Hello, Am Dienstag, 7. Februar 2012 schrieb Jamie Strandboge: > On Tue, 2012-02-07 at 16:50 +0100, Christian Boltz wrote:
> > Is the "l" permission really needed for /opt? > > Maybe? I thought it conceivable that applications might have their own > tmp directory in /opt which is why I added 'l' (ie, we do that in the > user-tmp abstraction). Of course, that falls apart because I forgot > 'w'. Maybe I'll drop 'l' for now and add 'l' if we need 'w' later on. > It is not known if this is strictly required, but the point of this > policy-group is to make sure that applications can do mostly whatever > they need to in /opt/@{APPNAME}/ (excepting execs). We'll know more > when people start trying to use the aa-easyprof. Easy or not - I don't really like the idea to allow write permissions in /opt by default. Let's see what happens without w and l ;-) The more important question: What about the second half of my mail? Let me re-insert it: > > You should also allow to create ~/.cache, ~/.config ~/.local and > > ~/.local/share (in other words: include abstractions/xdg-desktop). Regards, Christian Boltz -- Übrigens: Wenn man feststellen will, wie leer man ist: Einfach ein paar Flaschen Whiskey oder so nehmen und so lange in dem Mund schütten, bis man "voll" ist. Das Ergebnis kann man dann bei mir melden. :-)) [Konrad Neitzel in suse-linux] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor