[apparmor] [RFC] handling XDG user directories
Seth Arnold
seth.arnold at canonical.com
Mon Aug 5 23:26:05 UTC 2013
On Mon, Aug 05, 2013 at 05:59:14PM -0500, Jamie Strandboge wrote:
> I have written two tools that we may want to optionally ship[3]:
> * apparmor-xdg-dirs-simple.py: this takes a locale as an argument and outputs
> to stdout something suitable for dropping into /etc/apparmor.d/xdg-dirs.d.
> [...]
> * apparmor-xdg-dirs.py: this takes the output of 'locale -a' and outputs to
> stdout something suitable for dropping into /etc/apparmor.d/xdg-dirs.d as
> well, but tries to be a little smarter and only outputs unique translations,
> skipping the 'C' locale (since the C locale dirs are presumed to already be
> in /etc/apparmor.d/tunables/xdg-dirs). Eg, on an Ubuntu 13.10 system with
> the en, fr and zn locales installed:
This is really cool. :)
With this in place, an admin can easily write policy that enforces
something sane without even needing to know the languages spoken by his
or her users. The policy will make sense, users get their own local
languages, and if someone goes to the extreme and wants to supremely
customize their XDG directories, we'll have an answer ready for them
that is more convenient than a big pile of sed -i. :)
I strongly support including these or their offsprings in our upstream
source code.
Would we, as a distribution, want to hook this up in some automatic
fashion to new locale creation? It feels like the polite thing to do,
and admins may well welcome one fewer task to perform.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130805/8163891f/attachment.pgp>
More information about the AppArmor
mailing list