Merge lp:~cmiller/apparmor/chromiumbrowser-fcitx-abstraction into lp:apparmor/2.12
Proposed by
Chad Miller
Status: | Rejected | ||||
---|---|---|---|---|---|
Rejected by: | Steve Beattie | ||||
Proposed branch: | lp:~cmiller/apparmor/chromiumbrowser-fcitx-abstraction | ||||
Merge into: | lp:apparmor/2.12 | ||||
Diff against target: |
59 lines (+43/-1) 2 files modified
profiles/apparmor.d/abstractions/dbus-accessibility-strict (+1/-1) profiles/apparmor.d/abstractions/fcitx (+42/-0) |
||||
To merge this branch: | bzr merge lp:~cmiller/apparmor/chromiumbrowser-fcitx-abstraction | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Tyler Hicks | Needs Fixing | ||
Review via email: mp+282214@code.launchpad.net |
To post a comment you must log in.
Unmerged revisions
- 3338. By Chad Miller
-
Finish separating accessibility rules.
- 3337. By Chad Miller
-
Un-splitting. Reverting dbus-accessibil
ity-strict. Remove unneeded rules.
- 3336. By Chad Miller
-
Split into two pieces. The first updates the strict ruleset for the
accessibility facilities' dbus access, and adds some missing member calls like
Hello. The other groups members in fcitx abstraction together nicer. - 3335. By Chad Miller
-
Create a new input-method abstraction: pass through dbus method calls and
responses relating to the FCITX input method
Thanks for putting this merge together, Chad. Questions/comments:
1) I'm surprised that you don't have to grant access to the Hello method on the org.freedesktop .DBus interface. Calling that method is typically required when connecting to a bus. Is that not the case with the fcitx bus?
2) Can you add 'peer=( name=org. freedesktop. DBus)' to the rules on the rules that specificy the org.freedesktop .DBus and org.freedesktop .DBus.Propertie s interfaces? See abstractions/ dbus-accessibil ity-strict for a good example.
3) I'd suggest combining the last set of rules into a single rule, ala abstractions/ dbus-accessibil ity-strict.
4) I looked at what fcitx documentation that I could find and granting access to all of the org.fcitx. Fcitx.InputCont ext interface and to CreateICv3 seems relatively safe so I think the first two rules are fine.
Thanks again!