2 re-posted opt.firefox.firefox-bin profile to include combining of duplicates that had separate "r" & "w" permissions.
Updated Firefox profiles since November 29. Extensions used: uBlock Origin Privacy Badger NoScript Lastpass Theme: Dark Fox A profile for Firefox Pingsender is new. Code: # Last Modified: Thu Nov 21 17:42:13 2019 #include <tunables/global> /opt/firefox/firefox { #include <abstractions/base> /opt/firefox/firefox mr, /opt/firefox/firefox-bin Px, /run/firejail/lib/lib*so* r, /run/firejail/lib/libpostexecseccomp.so mr, } Code: # Last Modified: Sat Nov 9 09:26:55 2019 #include <tunables/global> /opt/firefox/pingsender { #include <abstractions/base> /opt/firefox/pingsender mr, } Code: # Last Modified: Fri Nov 29 06:58:35 2019 #include <tunables/global> /opt/firefox/firefox-bin { #include <abstractions/lightdm> /home/*/Documents/libreoffice.profile r, /home/*/Documents/loffice.profile r, /proc/cpuinfo r, /proc/filesystems r, /proc/sys/crypto/fips_enabled r, /var/cache/fontconfig/ mrwk, owner "/home/*/.fonts/Segoe UI.ttf" r, owner "/home/*/.mozilla/firefox/Crash Reports/InstallTime*" rw, owner "/home/*/.mozilla/firefox/Crash Reports/LastCrash" rw, owner "/home/*/.mozilla/firefox/Crash Reports/events/" r, owner "/home/*/.mozilla/firefox/Crash Reports/pending/*.extra" w, owner "/home/*/.mozilla/firefox/Pending Pings/" r, owner /home/*/ r, owner /home/*/.ICEauthority r, owner /home/*/.Xauthority r, owner /home/*/.bash_history r, owner /home/*/.bash_logout r, owner /home/*/.bashrc r, owner /home/*/.cache/fontconfig/*-*-*-*-*-*.cache-* r, owner /home/*/.cache/fontconfig/*-*.cache-* rwlk, owner /home/*/.cache/fontconfig/*.cache-*.LCK/ w, owner /home/*/.cache/mesa_shader_cache/index rw, owner /home/*/.cache/mozilla/ w, owner /home/*/.cache/mozilla/firefox/ w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/.startup-incomplete w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/OfflineCache/ w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/OfflineCache/index.sqlite rwk, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/OfflineCache/index.sqlite-journal rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/activity-stream.discovery_stream.json rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/activity-stream.discovery_stream.json.tmp rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/cache2/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/cache2/* rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/cache2/doomed/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/cache2/doomed/* rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/cache2/entries/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/cache2/entries/* rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/cache2/trash*/ w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-backup/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/*.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/ads-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/ads-track-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/allow-flashallow-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/allow-flashallow-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/analytics-track-digest256-1.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/analytics-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/analytics-track-digest256.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/base-cryptomining-track-digest256-1.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/base-cryptomining-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/base-cryptomining-track-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/base-fingerprinting-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/base-fingerprinting-track-digest256.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/base-track-digest256-1.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/base-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/base-track-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/block-flash-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/block-flash-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/block-flashsubdoc-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/block-flashsubdoc-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/content-track-digest256-1.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/content-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/content-track-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/except-flash-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/except-flash-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/except-flashallow-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/except-flashallow-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/except-flashsubdoc-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/except-flashsubdoc-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-badbinurl-proto-1.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-badbinurl-proto.metadata w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-badbinurl-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-downloadwhite-proto.metadata w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-downloadwhite-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-malware-proto-1.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-malware-proto.metadata w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-malware-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-phish-proto-1.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-phish-proto.metadata w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-phish-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-unwanted-proto-1.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-unwanted-proto.metadata w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-unwanted-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/mozplugin-block-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/mozplugin-block-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/mozstd-trackwhite-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/mozstd-trackwhite-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-track-digest256-1.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-track-digest256.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-tracking-protection-*-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-tracking-protection-*-digest256.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-tracking-protection-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-tracking-protection-digest256.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-tracking-protection-facebook-digest256-1.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-tracking-protection-linkedin-digest256-1.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-tracking-protection-twitter-digest256-1.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/*.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/ads-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/ads-track-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/allow-flashallow-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/allow-flashallow-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/analytics-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/analytics-track-digest256.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/base-cryptomining-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/base-cryptomining-track-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/base-fingerprinting-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/base-fingerprinting-track-digest256.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/base-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/base-track-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/block-flash-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/block-flash-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/block-flashsubdoc-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/block-flashsubdoc-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/content-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/content-track-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/except-flash-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/except-flash-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/except-flashallow-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/except-flashallow-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/except-flashsubdoc-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/except-flashsubdoc-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/goog-badbinurl-proto.metadata r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/goog-badbinurl-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/goog-downloadwhite-proto.metadata rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/goog-downloadwhite-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/goog-malware-proto.metadata rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/goog-malware-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/goog-phish-proto.metadata r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/goog-phish-proto.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/goog-unwanted-proto.metadata r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/goog-unwanted-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/mozplugin-block-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/mozplugin-block-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/mozstd-trackwhite-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/mozstd-trackwhite-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/social-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/social-track-digest256.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/social-tracking-protection-*-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/social-tracking-protection-*-digest256.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/social-tracking-protection-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/social-tracking-protection-digest256.