|
|
|
|
|
|
by TD-Linux
3954 days ago
|
|
|
AppArmor can't do a *.pdf restriction. Even if it could, you still let through access to every pdf on your system. The point here is that the sandboxing needs to be watertight, or it's simply not effective. pdf.js runs in the JS sandbox, but here the file origin checking failed. Placing an OS-level sandbox around it doesn't help unless it is just as tight. |
|
|