On Wed, Jan 16, 2019 at 07:50:56PM -0500, Leo Singer wrote: > I am unable to download files with surf. When I follow a link that > should trigger a download, such as a link to a .tar.gz file, I see this > error message in the terminal: > > surf: execvp x-terminal-emulator failed: Permission denied > > And I see this AppArmor audit message: > > [10250.579596] audit: type=1400 audit(1547686146.856:308): apparmor="DENIED" > operation="exec" profile="/usr/bin/surf" name="/usr/bin/lxterm" pid=17839 > comm="surf" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
Hm, I think this is a case for a local addition in /etc/apparmor.d/local/usr.bin.surf. I don't think it makes much sense to whitelist all terminal emulators available in Debian. I have added st(term) to the profile as it is likely also used by people using surf (as it's also a "suckless" project). Would a local profile addition be acceptable for you? Do you think it needs additional documentation in surf, or is the avilable apparmor documentation sufficient for that? Regards, Reiner
signature.asc
Description: PGP signature