I went through this the other day with a personal profile. We probably
can do something along the lines of:
/{,snap/core/[0-9]*/}usr/bin/snap mrCx -> snap_browser,
profile snap_browser {
#include <abstractions/base>
/etc/passwd r,
/etc/group r,
/etc/nsswitch.conf r,
/dev/tty rw,
# noisy
deny network inet stream,
deny network inet6 stream,
deny owner /run/user/[0-9]*/gdm/Xauthority r, # not needed on Ubuntu
/{,snap/core/[0-9]*/}usr/bin/snap mrix, # re-exec
/etc/fstab r,
@{PROC}/sys/net/core/somaxconn r,
@{PROC}/sys/kernel/seccomp/actions_avail r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{HOME}/.snap/auth.json r, # if exists, required
/run/snapd.socket rw,
/snap/core/[0-9]*/usr/lib/snapd/info r,
/snap/core/[0-9]*/usr/lib/snapd/snapd r,
/var/lib/snapd/system-key r,
/{,snap/core/*/}usr/lib/snapd/snap-confine Pix,
/sys/kernel/security/apparmor/features/ r,
# allow launching official browser snaps. This could be abstracted into an
#include or tunable
/snap/chromium/*/meta/snap.yaml r,
/snap/firefox/*/meta/snap.yaml r,
# ...
}
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1794064
Title:
Clicking a hyperlink in a PDF fails to open it if the default browser
is a snap
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
