Package: apparmor
Version: 2.10-4
Severity: normal
File: /etc/apparmor.d/abstractions/ubuntu-browsers
Steps:
* Use firefox-esr as preferred browser
* Enable the evince profile
* View a PDF in evince
* Click a http link in that PDF
Expected result:
* evince can execute firefox-esr with appropriate environment scrubbing
Actual result:
* exec of /usr/lib/firefox-esr/firefox-esr is denied
This pseudo-patch appears to work:
# this should cover all firefox browsers and versions (including shiretoko
# and abrowser)
/usr/bin/firefox Cxr -> sanitized_helper,
- /usr/lib/firefox*/firefox*.sh Cx -> sanitized_helper,
+ /usr/lib/firefox*/firefox*{,.sh} Cx -> sanitized_helper,
The usr.lib.firefox.firefox profile in "extras" should probably also include
firefox-esr (see #746418).
Regards,
S
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.5.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages apparmor depends on:
ii debconf [debconf-2.0] 1.5.59
ii libapparmor-perl 2.10-4
ii libc6 2.22-7
ii lsb-base 9.20160110
pn python3:any <none>
apparmor recommends no packages.
Versions of packages apparmor suggests:
ii apparmor-docs 2.10-4
ii apparmor-profiles 2.10-4
ii apparmor-profiles-extra 1.6
ii apparmor-utils 2.10-4
-- debconf information:
apparmor/homedirs:
