On 7/25/18 4:38 PM, Jamie Strandboge wrote:
I like the idea of tunables/env and tunables/env.d. With env.d, it
seems that system administrators could just drop something in there
instead of needing to use /etc/apparmor.d/local/tunables/env?
It could, but that's gamble against name clashing with some package installed in the future. Idea
with env.d is that it should be populated only by packages.
If administrator installs package that makes `xauth*` stored in some unusual places, it would drop
file inside env.d, appending `@{XAUTHORITY}`.
intrigeri suggested to use `local/tunables` for local changes in my first attempt to discuss about
using variables more [0].
[0] https://lists.ubuntu.com/archives/apparmor/2017-December/011353.html
I still haven't figured out what package on Debian "deals" with that "/tmp/xauth*" (I just haven't
ask enough yet). I would ask maintainers about how they would see on deploying
`/etc/apparmor.d/tunables/env.d/sddm_kde_or_something` file with XAUTHORITY modification. I would
happily prepare MR to introduce (and use) "env" tunable if we see this as a solution.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
