~talkless/apparmor-profiles:gnome-3.26

Last commit made on 2017-10-11
Get this branch:
git clone -b gnome-3.26 https://git.launchpad.net/~talkless/apparmor-profiles
Only Vincas Dargis can upload to this branch. If you are Vincas Dargis please log in for upload directions.

Branch merges

Branch information

Name:
gnome-3.26
Repository:
lp:~talkless/apparmor-profiles

Recent commits

89a4823... by Vincas Dargis

Totem: fix brwap qualifier

Use pux instead of Pux for bwap, because it was original intention
(not to scrub $HOME which is needed). Also, Pux is deprecated and
produces aa-logprof error.

2194269... by intrigeri

Totem: allow running bubblewrap (bwrap) unconfined.

bwrap is setuid root and requires so many admin privileges that it has to be
trusted and it makes little sense confining it ourselves.

We don't scrub environment variables because bwrap will reuse $HOME
(see bwrap(1)) and clean the environment itself.

The corresponding discussion starts at
https://lists.ubuntu.com/archives/apparmor/2017-September/011064.html

ea46d1b... by intrigeri

Totem abstraction: allow read-write access to Tracker's journal.

bfc0bff... by Steve Beattie

Merge stricter totem and totem rules fixes branch from intrigeri

8bce824... by Steve Beattie

Merge dropping of obsolete /dev/.udev evolution rule from intrigeri

55c33e6... by intrigeri

Totem: grant access to ~/.cache/mesa/**.

According to https://bugs.debian.org/867692, that's now needed on some systems
once the changes brought by this branch are applied.

6829f95... by intrigeri

Evolution: drop support for obsolete /dev/.udev/ directory.

Michael Biebl, one on the systemd/udev maintainers in Debian, wrote
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846966#50: "This directory
has long been deprecated and is not in use anymore since at least jessie, might
even be wheezy".

bfe8182... by intrigeri

Totem: quiet logs by explicitly denying writing to root-owned directory.

5117978... by intrigeri

Totem: add rules needed by recent Mesa.

Otherwise Totem crashes on startup on current Debian sid with
an Intel Corporation Haswell-ULT Integrated Graphics Controller:

  libEGL warning: MESA-LOADER: failed to retrieve device information
  libEGL warning: MESA-LOADER: failed to retrieve device information
  intel_do_flush_locked failed: Invalid argument

992f4eb... by intrigeri

Copy changes done in 17.04 on my stricter-totem branch to 17.10.