[Bug 1094789] Re: Pulseaudio Profile
We won't be adding new profiles to the apparmor-profiles package but instead profiles should be added to the pusleaudio package, please consider filing a new bug against pulseaudio. Thanks ** Changed in: apparmor (Ubuntu) Status: Fix Committed = Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1094789 Title: Pulseaudio Profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1094789/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1094789] Re: Pulseaudio Profile
I see it's changed to expired. If it would help move things along, I can rewrite this profile with /base and remove redundant entries. At that point anyone willing to simply test it can do so, but it should simply work. I'm still unsure about the capabilities, as is *requested* those capabilities. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1094789 Title: Pulseaudio Profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1094789/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1094789] Re: Pulseaudio Profile
@Colin, Steve Beattie have included a working profile for Pulseaudio: http://bazaar.launchpad.net/~apparmor-dev/apparmor- profiles/master/view/head:/ubuntu/13.04/usr.bin.pulseaudio I'm running Steve's profile on my Precise laptop and it works very well. ** Changed in: apparmor (Ubuntu) Status: Expired = Fix Committed ** Branch linked: lp:apparmor-profiles -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1094789 Title: Pulseaudio Profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1094789/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1094789] Re: Pulseaudio Profile
His is cleaner, and would work on more systems since he uses abstractions. If Pulseaudio isn't setUID then it should be fine, since being so tight shouldn't be necessary. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1094789 Title: Pulseaudio Profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1094789/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1094789] Re: Pulseaudio Profile
[Expired for apparmor (Ubuntu) because there has been no activity for 60 days.] ** Changed in: apparmor (Ubuntu) Status: Incomplete = Expired -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1094789 Title: Pulseaudio Profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1094789/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1094789] Re: Pulseaudio Profile
I hadn't realized that pulseaudio was no longer setuid, I'm just out of
date I suppose haha. If it's not setuid there's less of a need for such
strict rules, and using an abstraction may be ok.
But wouldn't it simply be enough to use: @{multiarch} ?
I apologize for taking so long to reply.
If /base were used I think this profile could be deployed across
architectures without issue, yes?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1094789
Title:
Pulseaudio Profile
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1094789/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1094789] Re: Pulseaudio Profile
It also requires the setuid permission. I thought that it dropped its privileges? Because it, apparently, needs quite a number of capabilities, including setuid. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1094789 Title: Pulseaudio Profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1094789/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1094789] Re: Pulseaudio Profile
Hi Colin, I'm a little confused, while confining pulseaudio is a good idea, pulseaudio should no longer be setuid, and hasn't been by default in Ubuntu since at least before 10.04 LTS. The reason it was setuid in the past was to give itself realtime priority (which requires CAP_SYS_NICE, see capabilities(7)); however, with the addition of (the poorly abbreviated) realtime kit service, pulseaudio no longer needs to be setuid at all. Do you have any idea how you got a setuid pulseaudio installed? Secondly, the x86_64 specific paths for shared libraries would be ameliorated if, for example, the base abstraction were included (e.g. #include abstractions/base). Thanks. ** Changed in: apparmor (Ubuntu) Status: New = Incomplete ** Changed in: apparmor (Ubuntu) Importance: Undecided = Wishlist -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1094789 Title: Pulseaudio Profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1094789/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
