[apparmor] [Merge] lp:~serge-hallyn/apparmor-profiles/apparmor-profiles into lp:apparmor-profiles

[Christian Boltz]

I never used ttytter (actually I had to google what it is - if someone else also doesn't know it: a commandline client for twitter). Nevertheless, I think your profile is not strict enough ;-)

"network inet" is ways too broad. abstractions/nameservice already gives you "network inet stream" and "network inet dgram" (+ its inet6 variants), and IIRC Twitter uses an API over HTTPS, which should be covered by this. If not, I'd be interested in what is missing ;-)

Also, allowing read access for /etc/* and /run/** is way to broad and might leak data not related to ttytter which it shouldn't see. The same applies for /usr/share/**, /lib/** and /usr/lib/**. They are less critical, but still allow ways too much. Please make all these rules more tight so that they only allow what is really needed.

Finally, I'm slightly surprised that a commandline client needs abstractions/fonts and abstractions/dbus-session. Are they really needed?
-- 
https://code.launchpad.net/~serge-hallyn/apparmor-profiles/apparmor-profiles/+merge/291919
Your team AppArmor Developers is requested to review the proposed merge of lp:~serge-hallyn/apparmor-profiles/apparmor-profiles into lp:apparmor-profiles.