> + /{usr,usr/local,var/lib/flatpak/exports}/share/applications/{*/,}
> r,
I'm not sure this actually works. Have you tested it against a real Flatpak
installation?
% ls -l ~/.local/share/flatpak/exports/share/applications
total 12
-rw-r--r-- ... mimeinfo.cache
lrwxrwxrwx ...
I've heard of people mounting a disk to /foobar/ - can you also add this to the
profile, please? ;-)
On a more serious note - this sounds like one of the cases I tend to close as
"wontfix" with a note that the user should add "alias /home/ /foobar/" to
tunables/alias or to adjust tunables/home
On Wed, 20 Sep 2017 at 13:36:41 -0700, Seth Arnold wrote:
> On Wed, Sep 20, 2017 at 01:15:20PM +0200, intrigeri wrote:
> > At this point I wonder if it's worth our time to write and maintain
> > a profile for /usr/bin/bwrap. My current take of it is: probably not.
>
> I think it is; first, this
Thanks Steve! The rules that made you raise an eyebrow were added in response
to [1]. I've heard of folks mounting their network shares under /srv :/
I'm pretty sure some of the /proc rules could use "owner" without problem, will
test that (someday).
[1]
The proposal to merge
~sdeziel/apparmor-profiles/+git/apparmor-profiles:thunderbird-icedove-debian
into apparmor-profiles:master has been updated.
Status: Needs review => Merged
For more details, see:
The proposal to merge ~u-d/apparmor-profiles:thunderbird/links into
apparmor-profiles:master has been updated.
Status: Needs review => Merged
For more details, see:
https://code.launchpad.net/~u-d/apparmor-profiles/+git/apparmor-profiles/+merge/320285
--
Your team AppArmor Developers is
Review: Approve
Thanks. I merged this as-is (and appreciate the followup commit that maintained
the merged usr where appropriate). I did raise an eyebrow at
+ # other commonly used locations
+ /{data,media,mnt,srv}/** r,
+ owner /{data,media,mnt,srv}/** rw,
in that for /srv/ I personally
Review: Approve
Looks good. I went ahead and merged this, even though it was a subset of
Simon's branch, just to get the origins/credit correct. I forget to amend my
commit message before pushing, but I also copied the changes to the 17.10
branch (which didn't exist when the merge request was