[apparmor] Please review and merge updated Pidgin profile

[intrigeri]

Hi,

Simon Deziel wrote (09 Feb 2014 21:27:25 GMT) :
> On 14-02-09 06:46 AM, intrigeri wrote:
>>> * removed abstractions/dconf (does not exist as you said)
>>> * added ~/.config/dconf/user
>> 
>> OK, I'm ignoring these backporting changes.

> I don't understand why you ignored those. They are needed (both the
> removal and the addition).

I was assuming (without having checked, my bad) that the next 2.8.x
release would ship the dconf abstraction.

Unfortunately, 2.8.3 does not, and I'd like to support it as well, so
I'm adding these two backporting changes of yours to my profile for
the time being.

By chance, do you want to take care of nagging the right people so
that 2.8.4 (if it ever exists) ships the dconf abstraction?

> I also noticed you added "k" to "owner /{,var/}run/user/*/dconf/user".
> Not needed here but I see no problem with it if you can confirm it's needed.

It seems to be needed when using logind (or systemd as pid 1, I don't
know). As I wrote on January 24:

"By the way, since my GDM works fine with logind, I also need:

  owner /{,var/}run/user/*/dconf/user rwk,"

>>> * dropped /{,var/}run/ compat (not needed anymore I think)
>> 
>> I'd like to keep the profile working on older distros, so I think I'll
>> keep the compat stuff for now.

> OK, I'll do the same to avoid diverging from the reference. FYI, the
> profile you attached is missing the /var compat bits for the 2 last /run
> rules.

Good catch. Added, thanks. (Not sure any distro has shipped with
systemd + no /run directory, but well :)

>> * In commit 03e6e407, you've added "#include
>>   <abstractions/ubuntu-helpers>" and various other stuff, because
>>   "abstractions/ubuntu-helpers is needed for the sanitized_helper".
>>   I'm fine with the abstraction,

> It seems like you omit to include this abstraction in your attached profile.

I was waiting for a clarification on the related bits that were part
of the same commit. I now got it, so now added (in alphabetical order,
though).

>>   *but* most of the other stuff is
>>   covered by the freedesktop.org abstraction, that is included by the
>>   gnome one, that is in turn included by the Pidgin profile. So I'm
>>   not merging this as is right now. Do you want to clean up this a bit
>>   and remove the added duplicate lines?

> I could remove some of them but had to keep the following as Pidgin
> wants them:

> owner @{HOME}/.local/share/applications/ r,
> /usr/share/gnome/applications/ r,

OK, added for the time being. But really, this should rather be added
to some abstraction, don't you think?

>> * Compared to the dconf abstraction, you're adding 'w' to "owner
>>   @{HOME}/.config/dconf/user". Is it really needed? (Not for
>>   me, apparently.)
>> 
>> * Compared to the dconf abstraction, you're adding 'w' to
>>   "/run/user/[0-9]*/dconf/user". Is it really needed? (Not for
>>   me, apparently.)

> The "w" doesn't seem to be needed by Pidgin (I took it from another
> profile using dconf but who needed it). I removed them.

Cool, thanks.

>> I'm glad we're converging on something that works for both of us! :)

> I just pushed to github so you can diff against it, we now have very few
> differences and I'd like to get to 0 :)

I'm attaching my current profile. The differences are now only the "k"
I've added (discussed above), and the ordering of two lines. Woo,
seems like we're nearing the end of it \o/

Regards,
-- 
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: usr.bin.pidgin
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140220/c5f537a8/attachment.ksh>