AppArmor support for the XDG Base Directory spec is incomplete

Bug #1423890 reported by Sergio Gelato on 2015-02-20
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)

Bug Description

Based on the version of apparmor in trusty-updates:

Various profiles grant permissions for files in @{HOME}/.cache/. This is only sufficient as long as one hasn't set the environment variable XDG_CACHE_HOME to point somewhere else. (Use case: store caches locally when home directories are on a remote fileserver.)

I'd suggest defining a new tunable
which local administrators could augment as needed (e.g.,
or whatever the local convention may be).

Similar treatment may be needed for the other environment variables mentioned in the XDG basedir spec:
XDG_CONFIG_HOME for @{HOME}/.config
XDG_DATA_HOME for @{HOME}/.local/share (and/or @{HOME}/.local ?)

Seth Arnold (seth-arnold) wrote :

Some discussion on xdg paths has happened here, -- it'd be nice to revive this.

Changed in apparmor (Ubuntu):
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers