Commit 80ca5660 authored by intrigeri's avatar intrigeri
Browse files

Don't give Thunderbird its own TMPDIR anymore and drop the corresponding,...

Don't give Thunderbird its own TMPDIR anymore and drop the corresponding, incomplete AppArmor profile adjustments (refs: #15610)

The rationale provided for this customization (commit:a1fd1f0f, #9558) does not
hold here: the AppArmor profile allows Thunderbird to access /tmp anyway.

Besides, the AppArmor profile tweaks we had in place to match this custom
TMPDIR were incomplete: for example, as reported on #15395#note-24
this broke importing public OpenPGP keys from email attachments.
parent f1009f78
......@@ -29,16 +29,6 @@ configure_default_incoming_protocol() {
}
start_thunderbird() {
# Give Thunderbird its own temp directory, similar rationale to a1fd1f0f & #9558.
TMPDIR="${PROFILE}/tmp"
mkdir --mode=0700 -p "$TMPDIR"
export TMPDIR
# Clean the temporary directory: it's generally persistent, and then
# temporary files (including decrypted attachements) would otherwise
# be stored forever there (#13340).
rm -rf "${TMPDIR}"/*
export GNOME_ACCESSIBILITY=1
unset SESSION_MANAGER
......
......@@ -55,24 +55,3 @@
/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/** r,
@@ -373,13 +362,16 @@
# for revocation certificate generation
owner @{HOME}/.{icedove,thunderbird}/*/0x[A-F0-9]*_rev.asc rw,
+ # for revocation certificate generation
+ owner @{HOME}/.{icedove,thunderbird}/*.default/0x[A-F0-9]*_rev.asc rw,
+
# for signature generation
- owner /tmp/nsemail.eml w,
- owner /tmp/nsemail-[0-9]*.eml w,
+ owner @{HOME}/.{icedove,thunderbird}/*.default/tmp/nsemail.eml w,
+ owner @{HOME}/.{icedove,thunderbird}/*.default/tmp/nsemail-[0-9]*.eml w,
# for signature verifications
- owner /tmp/data.sig r,
- owner /tmp/data-[0-9]*.sig r,
+ owner @{HOME}/.{icedove,thunderbird}/*.default/tmp/data.sig r,
+ owner @{HOME}/.{icedove,thunderbird}/*.default/tmp/data-[0-9]*.sig r,
owner /tmp/gpg-[a-zA-Z0-9]*/S.gpg-agent rw,
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment