[apparmor] [Merge] lp:~sdeziel/apparmor-profiles/usr.bin.thunderbird-profile into lp:apparmor-profiles
Jamie Strandboge
jamie at canonical.com
Wed Jan 13 20:21:05 UTC 2016
On 01/12/2016 07:18 PM, Simon Déziel wrote:
> On 2016-01-12 07:35 PM, Seth Arnold wrote:
>> Thanks! I have some thoughts inline.
>
> I should have made it explicit that this started as a copy of the
> Firefox profile. I tried to kept them relatively in sync.
>
>> Diff comments:
>>
>>> === added file 'ubuntu/16.04/usr.bin.thunderbird'
>>> --- ubuntu/16.04/usr.bin.thunderbird 1970-01-01 00:00:00 +0000
>>> +++ ubuntu/16.04/usr.bin.thunderbird 2016-01-12 22:16:34 +0000
>>> @@ -0,0 +1,274 @@
>>> +# vim:syntax=apparmor
>>> +# Author: Simon Deziel <simon.deziel at gmail_com>
>>> +# This apparmor profile is provided as-is
>>> +
>>> +# Declare an apparmor variable to help with overrides
>>> +@{MOZ_LIBDIR}=/usr/lib/thunderbird
>>> +
>>> +#include <tunables/global>
>>> +
>>> +# We want to confine the binaries that match:
>>> +# /usr/lib/thunderbird/thunderbird
>>> +# /usr/lib/thunderbird/thunderbird
>>> +# but not:
>>> +# /usr/lib/thunderbird/thunderbird.sh
>>> +/usr/lib/thunderbird/thunderbird{,*[^s][^h]} {
>>
>> I don't understand what the first two "we want to match" lines mean, they look identical to me no matter how much I squint :) -- but I really dislike this profile name. If the attachment specification has to be this complicated, please give the profile a specific profile name like "thunderbird":
>
> Honestly, I never understood the need for this complicated name.
>
This comes from how Ubuntu (and I believe Debian) launch the binary.
/usr/bin/thunderbird is a symlink to /usr/lib/thunderbird/thunderbird.sh. We
didn't want to confine this file but instead /usr/lib/thunderbird/thunderbird.
The glob is there because iirc ppa builds and older releases might use something
different than /usr/lib/thunderbird/thunderbird.
Weird, I know.
>> profile thunderbird /usr/lib/whatnot { ...
>>
>> We made the mistake of giving firefox a terrible profile name and it upsets me every time I see it. Maybe we can fix it before 16.04 LTS is released...
>
> That would be great. I will try with TB ASAP.
>
'profile thunderbird /usr/lib/whatnot' is fine by me. There is no reason I can
think of that the firefox profile can't be adjusted similarly.
...
>>> + # for crash reports?
>>> + ptrace (read,trace) peer=/usr/lib/thunderbird/thunderbird{,*[^s][^h]},
>>
>> This could be peer=@{profile_name}
>
> Good point, should also be replicated in FF's profile.
>
Yes. It's possible the firefox rule came from before @{profile_name} was a
implemented. I'm not sure.
>>> + # noisy
>>> + deny @{MOZ_LIBDIR}/** w,
>>> + deny /usr/lib/thunderbird-addons/** w,
>>> + deny /usr/lib/xulrunner-addons/** w,
>>> + deny /usr/lib/xulrunner-*/components/*.tmp w,
>>> + deny /.suspended r,
>>
>> Wow. What the heck are they even trying to do??
>
> Really no clue. Again it was copied verbatim from FF's profile.
>
Historical. I don't know why firefox wanted to write out to these files, but it
did and it was noisy (it didn't have DAC to do it anyway...).
--
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160113/bc03e1ea/attachment.pgp>
More information about the AppArmor
mailing list