Control: severity -1 wishlist Control: tag -1 wontfix Hi,
>> please allow evince to read TTF fonts wherever they may be. With the current >> apparmor profile, symlink-ing a TTF font from another partition into >> /usr/share/fonts leads to unusable evince menus (empty squares instead of >> characters). >> It' a real easy fix: in /etc/apparmor.d/abstractions/evince, right after the >> **.[bB][mM][pP] & company add >> >> /**.[tT][tT][fF] r, # fonts can live anywhere Note that the corresponding AppArmor policy lives in the "fonts" abstraction, that is used by virtually all profiles that confine GUI applications. That abstraction already supports installing additional fonts locally e.g. in /usr/local/share/fonts/ and in ~/.fonts/, so administrators have plenty of ways to make such fonts available in a way that works just fine with AppArmor. Also, in general I don't think we should make AppArmor policies support random places where people might be symlinking stuff to: this would quickly lead to profiles that are wide-open and hard to audit. The easiest solutions, for an administrator, are to use mounts or bind-mounts (as opposed to symlinks), or to add the additional access they want to grant Evince in /etc/apparmor.d/local/usr.bin.evince :) So I'm tagging this bug wontfix. Now, perhaps I missed something, and of course this decision can be discussed/revisited. Cheers, -- intrigeri -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

