AppArmor support for the XDG Base Directory spec is incomplete

Bug #1423890 reported by Sergio Gelato on 2015-02-20
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Wishlist
Unassigned

Bug Description

Based on the version of apparmor in trusty-updates:

Various profiles grant permissions for files in @{HOME}/.cache/. This is only sufficient as long as one hasn't set the environment variable XDG_CACHE_HOME to point somewhere else. (Use case: store caches locally when home directories are on a remote fileserver.)

I'd suggest defining a new tunable
@{XDG_CACHE_HOME}=@{HOME}/.cache/
which local administrators could augment as needed (e.g.,
@{XDG_CACHE_HOME}+=/var/cache/xdg/*/
or whatever the local convention may be).

Similar treatment may be needed for the other environment variables mentioned in the XDG basedir spec:
XDG_CONFIG_HOME for @{HOME}/.config
XDG_DATA_HOME for @{HOME}/.local/share (and/or @{HOME}/.local ?)

Seth Arnold (seth-arnold) wrote :

Some discussion on xdg paths has happened here, https://lists.ubuntu.com/archives/apparmor/2013-August/004183.html -- it'd be nice to revive this.

Changed in apparmor (Ubuntu):
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers