Hello,
Am Dienstag, 7. Februar 2012 schrieb Jamie Strandboge:
> On Tue, 2012-02-07 at 16:50 +0100, Christian Boltz wrote:
> > Is the "l" permission really needed for /opt?
>
> Maybe? I thought it conceivable that applications might have their own
> tmp directory in /opt which is why I added 'l' (ie, we do that in the
> user-tmp abstraction). Of course, that falls apart because I forgot
> 'w'. Maybe I'll drop 'l' for now and add 'l' if we need 'w' later on.
> It is not known if this is strictly required, but the point of this
> policy-group is to make sure that applications can do mostly whatever
> they need to in /opt/@{APPNAME}/ (excepting execs). We'll know more
> when people start trying to use the aa-easyprof.
Easy or not - I don't really like the idea to allow write permissions in
/opt by default. Let's see what happens without w and l ;-)
The more important question: What about the second half of my mail? Let
me re-insert it:
> > You should also allow to create ~/.cache, ~/.config ~/.local and
> > ~/.local/share (in other words: include abstractions/xdg-desktop).
Regards,
Christian Boltz
--
Übrigens: Wenn man feststellen will, wie leer man ist: Einfach ein paar
Flaschen Whiskey oder so nehmen und so lange in dem Mund schütten, bis
man "voll" ist. Das Ergebnis kann man dann bei mir melden. :-))
[Konrad Neitzel in suse-linux]
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
