Comment 2 for bug 1241513

Hi,

you can use Pipelight with Firefox, although the Appamor profile for Firefox is set to enforce, by adding the following lines:

/usr/share/pipelight/hw-accel-default Ux,
/usr/share/pipelight/install-dependency Ux,
/opt/wine-compholio/bin/wine Ux,

to /etc/apparmor.d/local/usr.bin.firefox or creating it if it does not exist. This files defines local exceptions which are not part of a default Firefox installation.

This solution is not perfect since the three listed files are not secured by appamor, but I don't have an appamor profile for them yet and it might also be very complicated to define rules for Wine. Moreover, we are also working on a Sandbox for the Windows plugins which should be even a bit more secure than appamor rules. This should make it needless to additionally secure them via Appamor or SELinux and should provide the same security independently from the installed security mechanisms. Although the above workaround may be a bit less secure I would still think that it's acceptable in the meantime.

Michael