[apparmor] [Merge] lp:~sdeziel/apparmor-profiles/usr.bin.thunderbird-profile into lp:apparmor-profiles
u
u at 451f.org
Wed Jan 20 11:19:36 UTC 2016
Hi,
thanks for working on this!
Jamie Strandboge:
> On 01/14/2016 05:27 AM, Simon McVittie wrote:
>> > On 13/01/16 20:21, Jamie Strandboge wrote:
>>> >> This comes from how Ubuntu (and I believe Debian) launch the binary.
>>> >> /usr/bin/thunderbird is a symlink to /usr/lib/thunderbird/thunderbird.sh. We
>>> >> didn't want to confine this file but instead /usr/lib/thunderbird/thunderbird.
>> >
>> > FWIW, Debian ships code remarkably similar to Thunderbird under the name
>> > Icedove, for the same trademark reasons as Firefox/Iceweasel.
>> > /usr/bin/icedove is a symlink to /usr/lib/icedove/icedove which seems to
>> > be the real executable.
>> >
>>> >> The glob is there because iirc ppa builds and older releases might use something
>>> >> different than /usr/lib/thunderbird/thunderbird.
>> >
>> > How much do you want to support those PPA builds and older releases,
>> > bearing in mind that if you meaningfully supported them, you'd probably
>> > already know how they're structured? :-)
>> >
> I wasn't saying we should continue with the glob; I was trying to give
> historical context. I vote for:
>
> profile thunderbird /usr/lib/thunderbird/thunderbird { ... }
>
> If we want to try to incorporate icedove, it could be done in a followup patch
> with alternations in the binary attachment and the rules.
I'd strongly advocate for incorporating Icedove in the profile, as this
would allow for cross-distro compatibility.
Do you think this is possible?
Cheers!
u.
More information about the AppArmor
mailing list