[pkg-apparmor] Bug#821945: abstractions/ubuntu-browsers: please include /usr/lib/firefox-esr/firefox-esr as a browser

Wed Apr 20 17:15:23 UTC 2016

Package: apparmor
Version: 2.10-4
Severity: normal
File: /etc/apparmor.d/abstractions/ubuntu-browsers

Steps:
* Use firefox-esr as preferred browser
* Enable the evince profile
* View a PDF in evince
* Click a http link in that PDF

Expected result:
* evince can execute firefox-esr with appropriate environment scrubbing

Actual result:
* exec of /usr/lib/firefox-esr/firefox-esr is denied

This pseudo-patch appears to work:

   # this should cover all firefox browsers and versions (including shiretoko
   # and abrowser)
   /usr/bin/firefox Cxr -> sanitized_helper,
-  /usr/lib/firefox*/firefox*.sh Cx -> sanitized_helper,
+  /usr/lib/firefox*/firefox*{,.sh} Cx -> sanitized_helper,

The usr.lib.firefox.firefox profile in "extras" should probably also include
firefox-esr (see #746418).

Regards,
    S

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.5.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apparmor depends on:
ii  debconf [debconf-2.0]  1.5.59
ii  libapparmor-perl       2.10-4
ii  libc6                  2.22-7
ii  lsb-base               9.20160110
pn  python3:any            <none>

apparmor recommends no packages.

Versions of packages apparmor suggests:
ii  apparmor-docs            2.10-4
ii  apparmor-profiles        2.10-4
ii  apparmor-profiles-extra  1.6
ii  apparmor-utils           2.10-4

-- debconf information:
  apparmor/homedirs: