[apparmor] [PATCH] 0/10 abstraction updates
John Johansen
john.johansen at canonical.com
Thu Dec 23 19:09:59 GMT 2010
On 12/23/2010 10:55 AM, Kees Cook wrote:
> On Thu, Dec 23, 2010 at 10:05:27AM -0800, John Johansen wrote:
>> On 12/22/2010 09:30 AM, Kees Cook wrote:
>>> On Tue, Dec 21, 2010 at 04:06:38PM -0600, Jamie Strandboge wrote:
>>>> On Tue, 2010-12-21 at 15:50 -0600, Jamie Strandboge wrote:
>>>>
>>>>> 0002-user-downloads.patch
>>>>
>>>> abstractions/user-download:
>>>> - fix typo for Desktop (should be Desktop/)
>>>> - require owner match
>>>> - allow writes to @{HOME}/[dD]ownload{,s}
>>>
>>> ACK. Of note, though, is that these directories can be localized. :(
>>> But the abstraction is better than nothing...
>>>
>> Kees localized as in have a separate that can be looked up.
>
> Right, the xdg-user-dirs package creates the common set of XDG directories,
> based on the user's locale, so it's different for each user.
>
>> The currently limitation is that it would be in the root users
>> locale not the users, which I don't have a solution for
>
> Yeah, which is why I didn't NAK the abstraction update -- there is no sane
> way to deal with it at the moment.
>
right the only sane way I can think of to deal with this is handle this in
user policy instead of system policy.
a very much less sane way to handle it would a table of values loaded into the
kernel and index by uid. But this is pre-NAKed so if anyone can come up with
other slightly less insane ways to handle it I'm all ears.
More information about the AppArmor
mailing list