Package: apparmor Version: 2.13.2-3 Severity: normal Hi,
I've added some rules to profiles shipped with package to better match the
behaviour of Firefox and Skype. Maybe some of them are helpful and you
want pick them. Otherwise you're free to close this report.
Regards Jörg
diff -u -r /tmp/aa/etc/apparmor.d/abstractions/dconf
/etc/apparmor.d/abstractions/dconf
--- /tmp/aa/etc/apparmor.d/abstractions/dconf 2019-01-01 19:03:54.000000000
+0100
+++ /etc/apparmor.d/abstractions/dconf 2019-01-11 12:17:18.614182127 +0100
@@ -4,5 +4,5 @@
# be specified in a specific application's profile.
/etc/dconf/** r,
- owner /{,var/}run/user/*/dconf/user r,
+ owner /{,var/}run/user/*/dconf/user rw,
owner @{HOME}/.config/dconf/user r,
diff -u -r /tmp/aa/etc/apparmor.d/abstractions/fonts
/etc/apparmor.d/abstractions/fonts
--- /tmp/aa/etc/apparmor.d/abstractions/fonts 2019-01-01 19:03:54.000000000
+0100
+++ /etc/apparmor.d/abstractions/fonts 2019-01-18 22:56:20.159428688 +0100
@@ -18,14 +18,14 @@
/usr/share/fonts/** r,
/etc/fonts/** r,
- /usr/share/fontconfig/conf.avail/** r,
+ /usr/share/fontconfig/conf.avail/{,**} r,
/opt/kde3/share/fonts/** r,
/usr/lib{,32,64}/openoffice/share/fonts/** r,
/var/cache/fonts/** r,
- /var/cache/fontconfig/** mr,
+ /var/cache/fontconfig/** rw,
/var/lib/defoma/** mr,
/usr/share/a2ps/fonts/** r,
@@ -43,7 +43,7 @@
owner @{HOME}/.local/share/fonts/** r,
owner @{HOME}/.fonts.cache-2 mr,
owner @{HOME}/.{,cache/}fontconfig/ r,
- owner @{HOME}/.{,cache/}fontconfig/** mrl,
+ owner @{HOME}/.{,cache/}fontconfig/** rwlk,
owner @{HOME}/.fonts.conf.d/ r,
owner @{HOME}/.fonts.conf.d/** r,
owner @{HOME}/.config/fontconfig/ r,
diff -u -r /tmp/aa/etc/apparmor.d/abstractions/gnome
/etc/apparmor.d/abstractions/gnome
--- /tmp/aa/etc/apparmor.d/abstractions/gnome 2019-01-01 19:03:54.000000000
+0100
+++ /etc/apparmor.d/abstractions/gnome 2019-01-12 11:19:46.827157086 +0100
@@ -63,6 +63,7 @@
owner @{HOME}/.fonts.cache-* rwl,
# icon caches
+ owner @{HOME}/.cache/gtk-3.0/** r,
/var/cache/**/icon-theme.cache r,
/usr/share/**/icon-theme.cache r,
diff -u -r /tmp/aa/etc/apparmor.d/abstractions/mesa
/etc/apparmor.d/abstractions/mesa
--- /tmp/aa/etc/apparmor.d/abstractions/mesa 2019-01-01 19:03:54.000000000
+0100
+++ /etc/apparmor.d/abstractions/mesa 2019-01-18 21:01:17.727350842 +0100
@@ -2,6 +2,8 @@
# Rules for Mesa implementation of the OpenGL API
# System files
+ /etc/drirc r,
+ /usr/share/drirc.d/{,*} r,
/dev/dri/ r, # libGLX_mesa.so calls drmGetDevice2()
# User files
diff -u -r /tmp/aa/etc/apparmor.d/tunables/alias /etc/apparmor.d/tunables/alias
--- /tmp/aa/etc/apparmor.d/tunables/alias 2019-01-01 19:03:54.000000000
+0100
+++ /etc/apparmor.d/tunables/alias 2019-01-16 00:20:42.868356851 +0100
@@ -14,3 +14,5 @@
#
# Or if mysql databases are stored in /home:
# alias /var/lib/mysql/ -> /home/mysql/,
+
+alias /bin/sh -> /bin/dash,
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.20.0-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apparmor depends on:
ii debconf [debconf-2.0] 1.5.70
ii libc6 2.28-5
ii lsb-base 10.2018112800
ii python3 3.7.1-3
apparmor recommends no packages.
Versions of packages apparmor suggests:
ii apparmor-profiles-extra 1.24
ii apparmor-utils 2.13.2-3
--
Wer A sagt, muß nicht B sagen. Er kann auch erkennen, daß A falsch war.
(Erich Kästner)
signature.asc
Description: PGP signature