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/settings/ w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/settings/main/ w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/settings/main/public-suffix-list/ w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/settings/main/public-suffix-list/dafsa.bin rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/settings/main/public-suffix-list/dafsa.bin.tmp rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/ w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/scriptCache-child-current.bin rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/scriptCache-child-new.bin rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/scriptCache-child.bin rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/scriptCache-current.bin rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/scriptCache-new.bin rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/scriptCache.bin rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/startupCache.*.little rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/urlCache-current.bin rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/urlCache-new.bin rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/urlCache.bin rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/webext.sc.l* rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/thumbnails/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/thumbnails/*.png rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/thumbnails/*.png.tmp rw, owner /home/*/.config/dconf/user r, owner /home/*/.config/gtk-3.0/bookmarks r, owner /home/*/.config/gtk-3.0/gtk.css r, owner /home/*/.config/gtk-3.0/whisker-tweak.css r, owner /home/*/.config/mimeapps.list r, owner /home/*/.config/user-dirs.dirs r, owner /home/*/.dmrc r, owner /home/*/.fonts/ r, owner /home/*/.fonts/.uuid r, owner /home/*/.fonts/BankGthd.ttf r, owner /home/*/.fonts/Ubuntu.ttf r, owner /home/*/.local/share/applications/ r, owner /home/*/.local/share/applications/mimeapps.list r, owner /home/*/.local/share/gvfs-metadata/*.log r, owner /home/*/.local/share/gvfs-metadata/home r, owner /home/*/.local/share/recently-used.xbel rw, owner /home/*/.local/share/recently-used.xbel.* rw, owner /home/*/.mozilla/firefox/*.default-release/storage/default/https+++addons.mozilla.org/idb/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/*.txt rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/.parentlock wk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/addonStartup.json.l* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/addons.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/addons.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/blocklist.xml rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/blocklist.xml.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/bookmarkbackups/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/bookmarkbackups/bookmarks-20*.jsonl* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/bookmarkbackups/bookmarks-20*.jsonl*.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/broadcast-listeners.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/broadcast-listeners.json.corrupt w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/broadcast-listeners.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/browser-extension-data/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/cert*.db rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/cert*.db-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/compatibility.ini rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/containers.json r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/content-prefs.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/content-prefs.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/cookies.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/cookies.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/crashes/events/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/crashes/events/* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/crashes/store.json.mozl* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/aborted-session-ping w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/aborted-session-ping.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*-*/*.*.heartbeat.jsonl*.tmp w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.crash.jsonl*.tmp w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.event.jsonl* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.event.jsonl*.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.first-shutdown.jsonl* r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.health.jsonl* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.health.jsonl*.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.main.jsonl* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.main.jsonl*.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.modules.jsonl* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.modules.jsonl*.tmp w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.new-profile.jsonl* r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/session-state.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/session-state.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/state.json r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extension-preferences.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extension-preferences.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extension-settings.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extension-settings.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/\{04ba7aa0-7fea-431f-8875-ca1c2f67129d\}.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/\{73a6fe31-595d-460b-a920-fcc0f8843232\}.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/\{e7fe4ffe-f256-4f85-906d-072fdd698585\}.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/\{ea140408-7a75-4812-af5a-0acf701fdf01\}.xpi r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/jid1-MnnxcxisBPnSXQ@jetpack.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/staged/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/staged/\{04ba7aa0-7fea-431f-8875-ca1c2f67129d\}.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/staged/\{04ba7aa0-7fea-431f-8875-ca1c2f67129d\}/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/staged/\{73a6fe31-595d-460b-a920-fcc0f8843232\}.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/staged/\{e7fe4ffe-f256-4f85-906d-072fdd698585\}.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/staged/jid1-MnnxcxisBPnSXQ@jetpack.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/staged/support@lastpass.com.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/staged/uBlock0@raymondhill.net.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/support@lastpass.com.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/trash/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/trash/\{73a6fe31-595d-460b-a920-fcc0f8843232\}.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/trash/jid1-MnnxcxisBPnSXQ@jetpack.xpi w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/trash/support@lastpass.com.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/trash/uBlock0@raymondhill.net.xpi w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/uBlock0@raymondhill.net.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/favicons.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/favicons.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/features/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/features/*/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/features/\{20c45ef9-8925-452f-bbe2-34b7b23dffa3\}/staged/doh-rollout@mozilla.org.xpi w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/features/\{9f8026e4-f410-4d9d-86e6-9e815c210d2d\}/staged/doh-rollout@mozilla.org.xpi w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/features/\{b315fb0b-cae8-47e5-803f-a668bc1508ac\}/staged/doh-rollout@mozilla.org.xpi w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/features/\{d89116a4-e405-43c6-94ac-09d41ce26f29\}/doh-rollout@mozilla.org.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/formhistory.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/formhistory.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp-gmpopenh*/*.*.*.*/gmpopenh*.info r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp-widevinecdm/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp-widevinecdm/*.*.*.*/LICENSE.txt w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp-widevinecdm/*.*.*.*/LICENSE.txt.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp-widevinecdm/*.*.*.*/libwidevinecdm.so.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp-widevinecdm/*.*.*.*/manifest.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp-widevinecdm/*.*.*.*/manifest.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp-widevinecdm/*/libwidevinecdm.so mrw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp/Linux_x86_64-gcc3/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/id/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/id/*/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/id/*/origin rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/id/*/salt rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/id/*/topLevelOrigin rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/storage/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/storage/*/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/storage/*/* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/handlers.json r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/handlers.json.tmp w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/key*.db rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/key4.db-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/lock w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/logins.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/logins.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/mediacapabilities/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/mediacapabilities/data.mdb rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/mediacapabilities/lock.mdb rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/minidumps/*.dmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/minidumps/*.extra w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/permissions.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/permissions.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/places.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/places.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/pluginreg.dat rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/pluginreg.dat.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/prefs-*.js rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/prefs.js rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/protections.