[apparmor] [patch/2.7] Two abstraction patches
Steve Beattie
steve at nxnw.org
Tue Jan 10 11:14:39 UTC 2012
Attached are two patches to the abstractions that I'm nominating for the
2.7 branch.
Trunk revision 1909: Fix from Felix Geyer: in the enchant abstraction,
allow the creation of enchant .config directory.
Bug: https://bugs.launchpad.net/bugs/914184
=== modified file 'profiles/apparmor.d/abstractions/enchant'
--- profiles/apparmor.d/abstractions/enchant 2010-12-22 22:59:44 +0000
+++ profiles/apparmor.d/abstractions/enchant 2012-01-10 10:37:54 +0000
@@ -52,5 +52,5 @@
/usr/share/java/zemberek-tr-[0-9]*.jar r,
# per-user dictionaries
- owner @{HOME}/.config/enchant/ r,
+ owner @{HOME}/.config/enchant/ rw,
owner @{HOME}/.config/enchant/* rwk,
Trunk revision 1910: Fix from Felix Geyer: block write access to
~/.kde/env because KDE automatically sources scripts in that folder
on startup.
Bug: https://bugs.launchpad.net/bugs/914190
=== modified file 'profiles/apparmor.d/abstractions/private-files'
--- profiles/apparmor.d/abstractions/private-files 2012-01-06 16:29:32 +0000
+++ profiles/apparmor.d/abstractions/private-files 2012-01-10 10:54:12 +0000
@@ -16,6 +16,7 @@
audit deny @{HOME}/bin/** wl,
audit deny @{HOME}/.config/autostart/** wl,
audit deny @{HOME}/.kde/Autostart/** wl,
+ audit deny @{HOME}/.kde/env/** wl,
audit deny @{HOME}/.pki/nssdb/*.so{,.[0-9]*} wl,
# don't allow reading/updating of run control files
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120110/79782bfa/attachment.pgp>
More information about the AppArmor
mailing list