On 04/08/2013 05:43 PM, Jamie Strandboge wrote: > Hi, > > In Ubuntu, pulseaudio's now has a directory in /run and its cookie file > location moved. 0001-update-pulseaudio-paths.patch updates the audio > abstraction for this. > > Recent kernels/glibc also now trigger reads for > /proc/sys/vm/overcommit_memory. This is explained in both malloc(3) and > proc(5). Basically, there are different memory allocation strategies and > /proc/sys/vm/overcommit_memory contains the 'virtual memory accounting' > mode. The update for the base abstraction gives read access to this file. > > -- Jamie Strandboge http://www.ubuntu.com/ > looks okay to me Acked-by: John Johansen <[email protected]>
> > 0001-update-pulseaudio-paths.patch > > > Author: Jamie Strandboge <[email protected]> > Description: update pulseaudio directory and cookie file paths > Forwarded: yes > > Index: apparmor-2.8.0/profiles/apparmor.d/abstractions/audio > =================================================================== > --- apparmor-2.8.0.orig/profiles/apparmor.d/abstractions/audio > 2013-04-08 15:04:41.000000000 -0500 > +++ apparmor-2.8.0/profiles/apparmor.d/abstractions/audio 2013-04-08 > 15:05:32.000000000 -0500 > @@ -55,6 +55,9 @@ > owner @{HOME}/.pulse-cookie rwk, > owner @{HOME}/.pulse/ rw, > owner @{HOME}/.pulse/* rwk, > +owner /{,var/}run/user/*/pulse/ rw, > +owner /{,var/}run/user/*/pulse/* rwk, > +owner @{HOME}/.config/pulse/cookie rwk, > owner /tmp/pulse-*/ rw, > owner /tmp/pulse-*/* rw, > > > > 0002-add-vm_overcommit_memory.patch > > > Author: Jamie Strandboge <[email protected]> > Description: add read access to @{PROC}/sys/vm/overcommit_memory as used by > glibc > Forwarded: yes > > Index: apparmor-2.8.0/profiles/apparmor.d/abstractions/base > =================================================================== > --- apparmor-2.8.0.orig/profiles/apparmor.d/abstractions/base 2012-02-09 > 21:06:24.000000000 -0600 > +++ apparmor-2.8.0/profiles/apparmor.d/abstractions/base 2013-04-08 > 13:23:03.000000000 -0500 > @@ -100,6 +100,9 @@ > # glibc statvfs > @{PROC}/filesystems r, > > + # glibc malloc (man 5 proc) > + @{PROC}/sys/vm/overcommit_memory r, > + > # Workaround https://launchpad.net/bugs/359338 until upstream handles > stacked > # filesystems generally. This does not appreciably decrease security with > # Ubuntu profiles because the user is expected to have access to files > owned > > > > -- AppArmor mailing list [email protected] Modify settings or > unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor > -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
