[apparmor] [patch] profiles: add mir abstraction
Tyler Hicks
tyhicks at canonical.com
Thu Mar 5 15:33:20 UTC 2015
On 2015-03-05 01:08:39, Steve Beattie wrote:
> As mir has come into use in Ubuntu touch and is available for testing on
> Ubuntu desktop, confined apps need access to a few mir specific things.
> This patch adds a mir abstraction.
>
> Nominated for both trunk and 2.9.
>
> Signed-off-by: Steve Beattie <steve at nxnw.org>
> Bug-Ubuntu: https://launchpad.net/bugs/1422521
This looks good to me. We may need to add a "mir-trusted" abstraction in
the future to grant access to the trusted socket and any other
permissions that the trusted sessions require. This abstraction should
cover most use cases for now.
Acked-by: Tyler Hicks <tyhicks at canonical.com>
Tyler
> ---
> profiles/apparmor.d/abstractions/mir | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
>
> Index: b/profiles/apparmor.d/abstractions/mir
> ===================================================================
> --- /dev/null
> +++ b/profiles/apparmor.d/abstractions/mir
> @@ -0,0 +1,17 @@
> +# vim:syntax=apparmor
> +# ------------------------------------------------------------------
> +#
> +# Copyright (C) 2015 Canonical Ltd.
> +#
> +# This program is free software; you can redistribute it and/or
> +# modify it under the terms of version 2 of the GNU General Public
> +# License published by the Free Software Foundation.
> +#
> +# ------------------------------------------------------------------
> +
> + # mir libraries sometimes do not have a lib prefix
> + # see LP: #1422521
> + /usr/lib/@{multiarch}/mir/*.so* mr,
> + /usr/lib/@{multiarch}/mir/**/*.so* mr,
> +
> + # unprivileged mir socket for clients
> + owner /{,var/}run/user/*/mir_socket rw,
>
> --
> Steve Beattie
> <sbeattie at ubuntu.com>
> http://NxNW.org/~steve/
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150305/c372b957/attachment.pgp>
More information about the AppArmor
mailing list