intrigeri has proposed merging
lp:~intrigeri/apparmor-profiles/gstreamer-abstraction into lp:apparmor-profiles.
Requested reviews:
AppArmor Developers (apparmor-dev)
For more details, see:
https://code.launchpad.net/~intrigeri/apparmor-profiles/gstreamer-abstraction/+merge/228398
OK, apparently it's easier for you folks to review stuff proposed on lp than
submitted to the mailing-list, so... here we go :)
--
https://code.launchpad.net/~intrigeri/apparmor-profiles/gstreamer-abstraction/+merge/228398
Your team AppArmor Developers is requested to review the proposed merge of
lp:~intrigeri/apparmor-profiles/gstreamer-abstraction into lp:apparmor-profiles.
=== added file 'ubuntu/14.10/abstractions/gstreamer'
--- ubuntu/14.10/abstractions/gstreamer 1970-01-01 00:00:00 +0000
+++ ubuntu/14.10/abstractions/gstreamer 2014-07-26 15:08:59 +0000
@@ -0,0 +1,15 @@
+# vim:syntax=apparmor
+
+ #include <abstractions/p11-kit>
+
+ /etc/udev/udev.conf r,
+
+ # /dev/shm is a symlink to /run/shm on ubuntu
+ owner /{dev,run}/shm/shmfd-* rw,
+
+ /run/udev/data/+pci:* r,
+
+ /sys/devices/pci[0-9]*/**/{busnum,devnum,descriptors,speed,uevent} r,
+
+ owner /tmp/orcexec.* mrw,
+ owner /{,var/}run/user/[0-9]*/orcexec.* mrw,
=== modified file 'ubuntu/14.10/abstractions/totem'
--- ubuntu/14.10/abstractions/totem 2014-07-22 15:26:03 +0000
+++ ubuntu/14.10/abstractions/totem 2014-07-26 15:08:59 +0000
@@ -16,9 +16,9 @@
# a maintenance problem and doesn't work for files without extensions.
#include <abstractions/gnome>
+ #include <abstractions/gstreamer>
#include <abstractions/nameservice>
#include <abstractions/dbus-session>
- #include <abstractions/p11-kit>
# Allow read on all directories
/**/ r,
@@ -28,14 +28,7 @@
/usr/share/** r,
/{media,mnt,opt,srv}/** r,
- owner /tmp/orcexec.* m,
-
- /etc/wildmidi/wildmidi.cfg r,
-
- /usr/lib/@{multiarch}/libproxy/*/modules/*.so mr,
- /usr/lib/@{multiarch}/libvisual-[0-9].[0-9]/*/*.so m,
- /usr/lib/frei0r-[0-9]/*.so m,
- /usr/lib/@{multiarch}/gstreamer[0-9].[0-9]/gstreamer-[0-9].[0-9]/gst-plugin-scanner Pix,
+ /usr/lib/@{multiarch}/gstreamer[0-9].[0-9]/gstreamer-[0-9].[0-9]/gst-plugin-scanner Cix -> gst_plugin_scanner,
owner @{HOME}/.cache/tracker/meta.db k,
owner @{HOME}/.cache/tracker/meta.db-shm k,
=== added file 'ubuntu/14.10/gst_plugin_scanner'
--- ubuntu/14.10/gst_plugin_scanner 1970-01-01 00:00:00 +0000
+++ ubuntu/14.10/gst_plugin_scanner 2014-07-26 15:08:59 +0000
@@ -0,0 +1,21 @@
+# vim:syntax=apparmor
+
+profile gst_plugin_scanner {
+ #include <abstractions/base>
+ #include <abstractions/gstreamer>
+ #include <abstractions/X>
+
+ /dev/ r,
+ /dev/bus/usb/ r,
+
+ /sys/bus/ r,
+ /sys/bus/usb/devices/ r,
+ /sys/class/ r,
+
+ /etc/wildmidi/wildmidi.cfg r,
+
+ /usr/lib/frei0r-[0-9]/*.so m,
+ # /usr/lib/@{multiarch}/dri/** mr,
+ /usr/lib/@{multiarch}/libproxy/*/modules/*.so mr,
+ /usr/lib/@{multiarch}/libvisual-[0-9].[0-9]/*/*.so m,
+}
=== modified file 'ubuntu/14.10/usr.bin.totem'
--- ubuntu/14.10/usr.bin.totem 2014-07-22 15:26:33 +0000
+++ ubuntu/14.10/usr.bin.totem 2014-07-26 15:08:59 +0000
@@ -9,13 +9,6 @@
#include <abstractions/python>
#include <abstractions/totem>
- /etc/udev/udev.conf r,
- /sys/devices/pci[0-9]*/**/{busnum,devnum,descriptors,speed,uevent} r,
- /run/udev/data/+pci:* r,
-
- # /dev/shm is a symlink to /run/shm on ubuntu
- owner /{dev,run}/shm/shmfd-* rw,
-
# Maybe in an abstraction?
/usr/include/**/pyconfig.h r,
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
