Control: tag -1 + fixed-upstream
Thanks to Vincas this was fixed upstream:
https://git.launchpad.net/apparmor-profiles/tree/ubuntu/17.10/usr.bin.thunderbird
Carsten, could you please pull this updated profile?
Cheers,
--
intrigeri
On 2017.10.25 22:25, Simon Deziel wrote:
Strange, preliminary test shows that totem is launched with it's
profile, meanwhile evince is launched via thunderbird//sanitized_helper
for unknown reason. I need to test some more.
It's been that way for a long time, see [1].
Regards,
Simon
[1]
On 2017-10-25 03:08 PM, Vincas Dargis wrote:
> On 2017.10.25 10:26, intrigeri wrote:
>>> Also, if sanitized_helper contains:
>>
>>> `/{usr/,}bin/* Pixr,`
>>
>>> Doesn't this automatically mean that this line in usr.bin.thunderbird
>>> profile
>>
>>> `/{usr/,}bin/* Cx -> sanitized_helper,`
>>
>>>
On 2017.10.25 10:26, intrigeri wrote:
Also, if sanitized_helper contains:
`/{usr/,}bin/* Pixr,`
Doesn't this automatically mean that this line in usr.bin.thunderbird profile
`/{usr/,}bin/* Cx -> sanitized_helper,`
will in result launch /usr/bin/totem with it's *P*rofile?
I wonder,
Vincas Dargis:
> On 2017.10.25 10:26, intrigeri wrote:
>> Indeed, it might be that the specific rules about evince & totem
>> you're quoting from my patch above are not needed. It would be nice if
>> we could drop them (and the maintenance cost of hard-coding a list of
>> exceptions) so I'm hoping
On 2017.10.25 10:26, intrigeri wrote:
Indeed, it might be that the specific rules about evince & totem
you're quoting from my patch above are not needed. It would be nice if
we could drop them (and the maintenance cost of hard-coding a list of
exceptions) so I'm hoping your testing confirms your
Hi Vincas,
Vincas Dargis:
> + # Allow opening attachments
> + /{usr/,}bin/* Cx -> sanitized_helper,
> + /{usr/,}sbin/* Cx -> sanitized_helper,
> + /usr/local/{bin,sbin}/* Cx -> sanitized_helper,
> + /usr/bin/evince Pix,
> + /usr/bin/totem Pix,
[...]
> Do we really need sbin? I kind doubt
Patch snippet:
+ # Allow opening attachments
+ /{usr/,}bin/* Cx -> sanitized_helper,
+ /{usr/,}sbin/* Cx -> sanitized_helper,
+ /usr/local/{bin,sbin}/* Cx -> sanitized_helper,
+ /usr/lib/libreoffice/program/soffice Cxr -> sanitized_helper,
+ /usr/bin/evince Pix,
+ /usr/bin/totem Pix,
Do
Hello Mike,
could you please add intrigeri to the pkg-mozilla group on Alioth? Seems
to me this is not happen since intrigeri has requested access. Adding
him to pkg-mozilla is helping Thunderbird by the apparmor integration a lot.
Thanks!
Am 20.09.2017 um 17:31 schrieb intrigeri:
> Carsten
Carsten Schoenert:
> On Sun, Sep 03, 2017 at 10:36:23AM +0200, intrigeri wrote:
>> By the way, IIRC Carsten told me that I could push such fixed directly
>> to the Vcs-Git. I've just tried to push my branch there, and was told:
[...]
> seems you have no access rights though.
[...]
> Should be
Hello intrigeri,
On Sun, Sep 03, 2017 at 10:36:23AM +0200, intrigeri wrote:
...
> By the way, IIRC Carsten told me that I could push such fixed directly
> to the Vcs-Git. I've just tried to push my branch there, and was told:
>
> remote: error: insufficient permission for adding an object to
Control: tag -1 + patch
Hi,
(sorry for the delay, post-DebConf holiday / traveling + another conference)
Michael Biebl:
> They might want to usertag this bug accordingly
Done with:
bts user pkg-apparmor-t...@lists.alioth.debian.org \
. usertag 855346 + help-needed
Feel free to do so
Package: thunderbird
Version: 1:45.7.1-1
Severity: normal
The Thunderbird AppArmor profile breaks the ability to open attachments
directly. (Saving them is possible.)
For instance, when attempting to open an attached .png by selecting 'Open with
Image Viewer', /usr/bin/eog fails to launch:
13 matches
Mail list logo
