[Canonical-partner-dev] [Bug 1325131] Re: Skype apparmor
Please don't forget that there's already an AppArmor profile for Skype in the apparmor-profiles package. However, it doesn't fully work in the enforce mode, please see bug 1191858 for more details. That bug also has some discussion about adding rules for the download folder and for opening a web browser (from the purchase/account links). -- You received this bug notification because you are a member of Canonical Partner Developers, which is subscribed to skype in Ubuntu. https://bugs.launchpad.net/bugs/1325131 Title: Skype apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/skype/+bug/1325131/+subscriptions ___ Mailing list: https://launchpad.net/~canonical-partner-dev Post to : canonical-partner-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~canonical-partner-dev More help : https://help.launchpad.net/ListHelp
[Canonical-partner-dev] [Bug 1325131] Re: Skype apparmor
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: skype (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Canonical Partner Developers, which is subscribed to skype in Ubuntu. https://bugs.launchpad.net/bugs/1325131 Title: Skype apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/skype/+bug/1325131/+subscriptions ___ Mailing list: https://launchpad.net/~canonical-partner-dev Post to : canonical-partner-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~canonical-partner-dev More help : https://help.launchpad.net/ListHelp
[Canonical-partner-dev] [Bug 1325131] Re: Skype apparmor
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Canonical Partner Developers, which is subscribed to skype in Ubuntu. https://bugs.launchpad.net/bugs/1325131 Title: Skype apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/skype/+bug/1325131/+subscriptions ___ Mailing list: https://launchpad.net/~canonical-partner-dev Post to : canonical-partner-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~canonical-partner-dev More help : https://help.launchpad.net/ListHelp
[Canonical-partner-dev] [Bug 1325131] Re: Skype apparmor
Thanks for this starting point; I have a few suggestions.
It'd be nice to use @{PROC} throughout for /proc/ rules.
It'd be nice to use Pixm for the pulseaudio program, so an existing profile for
it can be used.
Granting lock to all of /usr/share/** feels too wide -- I can't think of
consequences now, but it seems needless.
No existing profiles grant write privileges to /var/cache/fontconfig/* --
probably skype should also not have the ability to modify system-wide
fontconfig cache files.
It would be nice to use the two-argument form of link permission for the
kdeglobals rule to restrict which files can be linked.
It would be nice to use owner on the /tmp/tmp/** rule, to keep several users
from colliding in this directory.
Thanks
--
You received this bug notification because you are a member of Canonical
Partner Developers, which is subscribed to skype in Ubuntu.
https://bugs.launchpad.net/bugs/1325131
Title:
Skype apparmor
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/skype/+bug/1325131/+subscriptions
___
Mailing list: https://launchpad.net/~canonical-partner-dev
Post to : canonical-partner-dev@lists.launchpad.net
Unsubscribe : https://launchpad.net/~canonical-partner-dev
More help : https://help.launchpad.net/ListHelp
