[apparmor] [PATCH] Entirely rework the Pidgin profile.

John Johansen john.johansen at canonical.com
Tue Mar 25 22:02:44 UTC 2014


On 03/25/2014 02:52 PM, Simon Deziel wrote:
> Hi John,
> 
> On 14-03-25 05:43 PM, John Johansen wrote:
>> On 03/10/2014 08:34 AM, intrigeri at debian.org wrote:
>>> From: intrigeri <intrigeri at boum.org>
>>>
>>> Thanks a lot to Simon Deziel <simon.deziel at gmail.com> for working on this
>>> with me.
>>
>> So this is looking pretty good to me, I have even installed it and fired up
>> pidgin on trusty
> 
> Thanks for giving it a try.
> 
>> I got rejects for
>>
>>   [ 4563.864233] type=1400 audit(1395773475.248:552): apparmor="DENIED" operation="open" profile="/usr/bin/pidgin" name="/home/jj/.local/share/applications/wine/" pid=4958 comm="gvfs-open" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
>>
>>   which has me wondering what its doing poke at wine, I was thinking of
>>   adding a deny for that, but I'd like to here what you think first
> 
> I have no clue why it does that and also feel a deny rule makes sense.
> 
>>   [  350.085941] type=1400 audit(1395769265.052:129): apparmor="DENIED" operation="ptrace" profile="/usr/bin/pidgin" pid=3057 comm="pidgin" target=642240A40288FFFF642240A40288FFFF10C440A40288FFFF10C440A40288FFFF20C440A40288FFFF20C440A40288FFFF4206
>>
>> the ptrace one is showing a bug in the trusty kernel at least for the
>> target name so I'd say ignore it at the moment
> 
> Indeed, https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1273518
> 
Okay with that I'll add the denial, ACK it and commit it

thanks Simon and intrigeri





More information about the AppArmor mailing list