[apparmor] [profile] AbiWord: access to "/etc/nsswitch.conf", "/etc/passwd" files, ".ecryptfs/*/.Private/" folder and the proc filesystem ("/proc/[pid]/auxv").

daniel curtis sidetripping at gmail.com
Thu Mar 23 11:10:52 UTC 2017

Hello Seth

First of: thank You very much for an answer :- )

>> This is fine, I expect abiword is using the getpwuid(3) family
>> of APIs to find the home directory.

OK, so I will allow "r" access for these two files ('/etc/nsswitch.conf'
and '/etc/passwd'.) If it's about ecryptfs - I've tried to comment this
rule (with '#') and it seems, that AbiWord doesn't need an access for a
"/home/.ecryptfs/user1/.Private/" folder. There is not any DENIED messages
in a log files etc. Strange.

>> Definitely allow; the aux vector provides programs a huge
>> amount of useful information which the processes may need.

Just as You wrote: I will use a rule for "@{PROC}/[0-9]*/auxv". Thanks for
explanation. And if it's about "mr" or "mixr" access for a
'/usr/bin/abiword' - I will leave "mr", because; "'ix' doesn't actually
affect anything from apparmor's perspective (...)"

I think, that's all, for now. Also, thank you for returning my attention to
the problem with changelogs etc. By the way: I totally forgot about this


Once again: thank You very much. Best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170323/30870266/attachment.html>

More information about the AppArmor mailing list