Today's #Linux pita: I generated a PDF file which links to local MP4 files. So clicking links in the PDF viewer (evince) should open a video player.. and play them. According to my "research" #AppArmor seems to be blocking this. Never heard about it before. Tried to add /usr/bin/totem as a line /usr/bin/totem ixr, to /etc/apparmor.d/usr.bin.evince.. but this breaks it: profile /usr/bin/evince: has merged rule /usr/bin/totem with conflicting x modifiers- Why? Can anyone help here please?
=> More informations about this toot | More toots from maehw@chaos.social
@maehw can’t help, but boosting to increase your chances to get an answer.
=> More informations about this toot | More toots from ArneBab@rollenspiel.social
@maehw the correct way to handle this would be to allow the pdf viewer to launch applications through a standard desktop launcher interface and let those applications be confined or not depending on the system but this does require applications to change.
Having said that, I think the age where a random PDF document can link to an arbitrary application has passed through Windows XP era and was fairly spectacular disaster in terms of security.
Sadly we are in the early stages of this transition
=> More informations about this toot | More toots from zygoon@fosstodon.org
@zygoon Thanks for your reply. I guess I get the basic idea why this has been done: to improve users' security. Do I get it right - there's no easy way to add exceptions for specific media/URIs? Doesn't seem very user-friendly.. but I guess that's out of scope for the "normal user" then as well.
=> More informations about this toot | More toots from maehw@chaos.social
I've worked around such annoyances by copying program binaries, so that they'd no longer be guarded by apparmor. not recommended if its defenses are important for you, of course, but it could be a reasonable workaround for opening trusted files
e.g.: cp /usr/bin/evince /tmp/evince && /tmp/evince my.pdf
=> More informations about this toot | More toots from lxo@gnusocial.jp This content has been proxied by September (3851b).Proxy Information
text/gemini