[apparmor] [RFC] handling XDG user directories
Jamie Strandboge
jamie at canonical.com
Tue Aug 6 19:18:28 UTC 2013
On 08/06/2013 01:45 PM, John Johansen wrote:
> On 08/05/2013 03:59 PM, Jamie Strandboge wrote:
>> and users/admins can adjust /etc/apparmor.d/tunables/xdg-dirs or drop files into
>> /etc/apparmor.d/tunables/xdg-dirs.d, providing a welcome convenience[2].
>>
...
> I know that people like the drop in dir bits, but quite bluntly I don't, for most
> things, its a way of papering over real problems (of course I consider treating
> profiles the way we do with packaging as a problems so ...)
Well, we have it for home too, so I followed that (and we had the same
conversation when I added it-- the slipperiness of my argument is not lost on
me). We could make all the .d directories distro specific, but Debian derived
distros would most likely all end up implementing .d themselves (we can't fix
their longstanding conffile handling so they'll need to come up with something
at least until policy is moved somewhere else). I am one that agrees that the .d
directories work well enough with minimal effort (of course, I'm biased) and I
can drop the .d directory and have distros do what they want (Debian and Ubuntu
will likely have to do .d in the short term (there are other more convoluted
options, but we don't have to discuss them here), but others could simply append
the output of apparmor-xdg-dirs*.py to /etc/apparmor.d/tunables/xdg-dirs).
...
>> translations for these directories happens outside of the user's control. Users
>> who modify ~/.config/user-dirs.dirs can update policy like they need to now.
>>
> err how? I thought the point was to stop the user from being able to directly
> modify policy.
>
> If you mean that a user can set their translations sure, but again that doesn't
> currently reflect what system policy does. The sys admin can choose the set
> of local translations that are acceptable to system policy
>
My statement wasn't clear. Any users who are not admins will have to live with
admin system policy or request it be updated. Users who are also admins of their
machines can update ~/.config/user-dirs.dirs as desired, but then are expected
to update their apparmor system policy. In short, I was trying to say simply
that this proposal does not try to solve everything, but is in line with how we
currently handle any other policy, tunables or abstractions where the user is
trying to do something different than system policy allows.
...
>> I did not test other tools (aa-logprof, etc) for these utf-8 strings, but any
> oh please don't, I don't want to go there
>
>> problems there would be just bugs (and my proposal doesn't actually add utf-8
>> strings).
>>
> well it might be more than that as those strings are subject to python and perls
> string handling
Yeah, hence the 'etc' ;)
...
>> PS - note that this (intentionally) doesn't cover the XDG base-dir
>> specification, though we could solve it in the same manner. Create an
>> /etc/apaprmor.d/tunables/xdg-basedir tunable with standard values, then create
>> the /etc/apparmor.d/tunables/xdg-basedir.d directory that people can use if they
>> want. I don't think we would provide any more tools beyond to avoid crossing an
>> privilege boundaries and mucking around in $HOME.
>>
> yeah, this one will require some careful thought/implementation to ensure we
> aren't shooting ourselves in the foot
Agreed, but I also think these are far less likely to change and what we
currently in our policy do is sufficient for most users and distributions.
--
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130806/266a8401/attachment.pgp>
More information about the AppArmor
mailing list