Hello,
Some time ago I've sent tiny patch [0], but received no comments. Maybe it got lost..? It had patch as attachment, maybe
that's the problem? I am resubmitting original message with inline patch this time:
---
I have noticed that abstractions/user-download profile allows to download into
home directory, while protecting dot files:
owner @{HOME}/[a-zA-Z0-9]* rwl,
Though it fails for files with non-latin symbols, tested with /usr/bin/tee
copied to /usr/local/bin/testtee with minimal
profile using user-download abstraction:
echo "foo" | testtee ~/ąčęėįšųūž
testtee: /home/vincas/ąčęėįšųūž: Permission denied
When file rule is changed into:
owner @{HOME}/[^.]* rwl,
It works as expected:
$ echo "foo" | testtee ~/ąčęėįšųūž
foo
$ echo "foo" | testtee ~/.bashrc
testtee: /home/vincas/.bashrc: Permission denied
[ 01-fix-apparmor-user-download-nonlatin.diff ]
=== modified file 'profiles/apparmor.d/abstractions/user-download'
--- profiles/apparmor.d/abstractions/user-download 2014-02-14 22:28:16
+0000
+++ profiles/apparmor.d/abstractions/user-download 2017-04-17 13:21:24
+0000
@@ -15,7 +15,7 @@
owner @{HOME}/tmp/** rwl,
owner @{HOME}/[dD]ownload{,s}/ r,
owner @{HOME}/[dD]ownload{,s}/** rwl,
- owner @{HOME}/[a-zA-Z0-9]* rwl,
+ owner @{HOME}/[^.]* rwl,
owner @{HOME}/@{XDG_DESKTOP_DIR}/ r,
owner @{HOME}/@{XDG_DESKTOP_DIR}/* rwl,
owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ r,
[0] https://lists.ubuntu.com/archives/apparmor/2017-April/010710.html
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
