Le 15/12/16 à 21:13, Tommaso Cucinotta a écrit :
On 13/12/2016 11:25, Helge Hafting wrote:
that's why I'm looking into AppArmor instead, which is essentially
a
Seems like a good thing - especially the ability to prevent
networking. No network - no LyX-based virus at least.
we need both, file-system confinement and no networking, otherwise
e.g., an R script in a LyX doc might overwrite ~/.Rprofile, which might
getexecuted next time the user runs R independently (outside of LyX,
where it's not confined). On the other hand, allowing only to read
~/.Rprofile (without writing) seems useful and not harmful.
So allow read-only of everything and read/write in the temp file.
JMarc
