Comment 0 for bug 1197060

Ubuntu SDK applications that use webkit webviews create shared memory files as /run/shm/WK2SharedMemory*. This results in an AppArmor rule like the following:
owner /{,run/}shm/WK2SharedMemory.[0-9]* rwk,

But this rule is too lenient because a malicious app could enumerate these files and attack shared memory of other applications. Therefore, these paths need to be made application specific. One suggestion is to use something like shm_open("%s-WK2SharedMemory" % <app id>") instead of shm_open("WK2SharedMemory") where '<app id>' will ultimately be the reverse domain name with Click packages (see bug #1197037 for details on '<app id>').

Future work may allow for AppArmor IPC to handle this without modifications to the SDK.