(1) this is going to affect everybody who has a Windows partition
mounted on anything but /home. That does not seem very user-friendly.
(2) AFAICS, in apparmor, every different application will have its own
settings. The old way: I could manage permissions in /etc/fstab. (If I
had to change them at all.) The new way: I have to manage permissions
using apparmor, application by application. So I have to learn an
obscure configuration file syntax. And if I get something wrong then I
open my system to vulnerabilities. This is far from "Linux for human
beings". It is also unlikely to ensure security. At the moment only I
can write to /windows: will your suggested workaround allow any user
of evince to do it? I don't know. But I'm tempted to apply the
workaround anyway, and ignore your thoughtful warning. Result: worse
security, because user behaviour has not been taken account of.
Jamie
All well and good, but
(1) this is going to affect everybody who has a Windows partition
mounted on anything but /home. That does not seem very user-friendly.
(2) AFAICS, in apparmor, every different application will have its own
settings. The old way: I could manage permissions in /etc/fstab. (If I
had to change them at all.) The new way: I have to manage permissions
using apparmor, application by application. So I have to learn an
obscure configuration file syntax. And if I get something wrong then I
open my system to vulnerabilities. This is far from "Linux for human
beings". It is also unlikely to ensure security. At the moment only I
can write to /windows: will your suggested workaround allow any user
of evince to do it? I don't know. But I'm tempted to apply the
workaround anyway, and ignore your thoughtful warning. Result: worse
security, because user behaviour has not been taken account of.
Cheers
David