AppArmor

Add a dconf-read-write abstraction

Bug #1633733 reported by intrigeri on 2016-10-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	AppArmor	New	Undecided	Unassigned

Bug Description

We already have a dconf abstraction that grants read-only access to dconf. But quite a few applications need RW access and their profiles duplicate this kind of thing:

owner /{,var/}run/user/*/dconf/ w,
owner /{,var/}run/user/*/dconf/user rw,

I think we should have another abstraction, that gives read-write access to dconf.

Thanks to Michael Biebl for suggesting that we clean this up on https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827335#113.

Thoughts?

Tags:

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2016-10-17:

Yes, this seems almost obvious in retrospect. :) A good sign of a good idea...

Thanks

Revision history for this message

Vincas Dargis (talkless) wrote on 2017-11-27:

Yeah this would be useful, although we have to be aware of possible incompatibilities including this new abstraction in upstreamed profiles that are shipping, as with @{sys} proposal in https://bugs.launchpad.net/apparmor/+bug/1728551 . Probably not a problem for new profiles though.

I guess it's a routine keep-in-back-of-your-head issue that going to reappear while AppArmor abstractions are being improved upon.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.