> Do we need evince to be reuploaded for jammy there since the previous upload was rejected by Steve?
I'm trying to see what type of error we get if we load a profile with such a rule and the target profile does not exist: /{,snap/core/[0-9]*/,snap/snapd/[0-9]*/}usr/bin/snap mrCx -> snap_browsers, Will it be worse than what we have now? Will evince's postinst fail when it reloads the profile with the above line, and snap_browsers is not defined? Will it crash when a link in a pdf is clicked? It's taking a bit to setup a jammy desktop vm to try this, and I have other SRUs to process. Georgia, could you elaborate on what would happen if the new evince were to be installed with an old apparmor that knows nothing about the snap_browsers profile? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1794064 Title: Clicking a hyperlink in a PDF fails to open it if the default browser is a snap Status in apparmor package in Ubuntu: Fix Released Status in evince package in Ubuntu: Fix Released Status in apparmor source package in Jammy: Fix Committed Status in evince source package in Jammy: In Progress Status in apparmor source package in Lunar: Fix Released Status in evince source package in Lunar: Fix Committed Status in evince package in Debian: Confirmed Bug description: [Impact] * Users cannot open a hyperlink in a PDF opened with evince when the default browser is a snap. * The fix creates a snap_browsers abstraction on AppArmor which can be used in a transition for when the browser is executed. The snap_browsers abstraction provides the minimal amount of permissions required to execute a browser provided through snaps. This is a workaround since AppArmor currently does not provide mediation/filtering on enhanced environment variables. [Test Plan] * Make sure the default browser is provided through the snap store. * Open a PDF that contains a hyperlink using evince and click on the URL. * The browser should open the requested URL. [Where problems could occur] * If the browser or snap core update to have new requirements for opening a browser, then the current policy could become obsolete and will need to be updated again. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1794064/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp