[apparmor] [patch 8/8] Remove access to pulseaudio debug socket from audio abstraction

Tue, 11 Feb 2014 15:55:55 -0800 

Description: Remove access to pulseaudio debug socket from audio abstraction
 Grant access to specific files in the /var/run/user/UID/pulse/ directory to
 remove access to potentially dangerous and non-essential files such as the
 debug (cli) socket provided by the module-cli-protocol-unix module.
Author: Tyler Hicks <[email protected]>
Bug-Ubuntu: https://launchpad.net/bugs/1211380
Forwarded: no
Index: apparmor-2.8.0/profiles/apparmor.d/abstractions/audio
===================================================================
--- apparmor-2.8.0.orig/profiles/apparmor.d/abstractions/audio  2013-10-04 
11:56:46.068975830 -0700
+++ apparmor-2.8.0/profiles/apparmor.d/abstractions/audio       2013-10-04 
17:23:16.387969164 -0700
@@ -56,7 +56,7 @@ owner @{HOME}/.pulse-cookie rwk,
 owner @{HOME}/.pulse/ rw,
 owner @{HOME}/.pulse/* rwk,
 owner /{,var/}run/user/*/pulse/  rw,
-owner /{,var/}run/user/*/pulse/* rwk,
+owner /{,var/}run/user/*/pulse/{native,pid} rwk,
 owner @{HOME}/.config/pulse/cookie rwk,
 owner /tmp/pulse-*/ rw,
 owner /tmp/pulse-*/* rw,


-- 
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to