On 2017-12-03 13:04, intrigeri wrote:
Looks great to me!
Well.. looks like we have a show-stopper:
https://bugs.launchpad.net/apparmor/+bug/1331856
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
On 12/04/2017 10:37 AM, Vincas Dargis wrote:
> On 2017-12-04 20:04, John Johansen wrote:>> This would allow user to extend
> `@{totem_extra_read_dirs}` for his own use case, maybe ever overwrite (is
> this possible?) with `=` instead of `+=`, if he does not like access to
> default media/mnt/opt
On 12/04/2017 10:16 AM, Vincas Dargis wrote:
> On 2017-12-04 19:53, John Johansen wrote:
>> On 12/03/2017 04:05 AM, intrigeri wrote:
>>> At first glance I would essentially apply the same path structure as
>>> what we do for top-level profiles:
>>>
>>> * `tunables/usr.bin.thunderbird`, shipped by
On 2017-12-04 20:04, John Johansen wrote:>> This would allow user to extend `@{totem_extra_read_dirs}` for his own use
case, maybe ever overwrite (is this possible?) with `=` instead of `+=`, if he does not like access to default
media/mnt/opt/srv paths.
sorry no overwriting is currently not s
On 2017-12-04 19:53, John Johansen wrote:
On 12/03/2017 04:05 AM, intrigeri wrote:
At first glance I would essentially apply the same path structure as
what we do for top-level profiles:
* `tunables/usr.bin.thunderbird`, shipped by the package, has the
default settings
Oh, I missed that
On 12/03/2017 04:05 AM, intrigeri wrote:
> Hi,
>
> Vincas Dargis:
>> What about actual implementation, should we "push":
>
>> * `tunables/usr.bin.thunderbird` empty file (same as with
>> local/usr.bin.thunderbird), or
>> * `tunables/usr.bin.thunderbird.d` directory for more flexibility, but
>>
On 12/03/2017 02:24 AM, Vincas Dargis wrote:
> Hi,
>
> There is a Thunderbird bug [0] about profile not allowing to read
> `.thunderbird` for outside of $HOME.
>
> Currently, Thunderbird profile [1] has quite a few rules for `.thunderbird`:
>
> ```
> # per-user thunderbird configuration
> o
On 12/03/2017 04:05 AM, intrigeri wrote:
> Hi,
>
> Vincas Dargis:
>> What about actual implementation, should we "push":
>
>> * `tunables/usr.bin.thunderbird` empty file (same as with
>> local/usr.bin.thunderbird), or
>> * `tunables/usr.bin.thunderbird.d` directory for more flexibility, but
>>
Vincas Dargis:
>> Maybe we could discuss the interface and
>> behavior of this new/updated directive in a dedicated thread, and once
>> we've reached an agreement I could try to find someone to implement it?
> It would be nice to have this implemented, but... looks like that's a long
> term
> goa
On 2017-12-03 14:05, intrigeri wrote:> So this seems to be yet another use case
for a directive like
#include_if_exists (or #include -, to reuse systemd
Yeas, I had this idea too, that having `#try_include` or `#include_if_exists`
would be really useful.
Maybe we could discuss the interface
Hi,
Vincas Dargis:
> What about actual implementation, should we "push":
> * `tunables/usr.bin.thunderbird` empty file (same as with
> local/usr.bin.thunderbird), or
> * `tunables/usr.bin.thunderbird.d` directory for more flexibility, but
> without a file (user should create one himself)?
> Or
On 2017-12-03 13:04, intrigeri wrote:
Vincas Dargis:
To wrap this up, I am suggesting to apply this guideline and refactor current
profiles (and consider it while writing new ones), to use variables and some
sort of
tunables include, like directory:
Looks great to me!
What about actual impl
Vincas Dargis:
> To wrap this up, I am suggesting to apply this guideline and refactor current
> profiles (and consider it while writing new ones), to use variables and some
> sort of
> tunables include, like directory:
Looks great to me!
Cheers,
--
intrigeri
--
AppArmor mailing list
AppArmor
Hi,
There is a Thunderbird bug [0] about profile not allowing to read
`.thunderbird` for outside of $HOME.
Currently, Thunderbird profile [1] has quite a few rules for `.thunderbird`:
```
# per-user thunderbird configuration
owner @{HOME}/.{icedove,thunderbird}/ rw,
owner @{HOME}/.{icedo
14 matches
Mail list logo
