apparmor private-files abstraction breaks alsa playback
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Triaged
|
Low
|
Unassigned |
Bug Description
The following line in /etc/apparmor.
deny @{HOME}/.*rc mrk,
While developing an AppArmor profile for a music player, I wanted to use the private-files abstraction, but the above line caused the application to silently fail in reading ~/.asoundrc, which in turn caused mysterious audio playback failures. This makes the private-files abstraction useless for audio players, which are exactly the kind of application that should make use of the abstraction, since they will be used to play media files from all sorts of sketchy sources and could easily have exploitable security bugs. What a pity.
(The line at fault also makes the private-files abstraction incompatible with the audio abstraction that lives in the same directory.)
description: | updated |
description: | updated |
Changed in apparmor: | |
importance: | Undecided → Low |
status: | New → Triaged |
tags: | added: aa-policy |
I'm not sure if that line is "needlessly aggresive". But anyway: if we hadn't #451422 in addition, this bug would be easy to workaround.