[apparmor] [PATCH] Allow reading /etc/machine-id in the dbus-session abstraction.

[John Johansen]

On 09/07/2013 01:42 AM, intrigeri wrote:
> intrigeri wrote (08 Aug 2013 12:41:19 GMT) :

sorry for the delay in responding, basically I think everyone is swamped
right now.

>> intrigeri wrote (26 Jul 2013 09:26:32 GMT) :
>>> Seth Arnold wrote (25 Jul 2013 18:21:22 GMT) :
>>>>> ... and on top of that, please find attached the corresponding change
>>>>> for Totem in lp:apparmor-profiles.
> 
>>>> Hrm, why Totem specifically? Should this instead just go in
>>>> abstractions/gnome if every gnome application is going to want it?
> 
>>> In practice, Totem is the only confined GNOME application I've seen
>>> try to access /etc/machine-id on my Debian unstable system, apart of
>>> those that use the dbus-session abstraction (that was addressed by my
>>> other patch).
> 
>>> For some reason unknown to me, Ubuntu's Totem profile doesn't use the
>>> dbus-session abstraction, but instead itself grants the
>>> /var/lib/dbus/machine-id read access. Another look at the 13.10
hrmmm, it is likely that this is just something that got over looked. The
profiling tools are pretty bad right now, so I know a lot of additions
are happening by hand which means abstractions aren't always being used
where they could be.

Hopefully this will change soon as we have a GSoC student rewriting them
atm.

>>> profiles directory, and I find usr.bin.evolution and
>>> usr.bin.pulseaudio there that do the same, but usr.bin.empathy
>>> _denies_ access to /var/lib/dbus/machine-id, while still using
>>> abstraction/gnome. So perhaps Evolution, Totem and PulseAudio should
>>> just use abstraction/dbus-session instead?
> 
Hrmmm likely, In 13.10 the dbus-session abstraction picks up a dbus rule
so that task can talk to the session bus. Evince has already been converted
to use the dbus-session abstraction and I think it makes sense to move
evolution, totem and pulseaudio to this as well

>> Ping?
> 
> Ping? :)
> 
Hey interigeri,