Vincas Dargis has proposed merging
lp:~talkless/apparmor/fix_user_download_nonlatin into lp:apparmor.
Requested reviews:
AppArmor Developers (apparmor-dev)
For more details, see:
https://code.launchpad.net/~talkless/apparmor/fix_user_download_nonlatin/+merge/326259
I have noticed that abstractions/user-download profile allows to download into
home directory, while protecting dot files:
owner @{HOME}/[a-zA-Z0-9]* rwl,
Though it fails for files with non-latin symbols, tested with /usr/bin/tee
copied to /usr/local/bin/testtee with minimal profile using user-download
abstraction:
echo "foo" | testtee ~/ąčęėįšųūž
testtee: /home/vincas/ąčęėįšųūž: Permission denied
When file rule is changed into:
owner @{HOME}/[^.]* rwl,
It works as expected:
$ echo "foo" | testtee ~/ąčęėįšųūž
foo
$ echo "foo" | testtee ~/.bashrc
testtee: /home/vincas/.bashrc: Permission denied
--
Your team AppArmor Developers is requested to review the proposed merge of
lp:~talkless/apparmor/fix_user_download_nonlatin into lp:apparmor.
=== modified file 'profiles/apparmor.d/abstractions/user-download'
--- profiles/apparmor.d/abstractions/user-download 2014-02-14 22:28:16 +0000
+++ profiles/apparmor.d/abstractions/user-download 2017-06-24 15:15:40 +0000
@@ -15,7 +15,7 @@
owner @{HOME}/tmp/** rwl,
owner @{HOME}/[dD]ownload{,s}/ r,
owner @{HOME}/[dD]ownload{,s}/** rwl,
- owner @{HOME}/[a-zA-Z0-9]* rwl,
+ owner @{HOME}/[^.]* rwl,
owner @{HOME}/@{XDG_DESKTOP_DIR}/ r,
owner @{HOME}/@{XDG_DESKTOP_DIR}/* rwl,
owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ r,
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
