[apparmor] [Merge] ~talkless/apparmor-profiles:fix-thunderbird-attachements into apparmor-profiles:master
Simon Déziel
simon.deziel at gmail.com
Thu Oct 26 17:30:31 UTC 2017
> On 2017.10.26 20:10, Simon Déziel wrote:
> > I've been running without the mmap rules for a while and haven't seen any
> problem. As for the sanitized_helper rules, it works as expected where helper
> apps get contained by the thunderbird//sanitized_helper profile (even if they
> have their own profile)
> About sanitized_helper, totem runs on it's own profile, while evince is not.
> It's some kind a bug out of this scope:
> https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1042771
They only way to have evince locked in its own profile was to explicitly add "/usr/bin/evince Px," to the TB profile. Add that same line to abstractions/ubuntu-helpers didn't work.
--
https://code.launchpad.net/~talkless/apparmor-profiles/+git/apparmor-profiles/+merge/332870
Your team AppArmor Developers is requested to review the proposed merge of ~talkless/apparmor-profiles:fix-thunderbird-attachements into apparmor-profiles:master.
More information about the AppArmor
mailing list