AppArmor Profiles

Merge lp:~intrigeri/apparmor-profiles/cleanup-pidgin-orcexec into lp:apparmor-profiles

  1. cleanup-pidgin-orcexec
  2. Merge into master
Proposed by intrigeri
Status: Merged
Merged at revision: 138
Proposed branch: lp:~intrigeri/apparmor-profiles/cleanup-pidgin-orcexec
Merge into: lp:apparmor-profiles
Diff against target: 35 lines (+3/-7)
2 files modified
ubuntu/14.10/abstractions/gstreamer (+2/-0)
ubuntu/14.10/usr.bin.pidgin (+1/-7)
To merge this branch: bzr merge lp:~intrigeri/apparmor-profiles/cleanup-pidgin-orcexec
Reviewer Review Type Date Requested Status
Steve Beattie Approve
Review via email: mp+234228@code.launchpad.net

Description of the change

I'd like Simon Deziel (who's been working with me on this profile in the past, and needed some rules that I'm dropping here) to review this, before asking for a merge. Particularly, it would be good to know if sound notifications work when /tmp is mounted noexec.

To post a comment you must log in.
Revision history for this message
Simon Déziel (sdeziel) wrote :

On 09/10/2014 07:09 PM, intrigeri wrote:
> intrigeri has proposed merging
> lp:~intrigeri/apparmor-profiles/cleanup-pidgin-orcexec into
> lp:apparmor-profiles.
>
> Requested reviews: simon123 (simon-deziel)

I didn't know a previous me created such a user but that's quite
possible. My LP is "sdeziel"

> For more details, see:
> https://code.launchpad.net/~intrigeri/apparmor-profiles/cleanup-pidgin-orcexec/+merge/234228
>
> I'd like Simon Deziel (who's been working with me on this profile in
> the past, and needed some rules that I'm dropping here) to review
> this, before asking for a merge. Particularly, it would be good to
> know if sound notifications work when /tmp is mounted noexec.

"owner @{HOME}/orcexec.* mr," is the only missing rule in
abstractions/gstreamer to get the sound working with /tmp mounted noexec.

Regards,
Simon

lp:~intrigeri/apparmor-profiles/cleanup-pidgin-orcexec updated
137. By intrigeri

Fix gstreamer abstraction to make it work when /tmp is mounted read-only.

Thanks to Simon Déziel for testing and reporting back!

Revision history for this message
Steve Beattie (sbeattie) wrote :

Committed, thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'ubuntu/14.10/abstractions/gstreamer'
2--- ubuntu/14.10/abstractions/gstreamer 2014-07-22 17:05:59 +0000
3+++ ubuntu/14.10/abstractions/gstreamer 2014-09-15 04:12:34 +0000
4@@ -13,3 +13,5 @@
5
6 owner /tmp/orcexec.* mrw,
7 owner /{,var/}run/user/[0-9]*/orcexec.* mrw,
8+ # needed if /tmp is mounted noexec:
9+ owner @{HOME}/orcexec.* mr,
10
11=== modified file 'ubuntu/14.10/usr.bin.pidgin'
12--- ubuntu/14.10/usr.bin.pidgin 2014-07-17 15:33:08 +0000
13+++ ubuntu/14.10/usr.bin.pidgin 2014-09-15 04:12:34 +0000
14@@ -10,6 +10,7 @@
15 #include <abstractions/dbus-session>
16 #include <abstractions/enchant>
17 #include <abstractions/gnome>
18+ #include <abstractions/gstreamer>
19 #include <abstractions/ibus>
20 #include <abstractions/launchpad-integration>
21 #include <abstractions/nameservice>
22@@ -61,13 +62,6 @@
23 owner @{PROC}/[0-9]*/auxv r,
24 owner @{PROC}/[0-9]*/fd/ r,
25
26- # For sound notifications
27- owner /tmp/orcexec.* mr,
28- # ... if /tmp is mounted noexec
29- owner @{HOME}/orcexec.* mr,
30- owner /{,var/}run/user/[0-9]*/ r,
31- owner /{,var/}run/user/[0-9]*/orcexec.* mrw,
32-
33 # Site-specific additions and overrides. See local/README for details.
34 #include <local/usr.bin.pidgin>
35 }

Subscribers

People subscribed via source and target branches

to status/vote changes: