On Wed, Sep 20, 2017 at 01:15:20PM +0200, intrigeri wrote:
> At this point I wonder if it's worth our time to write and maintain
> a profile for /usr/bin/bwrap. My current take of it is: probably not.
I think it is; first, this does raise the question of why is whatever it
is that it executes not
Minor nitpicking: The .../share/icons/ rules are the only one where you use
separate rules instead of alternations. If there isn't a special reason for
this, I'd prefer to use the same style everywhere ;-)
--
https://code.launchpad.net/~intrigeri/apparmor/flatpak-exports/+merge/331056
Your team
On 09/20/2017 04:15 AM, intrigeri wrote:
> Hi,
>
> on current Debian sid, Totem tries to use bubblewrap (/usr/bin/bwrap).
> I've not investigated why yet but I suspect it's part of the GNOME
> project's much welcome effort to sandbox dangerous things
> like thumbnailers.
>
> bubblewrap sets up
On Wed, 20 Sep 2017 at 16:53:19 +0200, intrigeri wrote:
> Simon McVittie:
> > I'm surprised this works. bwrap is an "adverb" like chroot/sudo/env, so
> > I would expect it to want to execute the wrapped thumbnailer?
>
> Same here! It would be awesome if someone investigated why/how exactly
>
Simon McVittie:
> I'm surprised this works. bwrap is an "adverb" like chroot/sudo/env, so
> I would expect it to want to execute the wrapped thumbnailer?
Same here! It would be awesome if someone investigated why/how exactly
Totem now uses bwrap.
Cheers,
--
intrigeri
--
AppArmor mailing list
intrigeri has proposed merging
lp:~intrigeri/apparmor/apache2-attach_disconnected into lp:apparmor.
Requested reviews:
AppArmor Developers (apparmor-dev)
For more details, see:
https://code.launchpad.net/~intrigeri/apparmor/apache2-attach_disconnected/+merge/331065
--
Your team AppArmor
Hi,
thanks a lot for the clarifications. I'm looking forward to your merge
request on Launchpad :)
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
intrigeri has proposed merging
~intrigeri/apparmor-profiles/+git/apparmor-profiles:gnome-3.26 into
apparmor-profiles:master.
Requested reviews:
AppArmor Developers (apparmor-dev)
For more details, see:
intrigeri has proposed merging lp:~intrigeri/apparmor/flatpak-exports into
lp:apparmor.
Requested reviews:
AppArmor Developers (apparmor-dev)
For more details, see:
https://code.launchpad.net/~intrigeri/apparmor/flatpak-exports/+merge/331056
--
Your team AppArmor Developers is requested to
On Wed, 20 Sep 2017 at 13:15:20 +0200, intrigeri wrote:
> bubblewrap sets up Linux namespaces and other stuff that makes it
> essentially need full admin access, which is kinda by design for this
> kind of sandboxing wrappers (not sure if userns would change anything
> to that, anyway that's
Hi,
on current Debian sid, Totem tries to use bubblewrap (/usr/bin/bwrap).
I've not investigated why yet but I suspect it's part of the GNOME
project's much welcome effort to sandbox dangerous things
like thumbnailers.
bubblewrap sets up Linux namespaces and other stuff that makes it
essentially
11 matches
Mail list logo