[apparmor] [PATCH 1/2] add new xdg-desktop abstraction
John Johansen
john.johansen at canonical.com
Wed Jan 11 12:12:45 UTC 2012
On 01/11/2012 01:04 PM, Steve Beattie wrote:
> On Wed, Jan 11, 2012 at 12:56:23PM +0100, Steve Beattie wrote:
>> On Wed, Jan 11, 2012 at 12:45:36PM +0100, Jamie Strandboge wrote:
>>> A bug[1] was filed in Ubuntu to add the following to the audio
>>> abstraction:
>>> @{HOME}/.config rw,
>>>
>>> The logic was that in the audio abstraction we have the following:
>>> @{HOME}/.cache/event-sound-cache.* rw,
>>>
>>> so the logic follows that if this rule is in the abstraction, then
>>> if .config didn't exist, it must be created. While I understand the
>>> reasoning, it didn't feel quite right, so Steve, John and I discussed
>>> this and came up with the idea that we should create an xdg-desktop
>>> abstraction based on the upstream documentation[2]. Attached patch adds
>>> this abstraction.
>>
>> Acked-By: Steve Beattie <sbeattie at ubuntu.com>
>
> Actually, poking at this more, we already have
> abstractions/freedesktop.org which also covers access to some of
> the xdg-desktop stuff, though it's almost all read-only access
> (.recently-used.xbel* is the exception). Perhaps we should unify these?
>
> Or do you think it's valuable to separate out write access to a distinct
> abstraction?
>
Right now I think its worth abstracting out the write
>>> [1]https://launchpad.net/bugs/914386
>>> [2]http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
>>>
>>> --
>>> Jamie Strandboge | http://www.canonical.com
>>
>>> === added file 'profiles/apparmor.d/abstractions/xdg-desktop'
>>> --- profiles/apparmor.d/abstractions/xdg-desktop 1970-01-01 00:00:00 +0000
>>> +++ profiles/apparmor.d/abstractions/xdg-desktop 2012-01-11 11:07:19 +0000
>>> @@ -0,0 +1,24 @@
>>> +# vim:syntax=apparmor
>>> +# ------------------------------------------------------------------
>>> +#
>>> +# Copyright (C) 2012 Canonical Ltd.
>>> +#
>>> +# This program is free software; you can redistribute it and/or
>>> +# modify it under the terms of version 2 of the GNU General Public
>>> +# License published by the Free Software Foundation.
>>> +#
>>> +# ------------------------------------------------------------------
>>> +
>>> + # Entries based on:
>>> + # http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
>>> +
>>> + owner @{HOME}/.cache/ rw,
>>> +
>>> + owner @{HOME}/.config/ rw,
>>> +
>>> + owner @{HOME}/.local/ rw,
>>> + owner @{HOME}/.local/share/ rw,
>>> +
>>> + # fallbacks
>>> + /usr/share/ r,
>>> + /usr/local/share/ r,
>>
>> --
>> Steve Beattie
>> <sbeattie at ubuntu.com>
>> http://NxNW.org/~steve/
>
>
>
>> --
>> AppArmor mailing list
>> AppArmor at lists.ubuntu.com
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>
>
>
>
More information about the AppArmor
mailing list