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/protections.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/saved-telemetry-pings/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/saved-telemetry-pings/* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/saved-telemetry-pings/*.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/search.json.mozl* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/sessionCheckpoints.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/sessionCheckpoints.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/sessionstore-backups/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/sessionstore-backups/previous.jsonl* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/sessionstore-backups/recovery.bakl* w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/sessionstore-backups/recovery.jsonl* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/sessionstore-backups/recovery.jsonl*.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/sessionstore-backups/upgrade.jsonl*-* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/sessionstore.jsonl* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/sessionstore.jsonl*.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/shield-preference-experiments.json r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/shield-recipe-client.json.tmp w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage-sync.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage-sync.sqlite-journal w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/*/idb/*.files/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/http*.com/cache/caches.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.*.ca^userContextId=5/idb/*.sqlite k, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.*.ca^userContextId=5/idb/*.sqlite-journal w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.*.ca^userContextId=5/ls/usage w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.*.com/cache/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.*.com/cache/morgue/**.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.*.com/cache/morgue/*/*.final rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.ca/idb/*.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.ca/idb/*_rsot.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.ca/idb/*_rsot.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.ca/ls/data.sqlite k, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.ca/ls/usage w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.ca^userContextId=5/idb/*_rsot.sqlite rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/.metadata-v* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/cache/.padding rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/cache/caches.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/cache/caches.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/cache/context_open.marker w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/cache/morgue/*/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/idb/*..sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/idb/*..sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/idb/*.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/idb/*.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/ls/usage w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.net/ls/usage w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.org/idb/*-rf.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.org/idb/*-rf.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.org/ls/usage w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*/.metadata-v* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*/ls/usage w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++*.*.ca/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++*.*.ca/idb/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++*.*.com/idb/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++*.*.com/idb/*..sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++*.*.com/idb/*.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++*.ca/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++*.com/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++addons.mozilla.org/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++addons.mozilla.org/idb/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++addons.mozilla.org/idb/*.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++developers.google.com/cache/morgue/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++www.youtube.com/cache/morgue/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension*/.metadata-v* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension*/idb/*.files/* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension*/idb/*.files/journals/* w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension*/idb/*.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension*/idb/*.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension*/idb/*.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension*/ls/data.sqlite-journal w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension*/ls/usage w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension+++*/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension+++*/idb/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension+++*/idb/*.files/journals/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/.metadata-v2 r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/idb/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/idb/*--epcr.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/idb/*--epcr.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/idb/*-es.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/idb/*-es.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/idb/*.files/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/idb/*.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/idb/*.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/idb/*.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/idb/idb-deleting-* w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/temporary/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/times.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/weave/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/weave/failed/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/weave/failed/tabs.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/weave/failed/tabs.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/weave/toFetch/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/weave/toFetch/tabs.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/weave/toFetch/tabs.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/webappsstore.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/webappsstore.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/xulstore.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/xulstore.json.tmp rw, owner /home/*/.mozilla/firefox/arsueu18.default/times.json w, owner /home/*/.mozilla/firefox/installs.ini w, owner /home/*/.mozilla/firefox/profiles.ini rw, owner /home/*/.profile r, owner /home/*/.xscreensaver r, owner /home/*/.xsession-errors r, owner /home/*/Documents/ r, owner /home/*/Documents/*.pdf rw, owner /home/*/Documents/*.tmp rw, owner /home/*/Documents/bookmark*.html rw, owner /home/*/Documents/opt.*.* rw, owner /home/*/Documents/usr.*.* rw, owner /home/*/Documents/usr.local.bin.firefox rw, owner /home/*/Downloads/ r, owner /home/*/Downloads/*.pdf rw, owner /home/*/Downloads/*.txt rw, owner /home/*/Downloads/Windows10FirewallControlPlus-Setup.exe w, owner /opt/firefox/fonts/** mrwk, owner /proc/*/maps r, owner /proc/*/mountinfo r, owner /proc/*/smaps r, owner /proc/*/stat r, owner /proc/*/statm r, owner /proc/*/status r, owner /proc/*/task/*/stat r, owner /{media,mnt,opt,srv}/** rw, }
Hi @summerheat , I haven't seen you post in a while. Hopefully all is okay with you. I tried modifying my custom Thunderbird profile, created a few days ago, so links could open in Firefox, and although I could get it to work, it completely wiped out my FF bookmarks, making it impossible to even import them again Several attempts to fix the problem failed every time. I Have decided to simply copy and paste email links to Firefox, as this not only is a decent workaround, but I would say an even more secure one as well. You know the advice so often seen: "don't click on links in emails". My Thunderbird profiles are posted in a separate thread.
Hi @wat0114 - sorry for not posting earlier. I had been traveling around in the past 3 weeks and had not found the time to read the new stuff here. I will certainly try to look into your profiles and give some feed back in the coming days!
Finally some thoughts from my side. However, you might be disappointed as, e.g., one's profiles can differ a lot depending on which DE is used and which abstractions. And which helper applications. And the folders can differ - Firefox here on Arch is in /usr/lib/firefox and not in /opt/firefox. But I hope the following remarks make sense. I think it's proper that you use only one abstraction in the firefox-bin profile as many of them include other abstractions themselves which makes it sometimes rather difficult to asses what is allowed and what isn't. And they can cause trouble at times as seen in this example. I myself use more abstractions right now but try to replace them as much as possible. That said, the lightdm abstraction is interestingly enough not available in the AppArmor package that comes with Arch Linux (which corresponds with what the AppArmor gitlab site shows). That you have detailed rules for ~/Downloads has probably specific reasons. IMO, something like Code: owner @{HOME}/Downloads/ r, owner @{HOME}/Downloads/** rw, should be sufficient, though. However, I was a bit surprised that you added very detailed rules for ~/.mozilla and ~/.cache/mozilla. For example, the official Firefox profile contains these rules for ~/.mozilla : Code: owner @{HOME}/.{firefox,mozilla}/ rw, owner @{HOME}/.{firefox,mozilla}/** rw, owner @{HOME}/.{firefox,mozilla}/**/*.{db,parentlock,sqlite}* k, owner @{HOME}/.{firefox,mozilla}/plugins/** rm, owner @{HOME}/.{firefox,mozilla}/**/plugins/** rm, which are okay for me. Do you have special reasons for your detailed rules? I think they make the profile more complex than necessary but I might be missing something. I think you are on the right track! As indicated, my own profile isn't perfect yet at all (as I had not enough time recently). When ready I will share here, too!
Thanks summerheat. Yes, all along I believe many of my rules might be more granular than necessary, but I'd rather err on the side of staying more secure rather than allowing potential holes. To state what you already know: Apparmor by design is meant to allow an application to do only, and preferably, only exactly what it's supposed to do and no more, so this is the principle I've been trying to follow all along, which also explains my granular rules for Downloads and Documents folders. My ruleset as it currently stands is subject to possible changes, especially once I can gain a better understanding of the Linux file system and the different types of file types and their purposes used in Firefox. Upon careful evaluation of all the abstractions I had previously allowed when profiling Firefox, I decided they opened up too many unnecessary doors, so that was why I eliminated some of them and went for more granular rules instead.
@summerheat , I've managed to eliminate the massive lightdm abstraction, and ended up with just a few more rules, the addition of much leaner totem and python abstractions, and an additional, yet small, "opt.firefox.plugin-container" profile in the process. I had to use an inherit rule: "ix" for the opt.firefox.plugin-container rule, otherwise it wouldn't play Netflix content when I tried a Profile (Px) rule, but no big deal. I believe this change results in a far more restrictive profile overall. Code: # Last Modified: Sun Dec 8 14:04:22 2019 #include <tunables/global> /opt/firefox/firefox { #include <abstractions/ubuntu-browsers.d/plugins-common> /dev/null r, /etc/ld.so.cache r, /etc/ld.so.preload r, /opt/firefox/firefox mr, /opt/firefox/firefox-bin Px, /run/firejail/lib/lib*so* r, /run/firejail/lib/libpostexecseccomp.so mr, } Code: # Last Modified: Tue Dec 10 19:04:45 2019 #include <tunables/global> /opt/firefox/firefox-bin flags=(complain) { #include <abstractions/python> #include <abstractions/totem> signal send set=term peer=/opt/firefox/plugin-container, /dev/video* r, /etc/mailcap r, /etc/mime.types r, /etc/pulse/client.conf r, /etc/pulse/client.conf.d/*.conf r, /etc/xfce4/*.list r, /home/*/Documents/libreoffice.profile r, /home/*/Documents/loffice.profile r, /opt/firefox/firefox-bin mrix, /opt/firefox/pingsender Px, /opt/firefox/plugin-container ix, /proc/cpuinfo r, /proc/filesystems r, /proc/sys/crypto/fips_enabled r, /sys/devices/pci*/*/device r, /sys/devices/pci*/*/subsystem_device r, /sys/devices/pci*/*/subsystem_vendor r, /sys/devices/pci*/*/vendor r, /sys/devices/system/cpu/* r, /sys/devices/system/cpu/cpu0/cache/** r, /sys/devices/system/cpu/cpufreq/** r, /usr/bin/lsb_release mrix, /usr/bin/python* r, /usr/bin/python3.7 ix, /var/cache/fontconfig/ mrwk, /{media,mnt,opt,srv}/** mr, owner "/home/*/.fonts/Segoe UI.ttf" r, owner "/home/*/.mozilla/firefox/Crash Reports/InstallTime*" rw, owner "/home/*/.mozilla/firefox/Crash Reports/LastCrash" rw, owner "/home/*/.mozilla/firefox/Crash Reports/events/" r, owner "/home/*/.mozilla/firefox/Crash Reports/pending/*.extra" w, owner "/home/*/.mozilla/firefox/Pending Pings/" r, owner /dev/shm/org.mozilla.* rw, owner /home/*/ r, owner /home/*/.ICEauthority r, owner /home/*/.Xauthority r, owner /home/*/.bash_history r, owner /home/*/.bash_logout r, owner /home/*/.bashrc r, owner /home/*/.cache/fontconfig/*-*-*-*-*-*.cache-* r, owner /home/*/.cache/fontconfig/*-*.cache-* rwlk, owner /home/*/.cache/fontconfig/*.cache-*.LCK/ w, owner /home/*/.cache/mesa_shader_cache/index rw, owner /home/*/.cache/mozilla/ w, owner /home/*/.cache/mozilla/firefox/ w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/.startup-incomplete w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/OfflineCache/ w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/OfflineCache/index.sqlite rwk, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/OfflineCache/index.sqlite-journal rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/activity-stream.discovery_stream.json rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/activity-stream.discovery_stream.json.tmp rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/cache2/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/cache2/* rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/cache2/doomed/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/cache2/doomed/* rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/cache2/entries/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/cache2/entries/* rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/cache2/trash*/ w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-backup/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/*.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/*.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/ads-track-digest256-1.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/ads-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/ads-track-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/allow-flashallow-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/allow-flashallow-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/analytics-track-digest256-1.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/analytics-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/analytics-track-digest256.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/base-cryptomining-track-digest256-1.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/base-cryptomining-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/base-cryptomining-track-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/base-fingerprinting-track-digest256-1.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/base-fingerprinting-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/base-fingerprinting-track-digest256.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/base-track-digest256-1.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/base-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/base-track-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/block-flash-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/block-flash-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/block-flashsubdoc-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/block-flashsubdoc-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/content-track-digest256-1.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/content-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/content-track-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/except-flash-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/except-flash-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/except-flashallow-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/except-flashallow-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/except-flashsubdoc-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/except-flashsubdoc-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-badbinurl-proto-1.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-badbinurl-proto.metadata w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-badbinurl-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-downloadwhite-proto.metadata w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-downloadwhite-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-malware-proto-1.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-malware-proto.metadata w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-malware-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-phish-proto-1.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-phish-proto.metadata w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-phish-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-unwanted-proto-1.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-unwanted-proto.metadata w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/google4/goog-unwanted-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/mozplugin-block-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/mozplugin-block-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/mozstd-trackwhite-digest256.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/mozstd-trackwhite-digest256.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-track-digest256-1.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-track-digest256.