[apparmor] [PATCH] Allow reading /etc/machine-id in the dbus-session abstraction.
intrigeri
intrigeri at debian.org
Sat Sep 7 08:42:26 UTC 2013
intrigeri wrote (08 Aug 2013 12:41:19 GMT) :
> intrigeri wrote (26 Jul 2013 09:26:32 GMT) :
>> Seth Arnold wrote (25 Jul 2013 18:21:22 GMT) :
>>>> ... and on top of that, please find attached the corresponding change
>>>> for Totem in lp:apparmor-profiles.
>>> Hrm, why Totem specifically? Should this instead just go in
>>> abstractions/gnome if every gnome application is going to want it?
>> In practice, Totem is the only confined GNOME application I've seen
>> try to access /etc/machine-id on my Debian unstable system, apart of
>> those that use the dbus-session abstraction (that was addressed by my
>> other patch).
>> For some reason unknown to me, Ubuntu's Totem profile doesn't use the
>> dbus-session abstraction, but instead itself grants the
>> /var/lib/dbus/machine-id read access. Another look at the 13.10
>> profiles directory, and I find usr.bin.evolution and
>> usr.bin.pulseaudio there that do the same, but usr.bin.empathy
>> _denies_ access to /var/lib/dbus/machine-id, while still using
>> abstraction/gnome. So perhaps Evolution, Totem and PulseAudio should
>> just use abstraction/dbus-session instead?
> Ping?
Ping? :)
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
More information about the AppArmor
mailing list