[apparmor] Updating the Pidgin profile

Simon Deziel simon.deziel at gmail.com
Fri Jan 24 16:11:47 UTC 2014

Hi intrigeri,

On 14-01-24 10:58 AM, intrigeri wrote:
> Hi,
> Simon Deziel wrote (22 Jan 2014 14:43:36 GMT) :
>> Sorry for the delayed response.
> 100% fine with me :)
>> On 14-01-19 09:25 AM, intrigeri wrote:
> [...]
>>>>>>  owner @{HOME}/.{cache,config}/dconf/user rw,
>>>>> What is the "cache" part for?
>>> I believe you have missed this question. Or maybe your following
>>> answer (about .config/indicators) did cover this one too?
>> It was in the initial profile from 11.04 but looking at [1] they seem
>> legitimate. Both are used as shown in this audit extract:
>> [...]
> OK, so I now have:
>   #include <abstractions/dconf>
>   [...]
>   owner @{HOME}/.cache/dconf/user rw,
> By the way, since my GDM works fine with logind, I also need:
>   owner /{,var/}run/user/*/dconf/user rwk,

This all makes sense for a recent release. On Precise, the
abstractions/dconf is not available though.

>>>>>>  /usr/bin/gconftool-2 rix,
>>>>>>  /usr/bin/gnome-default-applications-properties ix,
>>>>>>  /usr/bin/gnome-network-preferences ix,
>>>>> I'm adding P, in case a profile is written for one of those some day.
>>>> P and i are incompatible as far as I understand.
>>> The documentation about it is very confusing, but Pix is valid.
>> Indeed, "Pix" is valid and I added it to g-d-a-p and g-n-p.
> I can't see it on
> https://github.com/simondeziel/aa-profiles/blob/master/12.04/usr.bin.pidgin.
> Did you push elsewhere?

Fixed now.

>>>>>>  /usr/share/locale-langpack/** rm,
>>>>> Isn't the "r" permission granted by abstraction/base enough? I'm not
>>>>> running Ubuntu, so I'm not using langpack's and cannot test myself.
>>> Ping?
>> This locale-langpack rule is gone from my profile and no problem to
>> report since that.
> Thanks for testing!
>>> I think I'm going to complete a profile that requires running GNOME
>>> control center and network configuration by hand, to start with, then.
>>> Done in the attached profile.
>> That makes sense. I'd probably add a comment in the profile that this is
>> on purpose. This should prevent users from disabling the profile that
>> "gets in their way" and use the manual way instead.
> Great idea, done.
> I'd like someone else than me to test my current profile (attached),
> before I ask for inclusion again. Simon, do you want to test it?

I'm not yet ready to move to Trusty/14.04 yet so I cannot test with
fresh packages. If/when I do, I'll post feedback.

Thanks for your great work on this!


More information about the AppArmor mailing list