Merge lp:~sdeziel/apparmor-profiles/refresh-pulseaudio into lp:apparmor-profiles
Proposed by
Simon Déziel
Status: | Merged |
---|---|
Approved by: | Seth Arnold |
Approved revision: | 160 |
Merged at revision: | 155 |
Proposed branch: | lp:~sdeziel/apparmor-profiles/refresh-pulseaudio |
Merge into: | lp:apparmor-profiles |
Diff against target: |
113 lines (+36/-24) 1 file modified
ubuntu/16.04/usr.bin.pulseaudio (+36/-24) |
To merge this branch: | bzr merge lp:~sdeziel/apparmor-profiles/refresh-pulseaudio |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Seth Arnold | Approve | ||
Review via email: mp+281910@code.launchpad.net |
To post a comment you must log in.
On Thu, Jan 07, 2016 at 06:21:23PM -0000, Simon Déziel wrote: .pulse- cookie rwk, dbus-socket rwk, .pulse- cookie rwk, dbus-socket rwk, [0-9]*/ pulse/ rw, [0-9]*/ pulse/* rwk, data/+sound: card* r, data/c116: [0-9]* r,
> - /run/pulse/ rw,
> - /run/pulse/
> - /run/pulse/
> - /run/pulse/native rwk,
> - /run/pulse/pid rwk,
> + owner /run/pulse/ rw,
> + owner /run/pulse/
> + owner /run/pulse/
> + owner /run/pulse/native rwk,
> + owner /run/pulse/pid rwk,
> + owner /run/user/
> + owner /run/user/
> /run/udev/
> + /run/udev/
>
How does 'owner /run/pulse/' work? Are these paths bind-mounted from
per-user paths? Or are these paths when pulse is used as root in some
environments?
> lightdm/ .Xauthority r, lightdm/ .esd_auth rwk, lightdm/ .pulse- cookie rwk, lightdm/ .pulse/ rw, lightdm/ .pulse/ * w, lightdm/ .pulse/ * r, lightdm/ .config/ pulse/cookie rwk, lightdm/ .config/ pulse/ rw, lightdm/ .config/ pulse/* rw,
> owner /var/lib/
> owner /var/lib/
> - owner /var/lib/
> - owner /var/lib/
> - owner /var/lib/
> - owner /var/lib/
> + owner /var/lib/
> + owner /var/lib/
> + owner /var/lib/
Removing accesses like this may cause problems if the AppArmor profile is
replaced before any executing binaries that use the old pathnames. Are
these old path names unused for long enough that no executing binaries
currently use them?
Thanks