-----BEGIN PGP SIGNED MESSAGE-----
On Friday, 2013-11-08 at 13:41 +0100, Christian Boltz wrote:
Now that I
think, the yast apparmour wizard has disappeared, so it is
more difficult to adjust profiles.
Hmm, I didn't check the YaST module for a long time (I never use it),
but the changelog says you are right:
* Mo Aug 19 2013 jreidinger(a)suse.com
- fix broken dialog in edit profiles
- drop reporting and profile generation tools (FATE#308684,308683)
Needless to say that both FATE entries are non-public :-( which means I
don't know any details why this was done. The only thing I know is that
the changelog entry is partly wrong - the "reporting" part was already
disabled in 2011 because of upstream changes.
In the remaining part, I even found a crash :-( (-> bug 849571)
That said - you don't need YaST to update the
profiles ;-) - the
commandline tools work as good as always.
To update an existing profile, run aa-logprof
It will ask you in the same way YaST did, the only difference is that
you need to use your keyboard instead of your mouse ;-)
I'll try... never used those, as far as I remember.
New profiles can be created with aa-genprof.
profile only covers the binary, not the wrapper script.
Which is that?
That's easy to find out ;-)
# which acroread
# ls -l `which acroread`
(and then follow the symlink)
Ah, ok, I understand.
cer@Telcontar:~> file /usr/lib/Adobe/Reader9/bin/acroread
/usr/lib/Adobe/Reader9/bin/acroread: POSIX shell script, ASCII text executable
I didn't realise there was a script involved. And the script is provided
by openSUSE, because I see refrences to bugzillas in it. So, in order to
install adobe from "upstream", I would still need to keep the script from
a previous install. :-(
Hum... the script says copyright be Adobe... I don't understand.
Or just run aa-genprof acroread to create a
Note: AFAIK the wrapper script uses LD_PRELOAD when starting the real
binary, which means you should _not_ clean the environment when the
binary is executed ("px" instead of "Px" in the profile)
That all said: The most secure solution is of course to use a maintained
PDF reader like Okular, but if you really _have to_ use acroread for
some reason, it's more secure (or should I say less exploitable with an
Oh, yes. I seldom use acroread, in fact.
If the danger is in the Firefox plugin, for instance,
that can be
removed with less trouble.
Indeed, just zypper rm acroread-browser-plugin
I'd strongly recommend to do that (guess who split off this
subpackage, and why... ;-)
You can blame me for the subpackage ;-)
Carlos E. R.
(from 12.3 x86_64 "Dartmouth" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
-----END PGP SIGNATURE-----
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org