Hacker News new | ask | show | jobs
by okasaki 3958 days ago
No, you give it read-only access to the files it needs (e.g. /usr/) and then everywhere else like /home it can only open *.pdf.

Also, no networking.
1 comments
TD-Linux 3957 days ago
AppArmor can't do a *.pdf restriction. Even if it could, you still let through access to every pdf on your system.

The point here is that the sandboxing needs to be watertight, or it's simply not effective. pdf.js runs in the JS sandbox, but here the file origin checking failed. Placing an OS-level sandbox around it doesn't help unless it is just as tight.

link
okasaki 3957 days ago
Uh, yes it can

    allow /**/*.pdf r,
link
TD-Linux 3957 days ago
Wow okay, didn't realize that (was still thinking in extended-attributes SELinux land).
link