On 2017-10-25 03:08 PM, Vincas Dargis wrote:
> On 2017.10.25 10:26, intrigeri wrote:
>>> Also, if sanitized_helper contains:
>>
>>> `/{usr/,}bin/* Pixr,`
>>
>>> Doesn't this automatically mean that this line in usr.bin.thunderbird
>>> profile
>>
>>> `/{usr/,}bin/* Cx -> sanitized_helper,`
>>
>>> will in result launch /usr/bin/totem with it's *P*rofile?
>>
>>> I wonder, because `abstractions/ubuntu-media-players has
>>> `/usr/bin/totem Cxr -> sanitized_helper,`, maybe that would work?
>>> I'll do some testing tomorrow.
>>
>> Indeed, it might be that the specific rules about evince & totem
>> you're quoting from my patch above are not needed. It would be nice if
>> we could drop them (and the maintenance cost of hard-coding a list of
>> exceptions) so I'm hoping your testing confirms your hypothesis :)
>
> Strange, preliminary test shows that totem is launched with it's
> profile, meanwhile evince is launched via thunderbird//sanitized_helper
> for unknown reason. I need to test some more.It's been that way for a long time, see [1]. Regards, Simon [1] https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1042771
signature.asc
Description: OpenPGP digital signature
