AppArmor Profile for TBB.

AppArmor is a Linux MAC. It is enabled by default in Ubuntu.


The primary goal of confining TBB is to prevent an exploit in Firefox to leak the IP address. Is this even possible?

Do we need something like ?

Even without that, AppArmor still is useful. For example you can easily protect files in your home folder and prevent persistent exploitation.

Prior Work



sudo apt-get install apparmor-utils

Create Profiles

sudo aa-genprof tor-browser_en-US/App/vidalia

sudo aa-genprof tor-browser_en-US/App/tor

sudo aa-genprof tor-browser_en-US/App/Firefox/firefox

Profiles are stored in:


pastebin backup

(adrelanos) Before it gets purged from pastebin someday, I made a backup on github, but don't plan development:

Fork me on GitHub
Last modified 6 years ago Last modified on Jun 10, 2013, 12:05:32 AM