webbrowser-app should use app-specific paths when using --webapp
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor-easyprof-ubuntu (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Saucy |
Fix Released
|
High
|
Unassigned | ||
webbrowser-app (Ubuntu) |
Fix Released
|
High
|
Olivier Tilloy | ||
Saucy |
Fix Released
|
High
|
Olivier Tilloy |
Bug Description
The webbrowser-app stores its cache, cookies and various other files in ~/.cache/
This results in AppArmor rules like the following:
owner @{HOME}
owner @{HOME}
owner @{HOME}
owner @{HOME}
But these rules are too lenient and these paths need to be made webapp specific so that arbitrary webapps don't have access to global cookies, cache, etc. Specifically webbrowser-app should be adjusted to use $XDG_DATA_
Note, APP_ID is set in the environment for click packages and the app_pkgname can be derived from the APP_ID by doing:
app_pkgname = appid.split('_')[0]
Related branches
- PS Jenkins bot: Approve (continuous-integration)
- Alexandre Abreu (community): Approve
-
Diff: 13 lines (+3/-0)1 file modifiedsrc/app/webbrowser-app.cpp (+3/-0)
Changed in webbrowser-app (Ubuntu Saucy): | |
status: | New → Triaged |
Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy): | |
status: | New → Triaged |
Changed in webbrowser-app (Ubuntu Saucy): | |
importance: | Undecided → High |
Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy): | |
importance: | Undecided → High |
description: | updated |
tags: | added: application-confinement |
description: | updated |
Changed in webbrowser-app (Ubuntu Saucy): | |
assignee: | nobody → Olivier Tilloy (osomon) |
Changed in webbrowser-app (Ubuntu Saucy): | |
status: | Triaged → In Progress |
This bug was fixed in the package webbrowser-app - 0.22+13. 10.20130919. 3-0ubuntu1
--------------- 10.20130919. 3-0ubuntu1) saucy; urgency=low
webbrowser-app (0.22+13.
[ Alexandre Abreu ]
* Add a 'maximized' command line parameter mostly to enhance the
control for webapps launch.
[ Olivier Tilloy ]
* Use the value of APP_ID to set the application name. This ensures
that webapps (which run with a unique app ID) will write their data
where they ought to, and that they won’t have access to other apps’
cache and cookies. (LP: #1226085)
* Add a unity action to clear the navigation history.
* Override the UA string for facebook.com to ensure we’re getting
touch-enabled content. Without this override, we were getting
unstyled mobile content from the 90s. Impersonating an iphone or
android would offer to install the respective applications when
logging in. The 'Firefox' token gets us the right content (and
pretending to be AppleWebKit seems to be necessary too, otherwise
the layout is busted). (LP: #1215002)
[ Ubuntu daily release ]
* Automatic snapshot from revision 318
-- Ubuntu daily release <email address hidden> Thu, 19 Sep 2013 15:52:17 +0000