Hi Charlotte, thanks for your report!
On Thu, Apr 04, 2019 at 12:42:47PM +0100, Charlotte Lewer wrote:
> The program cannot open local files. This applies to both unprivileged users
> and root.
>
> example:
> $ surf file:///home/user/file.html
> opens a browser window with error message:
> Error opening file /home/user/file.html: Permission denied
>
> I have tried doing this in the upstream version of the program installed on
> the
> same system and it displayed the file without an error.
The reason why files in your home directory can't be opened is that
AppArmor prevents it. The surf package ships a profile for AppArmor
(/etc/apparmor.d/usr.bin.surf) that prevents this access. Only some
specific directories are allowed that are required for surf to work properly.
They are not allowed because a browser usually should not access your
private files. In case of a security vulnerability in the engine
(webkit), an attacker could read/modify your private data.
If you can live with this risk and really want to allow the browser
access to your private files, you can add a override in the file:
/etc/apparmor.d/local/usr.bin.surf
For example an entry like that would allow read access in the user's
home directory:
@{HOME}/** r,
(After modifying to need to reload the surf profile:
# apparmor_parser -r /etc/apparmor.d/usr.bin.surf
I hope that helps.
Kind regards,
Reiner
signature.asc
Description: PGP signature
