[apparmor] Please review and merge updated Pidgin profile

Thu Feb 20 15:46:49 UTC 2014

Hi intrigeri,

On 14-02-20 08:21 AM, intrigeri wrote:
> Simon Deziel wrote (09 Feb 2014 21:27:25 GMT) :
>> On 14-02-09 06:46 AM, intrigeri wrote:
>>>> * removed abstractions/dconf (does not exist as you said)
>>>> * added ~/.config/dconf/user
>>>
>>> OK, I'm ignoring these backporting changes.
> 
>> I don't understand why you ignored those. They are needed (both the
>> removal and the addition).
> 
> I was assuming (without having checked, my bad) that the next 2.8.x
> release would ship the dconf abstraction.
> 
> Unfortunately, 2.8.3 does not, and I'd like to support it as well, so
> I'm adding these two backporting changes of yours to my profile for
> the time being.
> 
> By chance, do you want to take care of nagging the right people so
> that 2.8.4 (if it ever exists) ships the dconf abstraction?

I don't know what's in that abstraction exactly. Maybe you could start a
new thread asking for its inclusion. Or even propose a bzr branch for
merging.

>> I also noticed you added "k" to "owner /{,var/}run/user/*/dconf/user".
>> Not needed here but I see no problem with it if you can confirm it's needed.
> 
> It seems to be needed when using logind (or systemd as pid 1, I don't
> know). As I wrote on January 24:
> 
> "By the way, since my GDM works fine with logind, I also need:
> 
>   owner /{,var/}run/user/*/dconf/user rwk,"

Sorry I missed that.

>>>> * dropped /{,var/}run/ compat (not needed anymore I think)
>>>
>>> I'd like to keep the profile working on older distros, so I think I'll
>>> keep the compat stuff for now.
> 
>> OK, I'll do the same to avoid diverging from the reference. FYI, the
>> profile you attached is missing the /var compat bits for the 2 last /run
>> rules.
> 
> Good catch. Added, thanks. (Not sure any distro has shipped with
> systemd + no /run directory, but well :)
> 
>>> * In commit 03e6e407, you've added "#include
>>>   <abstractions/ubuntu-helpers>" and various other stuff, because
>>>   "abstractions/ubuntu-helpers is needed for the sanitized_helper".
>>>   I'm fine with the abstraction,
> 
>> It seems like you omit to include this abstraction in your attached profile.
> 
> I was waiting for a clarification on the related bits that were part
> of the same commit. I now got it, so now added (in alphabetical order,
> though).

I did as much.

>>>   *but* most of the other stuff is
>>>   covered by the freedesktop.org abstraction, that is included by the
>>>   gnome one, that is in turn included by the Pidgin profile. So I'm
>>>   not merging this as is right now. Do you want to clean up this a bit
>>>   and remove the added duplicate lines?
> 
>> I could remove some of them but had to keep the following as Pidgin
>> wants them:
> 
>> owner @{HOME}/.local/share/applications/ r,
>> /usr/share/gnome/applications/ r,
> 
> OK, added for the time being. But really, this should rather be added
> to some abstraction, don't you think?

Yes, I've proposed a bzr branch to address this:

https://code.launchpad.net/~sdeziel/apparmor/abstractions-improvement/+merge/207475

Feel free to review/comment to it.

>>> * Compared to the dconf abstraction, you're adding 'w' to "owner
>>>   @{HOME}/.config/dconf/user". Is it really needed? (Not for
>>>   me, apparently.)
>>>
>>> * Compared to the dconf abstraction, you're adding 'w' to
>>>   "/run/user/[0-9]*/dconf/user". Is it really needed? (Not for
>>>   me, apparently.)
> 
>> The "w" doesn't seem to be needed by Pidgin (I took it from another
>> profile using dconf but who needed it). I removed them.
> 
> Cool, thanks.
> 
>>> I'm glad we're converging on something that works for both of us! :)
> 
>> I just pushed to github so you can diff against it, we now have very few
>> differences and I'd like to get to 0 :)
> 
> I'm attaching my current profile. The differences are now only the "k"
> I've added (discussed above), and the ordering of two lines. Woo,
> seems like we're nearing the end of it \o/

The diff is now 0 ;)

Regards,
Simon