I went through this the other day with a personal profile. We probably can do something along the lines of:
/{,snap/core/[0-9]*/}usr/bin/snap mrCx -> snap_browser, profile snap_browser { #include <abstractions/base> /etc/passwd r, /etc/group r, /etc/nsswitch.conf r, /dev/tty rw, # noisy deny network inet stream, deny network inet6 stream, deny owner /run/user/[0-9]*/gdm/Xauthority r, # not needed on Ubuntu /{,snap/core/[0-9]*/}usr/bin/snap mrix, # re-exec /etc/fstab r, @{PROC}/sys/net/core/somaxconn r, @{PROC}/sys/kernel/seccomp/actions_avail r, owner @{PROC}/@{pid}/mountinfo r, owner @{HOME}/.snap/auth.json r, # if exists, required /run/snapd.socket rw, /snap/core/[0-9]*/usr/lib/snapd/info r, /snap/core/[0-9]*/usr/lib/snapd/snapd r, /var/lib/snapd/system-key r, /{,snap/core/*/}usr/lib/snapd/snap-confine Pix, /sys/kernel/security/apparmor/features/ r, # allow launching official browser snaps. This could be abstracted into an #include or tunable /snap/chromium/*/meta/snap.yaml r, /snap/firefox/*/meta/snap.yaml r, # ... } -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to evince in Ubuntu. https://bugs.launchpad.net/bugs/1794064 Title: Clicking a hyperlink in a PDF fails to open it if the default browser is a snap Status in evince package in Ubuntu: New Bug description: This is related to bug #1792648. After fixing that one (see discussion at https://salsa.debian.org/gnome-team/evince/merge_requests/1), clicking a hyperlink in a PDF opens it correctly if the default browser is a well-known application (such as /usr/bin/firefox), but it fails to do so if the default browser is a snap (e.g. the chromium snap). This is not a recent regression, it's not working on bionic either. ProblemType: Bug DistroRelease: Ubuntu 18.10 Package: evince 3.30.0-2 ProcVersionSignature: Ubuntu 4.18.0-7.8-generic 4.18.5 Uname: Linux 4.18.0-7-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.10-0ubuntu11 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Sep 24 12:28:06 2018 EcryptfsInUse: Yes InstallationDate: Installed on 2016-07-02 (813 days ago) InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1) SourcePackage: evince UpgradeStatus: Upgraded to cosmic on 2018-09-14 (9 days ago) modified.conffile..etc.apparmor.d.abstractions.evince: [modified] mtime.conffile..etc.apparmor.d.abstractions.evince: 2018-09-24T11:35:41.904158 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp