[apparmor] [RFC] handling XDG user directories

[Christian Boltz]

Hello,

Am Montag, 12. August 2013 schrieb Jamie Strandboge:
> On 08/10/2013 03:46 PM, Christian Boltz wrote:
> >>>  * apparmor-xdg-dirs.py: this takes the output of 'locale -a' and
> > 
> > I'm afraid this will result in a bit too much ;-)
> > 
> > On my system, locale -a gives me 270 locales from aa_DJ to zu_ZA
> > (and I even dropped suffixes like @euro or .utf-8 - with them, I get
> > 460 locales) [1]
> > 
> > In other words: this should be configurable:
> > a) autogenerate for all installed languages (which would be a lot on
> > my> 
> >    system)
> > 
> > b) autogenerate for all languages in $config_option
> > c) similar to b), but somehow automated (on openSUSE, you can choose
> > to> 
> >    install for example "all german translations" in YaST - this
> >    should
> >    also add the german XDG dirs to apparmor)
> > 
> > d) do not autogenerate anything
> > 
> > Option a) might even result in too many permissions - I'm quite sure
> > in one of the 270 locales I have, for example ~/downloads
> > translates to a directory name I have, and that should not be
> > accessible ;-)
> > 
> > The perfect solution would be to only allow the directory names in
> > each user's language (so the profile would have /home/cb/Dokumente/
> > and /home/english/documents/ for example) - but I know that's not
> > really easy to implement ;-)
> 
> Note that apparmor-xdg-dirs.py is but one tool-- the apparmor project
> itself would not dictate how a distribution would use it. That said,
> apparmor-xdg-dirs.py currently strips off everything before the first
> '.' so en_NG and
> en_NG.utf8 are not counted twice. 

You'll still get some duplicates. To give you an example:

# locale -a |grep ^de
de_AT
de_AT at euro
de_AT.utf8
de_BE
de_BE at euro
de_BE.utf8
de_CH
de_CH.utf8
de_DE
de_DE at euro
de_DE.utf8
de_LU
de_LU at euro
de_LU.utf8

FYI: @euro is ISO-8859-15

oh, and stripping off at the dot could also cause problems because 
non-ascii names have different bytes in ISO-8859-15 and utf8 ;-)

> Furthermore, while all translations
> for a particular language are evaluated, what is actually output are
> only the unique translations for each dir. Ie, of your 270 installed
> locales (that is a lot!), 

yast2 sw_single  displays a checkmark only for de_DE in the "languages" 
tab, but as I said, there are several *-lang packages that contain 
translations for lots of languages. (Just as a random example: sed-lang 
comes with 37 locales, and has an average of 10k per language. This 
really isn't worth splitting it into sed-de, sed-es, sed-pt, ... 
packages ;-)

I don't know exactly how locale -a works, but I'd guess it finds all 
installed translations, even if they only contain some texts for sed.

> if there are only 8 unique translations for
> XDG_DOWNLOAD_DIR between them, only those eight are output.

Of course - duplicates wouldn't make sense.

> As for 'a' being too many permissions-- that is conceivably true
> though I would argue that since this is system policy and system
> installed locales, then they all should be represented. Admins can
> choose to not install the extra locales or even modify their policy.
> I suppose these tools could grow an option to honor a config file
> though. This would allow distribution to integrate the tool but set
> the default how they wish, and allow admins to override the
> distribution default.

See above - a config file is really needed because "locale -a" is quite 
useless for me. Or openSUSE splits all *-lang packages, but I doubt this 
is realistic for packages with small translations (the overhead would be 
bigger than the content of the package).


Regards,

Christian Boltz
-- 
> Apper segfaults [...]
Well, that's annoying but it's better not to be in the dark.
I foresee a busy Tuesday evening in my near future.
[Will Stephenson in opensuse-factory]