Re: '-U' in 'DEFINE troff groff -U -mandoc' in manpath.config no longer honoured

[Colin Watson]

On Tue, Dec 17, 2019 at 03:51:35PM +0100, Alexis Huxley wrote:
> Was this change of behaviour deliberate? Or is there an alternative way to 
> get .pso in man page sources working again? (Yes, I really need .pso.)

The usual way to do this sort of thing is to substitute the necessary
text into the manual page at build time.  While I may be able to help
you get .pso working for you locally, it's my intention that viewing
manual pages shouldn't allow execution of arbitrary code and that man
should take steps to defend against this, so I won't make any promises
that any of this will work in the long term.

> I checked the changelog entries from 2.7.5 to 2.8.5 but don't see any obvious 
> change that caused this change in behaviour.

This was probably due to some combination of seccomp confinement
(introduced in 2.8.0) and AppArmor confinement (not upstream, but
introduced in the Debian packaging in 2.7.6.1-3).

You could try MAN_DISABLE_SECCOMP=1 to disable the former.

For the latter, "aa-complain /usr/bin/man" might work, although I'm not
sure whether that works exactly right with child profiles; you could
also try editing /etc/apparmor.d/usr.bin.man (probably the man_groff
child profile) and using "apparmor_parser -r -T -W
/etc/apparmor.d/usr.bin.man" to load the changes into the kernel.

Even if this works, I don't plan to make it more convenient, because I
want to strongly discourage the use of things like .pso and ensure that
they don't start creeping into distributed packages.  I'm sorry if that
makes things somewhat less convenient for you, but I made up my mind on
this quite some time ago.

Regards,

-- 
Colin Watson                                       [address@hidden]