[apparmor] [PATCH 2/4] 0002-aa-easyprof-policy.patch
Christian Boltz
apparmor at cboltz.de
Tue Feb 7 15:50:46 UTC 2012
Hello,
Am Dienstag, 7. Februar 2012 schrieb Jamie Strandboge:
> diff -Naurp -x .bzr -x common apparmor-trunk/utils/easyprof/policygroups/opt-application apparmor-trunk-easyprof/utils/easyprof/policygroups/opt-application
> --- apparmor-trunk/utils/easyprof/policygroups/opt-application 1969-12-31 18:00:00.000000000 -0600
> +++ apparmor-trunk-easyprof/utils/easyprof/policygroups/opt-application 2012-02-06 16:39:38.000000000 -0600
> @@ -0,0 +1,3 @@
> +# Policy group for applications installed in /opt
> +/opt/@{APPNAME}/ r,
> +/opt/@{APPNAME}/** mrlk,
Is the "l" permission really needed for /opt?
> diff -Naurp -x .bzr -x common apparmor-trunk/utils/easyprof/policygroups/user-application apparmor-trunk-easyprof/utils/easyprof/policygroups/user-application
> --- apparmor-trunk/utils/easyprof/policygroups/user-application 1969-12-31 18:00:00.000000000 -0600
> +++ apparmor-trunk-easyprof/utils/easyprof/policygroups/user-application 2012-02-06 16:39:38.000000000 -0600
> @@ -0,0 +1,7 @@
> +# Policy group allowing various writes to standard directories in @{HOMEDIRS}
> +owner @{HOMEDIRS}/.cache/@{APPNAME}/ rw,
> +owner @{HOMEDIRS}/.cache/@{APPNAME}/** rwkl,
> +owner @{HOMEDIRS}/.config/@{APPNAME}/ rw,
> +owner @{HOMEDIRS}/.config/@{APPNAME}/** rwkl,
> +owner @{HOMEDIRS}/.local/share/@{APPNAME}/ rw,
> +owner @{HOMEDIRS}/.local/share/@{APPNAME}/** rwkl,
You should also allow to create ~/.cache, ~/.config ~/.local and
~/.local/share (in other words: include abstractions/xdg-desktop).
Regards,
Christian Boltz
--
Angela Merkel zitiere ich ja am liebsten wörtlich. Ich hab noch keine
bessere Möglichkeit gefunden, diese Frau zu beleidigen.
-- Volker Pispers
More information about the AppArmor
mailing list