On Fri, 30 Jun 2017 at 20:20:33 +0200, intrigeri wrote: > Diane Trout: > > I was updating my browser profiles and saw firefox was trying to load some > > flatpak mime exports. > > > Should the apparmor profiles allow those?
Anything in /var/lib/flatpak/exports/share or ~/.local/share/flatpak/exports/share is essentially equivalent to the corresponding path in /usr/{local/,}share, and is something that has deliberately been "exported" to the rest of the system by a Flatpak-confined app. The most common thing to "export" is the app's .desktop file, so that it can be included in menus, considered as a potential MIME-type or URI-scheme handler and so on. The only reason to prevent reading those directories would be if you do not want the AppArmor-confined app to be able to enumerate the other software you have installed on your system, as an anti-fingerprinting mechanism. S -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor