Allow Tor Browser to view other HTML files in /usr/share/doc
Originally created by @sajolida on #16432 (Redmine)
Right now, the AppArmor profile of Tor Browser in Tails only allows viewing files in `/usr/share/doc/tails/website`.
For example, if I install ikiwiki, I have no way of viewing the HTML documentation included in the package.
We are also facing this problem in Whiskers where it’s currently impossible to view the doc included in the Debian package: https://gitlab.com/scif/whiskers/issues/95.
So relaxing the AppArmor limitations on `/usr/share/doc` make sense in 2 different contexts that Tails wants to support:
- Additional Software (like ikiwiki) introduced in 3.9.
- Tails derivatives (like Whiskers) as per https://tails.boum.org/contribute/derivatives/.
What would be the best approach to solve this?
- Edit the AppArmor profile in https://git.tails.boum.org/tails/tree/config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch? I could submit a branch for this.
- Is it possible to relax the AppArmor limitations at runtime? This could work for Tails derivatives but not for Additional Software.
Attachments
Edited by sajolida