Open curiosityseeker opened 2 years ago
The comment is being misinterpreted -- I should have clarified that environment scrubbing should not be used, i.e. use px
instead of Px
.
With regards to px
vs ix
, I don't think it matters in this context. As a general rule I try to use ix
for programs which may be run by the parent program intermittently and px
for programs which run indefinitely alongside the parent program, and since these firefox
processes are designed to stay open indefinitely, I chose to use px
. Again, I don't think it really matters in this context and they could be used interchangeably.
Thanks a lot for providing your AppArmor profiles!
One question: The Firefox profile says in lines 48-49:
That's a bit confusing to me.
px
requires a separate profile for that executed program. But we're here in the same Firefox profile.px
is here equivalent toìx
, IMO. Is there a special reason why you chosepx
instead? I might be missing something important.