thunderbird/launcher : lp:~u-d/apparmor-profiles : Git : Code : AppArmor Profiles

Get this branch:: git clone -b thunderbird/launcher https://git.launchpad.net/~u-d/apparmor-profiles

Only Ulrike Uhlig can upload to this branch. If you are Ulrike Uhlig please log in for upload directions.

Branch merges

Rejected for merging into ~apparmor-dev/apparmor-profiles/+git/apparmor-profiles-old:master

intrigeri: Needs Fixing on 2017-07-01

AppArmor Developers: Pending requested 2017-03-18

Branch information

Name:: thunderbird/launcher

Repository:: lp:~u-d/apparmor-profiles

Recent commits

a8b1ce6... by Ulrike Uhlig on 2017-03-19

After some discussion with intrigeri and cboltz, here is a better proposal.

We want people to open attachments.
This should work for most users, not only GNOME users.
Thunderbird should use *-open but it does not, so we need to allow launching programs from /usr/bin.
Programs that have a profile though should be called using Px, the others using sanitized_helper at least.

05c0f96... by Ulrike Uhlig on 2017-03-18

Correct permissions. We want these apps to run only if they have a profile.

058cbba... by Ulrike Uhlig on 2017-03-18

Correct permissions. We want these apps to run using their own profile.

677d1b1... by Ulrike Uhlig on 2017-03-18

Be a little bit permissive when users try to view attachments.

We can't really forbid users to view attachments, but launching external
applications is not allowed by the AA profile for Thunderbird.
For common applications, this should be allowed though.

All uncommon applications should probably be added through a local
profile.

b0d658f... by Steve Beattie on 2017-01-26