On Thu, 24 Jul 2025 at 20:45:28 +0200, Christian Boltz wrote:
we need a separate profile for papers-previewer
We already have one, in the papers package. It's rather elaborate, and
heavily based on evince's own profile; papers is quite similar to evince
in structure and functionality (other than using GTK 4 instead of 3),
and I think it might even have originated as a fork of evince (but I'm
not 100% sure about that).
/usr/bin/evince-previewer Px,
+ /usr/bin/papers-previewer Pix,
A Px rule (without the ix fallback) would be better.
Would that load successfully, but gracefully decline to run
/usr/bin/papers-previewer (which in practice would not exist), if the
papers package isn't installed?
I thought that falling back to "same access to things that evince would
already have had" would be less bad than falling back to "can't run at
all". Running arbitrary code with "ix" is no worse for hardening
purposes than the same code being in-process, after all...
evince needs to work normally if papers is not installed, in which case
print preview should get ENOENT when attempting to run papers-previewer,
and fall back to evince-previewer, the same as it would do in the
absence of AppArmor.
smcv
