[pkg-apparmor] Bug#883256: apparmor-profiles-extra: Totem can't access files outside $HOME
Vincas Dargis
vindrg at gmail.com
Fri Dec 1 17:17:39 UTC 2017
Hi,
Please note that AppArmor profiles are extendable by modifying `local` files, in this case, please try editing this file:
sudo vim/nano/whatever /etc/apparmor.d/local/usr.bin.totem
Add a line:
/media/** r,
Also maybe this line, depending on where your mounts are:
/mnt/** r,
Or in one go:
/{media,mnt,srv,wherever/mounts/are}/**
If these files on mounted media belongs to your system user, more strict version:
owner /{media,mnt}/** r,
Then, reload totem profile:
sudo apparmor_parser -r /etc/apparmor.d/local/usr.bin.totem
Anyway, maybe there should be a general guideline that profiles for
multimedia/image-viewing/other-odcument-opening-applications should allow mounted media by default. Although, totem
profile is from -extras package, intended maybe for more advanced users with intention that it could be extended by
themselves...
There are works on so-called "delegation", so that maybe some time in the future it would allow to ask user if AppArmor
profile should be extended (permanently or temporarily) to access some /media/x directory, by a dialog window of some sort.
More information about the pkg-apparmor-team
mailing list