Control: severity -1 wishlist
Control: tag -1 wontfix

Hi,

>> please allow evince to read TTF fonts wherever they may be. With the current 
>> apparmor profile, symlink-ing a TTF font from another partition into 
>> /usr/share/fonts leads to unusable evince menus (empty squares instead of 
>> characters).

>> It' a real easy fix: in /etc/apparmor.d/abstractions/evince, right after the 
>> **.[bB][mM][pP] & company add
>> 
>>   /**.[tT][tT][fF]     r,  # fonts can live anywhere

Note that the corresponding AppArmor policy lives in the "fonts"
abstraction, that is used by virtually all profiles that confine GUI
applications. That abstraction already supports installing additional
fonts locally e.g. in /usr/local/share/fonts/ and in ~/.fonts/, so
administrators have plenty of ways to make such fonts available in
a way that works just fine with AppArmor. Also, in general I don't
think we should make AppArmor policies support random places where
people might be symlinking stuff to: this would quickly lead to
profiles that are wide-open and hard to audit.

The easiest solutions, for an administrator, are to use mounts or
bind-mounts (as opposed to symlinks), or to add the additional access
they want to grant Evince in /etc/apparmor.d/local/usr.bin.evince :)

So I'm tagging this bug wontfix. Now, perhaps I missed something, and
of course this decision can be discussed/revisited.

Cheers,
--
intrigeri


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to