Feature request: AppArmor profile
Bug #1567212 reported by
seanlano
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Variety |
Triaged
|
Wishlist
|
Unassigned | ||
Bug Description
Security is a bit of a hobby of mine, and recently I've started developing some AppArmor profiles for possibly at-risk applications that I regularly use. My focus has been on the Internet-facing applications which I have running always in the background - probably the biggest of which (in terms of visibility) is Variety.
Hence, I've begun working on a profile to confine Variety. It's available on GitHub: https:/
Is there any chance it could be included in the deb package, eventually?
Revision history for this message
| Peter Levi (peterlevi) wrote | #1 |
| Changed in variety: | |
| status: | New → Triaged |
| Changed in variety: | |
| importance: | Undecided → Wishlist |
To post a comment you must log in.
Hi. Sorry for slow response, not much time recently for Variety.
I wasn't familiar with how AppArmor works (and am still a complete newbie). But looking through the file, and testing with my own Variety configuraton - it might work for the default configuration, but it seems to be too restrictive when users start configuring it their own way. For example my Favorites folder is on another drive and Variety didn't have permissions to read it. The set_wallpaper script was also logging permission errors:
/home/peter/
/home/peter/
I haven't tested further, but basically what happens with all the paths that Variety allows you to configure manually (Favorites, Downloads, image sources, icon path, LightDM config, etc.) ?
Before anything like this could make it in, it would have to be super thoroughly tested with all kinds of possible configurations and scenarios. Otherwise I'd start getting support questions "Why is Variety not working in this and this situation" - I am getting enough of these already related to wrong file/folder permissions...
And if catering to all possible configurations means relaxing the permissions way too much, doesn't this negate the value? Maybe an entry in the Wiki for this is more appropriate than including in the deb, but then - most of Variety's users are not that tech-savvy, the value will be minimal...