mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
d9afe25a0d
Whenever the evince deb package tries to open a snap browser which was selected as the default, we get the following denial: audit[2110]: AVC apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/usr/bin/snap" pid=2110 comm="env" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 As a short-term solution, we are adding a snap-browsers profile which restricts what snaps opened by evince can do. The long-term solution is currently not available, but could be accomplished by using enhanced environment variable filtering/mediation and delegation of open fds. Bug: https://launchpad.net/bugs/1794064 Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/806 Acked-by: John Johansen <john@jjmx.net> |
||
|---|---|---|
| .. | ||
| apparmor/profiles/extras | ||
| apparmor.d | ||
| Makefile | ||