[Touch-packages] [Bug 1042771] Re: sanitized_helper prevents proper transition to other profiles

Or simply PCx -> sanitized_helper ? It would be a little better if thunderbird/firefox used xdg-open, instead opening directly: xdg-open Cxr -> sanitized_helper, Although it does not control what xdg-open itself can launch. For example, Dragon player launches browser (for http://) or email

[Touch-packages] [Bug 1042771] Re: sanitized_helper prevents proper transition to other profiles

This would indeed be perfect for this situation. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1042771 Title: sanitized_helper prevents proper transition to other

[Touch-packages] [Bug 1042771] Re: sanitized_helper prevents proper transition to other profiles

Maybe a fallback mechanism would be needed? Something like this: /usr/bin/evince (Px, Cxr -> sanitized_helper), -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1042771

[Touch-packages] [Bug 1042771] Re: sanitized_helper prevents proper transition to other profiles

Note that this is rather tricky. If the user disabled the evince profile, using Px means that the exec will fail with 'profile not found'. There is no way to specify 'use P if it exists, otherwise C'. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1042771] Re: sanitized_helper prevents proper transition to other profiles

See https://bugs.launchpad.net/apparmor-profiles/+bug/1727993 for a discussion about this topic. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1042771 Title:

[Touch-packages] [Bug 1042771] Re: sanitized_helper prevents proper transition to other profiles

Since Evince ships with an Apparmor profile on its own, I think the following fix makes sense: $ diff -Naur abstractions/ubuntu-browsers.d/productivity{.orig,} --- abstractions/ubuntu-browsers.d/productivity.orig2017-10-26 15:34:03.374102924 -0400 +++

[Touch-packages] [Bug 1042771] Re: sanitized_helper prevents proper transition to other profiles

** Tags added: aa-policy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1042771 Title: sanitized_helper prevents proper transition to other profiles Status in

[Touch-packages] [Bug 1042771] Re: sanitized_helper prevents proper transition to other profiles

** Changed in: apparmor (Ubuntu) Importance: Undecided = Low -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1042771 Title: sanitized_helper prevents proper transition