[apparmor] Bug#845005: AppArmor profile denies paths for gtk2-engines-bixbuf and themes

Christian Boltz debian-bugs at cboltz.de
Sun Nov 20 16:41:09 UTC 2016 

Hello,

(adding back u. to CC - sorry, I didn't realize mails for this bugreport 
don't get delivered to pkg-apparmor when cleaning up the recipients)

Am Sonntag, 20. November 2016, 13:00:00 CET schrieb anonym:
> At least on my system, I have
> 
>   /usr/lib/x86_64-linux-gnu/gtk-2.0
>   /usr/lib/x86_64-linux-gnu/gtk-3.0
> 
> and nothings else, so your suggseted change looks good to me.

> > +  /usr/share/themes/** r,
> > 
> > This is already included in abstractions/gnome, so I wonder why you
> > needed to add it.
> 
> Sorry! It is not needed (and the explanation for why I included it by
> mistake is just to boring to share here).

Nothing is too boring (and often someone can learn from it), so I'm all 
ears ;-)

> So, in the end, your suggested update to abstractions/gnome (the gtk
> path) seems like the only thing needed, and indeed better than my
> patch.

Thanks for the feedback!

So here's the patch I hereby propose upstream:



[patch] Update abstractions/gnome with versioned gtk paths

I propose this patch for trunk, 2.10 and 2.9.


[ abstractions-gnome.diff ]

=== modified file 'profiles/apparmor.d/abstractions/gnome'
--- profiles/apparmor.d/abstractions/gnome      2016-11-06 09:23:51 +0000
+++ profiles/apparmor.d/abstractions/gnome      2016-11-20 16:31:56 +0000
@@ -22,6 +22,8 @@
   /etc/gtk/*                      r,
   /usr/lib{,32,64}/gtk/**         mr,
   /usr/lib/@{multiarch}/gtk/**    mr,
+  /usr/lib{,32,64}/gtk-[0-9]*/**  mr,
+  /usr/lib/@{multiarch}/gtk-[0-9]*/** mr,
   /usr/share/themes/              r,
   /usr/share/themes/**            r,
 


Regards,

Christian Boltz
-- 
> I also prefer realnames. But if people want to use a _spellable_
> alias, it's ok for me too.
> However, I hate aliases like "fE3,x7~5X" ;-)
Noone should use his/her password as a mail name ;-)
[> Christian Boltz and meister(at)netz00.com in opensuse]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161120/9061cba6/attachment.pgp>

More information about the AppArmor mailing list