Merge lp:~serge-hallyn/apparmor-profiles/apparmor-profiles into lp:apparmor-profiles

While this is certainly better than no profile, there's a lot of fairly
wide permissions added:

+ /usr/lib/** r,
+ /lib/** r,
+ /usr/share/** r,

<abstractions/base> ought to include a huge number of libraries already --
what else was needed in /usr/lib, /lib, /usr/share?

+ /etc/* r,
+ unix (create, connect, receive),
+ /run/** rw,

These just seem too wide by a lot -- what's it doing with unix sockets?
Can that be reduced via peer=(label=..) rules? Which files in /etc/ did it
need? Can /run/ be constrained by uid or user or at least the 'owner'
qualifier?

+ /dev/null rw,
+ network inet,

Heh I'm surprised these were needed explicitly.

Any chance this could be closed a bit further?

Thanks

I never used ttytter (actually I had to google what it is - if someone else also doesn't know it: a commandline client for twitter). Nevertheless, I think your profile is not strict enough ;-)

"network inet" is ways too broad. abstractions/nameservice already gives you "network inet stream" and "network inet dgram" (+ its inet6 variants), and IIRC Twitter uses an API over HTTPS, which should be covered by this. If not, I'd be interested in what is missing ;-)

Also, allowing read access for /etc/* and /run/** is way to broad and might leak data not related to ttytter which it shouldn't see. The same applies for /usr/share/**, /lib/** and /usr/lib/**. They are less critical, but still allow ways too much. Please make all these rules more tight so that they only allow what is really needed.

Finally, I'm slightly surprised that a commandline client needs abstractions/fonts and abstractions/dbus-session. Are they really needed?

Yeah my main goal was to keep it from reading most of my own
files. It runs as me so not very worried about system files.
I did the MR to make myself follow up. I'll find time to
tighten it down later.

I provided an alternate profile based off of Serge's that is more restrictive, and after Serge tested with it successfully, committed that to the apparmor-profiles tree. Thanks for submitting the initial profile, Serge!

[I'm marking this merge proposal as Approved to close it out.]

Awesome - thanks for improving it :)