No abstraction over xdg-basedirs and xdg-user-dirs

Bug #1061693 reported by Iain Lane on 2012-10-04
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Jamie Strandboge
apparmor (Ubuntu)
Seth Arnold

Bug Description

Per a spec

users may modify certain environment variables to override the locations in which applications store / cache data.

Most of the apparmor profiles shipped by Ubuntu hardcode the defaults specified by XDG, meaning that if someone wants to change this, they need to modify every profile for the change. It would be great if this could be made easier, either by whitelisting these environment variables or by introducing a tunable and modifying all profiles shipped by default to use it.

Changed in apparmor (Ubuntu):
importance: Undecided → Medium
status: New → Confirmed
Jamie Strandboge (jdstrand) wrote :

Here are some thoughts I had to fix this. It is not fully realized:

We take advantage of tunables in the following manner:
 * create tunables/xdg to have:
    #include <tunables/xdg.d>
 * tunables/xdg.d could include files with contents of the form:
 * we could then have some sort of a hook, perhaps a dpkg trigger that would generate files in tunables/xdg.d based on installed locales

Rules that were of the form of:
owner @{HOME}/Desktop/** r,

would become:
owner @{XDG_DESKTOP_DIR/** r,

This also has the advantage of opening the possibility of handling migrations like those with /var/run/user/ to be handled more gracefully.

Changed in apparmor:
status: New → Confirmed
importance: Undecided → Medium
Jamie Strandboge (jdstrand) wrote :

Just to be clear, Iain was talking about xdg-basedirs and I responded with xdg-user-dirs. Both could be solved in a similar manner, but xdg-user-dirs are more pressing because xdg-user-dirs-update might rename directories, etc with the user only choosing a different locale. We will likely have something reasonable for translated xdg-user-dirs but not have a general fix for xdg-basedirs or xdg-user-dirs that differ from the templates in /etc/xdg/user-dirs.defaults.

summary: - No abstraction over XDG_*_HOME
+ No abstraction over xdg-basedirs and xdg-user-dirs
Changed in apparmor:
status: Confirmed → Triaged
Changed in apparmor (Ubuntu):
status: Confirmed → Triaged
Jamie Strandboge (jdstrand) wrote :

I've just now committed changes for supporting translated xdg-user-dirs. We have the abstractions/xdg-desktop in Ubuntu and upstream for some time for the basedirs. We aren't going to introduce a tunable at this time for basedirs, but may in the future.

Changed in apparmor:
status: Triaged → Fix Committed
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu):
status: Triaged → In Progress
assignee: nobody → Seth Arnold (seth-arnold)
Launchpad Janitor (janitor) wrote :
Download full text (3.6 KiB)

This bug was fixed in the package apparmor - 2.8.95~2430-0ubuntu1

apparmor (2.8.95~2430-0ubuntu1) trusty; urgency=low

  [ Jamie Strandboge ]

   * debian/debhelper/dh_apparmor: exit with error if aa-easyprof does not
   * debian/control: drop Depends on apparmor-easyprof to Suggests for

  [ Seth Arnold, Jamie Strandboge, Steve Beattie, John Johansen, Tyler Hicks ]

  * New upstream snapshot (LP: #1278702, #1061693, #1285653) dropping very
    large Ubuntu delta and fixing the following bugs:
    - Adjust fonts abstraction for libthai (LP: #1278702)
    - Support translated XDG user directories (LP: #1061693)
    - Adjust abstractions/web-data to include /var/www/html (LP: #1285653)
      Refresh 0002-add-debian-integration-to-lighttpd.patch to include
    - Adjust debian/libapparmor1.symbols to reflect new upstream versioning
      for the aa_query_label() function
    - Raise exceptions in Python bindings when something fails
  * ship new Python replacements for previous Perl-based tools
    - debian/apparmor-utils.install: remove usr/share/perl5/Immunix/*.pm and
      add usr/sbin/aa-autodep, usr/sbin/aa-cleanprof and usr/sbin/aa-mergeprof
    - debian/control:
      + remove various Perl dependencies
      + add python-apparmor and python3-apparmor
      + python3-apparmor Breaks: apparmor-easyprof to move the file since it
        ships dist-packages/apparmor/ now
    - debian/apparmor-utils.manpages: ship new manpages for aa-cleanprof and
    - debian/rules: build and install Python tools
  * debian/apparmor.install:
    - install apparmorfs, dovecot, kernelvars, securityfs, sys,
      and xdg-user-dirs tunables and xdg-user-dirs.d directory
  * debian/apparmor.dirs:
    - install /etc/apparmor.d/tunables/xdg-user-dirs.d
  * debian/rules: delete upstream-provided xdg-user-dirs.d/site.local
  * debian/apparmor.postinst: create xdg-user-dirs.d/site.local
  * debian/apparmor.postrm: remove xdg-user-dirs.d
  * Remaining patches:
    - add-chromium-browser.patch
    - add-debian-integration-to-lighttpd.patch
    - ubuntu-manpage-updates.patch
    - libapparmor-layout-deb.patch
    - libapparmor-mention-dbus-method-in-getcon-man.patch
    - etc-writable.patch
    - aa-utils_are_bilingual.patch
  * New patches:
    - convert-to-rules.patch
    - list-fns.patch
    - parse-mode.patch
    - add-decimal-interp.patch
    - policy_mediates.patch
    - fix-failpath.patch
    - feature_file.patch
    - fix-network.patch
    - aare-to-class.patch
    - add-mediation-unix.patch
    - parser_version.patch
    - caching.patch
    - label-class.patch
    - fix-lexer-debug.patch
    - use-diff-encode.patch
    - fix-serialize.patch
    - fix-ppc-endian-ftbfs.patch
    - opt_arg.patch
    - tests-cond-dbus.patch
  * Move manpages from libapparmor1 to libapparmor-dev
    - debian/libapparmor-dev.manpages: install aa_change_hat.2,
      aa_change_profile.2, aa_find_mountpoint.2, aa_getcon.2
    - debian/control: libapparmor-dev Replaces: and Breaks: libapparmor1
  * Move /usr/lib/python3/dist-packages/apparmor/ from


Changed in apparmor (Ubuntu):
status: In Progress → Fix Released
Changed in apparmor:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers