Hi, In Ubuntu, pulseaudio's now has a directory in /run and its cookie file location moved. 0001-update-pulseaudio-paths.patch updates the audio abstraction for this.
Recent kernels/glibc also now trigger reads for /proc/sys/vm/overcommit_memory. This is explained in both malloc(3) and proc(5). Basically, there are different memory allocation strategies and /proc/sys/vm/overcommit_memory contains the 'virtual memory accounting' mode. The update for the base abstraction gives read access to this file. -- Jamie Strandboge http://www.ubuntu.com/
Author: Jamie Strandboge <ja...@canonical.com> Description: update pulseaudio directory and cookie file paths Forwarded: yes Index: apparmor-2.8.0/profiles/apparmor.d/abstractions/audio =================================================================== --- apparmor-2.8.0.orig/profiles/apparmor.d/abstractions/audio 2013-04-08 15:04:41.000000000 -0500 +++ apparmor-2.8.0/profiles/apparmor.d/abstractions/audio 2013-04-08 15:05:32.000000000 -0500 @@ -55,6 +55,9 @@ owner @{HOME}/.pulse-cookie rwk, owner @{HOME}/.pulse/ rw, owner @{HOME}/.pulse/* rwk, +owner /{,var/}run/user/*/pulse/ rw, +owner /{,var/}run/user/*/pulse/* rwk, +owner @{HOME}/.config/pulse/cookie rwk, owner /tmp/pulse-*/ rw, owner /tmp/pulse-*/* rw,
Author: Jamie Strandboge <ja...@canonical.com> Description: add read access to @{PROC}/sys/vm/overcommit_memory as used by glibc Forwarded: yes Index: apparmor-2.8.0/profiles/apparmor.d/abstractions/base =================================================================== --- apparmor-2.8.0.orig/profiles/apparmor.d/abstractions/base 2012-02-09 21:06:24.000000000 -0600 +++ apparmor-2.8.0/profiles/apparmor.d/abstractions/base 2013-04-08 13:23:03.000000000 -0500 @@ -100,6 +100,9 @@ # glibc statvfs @{PROC}/filesystems r, + # glibc malloc (man 5 proc) + @{PROC}/sys/vm/overcommit_memory r, + # Workaround https://launchpad.net/bugs/359338 until upstream handles stacked # filesystems generally. This does not appreciably decrease security with # Ubuntu profiles because the user is expected to have access to files owned
signature.asc
Description: OpenPGP digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor