[dropping pkg-apparmor from the Cc list since our team list gets all
bug report communication already]

Michael Biebl:
> This makes me wonder if

>   owner /{,var/}run/user/*/dconf/          w,
>   owner /{,var/}run/user/*/dconf/user      rw,
> and
>   owner @{HOME}/.local/share/gvfs-metadata/** l,
>   owner /{,var/}run/user/*/gvfs-metadata/** l,

> shouldn't be moved somewhere else as well.
> Those paths are implementation details of dconf and gvfs. A lot of GNOME
> applications use either dconf or gvfs, so duplicating that information
> in every application seems wrong.

Wrt. dconf: right. We have a dconf abstraction already, that gives
read-only access to dconf. I guess it would be nice to have
a dconf-read-write abstraction that would grant read-write access to
dconf. I've started a discussion about it upstream:

Regarding gvfs: on my system, only the Evince AppArmor profile has
these lines, so I'll need more data points before it's clear to me
what the right refactoring is.


Reply via email to