Hi Seth First of: I would like to thank You very, very much for your patience. I know, that my questions can be very annoying etc. You are very amazing person. Thanks.
>> Feel free to ignore the audacious2 line -- after all the >> executable doesn't exist on your system. Yes, you're right, but "/usr/bin/audacious" exists. Should I not remove '2' from this rule? After this little change, Audacious should be using 'sanitized_helper': ✗ /usr/bin/audacious2 Cxr -> sanitized_helper, ✓ /usr/bin/audacious Cxr -> sanitized_helper, Now, aa-status(8) shows just "/usr/bin/audacious". My profile contains: #include <abstractions/ubuntu-media-players>, but 'sanitized_helper' is not even showed. Whether removing '2' from a rule in '/etc/apparmor.d/abstractions/ubuntu-media-players' is a good solution? I'm just asking, because I'm wondering if 'ubuntu-media-players' file should be, I don't know, updated? And after this small "fix", aa-status(8) should show: /usr/bin/audacious//sanitized_helper Am I right or wrong? But these are just my thoughts. OK, so according to your message and advices I should add "/usr/bin/audacious Px," line to the 'ubuntu-media-players' file, right? And what about '-> sanitized_helper'? Now, this rule should looks this way? (After changes suggested by You.) ✓ /usr/bin/audacious Px, -> sanitized_helper, Is that correct? I'm sorry for asking about this, but You did not mentioned what to do with 'sanitized_helper'. Summarizing I should make such changes: ✗ /usr/bin/audacious2 Cxr -> sanitized_helper, ✓ /usr/bin/audacious Px -> sanitized_helper, ✓ /usr/bin/audacious Px, # this is 2nd variant. Or use '/usr/bin/audacious Px,' rule without 'sanitized_helper' (2nd variant.) Is this correct? >> Could you double-check if audacious uses the system >> libaries or if it bundles in the unsafe code itself? (...) Of course I can do this, but I don't know how? Which is the best method? Can it be done using, for example: * ldd(1) with 'ldd /usr/bin/audacious' (not recommended?) * ldconfig -v |grep audacious * objdump -p /usr/bin/audacious |grep NEEDED (result: 8. libs) * strace -e open /usr/bin/audacious 2>&1 | grep ?what? * 'apt-cache depends audacious' also shows libraries, but this method is certainly wrong. Seth, I'm sorry. Probably I'm wrong and all mentioned above ways to check the system libraries are bad, but these commands/things were the first thoughts, when I'd read your message, request. However, if it's about ldd(1) - the result was 19. Thanks and once again: sorry. Best regards.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
