Thank you for reporting a bug and helping to make Ubuntu better.
We can't disable all of ~/.config because of the way that 'deny' works
in AppArmor (once you explicitly add a deny rule, you can't override it
later). However, I think it is appropriate to:
Add this to private-files:
audit deny @{HOME}/.config/autostart/** mrwkl,
audit deny @{HOME}/.kde/Autostart/** mrwkl,
And add this to private-files-strict:
audit deny @{HOME}/.config/chromium/** mrwkl,
audit deny @{HOME}/.{,mozilla-}thunderbird/** mrwkl,
audit deny @{HOME}/.evolution/** mrwkl,
audit deny @{HOME}/.config/evolution/** mrwkl,
And this to the evince abstraction:
audit deny @{HOME}/.kde/share/config/** mrwkl,
audit deny @{HOME}/.config/chromium/** mrwkl,
audit deny @{HOME}/.evolution/** mrwkl,
audit deny @{HOME}/.config/evolution/** mrwkl,
# we want access to the thunderbird Cache directory
audit deny @{HOME}/.{,mozilla-}thunderbird/*/* mrwkl,
audit deny @{HOME}/.{,mozilla-}thunderbird/*/[^C][^a][^c][^h][^e]*/** mrwkl,
Furthermore, I believe the change to private-files should be an SRU.
** Also affects: evince (Ubuntu)
Importance: Undecided
Status: New
** Changed in: evince (Ubuntu Lucid)
Status: New => Won't Fix
** Changed in: evince (Ubuntu Maverick)
Status: New => Won't Fix
** Changed in: evince (Ubuntu Natty)
Status: New => Triaged
** Changed in: evince (Ubuntu Natty)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/698194
Title:
apparmor private-files profile should include @{HOME}/.config
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
