Or simply PCx -> sanitized_helper ?
It would be a little better if thunderbird/firefox used xdg-open,
instead opening directly:
xdg-open Cxr -> sanitized_helper,
Although it does not control what xdg-open itself can launch.
For example, Dragon player launches browser (for http://) or email
This would indeed be perfect for this situation.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1042771
Title:
sanitized_helper prevents proper transition to other profiles
To manage notifications
Maybe a fallback mechanism would be needed? Something like this:
/usr/bin/evince (Px, Cxr -> sanitized_helper),
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1042771
Title:
sanitized_helper
Note that this is rather tricky. If the user disabled the evince
profile, using Px means that the exec will fail with 'profile not
found'. There is no way to specify 'use P if it exists, otherwise C'.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
See https://bugs.launchpad.net/apparmor-profiles/+bug/1727993 for a
discussion about this topic.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1042771
Title:
sanitized_helper prevents proper
Since Evince ships with an Apparmor profile on its own, I think the
following fix makes sense:
$ diff -Naur abstractions/ubuntu-browsers.d/productivity{.orig,}
--- abstractions/ubuntu-browsers.d/productivity.orig2017-10-26
15:34:03.374102924 -0400
+++
** Tags added: aa-policy
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1042771
Title:
sanitized_helper prevents proper transition to other profiles
To manage notifications about this bug go to:
** Changed in: apparmor (Ubuntu)
Importance: Undecided = Low
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1042771
Title:
sanitized_helper prevents proper transition to other profiles
To manage
** Changed in: apparmor (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1042771
Title:
sanitized_helper prevents proper transition to other profiles
To manage
This bug also exists in Trusty and with the proliferation of the
sanitized helper this is rather concerning.
Note: it's possible Firefox will open the PDF with its builtin reader
when following the steps to reproduce. If that's the case, you simply
need to click the Download button and do Open
This looks to be related to 1045081.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1042771
Title:
sanitized_helper prevents proper transition to other profiles
To manage notifications about this
Per IRC, this is not related to 1045081.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1042771
Title:
sanitized_helper prevents proper transition to other profiles
To manage notifications about
The failure of the logging is related to bug #1045081, but the failure
of the sanitized helper is a different bug
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1042771
Title:
sanitized_helper
** Description changed:
When an application using the sanitized_helper launches another binary
also covered by another apparmor profile, the launched binary is running
with the sanitized_helper profile instead of transiting. Here is way to
reproduce/observe the problem:
- Launch
** Description changed:
When an application using the sanitized_helper launches another binary
also covered by another apparmor profile, the launched binary is running
with the sanitized_helper profile instead of transiting. Here is way to
reproduce/observe the problem:
- # Launch
15 matches
Mail list logo
