[apparmor] Updating the Pidgin profile

intrigeri intrigeri at debian.org
Fri Jan 24 15:58:09 UTC 2014 

Hi,

Simon Deziel wrote (22 Jan 2014 14:43:36 GMT) :
> Sorry for the delayed response.

100% fine with me :)

> On 14-01-19 09:25 AM, intrigeri wrote:
[...]
>>>>>  owner @{HOME}/.{cache,config}/dconf/user rw,
>>>>
>>>> What is the "cache" part for?
>> 
>> I believe you have missed this question. Or maybe your following
>> answer (about .config/indicators) did cover this one too?

> It was in the initial profile from 11.04 but looking at [1] they seem
> legitimate. Both are used as shown in this audit extract:
> [...]

OK, so I now have:

  #include <abstractions/dconf>
  [...]
  owner @{HOME}/.cache/dconf/user rw,

By the way, since my GDM works fine with logind, I also need:

  owner /{,var/}run/user/*/dconf/user rwk,

>>>>>  /usr/bin/gconftool-2 rix,
>>>>>  /usr/bin/gnome-default-applications-properties ix,
>>>>>  /usr/bin/gnome-network-preferences ix,
>>>>
>>>> I'm adding P, in case a profile is written for one of those some day.
>> 
>>> P and i are incompatible as far as I understand.
>> 
>> The documentation about it is very confusing, but Pix is valid.

> Indeed, "Pix" is valid and I added it to g-d-a-p and g-n-p.

I can't see it on
https://github.com/simondeziel/aa-profiles/blob/master/12.04/usr.bin.pidgin.
Did you push elsewhere?

>>>>>  /usr/share/locale-langpack/** rm,
>>>>
>>>> Isn't the "r" permission granted by abstraction/base enough? I'm not
>>>> running Ubuntu, so I'm not using langpack's and cannot test myself.
>> 
>> Ping?

> This locale-langpack rule is gone from my profile and no problem to
> report since that.

Thanks for testing!

>> I think I'm going to complete a profile that requires running GNOME
>> control center and network configuration by hand, to start with, then.
>> Done in the attached profile.

> That makes sense. I'd probably add a comment in the profile that this is
> on purpose. This should prevent users from disabling the profile that
> "gets in their way" and use the manual way instead.

Great idea, done.

I'd like someone else than me to test my current profile (attached),
before I ask for inclusion again. Simon, do you want to test it?

Cheers,
-- 
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: usr.bin.pidgin
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140124/68d320b5/attachment.ksh>

More information about the AppArmor mailing list