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-tracking-protection-*-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-tracking-protection-*-digest256.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-tracking-protection-digest256-1.sbstore w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-tracking-protection-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-tracking-protection-digest256.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-tracking-protection-facebook-digest256-1.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-tracking-protection-linkedin-digest256-1.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing-updating/social-tracking-protection-twitter-digest256-1.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/*.vlpset w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/ads-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/ads-track-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/allow-flashallow-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/allow-flashallow-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/analytics-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/analytics-track-digest256.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/base-cryptomining-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/base-cryptomining-track-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/base-fingerprinting-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/base-fingerprinting-track-digest256.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/base-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/base-track-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/block-flash-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/block-flash-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/block-flashsubdoc-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/block-flashsubdoc-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/content-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/content-track-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/except-flash-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/except-flash-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/except-flashallow-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/except-flashallow-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/except-flashsubdoc-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/except-flashsubdoc-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/goog-badbinurl-proto.metadata r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/goog-badbinurl-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/goog-downloadwhite-proto.metadata rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/goog-downloadwhite-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/goog-malware-proto.metadata rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/goog-malware-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/goog-phish-proto.metadata r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/goog-phish-proto.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/goog-unwanted-proto.metadata r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/google4/goog-unwanted-proto.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/mozplugin-block-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/mozplugin-block-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/mozstd-trackwhite-digest256.sbstore r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/mozstd-trackwhite-digest256.vlpset r, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/social-track-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/social-track-digest256.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/social-tracking-protection-*-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/social-tracking-protection-*-digest256.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/social-tracking-protection-digest256.sbstore rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/safebrowsing/social-tracking-protection-digest256.vlpset rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/settings/ w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/settings/main/ w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/settings/main/ms-language-packs/ w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/settings/main/ms-language-packs/asrouter.ftl rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/settings/main/ms-language-packs/asrouter.ftl.tmp rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/settings/main/public-suffix-list/ w, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/settings/main/public-suffix-list/dafsa.bin rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/settings/main/public-suffix-list/dafsa.bin.tmp rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/scriptCache-child-current.bin rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/scriptCache-child-new.bin rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/scriptCache-child.bin rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/scriptCache-current.bin rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/scriptCache-new.bin rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/scriptCache.bin rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/startupCache.*.little rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/urlCache-current.bin rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/urlCache-new.bin rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/urlCache.bin rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/startupCache/webext.sc.l* rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/thumbnails/ rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/thumbnails/*.png rw, owner /home/*/.cache/mozilla/firefox/5sonjh3a.default-release/thumbnails/*.png.tmp rw, owner /home/*/.cache/thumbnails/normal/*.png r, owner /home/*/.config/dconf/user r, owner /home/*/.config/gtk-3.0/bookmarks r, owner /home/*/.config/gtk-3.0/gtk.css r, owner /home/*/.config/gtk-3.0/whisker-tweak.css r, owner /home/*/.config/mimeapps.list r, owner /home/*/.config/user-dirs.dirs r, owner /home/*/.dmrc r, owner /home/*/.fonts/ r, owner /home/*/.fonts/.uuid r, owner /home/*/.fonts/BankGthd.ttf r, owner /home/*/.fonts/Ubuntu.ttf r, owner /home/*/.local/share/applications/ r, owner /home/*/.local/share/applications/mimeapps.list r, owner /home/*/.local/share/gvfs-metadata/*.log r, owner /home/*/.local/share/gvfs-metadata/home r, owner /home/*/.local/share/recently-used.xbel rw, owner /home/*/.local/share/recently-used.xbel.* rw, owner /home/*/.mozilla/firefox/*.default-release/storage/default/https+++addons.mozilla.org/idb/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/*.txt rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/.parentlock wk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/addonStartup.json.l* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/addons.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/addons.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/blocklist.xml rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/blocklist.xml.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/bookmarkbackups/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/bookmarkbackups/bookmarks-20*.jsonl* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/bookmarkbackups/bookmarks-20*.jsonl*.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/broadcast-listeners.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/broadcast-listeners.json.corrupt w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/broadcast-listeners.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/browser-extension-data/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/cert*.db rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/cert*.db-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/compatibility.ini rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/containers.json r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/content-prefs.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/content-prefs.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/cookies.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/cookies.