On 2016-01-14 08:46 AM, Jamie Strandboge wrote: > On 01/14/2016 05:27 AM, Simon McVittie wrote: >> On 13/01/16 20:21, Jamie Strandboge wrote: >>> This comes from how Ubuntu (and I believe Debian) launch the binary. >>> /usr/bin/thunderbird is a symlink to /usr/lib/thunderbird/thunderbird.sh. We >>> didn't want to confine this file but instead >>> /usr/lib/thunderbird/thunderbird. >> >> FWIW, Debian ships code remarkably similar to Thunderbird under the name >> Icedove, for the same trademark reasons as Firefox/Iceweasel. >> /usr/bin/icedove is a symlink to /usr/lib/icedove/icedove which seems to >> be the real executable. >> >>> The glob is there because iirc ppa builds and older releases might use >>> something >>> different than /usr/lib/thunderbird/thunderbird. >> >> How much do you want to support those PPA builds and older releases, >> bearing in mind that if you meaningfully supported them, you'd probably >> already know how they're structured? :-) >> > I wasn't saying we should continue with the glob; I was trying to give > historical context. I vote for: > > profile thunderbird /usr/lib/thunderbird/thunderbird { ... }
Done > If we want to try to incorporate icedove, it could be done in a followup patch > with alternations in the binary attachment and the rules. I'd also like to see this done in a follow-up patch. If you agree, the current bzr merge proposal would be ready to merge now. Thanks, Simon
signature.asc
Description: OpenPGP digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor