jlebon / textern

A Firefox add-on for editing text in your favourite external editor!
GNU General Public License v3.0
140 stars 21 forks source link

apparmor friendly locations #52

Closed jmcclelland closed 5 years ago

jmcclelland commented 5 years ago

If firefox is running via apparmor (or via firejail which might be running via apparmor) then it won't work.

Apparmor prevents applications from being run from the home directory, so USER=1 is out. That seems ok to me. If you are running apparmor you should use the global install option.

However, that doesn't work either because apparmor seems to think executables should only be run from /bin/, /usr/bin/, /usr/local/bin/ etc. and currently textern.py is being installed in /usr/local/libexec/textern (probably becaues it includes both textern.py and inotify_simple).

I think the best option would be to put textern.py in /usr/local/bin and insruct people to install inotify_simple using pip3.

jlebon commented 5 years ago

However, that doesn't work either because apparmor seems to think executables should only be run from /bin/, /usr/bin/, /usr/local/bin/ etc. and currently textern.py is being installed in /usr/local/libexec/textern (probably becaues it includes both textern.py and inotify_simple).

See https://github.com/jlebon/textern/issues/10 for why we install to /usr/libexec.

I don't know much about AppArmor, though would it not be possible to just add a profile for the /usr/libexec/textern location? If the path really needs to change, note that it is configurable at install time via the LIBEXEC dir.

jmcclelland commented 5 years ago

Ok - thanks for the feedback. And yes, I can work around this with firejail/apparmour.