[apparmor] [PATCH] audio and base abstraction updates

Mon, 08 Apr 2013 17:43:49 -0700 

Hi,

In Ubuntu, pulseaudio's now has a directory in /run and its cookie file
location moved. 0001-update-pulseaudio-paths.patch updates the audio
abstraction for this.

Recent kernels/glibc also now trigger reads for
/proc/sys/vm/overcommit_memory. This is explained in both malloc(3) and
proc(5). Basically, there are different memory allocation strategies and
/proc/sys/vm/overcommit_memory contains the 'virtual memory accounting'
mode. The update for the base abstraction gives read access to this file.

-- 
Jamie Strandboge                 http://www.ubuntu.com/

Author: Jamie Strandboge <ja...@canonical.com>
Description: update pulseaudio directory and cookie file paths
Forwarded: yes

Index: apparmor-2.8.0/profiles/apparmor.d/abstractions/audio
===================================================================
--- apparmor-2.8.0.orig/profiles/apparmor.d/abstractions/audio	2013-04-08 15:04:41.000000000 -0500
+++ apparmor-2.8.0/profiles/apparmor.d/abstractions/audio	2013-04-08 15:05:32.000000000 -0500
@@ -55,6 +55,9 @@
 owner @{HOME}/.pulse-cookie rwk,
 owner @{HOME}/.pulse/ rw,
 owner @{HOME}/.pulse/* rwk,
+owner /{,var/}run/user/*/pulse/  rw,
+owner /{,var/}run/user/*/pulse/* rwk,
+owner @{HOME}/.config/pulse/cookie rwk,
 owner /tmp/pulse-*/ rw,
 owner /tmp/pulse-*/* rw,
 

Author: Jamie Strandboge <ja...@canonical.com>
Description: add read access to @{PROC}/sys/vm/overcommit_memory as used by
 glibc
Forwarded: yes

Index: apparmor-2.8.0/profiles/apparmor.d/abstractions/base
===================================================================
--- apparmor-2.8.0.orig/profiles/apparmor.d/abstractions/base	2012-02-09 21:06:24.000000000 -0600
+++ apparmor-2.8.0/profiles/apparmor.d/abstractions/base	2013-04-08 13:23:03.000000000 -0500
@@ -100,6 +100,9 @@
   # glibc statvfs
   @{PROC}/filesystems            r,
 
+  # glibc malloc (man 5 proc)
+  @{PROC}/sys/vm/overcommit_memory r,
+
   # Workaround https://launchpad.net/bugs/359338 until upstream handles stacked
   # filesystems generally. This does not appreciably decrease security with
   # Ubuntu profiles because the user is expected to have access to files owned

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to