https://bugzilla.novell.com/show_bug.cgi?id=308760#c1
Crispin Cowan changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |crispin@novell.com
--- Comment #1 from Crispin Cowan 2007-09-12 17:55:16 MST ---
It's true that AppArmor was designed more for the server than the desktop, but
it does quite a bit for the desktop as well.
In fact, AppArmor can actually do a fair amount of what you ask for here. To
create e.g. a "mail client template", start by creating a small shell script
mail_client_launcher. It prompts you for the mail client you would like to
launch, or otherwise takes an argument of what mail client to actually launch.
Then you build an AppArmor profile for mail_client_launcher. Give it ix
permissions to run all of the mail clients you want to run. You could even give
it "/usr/bin/* ix" at the risk of allowing other programs to run inside this
profile.
This solution is not perfect, and we are working on additional features for
AppArmor to make it better able to handle this kind of stuff. Come join the
AppArmor development list http://forge.novell.com/mailman/listinfo/apparmor-dev
to help.
My leading issue in this space is OpenOffice. When I launch OOo as a child of
Nautilus, I want it to have access to at least all of the files and directories
in the Nautilus view, and possibly to my entire home dir. However, when I
launch OOo as a child of Thunderbird (or your favorite mail client) or Firefox
(or your favorite web client) then I want it to have access to only the temp
dirs necessary to view the document.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
