intrigeri has proposed merging
~intrigeri/apparmor-profiles/+git/apparmor-profiles:stricter-totem into
apparmor-profiles:master.
Requested reviews:
AppArmor Developers (apparmor-dev)
For more details, see:
https://code.launchpad.net/~intrigeri/apparmor-profiles/+git/apparmor-profiles/+merge/310120
--
Your team AppArmor Developers is requested to review the proposed merge of
~intrigeri/apparmor-profiles/+git/apparmor-profiles:stricter-totem into
apparmor-profiles:master.
diff --git a/ubuntu/17.04/usr.bin.totem b/ubuntu/17.04/usr.bin.totem
index 758efe3..45de5f5 100644
--- a/ubuntu/17.04/usr.bin.totem
+++ b/ubuntu/17.04/usr.bin.totem
@@ -16,10 +16,11 @@
/usr/bin/totem-video-thumbnailer Pix,
/dev/sr* r,
- # Allow read and write on anything in @{HOME}. Lenient, but
+ # Allow read and write on almost anything in @{HOME}. Lenient, but
# private-files-strict is in effect.
#include <abstractions/private-files-strict>
- owner @{HOME}/** rw,
+ owner @{HOME}/[a-zA-Z0-9]* rw,
+ owner @{HOME}/[a-zA-Z0-9]*/** rw,
owner /{,var/}run/user/*/dconf/user w,
owner /{,var/}run/user/*/at-spi2-*/ rw,
diff --git a/ubuntu/17.04/usr.bin.totem-previewers b/ubuntu/17.04/usr.bin.totem-previewers
index a632034..c360434 100644
--- a/ubuntu/17.04/usr.bin.totem-previewers
+++ b/ubuntu/17.04/usr.bin.totem-previewers
@@ -6,10 +6,11 @@
/usr/bin/totem-video-thumbnailer {
#include <abstractions/totem>
- # Allow read on anything in @{HOME}. Lenient, but private-files-strict is in
+ # Allow read on almost anything in @{HOME}. Lenient, but private-files-strict is in
# effect.
#include <abstractions/private-files-strict>
- owner @{HOME}/** r,
+ owner @{HOME}/[a-zA-Z0-9]* rw,
+ owner @{HOME}/[a-zA-Z0-9]*/** rw,
# Not needed by nautilus, but maybe other applications
owner /**.[pP][nN][gG] w,
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
