On Sat, Jul 26, 2014 at 03:09:23PM -0000, intrigeri wrote: > OK, apparently it's easier for you folks to review stuff proposed on lp than > submitted to the mailing-list, so... here we go :)
> https://code.launchpad.net/~intrigeri/apparmor-profiles/gstreamer-abstraction/+merge/228398 Sorry. Maybe it's just harder to lose track of... This looks like a good cleanup to me. It does seem a bit strange that /usr/bin/totem brings in a totem abstraction which then brings in the gstreamer abstraction. And I don't understand why pkcs11 support is included in any of these (but that's not new, I've never understood why it's included.) So while I don't want to block this on figuring out the totem abstraction I do wonder if we want/need it, and wonder why we've got the p11-kit abstraction included here. Thanks > === added file 'ubuntu/14.10/abstractions/gstreamer' > --- ubuntu/14.10/abstractions/gstreamer 1970-01-01 00:00:00 +0000 > +++ ubuntu/14.10/abstractions/gstreamer 2014-07-26 15:08:59 +0000 > @@ -0,0 +1,15 @@ > +# vim:syntax=apparmor > + > + #include <abstractions/p11-kit> > + > + /etc/udev/udev.conf r, > + > + # /dev/shm is a symlink to /run/shm on ubuntu > + owner /{dev,run}/shm/shmfd-* rw, > + > + /run/udev/data/+pci:* r, > + > + /sys/devices/pci[0-9]*/**/{busnum,devnum,descriptors,speed,uevent} r, > + > + owner /tmp/orcexec.* mrw, > + owner /{,var/}run/user/[0-9]*/orcexec.* mrw, > > === modified file 'ubuntu/14.10/abstractions/totem' > --- ubuntu/14.10/abstractions/totem 2014-07-22 15:26:03 +0000 > +++ ubuntu/14.10/abstractions/totem 2014-07-26 15:08:59 +0000 > @@ -16,9 +16,9 @@ > # a maintenance problem and doesn't work for files without extensions. > > #include <abstractions/gnome> > + #include <abstractions/gstreamer> > #include <abstractions/nameservice> > #include <abstractions/dbus-session> > - #include <abstractions/p11-kit> > > # Allow read on all directories > /**/ r, > @@ -28,14 +28,7 @@ > /usr/share/** r, > /{media,mnt,opt,srv}/** r, > > - owner /tmp/orcexec.* m, > - > - /etc/wildmidi/wildmidi.cfg r, > - > - /usr/lib/@{multiarch}/libproxy/*/modules/*.so mr, > - /usr/lib/@{multiarch}/libvisual-[0-9].[0-9]/*/*.so m, > - /usr/lib/frei0r-[0-9]/*.so m, > - > /usr/lib/@{multiarch}/gstreamer[0-9].[0-9]/gstreamer-[0-9].[0-9]/gst-plugin-scanner > Pix, > + > /usr/lib/@{multiarch}/gstreamer[0-9].[0-9]/gstreamer-[0-9].[0-9]/gst-plugin-scanner > Cix -> gst_plugin_scanner, > > owner @{HOME}/.cache/tracker/meta.db k, > owner @{HOME}/.cache/tracker/meta.db-shm k, > > === added file 'ubuntu/14.10/gst_plugin_scanner' > --- ubuntu/14.10/gst_plugin_scanner 1970-01-01 00:00:00 +0000 > +++ ubuntu/14.10/gst_plugin_scanner 2014-07-26 15:08:59 +0000 > @@ -0,0 +1,21 @@ > +# vim:syntax=apparmor > + > +profile gst_plugin_scanner { > + #include <abstractions/base> > + #include <abstractions/gstreamer> > + #include <abstractions/X> > + > + /dev/ r, > + /dev/bus/usb/ r, > + > + /sys/bus/ r, > + /sys/bus/usb/devices/ r, > + /sys/class/ r, > + > + /etc/wildmidi/wildmidi.cfg r, > + > + /usr/lib/frei0r-[0-9]/*.so m, > + # /usr/lib/@{multiarch}/dri/** mr, > + /usr/lib/@{multiarch}/libproxy/*/modules/*.so mr, > + /usr/lib/@{multiarch}/libvisual-[0-9].[0-9]/*/*.so m, > +} > > === modified file 'ubuntu/14.10/usr.bin.totem' > --- ubuntu/14.10/usr.bin.totem 2014-07-22 15:26:33 +0000 > +++ ubuntu/14.10/usr.bin.totem 2014-07-26 15:08:59 +0000 > @@ -9,13 +9,6 @@ > #include <abstractions/python> > #include <abstractions/totem> > > - /etc/udev/udev.conf r, > - /sys/devices/pci[0-9]*/**/{busnum,devnum,descriptors,speed,uevent} r, > - /run/udev/data/+pci:* r, > - > - # /dev/shm is a symlink to /run/shm on ubuntu > - owner /{dev,run}/shm/shmfd-* rw, > - > # Maybe in an abstraction? > /usr/include/**/pyconfig.h r, > > > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor -- https://code.launchpad.net/~intrigeri/apparmor-profiles/gstreamer-abstraction/+merge/228398 Your team AppArmor Developers is requested to review the proposed merge of lp:~intrigeri/apparmor-profiles/gstreamer-abstraction into lp:apparmor-profiles. -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
