Hi Daniel,
On 2016-11-25 07:22 AM, daniel curtis wrote:
> Thanks for an answer. I would like to ask if AppArmor version:
> 2.7.102-0ubuntu3.10 is sufficient for entries mentioned/added by you to
> the "local/usr.bin.firefox" file? I'm asking because of e.g.:
>
> dbus receive
> bus=session
> path=/org/gtk/Private/RemoteVolumeMonitor
> interface=org.gtk.Private.RemoteVolumeMonitor
> member={VolumeAdded,VolumeRemoved},
>
> I just don't know if this AppArmor version will accept them etc. (If I
> remember correctly similar rules, wasn't accepted in the AppArmor
> profiles, which I've created some time ago.)You are correct, dbus rules are not supported in Ubuntu 12.04 so you would need to remove those. Or maybe you could upgrade to a more recent version of Ubuntu? I personally enjoy the 16.04 release very much :) > If not, should I leave two rules mentioned by me in my previous > message?* I mean rules for: "/dev/nvidiactl" and > "/run/shm/org.chromium.*". Are they secure enough? I just wonder if I > should add an 'owner' (just as it's in your, local include for firefox), > so it would look like: > > - /dev/shm/org.chromium.* rw, > + owner /dev/shm/org.chromium.* rw, > > It's more secure? Yes, a little. > And what about "/dev/nvidiactl"? You cannot use "owner" on this one, so I'd leave it as is. Regards, Simon
signature.asc
Description: OpenPGP digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
