[Pkg-anonymity-tools] Ubuntu's patch of the AppArmor profile for Vidalia
Jamie Strandboge
jamie at ubuntu.com
Mon Mar 2 21:04:25 UTC 2015
On 03/01/2015 12:03 PM, intrigeri wrote:
> Hi Jamie,
>
Hi!
> we decided to not ship Vidalia in Debian Jessie, so feel free to
> ignore what my previous email on that topic (quoted below): we surely
> have more pressing Debian/Ubuntu AppArmor -related merges to work on
> than Vidalia now.
>
Wow, this totally slipped off my radar. I apologize. I realize these changes
have a reduced priority now, but I'll answer inline and you can incorporate them
at your leisure.
> intrigeri wrote (22 Oct 2014 15:28:45 GMT) :
>> I see [1] that Ubuntu is patching the AppArmor profile shipped with
>> the vidalia package. I'd like to integrate your updates into Debian
>> proper, but I have some questions first:
>
>>> + #include <abstractions/dconf>
>>> + owner /{,var/}run/user/*/dconf/user w,
>
>> Vidalia is a Qt application, and to the best of my knowledge it's not
>> using dconf, so I'm surprised. On my sid system, I can't see any
>> dconf-related AppArmor denials when running Vidalia. I don't see any
>> bug report referenced in debian/changelog. Any idea why these lines
>> were added?
>
>>> + /usr/share/glib*/schemas/gschemas.compiled r,
>
>> Same question as above.
>
I decided to test everything that ships a profile when we added unix mediation
to apparmor in Ubuntu. As such, I ran vidalia in a default install of Ubuntu (ie
Unity 7) in a virtual machine, and denials for these popped up. If I were to
guess I would say it was for the global menu in Unity. I admit I didn't delve
any deeper as to the cause. The gschemas is surely safe anywhere, but if you
didn't want to include the dconf accesses, turning those into explicit deny
rules (or simply removing those from the policy) would be ok with me so long as
vidalia continues to function well.
--
Jamie Strandboge | http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-anonymity-tools/attachments/20150302/3e7528b1/attachment.sig>
More information about the Pkg-anonymity-tools
mailing list