Bug#670528: evince: please include AppArmor profile
intrigeri at debian.org
intrigeri at debian.org
Wed Apr 25 20:53:36 UTC 2012
Source: evince
Version: 3.2.1-1+b1
Severity: wishlist
Tags: patch
User: apparmor at packages.debian.org
Usertags: new-profile
thanks
Please include AppArmor profile for evince.
Since it handles untrusted data, and has been affected by a number of
potential security issues in past years relating to its handling of
those, it seems like an ideal candidate for confining:
https://wiki.debian.org/AppArmor
I have been testing evince for a few months, on a Debian sid system,
with the AppArmor profile shipped by Ubuntu's evince (3.3.5-0ubuntu1
and 3.4.0-0ubuntu1). I have not run into any single problem with it.
Attached is a patch that adds this AppArmor support to evince.
Please consider applying it.
Note that enforcing AppArmor profiles is currently opt-in: applying
the attached does not change anything for users unless they enable
AppArmor system-wide themselves.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: apparmor_evince_v1.patch
Type: text/x-diff
Size: 12431 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20120425/2ccf31fe/attachment.patch>
More information about the pkg-gnome-maintainers
mailing list