[apparmor] wayland paths

Steve Beattie steve at nxnw.org
Thu Dec 1 00:46:24 UTC 2016

On Wed, Nov 30, 2016 at 04:03:30PM -0800, John Johansen wrote:
> On 11/30/2016 03:21 PM, Seth Arnold wrote:
> > On Wed, Nov 30, 2016 at 03:11:53PM -0800, Steve Beattie wrote:
> >>>    owner /{,var/}run/user/*/weston-shared-* rw,
> > 
> >> Can we kill the first rule? Or at least only have the /var/ path, since
> >> the non-var path is covered by the last rule?
> > 
> > I like the "only the /var/ path" option; that's what I went with.
> > 
> > (I suspect we're just about to the point that we could remove all
> > the /var/run/ paths and alternations from our trunk profiles, but I'd
> > really hate to find out that I'm wrong by breaking a user's system on
> > an upgrade.)
> > 
> which begs the question why didn't we use a variable or an alias rule.

https://lists.ubuntu.com/archives/apparmor/2011-July/001236.html and
were the comments about this originally. Full thread is at

> The variable is a bit ugly but easy to tweak and obvious.
> The alias is convenient and will work for this straight substitutions
> but is totally non obvious/visible to the user. However if we are
> at the point where removing /var/run/ is viable for most users, then
> getting rid of /var/run alternations completely is the way to go.
> And for users who really need it we can add a commented out an alias
> rule in abstractions/base and tell users to uncomment that

It's probably been long enough to consider doing this.

Steve Beattie
<sbeattie at ubuntu.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161130/55a501ad/attachment.pgp>

More information about the AppArmor mailing list