[apparmor] [Merge] lp:~talkless/apparmor/gnome_abstraction_thumbnail_cache into lp:apparmor
seth.arnold at canonical.com
Mon Sep 18 22:58:10 UTC 2017
The 'm' privilege is for _executable_ memory maps.
I dislike giving this permission here -- especially since thumbnailers are so often abused and targeted by exploits.
My theory is that they are running with a code personality where READ_IMPLIES_X (based entirely on the per=400000 entries in the logs) -- is the skype team accessible? Can they report back why they use this personality?
Your team AppArmor Developers is requested to review the proposed merge of lp:~talkless/apparmor/gnome_abstraction_thumbnail_cache into lp:apparmor.
More information about the AppArmor