[pkg-apparmor] Bug#807880: apparmor-profiles-extra: AppArmor profile prevents evince from starting under wayland

[intrigeri]

Control: severity -1 minor

Hi,

> +  owner /{,var/}run/user/*/weston-shared-*     rw,

Thanks for your report!

I personally won't be leading a resolution of this bug short term, so
here are a few hints for anyone interested:

 * I doubt that Evince is the only piece of software that'll need such
   permissions, so likely there's room for a wayland abstraction.
   Not sure where exactly it should go, perhaps in the main AppArmor
   package just like the X abstraction. Next step is to start
   a discussion on the AppArmor mailing-list about it, IMO.

 * The path component after /run/user could be a bit more restrictive,
   with e.g. [0-9]* (I know, this is not used consistently across all
   profiles we ship).

Cheers!