[Pkg-anonymity-tools] Ubuntu's patch of the AppArmor profile for Vidalia
intrigeri
intrigeri at debian.org
Tue Mar 3 16:37:03 UTC 2015
Hi Jamie,
Jamie Strandboge wrote (02 Mar 2015 21:04:25 GMT) :
> Wow, this totally slipped off my radar. I apologize.
No problem. My own backlog isn't any better I guess.
> I decided to test everything that ships a profile when we added unix mediation
> to apparmor in Ubuntu. As such, I ran vidalia in a default install of Ubuntu (ie
> Unity 7) in a virtual machine, and denials for these popped up. If I were to
> guess I would say it was for the global menu in Unity. I admit I didn't delve
> any deeper as to the cause.
OK, thanks.
> The gschemas is surely safe anywhere, but if you didn't want to
> include the dconf accesses, turning those into explicit deny rules
> (or simply removing those from the policy) would be ok with me so
> long as vidalia continues to function well.
Then maybe try turning these rules into deny ones, see if Vidalia
still works fine on Ubuntu, and then:
* If yes, then I'm happy to take these denial rules into the profile
we ship in Debian, to reduce Ubuntu's delta.
* If not, then retry with only the gschemas bits (that I'm happy to
take if it's needed in Ubuntu), and loop back.
But yeah, I'm not enthusiastic at the idea of giving write access
to dconf.
(Meta: I'm happy to import stuff to make your delta smaller, but
I won't do the testing on Ubuntu part myself -- at least not on this
one :)
Cheers,
--
intrigeri
More information about the Pkg-anonymity-tools
mailing list