[pkg-apparmor] Bug#807880: apparmor-profiles-extra: AppArmor profile prevents evince from starting under wayland
intrigeri
intrigeri at debian.org
Mon Dec 14 21:03:42 UTC 2015
Control: severity -1 minor
Hi,
> + owner /{,var/}run/user/*/weston-shared-* rw,
Thanks for your report!
I personally won't be leading a resolution of this bug short term, so
here are a few hints for anyone interested:
* I doubt that Evince is the only piece of software that'll need such
permissions, so likely there's room for a wayland abstraction.
Not sure where exactly it should go, perhaps in the main AppArmor
package just like the X abstraction. Next step is to start
a discussion on the AppArmor mailing-list about it, IMO.
* The path component after /run/user could be a bit more restrictive,
with e.g. [0-9]* (I know, this is not used consistently across all
profiles we ship).
Cheers!
More information about the pkg-apparmor-team
mailing list