On 01/14/2016 05:27 AM, Simon McVittie wrote: > On 13/01/16 20:21, Jamie Strandboge wrote: >> This comes from how Ubuntu (and I believe Debian) launch the binary. >> /usr/bin/thunderbird is a symlink to /usr/lib/thunderbird/thunderbird.sh. We >> didn't want to confine this file but instead >> /usr/lib/thunderbird/thunderbird. > > FWIW, Debian ships code remarkably similar to Thunderbird under the name > Icedove, for the same trademark reasons as Firefox/Iceweasel. > /usr/bin/icedove is a symlink to /usr/lib/icedove/icedove which seems to > be the real executable. > >> The glob is there because iirc ppa builds and older releases might use >> something >> different than /usr/lib/thunderbird/thunderbird. > > How much do you want to support those PPA builds and older releases, > bearing in mind that if you meaningfully supported them, you'd probably > already know how they're structured? :-) > I wasn't saying we should continue with the glob; I was trying to give historical context. I vote for:
profile thunderbird /usr/lib/thunderbird/thunderbird { ... }
If we want to try to incorporate icedove, it could be done in a followup patch
with alternations in the binary attachment and the rules.
--
Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
