Patch snippet:
+ # Allow opening attachments
+ /{usr/,}bin/* Cx -> sanitized_helper,
+ /{usr/,}sbin/* Cx -> sanitized_helper,
+ /usr/local/{bin,sbin}/* Cx -> sanitized_helper,
+ /usr/lib/libreoffice/program/soffice Cxr -> sanitized_helper,
+ /usr/bin/evince Pix,
+ /usr/bin/totem Pix,
Do we really need sbin? I kind doubt there will be "document viewers", and it has setuid applications like pppd and
exim4, which is not comforting.
Also, if sanitized_helper contains:
`/{usr/,}bin/* Pixr,`
Doesn't this automatically mean that this line in usr.bin.thunderbird profile
`/{usr/,}bin/* Cx -> sanitized_helper,`
will in result launch /usr/bin/totem with it's *P*rofile?
I wonder, because `abstractions/ubuntu-media-players has `/usr/bin/totem Cxr ->
sanitized_helper,`, maybe that would work?
I'll do some testing tomorrow. If there's extra rules for XFCE, maybe I should
try Thunderbird on several DE.
