Viewing all changes in revision 133.
- Committer: Bazaar Package Importer
- Date: 2011-02-17 17:34:12 UTC
- Revision ID: james.westby@ubuntu.com-20110217173412-xlhpnxxcvu3capg7
* debian/apparmor-profile.abstraction: allow read of @{PROC}/[0-9]*/status
* debian/apparmor*: more strictly confine the thumbnailer, in particular
with regard to networking (LP: #720961)
- move a bunch of abstractions from the evince abstraction into the
evince and evince-previewer profiles
- move yelp and bug-buddy execs to evince and evince-previewer profiles
- deny reads to /etc/passwd and /etc/nsswitch.conf. These are caused by
calls to getuid() and geteuid() from gnome libraries, but the
thumbnailer doesn't actually need them
* debian/apparmor*: more strictly confine the thumbnailer, in particular
with regard to networking (LP: #720961)
- move a bunch of abstractions from the evince abstraction into the
evince and evince-previewer profiles
- move yelp and bug-buddy execs to evince and evince-previewer profiles
- deny reads to /etc/passwd and /etc/nsswitch.conf. These are caused by
calls to getuid() and geteuid() from gnome libraries, but the
thumbnailer doesn't actually need them
expand all
collapse all
added
removed
