From cb60ba4fac8375885a01d04430eb091b022f8c7d Mon Sep 17 00:00:00 2001 From: James Henstridge Date: Thu, 14 Sep 2017 20:28:08 +0800 Subject: [PATCH] cmd/snap-confine: allow mounting of fonts --- cmd/snap-confine/snap-confine.apparmor.in | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cmd/snap-confine/snap-confine.apparmor.in b/cmd/snap-confine/snap-confine.apparmor.in index d943703a6b8..a2bc1c0d2dd 100644 --- a/cmd/snap-confine/snap-confine.apparmor.in +++ b/cmd/snap-confine/snap-confine.apparmor.in @@ -242,6 +242,10 @@ audit deny mount /** -> /snap/bin/**, # Allow the content interface to bind fonts from the host filesystem mount options=(ro bind) /var/lib/snapd/hostfs/usr/share/fonts/ -> /snap/*/*/**, + # Allow the desktop interface to bind fonts from the host filesystem + mount options=(ro bind) /var/lib/snapd/hostfs/usr/share/fonts -> /usr/share/fonts, + mount options=(ro bind) /var/lib/snapd/hostfs/usr/local/share/fonts -> /usr/local/share/fonts, + mount options=(ro bind) /var/lib/snapd/hostfs/var/cache/fontconfig -> /var/cache/fontconfig, # nvidia handling, glob needs /usr/** and the launcher must be # able to bind mount the nvidia dir