The problem with this is that firefox*{,.sh} is equivalent to firefox*.
Furthermore it matches the firefox binary /usr/lib/firefox/firefox as
shipped in ubuntu, which the original pattern did not.
But (and this is what prevented me from replying when the original merge
request was proposed), I'm not sure what the implications of that change
are, if any. The shipped firefox profile in ubuntu (16.04 LTS at least)
has "/usr/lib/firefox/firefox{,*[^s][^h]}" as it's profile match, so
potentially this could cause interference.
Is there a more tightly bound pattern for the esr firefoxes that debian
is shipping?
On Thu, Jun 23, 2016 at 06:51:14PM -0000, intrigeri wrote:
> Two months later: ping?
Sorry about that.
> === modified file 'profiles/ apparmor. d/abstractions/ ubuntu- browsers' apparmor. d/abstractions/ ubuntu- browsers 2012-04-25 19:13:15 +0000 apparmor. d/abstractions/ ubuntu- browsers 2016-04-24 14:26:52 +0000 firefox* /firefox* .sh Cx -> sanitized_helper, firefox* /firefox* {,.sh} Cx -> sanitized_helper,
> --- profiles/
> +++ profiles/
> @@ -30,7 +30,7 @@
> # this should cover all firefox browsers and versions (including shiretoko
> # and abrowser)
> /usr/bin/firefox Cxr -> sanitized_helper,
> - /usr/lib/
> + /usr/lib/
The problem with this is that firefox*{,.sh} is equivalent to firefox*. firefox/ firefox as
Furthermore it matches the firefox binary /usr/lib/
shipped in ubuntu, which the original pattern did not.
But (and this is what prevented me from replying when the original merge firefox/ firefox{ ,*[^s][ ^h]}" as it's profile match, so
request was proposed), I'm not sure what the implications of that change
are, if any. The shipped firefox profile in ubuntu (16.04 LTS at least)
has "/usr/lib/
potentially this could cause interference.
Is there a more tightly bound pattern for the esr firefoxes that debian
is shipping?
-- NxNW.org/ ~steve/
Steve Beattie
<email address hidden>
http://