On Wed, 20 Sep 2017 at 13:36:41 -0700, Seth Arnold wrote:
> On Wed, Sep 20, 2017 at 01:15:20PM +0200, intrigeri wrote:
> > At this point I wonder if it's worth our time to write and maintain
> > a profile for /usr/bin/bwrap. My current take of it is: probably not.
>
> I think it is; first, this do
On Wed, Sep 20, 2017 at 01:15:20PM +0200, intrigeri wrote:
> At this point I wonder if it's worth our time to write and maintain
> a profile for /usr/bin/bwrap. My current take of it is: probably not.
I think it is; first, this does raise the question of why is whatever it
is that it executes not
On 09/20/2017 04:15 AM, intrigeri wrote:
> Hi,
>
> on current Debian sid, Totem tries to use bubblewrap (/usr/bin/bwrap).
> I've not investigated why yet but I suspect it's part of the GNOME
> project's much welcome effort to sandbox dangerous things
> like thumbnailers.
>
> bubblewrap sets up Li
On Wed, 20 Sep 2017 at 16:53:19 +0200, intrigeri wrote:
> Simon McVittie:
> > I'm surprised this works. bwrap is an "adverb" like chroot/sudo/env, so
> > I would expect it to want to execute the wrapped thumbnailer?
>
> Same here! It would be awesome if someone investigated why/how exactly
> Totem
Simon McVittie:
> I'm surprised this works. bwrap is an "adverb" like chroot/sudo/env, so
> I would expect it to want to execute the wrapped thumbnailer?
Same here! It would be awesome if someone investigated why/how exactly
Totem now uses bwrap.
Cheers,
--
intrigeri
--
AppArmor mailing list
A
On Wed, 20 Sep 2017 at 13:15:20 +0200, intrigeri wrote:
> bubblewrap sets up Linux namespaces and other stuff that makes it
> essentially need full admin access, which is kinda by design for this
> kind of sandboxing wrappers (not sure if userns would change anything
> to that, anyway that's off-to
Hi,
on current Debian sid, Totem tries to use bubblewrap (/usr/bin/bwrap).
I've not investigated why yet but I suspect it's part of the GNOME
project's much welcome effort to sandbox dangerous things
like thumbnailers.
bubblewrap sets up Linux namespaces and other stuff that makes it
essentially