[apparmor] [Merge] lp:~talkless/apparmor/gnome_abstraction_thumbnail_cache into lp:apparmor

Vincas Dargis vindrg at gmail.com
Sat Sep 23 14:11:09 UTC 2017


I believe this is Elector webapp containers bug. I tried to create quick-and-dirty Atom IDE profile, and found these interesting mmaps:

  /dev/shm/.org.chromium.Chromium.* mrw,
  /usr/share/atom/*.bin mr,
  /usr/share/atom/*.pak mr,
  /usr/share/atom/*.so mr,
  /usr/share/atom/icudtl.dat mr,
  /usr/share/atom/locales/*.pak mr,
  /usr/share/atom/resources/app/node_modules/cached-run-in-this-context/build/Release/cached-run-in-this-context.node mr,
  /usr/share/atom/resources/app/node_modules/nslog/build/Release/nslog.node mr,
  /usr/share/atom/resources/app/node_modules/oniguruma/build/Release/onig_scanner.node mr,
  /usr/share/atom/resources/app/node_modules/scrollbar-style/build/Release/scrollbar-style-observer.node mr,
  /usr/share/atom/resources/app/node_modules/spellchecker/build/Release/spellchecker.node mr,
  /usr/share/atom/resources/app/node_modules/superstring/build/Release/superstring.node mr,
  /usr/share/mime/mime.cache mr,
  owner @{HOME}/.config/Atom/Cache/index m,
  owner @{HOME}/.config/Atom/QuotaManager m,
  owner @{HOME}/.config/Atom/databases/Databases.db m,
 
While these .node are ELF's, /usr/share/atom/locales/*.pak are sort of data files, these caches and databases withint .config/Atom really shouldn't be mmap, IMHO

I will create Electrod bug report, and I am closing these two merge requests as invalid.
-- 
https://code.launchpad.net/~talkless/apparmor/gnome_abstraction_thumbnail_cache/+merge/330883
Your team AppArmor Developers is requested to review the proposed merge of lp:~talkless/apparmor/gnome_abstraction_thumbnail_cache into lp:apparmor.



More information about the AppArmor mailing list