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/crashes/events/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/crashes/events/* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/crashes/store.json.mozl* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/aborted-session-ping w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/aborted-session-ping.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*-*/*.*.heartbeat.jsonl*.tmp w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.crash.jsonl*.tmp w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.event.jsonl* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.event.jsonl*.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.first-shutdown.jsonl* r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.health.jsonl* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.health.jsonl*.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.main.jsonl* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.main.jsonl*.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.modules.jsonl* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.modules.jsonl*.tmp w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/archived/20*/*.new-profile.jsonl* r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/session-state.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/session-state.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/datareporting/state.json r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extension-preferences.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extension-preferences.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extension-settings.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extension-settings.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/\{04ba7aa0-7fea-431f-8875-ca1c2f67129d\}.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/\{73a6fe31-595d-460b-a920-fcc0f8843232\}.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/\{e7fe4ffe-f256-4f85-906d-072fdd698585\}.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/\{ea140408-7a75-4812-af5a-0acf701fdf01\}.xpi r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/jid1-MnnxcxisBPnSXQ@jetpack.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/staged/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/staged/\{04ba7aa0-7fea-431f-8875-ca1c2f67129d\}.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/staged/\{04ba7aa0-7fea-431f-8875-ca1c2f67129d\}/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/staged/\{73a6fe31-595d-460b-a920-fcc0f8843232\}.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/staged/\{e7fe4ffe-f256-4f85-906d-072fdd698585\}.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/staged/jid1-MnnxcxisBPnSXQ@jetpack.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/staged/support@lastpass.com.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/staged/uBlock0@raymondhill.net.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/support@lastpass.com.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/trash/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/trash/\{73a6fe31-595d-460b-a920-fcc0f8843232\}.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/trash/jid1-MnnxcxisBPnSXQ@jetpack.xpi w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/trash/support@lastpass.com.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/trash/uBlock0@raymondhill.net.xpi w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/extensions/uBlock0@raymondhill.net.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/favicons.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/favicons.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/features/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/features/*/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/features/\{20c45ef9-8925-452f-bbe2-34b7b23dffa3\}/staged/doh-rollout@mozilla.org.xpi w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/features/\{9f8026e4-f410-4d9d-86e6-9e815c210d2d\}/staged/doh-rollout@mozilla.org.xpi w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/features/\{b315fb0b-cae8-47e5-803f-a668bc1508ac\}/staged/doh-rollout@mozilla.org.xpi w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/features/\{d89116a4-e405-43c6-94ac-09d41ce26f29\}/doh-rollout@mozilla.org.xpi rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/formhistory.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/formhistory.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp-gmpopenh*/*.*.*.*/gmpopenh*.info r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp-widevinecdm/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp-widevinecdm/*.*.*.*/LICENSE.txt w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp-widevinecdm/*.*.*.*/LICENSE.txt.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp-widevinecdm/*.*.*.*/libwidevinecdm.so.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp-widevinecdm/*.*.*.*/manifest.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp-widevinecdm/*.*.*.*/manifest.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp-widevinecdm/*/libwidevinecdm.so mrw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp/Linux_x86_64-gcc3/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/id/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/id/*/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/id/*/origin rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/id/*/salt rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/id/*/topLevelOrigin rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/storage/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/storage/*/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/gmp/Linux_x86_64-gcc3/gmp-widevinecdm/storage/*/* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/handlers.json r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/handlers.json.tmp w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/key*.db rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/key4.db-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/lock w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/logins.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/logins.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/mediacapabilities/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/mediacapabilities/data.mdb rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/mediacapabilities/lock.mdb rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/minidumps/*.dmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/minidumps/*.extra w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/permissions.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/permissions.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/places.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/places.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/pluginreg.dat rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/pluginreg.dat.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/prefs-*.js rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/prefs.js rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/protections.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/protections.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/saved-telemetry-pings/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/saved-telemetry-pings/* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/saved-telemetry-pings/*.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/search.json.mozl* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/sessionCheckpoints.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/sessionCheckpoints.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/sessionstore-backups/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/sessionstore-backups/previous.jsonl* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/sessionstore-backups/recovery.bakl* w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/sessionstore-backups/recovery.jsonl* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/sessionstore-backups/recovery.jsonl*.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/sessionstore-backups/upgrade.jsonl*-* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/sessionstore.jsonl* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/sessionstore.jsonl*.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/shield-preference-experiments.json r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/shield-recipe-client.json.tmp w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage-sync.