Vincas Dargis has proposed merging lp:~talkless/apparmor/fix_user_download_nonlatin into lp:apparmor.
Requested reviews: AppArmor Developers (apparmor-dev) For more details, see: https://code.launchpad.net/~talkless/apparmor/fix_user_download_nonlatin/+merge/326259 I have noticed that abstractions/user-download profile allows to download into home directory, while protecting dot files: owner @{HOME}/[a-zA-Z0-9]* rwl, Though it fails for files with non-latin symbols, tested with /usr/bin/tee copied to /usr/local/bin/testtee with minimal profile using user-download abstraction: echo "foo" | testtee ~/ąčęėįšųūž testtee: /home/vincas/ąčęėįšųūž: Permission denied When file rule is changed into: owner @{HOME}/[^.]* rwl, It works as expected: $ echo "foo" | testtee ~/ąčęėįšųūž foo $ echo "foo" | testtee ~/.bashrc testtee: /home/vincas/.bashrc: Permission denied -- Your team AppArmor Developers is requested to review the proposed merge of lp:~talkless/apparmor/fix_user_download_nonlatin into lp:apparmor.
=== modified file 'profiles/apparmor.d/abstractions/user-download' --- profiles/apparmor.d/abstractions/user-download 2014-02-14 22:28:16 +0000 +++ profiles/apparmor.d/abstractions/user-download 2017-06-24 15:15:40 +0000 @@ -15,7 +15,7 @@ owner @{HOME}/tmp/** rwl, owner @{HOME}/[dD]ownload{,s}/ r, owner @{HOME}/[dD]ownload{,s}/** rwl, - owner @{HOME}/[a-zA-Z0-9]* rwl, + owner @{HOME}/[^.]* rwl, owner @{HOME}/@{XDG_DESKTOP_DIR}/ r, owner @{HOME}/@{XDG_DESKTOP_DIR}/* rwl, owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ r,
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor