[apparmor] [patch] profiles: add mir abstraction

Tyler Hicks tyhicks at canonical.com
Thu Mar 5 15:33:20 UTC 2015 

On 2015-03-05 01:08:39, Steve Beattie wrote:
> As mir has come into use in Ubuntu touch and is available for testing on
> Ubuntu desktop, confined apps need access to a few mir specific things.
> This patch adds a mir abstraction.
> 
> Nominated for both trunk and 2.9.
> 
> Signed-off-by: Steve Beattie <steve at nxnw.org>
> Bug-Ubuntu: https://launchpad.net/bugs/1422521

This looks good to me. We may need to add a "mir-trusted" abstraction in
the future to grant access to the trusted socket and any other
permissions that the trusted sessions require. This abstraction should
cover most use cases for now.

Acked-by: Tyler Hicks <tyhicks at canonical.com>

Tyler

> ---
>  profiles/apparmor.d/abstractions/mir |   16 ++++++++++++++++
>  1 file changed, 16 insertions(+)
> 
> Index: b/profiles/apparmor.d/abstractions/mir
> ===================================================================
> --- /dev/null
> +++ b/profiles/apparmor.d/abstractions/mir
> @@ -0,0 +1,17 @@
> +# vim:syntax=apparmor
> +# ------------------------------------------------------------------
> +#
> +#    Copyright (C) 2015 Canonical Ltd.
> +#
> +#    This program is free software; you can redistribute it and/or
> +#    modify it under the terms of version 2 of the GNU General Public
> +#    License published by the Free Software Foundation.
> +#
> +# ------------------------------------------------------------------
> +
> +  # mir libraries sometimes do not have a lib prefix
> +  # see LP: #1422521
> +  /usr/lib/@{multiarch}/mir/*.so* mr,
> +  /usr/lib/@{multiarch}/mir/**/*.so* mr,
> +
> +  # unprivileged mir socket for clients
> +  owner /{,var/}run/user/*/mir_socket rw,
> 
> -- 
> Steve Beattie
> <sbeattie at ubuntu.com>
> http://NxNW.org/~steve/



> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150305/c372b957/attachment.pgp>

More information about the AppArmor mailing list