mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-01 14:55:10 +00:00
Code Issues Releases Wiki Activity

profiles: allow sanitized_helper to run snap applications

Browse Source 
This allows evince to share the document to a program running as a snap,
e.g. mail via firefox. Given that /usr/bin/snap itself is not confined
I chose to use ux, rather than pux.

Tested locally on Ubuntu 24.04 by sharing a document from evince to
firefox.

Fixes: https://bugs.launchpad.net/apparmor/+bug/2095872
Jira: https://bugs.launchpad.net/apparmor/+bug/2095872

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
This commit is contained in:
Zygmunt Krynicki
2025-03-10 13:16:48 +01:00
parent 6faa8950ed
commit 2fe23fef17
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
profiles/apparmor.d/abstractions/ubuntu-helpers
View File

@@ -83,6 +83,10 @@ profile sanitized_helper {
/opt/brave.com/brave{,-beta,-dev,-nightly}/chrome_crashpad_handler Pixr, /opt/brave.com/brave{,-beta,-dev,-nightly}/chrome_crashpad_handler Pixr,
/opt/brave.com/brave{,-beta,-dev,-nightly}/{,**/}lib*.so{,.*} m, /opt/brave.com/brave{,-beta,-dev,-nightly}/{,**/}lib*.so{,.*} m,
# Allow running snap applications
# https://bugs.launchpad.net/apparmor/+bug/2095872
/usr/bin/snap ux,
# Full access # Full access
/ r, / r,
/** rwkl, /** rwkl,