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage-sync.sqlite-journal w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/*/idb/*.files/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/http*.com/cache/caches.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.*.ca^userContextId=5/idb/*.sqlite k, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.*.ca^userContextId=5/idb/*.sqlite-journal w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.*.ca^userContextId=5/ls/usage w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.*.com/cache/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.*.com/cache/morgue/**.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.*.com/cache/morgue/*/*.final rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.ca/idb/*.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.ca/idb/*_rsot.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.ca/idb/*_rsot.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.ca/ls/data.sqlite k, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.ca/ls/usage w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.ca^userContextId=5/idb/*_rsot.sqlite rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/.metadata-v* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/cache/.padding rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/cache/caches.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/cache/caches.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/cache/context_open.marker w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/cache/morgue/*/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/idb/*..sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/idb/*..sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/idb/*.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/idb/*.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.com/ls/usage w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.net/ls/usage w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.org/idb/*-rf.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.org/idb/*-rf.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*.org/ls/usage w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*/.metadata-v* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https*/ls/usage w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++*.*.ca/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++*.*.ca/idb/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++*.*.com/idb/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++*.*.com/idb/*..sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++*.*.com/idb/*.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++*.ca/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++*.com/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++addons.mozilla.org/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++addons.mozilla.org/idb/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++addons.mozilla.org/idb/*.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++developers.google.com/cache/morgue/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/https+++www.youtube.com/cache/morgue/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension*/.metadata-v* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension*/idb/*.files/* rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension*/idb/*.files/journals/* w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension*/idb/*.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension*/idb/*.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension*/idb/*.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension*/ls/data.sqlite-journal w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension*/ls/usage w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension+++*/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension+++*/idb/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/default/moz-extension+++*/idb/*.files/journals/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/.metadata-v2 r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/idb/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/idb/*--epcr.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/idb/*--epcr.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/idb/*-es.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/idb/*-es.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/idb/*.files/ rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/idb/*.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/idb/*.sqlite-journal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/idb/*.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/permanent/chrome/idb/idb-deleting-* w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/storage/temporary/ r, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/times.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/weave/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/weave/failed/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/weave/failed/tabs.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/weave/failed/tabs.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/weave/toFetch/ w, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/weave/toFetch/tabs.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/weave/toFetch/tabs.json.tmp rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/webappsstore.sqlite rwk, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/webappsstore.sqlite-wal rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/xulstore.json rw, owner /home/*/.mozilla/firefox/5sonjh3a.default-release/xulstore.json.tmp rw, owner /home/*/.mozilla/firefox/arsueu18.default/times.json w, owner /home/*/.mozilla/firefox/installs.ini w, owner /home/*/.mozilla/firefox/profiles.ini rw, owner /home/*/.profile r, owner /home/*/.xscreensaver r, owner /home/*/.xsession-errors r, owner /home/*/Documents/ r, owner /home/*/Documents/*.pdf rw, owner /home/*/Documents/*.png r, owner /home/*/Documents/*.tmp rw, owner /home/*/Documents/bookmark*.html rw, owner /home/*/Documents/opt.*.* rw, owner /home/*/Documents/usr.*.* rw, owner /home/*/Documents/usr.local.bin.firefox rw, owner /home/*/Downloads/ r, owner /home/*/Downloads/*.pdf rw, owner /home/*/Downloads/*.txt rw, owner /home/*/Downloads/Windows10FirewallControlPlus-Setup.exe w, owner /opt/firefox/fonts/** mrwk, owner /proc/*/maps r, owner /proc/*/mountinfo r, owner /proc/*/smaps r, owner /proc/*/stat r, owner /proc/*/statm r, owner /proc/*/status r, owner /proc/*/task/*/stat r, owner /run/user/1000/dconf/* rw, owner /{media,mnt,opt,srv}/** rw, } Code: # Last Modified: Sat Nov 9 09:26:55 2019 #include <tunables/global> /opt/firefox/pingsender { #include <abstractions/base> /opt/firefox/pingsender mr, } Code: # Last Modified: Tue Dec 10 18:57:34 2019 #include <tunables/global> /opt/firefox/plugin-container flags=(complain) { #include <abstractions/base> signal receive set=term peer=/opt/firefox/firefox-bin, /opt/firefox/plugin-container mr, }
I think the following are most if not all of the new additional rules in the opt.firefox.firefox-bin profile, as a result of eliminating <abstractions/lightdm> : Code: #include <abstractions/python> #include <abstractions/totem> signal send set=term peer=/opt/firefox/plugin-container, /opt/firefox/firefox-bin mrix, /opt/firefox/pingsender Px, /opt/firefox/plugin-container ix, /proc/cpuinfo r, /proc/filesystems r, /proc/sys/crypto/fips_enabled r, /sys/devices/pci*/*/device r, /sys/devices/pci*/*/subsystem_device r, /sys/devices/pci*/*/subsystem_vendor r, /sys/devices/pci*/*/vendor r, /sys/devices/system/cpu/* r, /sys/devices/system/cpu/cpu0/cache/** r, /sys/devices/system/cpu/cpufreq/** r, /usr/bin/lsb_release mrix, /usr/bin/python* r, /usr/bin/python3.7 ix, Clearly this is vastly fewer files and directories allowed compared to using <abstraction/lightdm>, and <abstractions/python>, <abstractions/totem> are far less file and directory-encompassing than lightdm. Again this is *loosely* following the principle of allowing only exactly what Firefox requires, as there are some wildcards used, but nothing compared to using lightdm. I'm confused why the rule "/opt/firefox/firefox-bin mrix," was needed, but it came up in the aa-logprof profiling, so I chose to inherit in an effort to avoid complications.
