I went through this the other day with a personal profile. We probably
can do something along the lines of:
/{,snap/core/[0-9]*/}usr/bin/snap mrCx -> snap_browser,
profile snap_browser {
#include <abstractions/base>
/etc/passwd r,
/etc/group r,
/etc/nsswitch.conf r,
/dev/tty rw,
# noisy
deny network inet stream,
deny network inet6 stream,
deny owner /run/user/[0-9]*/gdm/Xauthority r, # not needed on Ubuntu
/{,snap/core/[0-9]*/}usr/bin/snap mrix, # re-exec
/etc/fstab r,
@{PROC}/sys/net/core/somaxconn r,
@{PROC}/sys/kernel/seccomp/actions_avail r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{HOME}/.snap/auth.json r, # if exists, required
/run/snapd.socket rw,
/snap/core/[0-9]*/usr/lib/snapd/info r,
/snap/core/[0-9]*/usr/lib/snapd/snapd r,
/var/lib/snapd/system-key r,
/{,snap/core/*/}usr/lib/snapd/snap-confine Pix,
/sys/kernel/security/apparmor/features/ r,
# allow launching official browser snaps. This could be abstracted into an
#include or tunable
/snap/chromium/*/meta/snap.yaml r,
/snap/firefox/*/meta/snap.yaml r,
# ...
}
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1794064
Title:
Clicking a hyperlink in a PDF fails to open it if the default browser
is a snap
Status in evince package in Ubuntu:
New
Bug description:
This is related to bug #1792648. After fixing that one (see discussion
at https://salsa.debian.org/gnome-team/evince/merge_requests/1),
clicking a hyperlink in a PDF opens it correctly if the default
browser is a well-known application (such as /usr/bin/firefox), but it
fails to do so if the default browser is a snap (e.g. the chromium
snap).
This is not a recent regression, it's not working on bionic either.
ProblemType: Bug
DistroRelease: Ubuntu 18.10
Package: evince 3.30.0-2
ProcVersionSignature: Ubuntu 4.18.0-7.8-generic 4.18.5
Uname: Linux 4.18.0-7-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.10-0ubuntu11
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Mon Sep 24 12:28:06 2018
EcryptfsInUse: Yes
InstallationDate: Installed on 2016-07-02 (813 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64
(20160420.1)
SourcePackage: evince
UpgradeStatus: Upgraded to cosmic on 2018-09-14 (9 days ago)
modified.conffile..etc.apparmor.d.abstractions.evince: [modified]
mtime.conffile..etc.apparmor.d.abstractions.evince: 2018-09-24T11:35:41.904158
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
