Firefox security features warning on Linux

Firefox Firefox 最終更新日時: 55% のユーザーがこの記事が役立だったと投票しています
この記事はまだ翻訳されていません。すでに SUMO のローカライズ方法を知っている場合は、この記事を翻訳してください。SUMO の記事を翻訳する方法を学びたい場合は、記事翻訳の手引きをご覧ください

You may see a warning that “some of Firefox’s security features may offer less protection on your current operating system” when you install Firefox on Linux.

The sandbox in Firefox makes use of unprivileged user namespaces when creating new processes for enforcing more security. This can be considered a security risk, therefore some Linux distributions have started to restrict its usage and only allow it to work where there is an AppArmor profile.

Such profiles can only cover a limited set of installations paths, including Snap and Debian packages. They cannot however cover some other use cases, such as tarball installations as well as local development builds.

To create an AppArmor profile for Firefox:

In /etc/apparmor.d/, create a file with the name firefox-local

In the file, add the following:

# This profile allows everything and only exists to give the
# application a name instead of having the label "unconfined"
abi <abi/4.0>,
include <tunables/global>
profile firefox-local
/home/<USER>/bin/firefox/{firefox,firefox-bin,updater}
flags=(unconfined) {
	userns,
	# Site-specific additions and overrides. See local/README for details.
	include if exists <local/firefox>
}


Replace <USER> with your Linux user name. This assumes the Firefox install is at $HOME/bin/

Once you have saved the file, run sudo systemctl restart apparmor.service in the Linux terminal.

以下の人々がこの記事の執筆を手伝ってくれました:

Illustration of hands

ボランティア

あなたの専門知識を成長させ、他の人と共有してください。質問に答えたり、ナレッジベースを改善したりしてください。

詳しく学ぶ