You are really on the right track, IMO I can't really comment those abstractiobns as the lightdm and totem abstractions don't exist on my system, and I'm using sddm anyhow. So Px didn't work?
Thanks! here is the llightdm abstraction included with MX-19: Code: # vim:syntax=apparmor # Profile for restricting lightdm guest session # Author: Martin Pitt <martin.pitt@ubuntu.com> # This abstraction provides the majority of the confinement for guest sessions. # It is in its own abstraction so we can have a centralized place for # confinement for the various lightdm sessions (guest, freerdp, uccsconfigure, # etc). Note that this profile intentionally omits chromium-browser. # Requires apparmor 2.9 #include <abstractions/authentication> #include <abstractions/cups-client> #include <abstractions/dbus> #include <abstractions/dbus-session> #include <abstractions/dbus-accessibility> #include <abstractions/nameservice> #include <abstractions/wutmp> # bug in compiz https://launchpad.net/bugs/697678 /etc/compizconfig/config rw, /etc/compizconfig/unity.ini rw, / r, /bin/ rmix, /bin/fusermount Px, /bin/** rmix, /cdrom/ rmix, /cdrom/** rmix, /dev/ r, /dev/** rmw, # audio devices etc. owner /dev/shm/** rmw, /etc/ r, /etc/** rmk, /etc/X11/Xsession ix, /etc/X11/xdm/** ix, # needed for openSUSE's default session-wrapper /etc/X11/xinit/** ix, # needed for openSUSE's default session-wrapper /lib/ r, /lib/** rmixk, /lib32/ r, /lib32/** rmixk, /lib64/ r, /lib64/** rmixk, owner /{,run/}media/ r, owner /{,run/}media/** rmwlixk, # we want access to USB sticks and the like /opt/ r, /opt/** rmixk, @{PROC}/ r, @{PROC}/* rm, @{PROC}/[0-9]*/net/ r, @{PROC}/[0-9]*/net/dev r, @{PROC}/asound rm, @{PROC}/asound/** rm, @{PROC}/ati rm, @{PROC}/ati/** rm, @{PROC}/sys/vm/overcommit_memory r, owner @{PROC}/** rm, # needed for gnome-keyring-daemon @{PROC}/*/status r, # needed for bamfdaemon and utilities such as ps and killall @{PROC}/*/stat r, /sbin/ r, /sbin/** rmixk, /sys/ r, /sys/** rm, # needed for confined trusted helpers, such as dbus-daemon /sys/kernel/security/apparmor/.access rw, /tmp/ rw, owner /tmp/** rwlkmix, /usr/ r, /usr/** rmixk, /var/ r, /var/** rmixk, /var/guest-data/** rw, # allow to store files permanently /var/tmp/ rw, owner /var/tmp/** rwlkm, /{,var/}run/ r, # necessary for writing to sockets, etc. /{,var/}run/** rmkix, /{,var/}run/mir_socket rw, /{,var/}run/screen/** wl, /{,var/}run/shm/** wl, /{,var/}run/uuidd/request w, # libpam-xdg-support/logind owner /{,var/}run/user/*/** rw, capability ipc_lock, # allow processes in the guest session to signal and ptrace each other signal peer=@{profile_name}, ptrace peer=@{profile_name}, # needed when logging out of the guest session signal (receive) peer=unconfined, unix peer=(label=@{profile_name}), unix (receive) peer=(label=unconfined), unix (create), unix (getattr, getopt, setopt, shutdown), unix (bind, listen, accept, receive, send) type=stream addr="@/com/ubuntu/upstart-session/**", unix (bind, listen) type=stream addr="@/tmp/dbus-*", unix (bind, listen) type=stream addr="@/tmp/.ICE-unix/[0-9]*", unix (bind, listen) type=stream addr="@/dbus-vfs-daemon/*", unix (bind, listen) type=stream addr="@guest*", unix (connect, receive, send) type=stream peer=(addr="@/tmp/dbus-*"), unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"), unix (connect, receive, send) type=stream peer=(addr="@/dbus-vfs-daemon/*"), unix (connect, receive, send) type=stream peer=(addr="@guest*"), # silence warnings for stuff that we really don't want to grant deny capability dac_override, deny capability dac_read_search, #deny /etc/** w, # re-enable once LP#697678 is fixed deny /usr/** w, deny /var/crash/ w, you can see just how much it allows, yet most of it Firefox doesn't need. No, Firefox wouldn't open and logprof wasn't generating any other path rule suggestions. BTW, I've made a few changes to the opt.firefox.firefox-bin profile to tighten things up a bit. i replaced these: Code: /sys/devices/system/cpu/cpu0/cache/** r, /sys/devices/system/cpu/cpufreq/** r, ...with these: Code: /sys/devices/system/cpu/cpu*/cache/index* r, /sys/devices/system/cpu/cpu*/cache/index*/size r, /sys/devices/system/cpu/cpu*/cache/power r, /sys/devices/system/cpu/cpufreq/policy* r, /sys/devices/system/cpu/cpufreq/policy*/cpuinfo_max_freq r Maybe I'm going overboard with granularity, but I'm really trying to steer Firefox toward doing close to only exactly what it needs to do.
Thanks for providing the code! And yes, that's the problem with many abstractions that they contain much stuff that is not needed. Ah, sorry! I missed that we are talking about the opt.firefox.firefox-bin profile. /opt/firefox/firefox-bin Px, doesn't make sense here, of course. It's certainly better to be on the safe side!
@wat0114 (I think you're the only one interested in this stuff ): After some toing and froing I've come to the solution that I'm confining Firefox, Thunderbird and VirtualBox with AppArmor alone and no longer with Firejail. The reason is that when using AppArmor and Firejail in tandem I didn't manage to get the helper applications be started in their own independent profiles. In Thunderbird, e.g., I'm using Okular (as PDF reader), Gwenview (as image viewer) and LibreOffice as helper applications. When using AppArmor and Firejail together, I can only make them execute with ix, and as a child process of Thunderbird within its Firejail sandbox. This means that they are properly confined/sandboxed against the rest of the world but they can still tamper with everything in ~/.thunderbird. And that's not what I want. So I created my own tight AppArmor profiles for those helper applications and execute them from Thunderbird (and Firefox) with Px which means that they run in their own AA profiles without access to ~/.thunderbird and ~/.mozilla. There might be work-arounds to achieve that in combination with Firejail but that solution is good enough for me. The reason why I don't firejail VirtualBox any more is the fact that it is the only application on my system that doesn't start when setting the force-nonewprivs flag in /etc/firejail/firejail.config. Note that I still strongly endorse using Firejail. The sandbox provided by it is strong, and a big advantage is that there are now more than 900 profiles available so that many popular applications are now sandboxed (which dramatically minimizes the potential gateways for malware). Writing AppArmor profiles for all those applications is simply too tedious.
Haha...yeah I'm surprised to see so little interest in it, in spite of how powerful it is in securing programs. As for tedious, yes it can get very tedious as I discovered to some extent with Firefox, and a far greater extent with Chrome/Chromium. Thunderbird was a challenge as well. I had to relax many of the rules for both browsers in order to prevent the considerable 'breakage" that would occur with every update of the browser and their associated extensions/addons. Even with relaxing of the rules, the restrictions placed on the browsers with their profiles should make it very difficult for them to be exploited.
True, but let's face it: Writing one's own AA profiles is not trivial and you need some experience, patience and basic knowledge about Linux. For most users Firejail is a much easier solution, particularly for Linux newbies. Yes, and writing AA profiles for 900+ applications is probably a life task Stay healthy!
I have 73 profiles, some of which were already include in the AA packages. So far so good avoiding the dreaded covid
@wat0114 : Until recently I noticed that Code: systemd-analyze blame | grep apparmor showed that apparmor profile loading needed about 7 seconds during the boot process. Some days ago after adding some more profiles I noticed that now about 15 seconds were needed. Ouch! So I enabled profiles caching as explained here. After executing sudo systemctl reload apparmor and rebooting that time was reduced to less than 2 seconds! So this speeds up the boot process considerably. Highly recommended.
Hi summerheat, this is the result for me: Code: $ systemd-analyze blame | grep apparmor 1.349s apparmor.service This is without enabling profiles caching, so I guess I don't need it. Mabe it's already enabled in Debian 10? Just speculation of course. Thanks for the info! Edit actually no, it's not enabled
