We won't be adding new profiles to the apparmor-profiles package but
instead profiles should be added to the pusleaudio package, please
consider filing a new bug against pulseaudio. Thanks
** Changed in: apparmor (Ubuntu)
Status: Fix Committed => Won't Fix
--
You received this bug notific
His is cleaner, and would work on more systems since he uses
abstractions. If Pulseaudio isn't setUID then it should be fine, since
being so tight shouldn't be necessary.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.la
@Colin, Steve Beattie have included a working profile for Pulseaudio:
http://bazaar.launchpad.net/~apparmor-dev/apparmor-
profiles/master/view/head:/ubuntu/13.04/usr.bin.pulseaudio
I'm running Steve's profile on my Precise laptop and it works very well.
** Changed in: apparmor (Ubuntu)
Sta
I see it's changed to expired. If it would help move things along, I can
rewrite this profile with /base and remove redundant entries.
At that point anyone willing to simply test it can do so, but it should
simply work.
I'm still unsure about the capabilities, as is *requested* those
capabilities
[Expired for apparmor (Ubuntu) because there has been no activity for 60
days.]
** Changed in: apparmor (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1094
It also requires the setuid permission. I thought that it dropped its
privileges? Because it, apparently, needs quite a number of
capabilities, including setuid.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.ne
I hadn't realized that pulseaudio was no longer setuid, I'm just out of
date I suppose haha. If it's not setuid there's less of a need for such
strict rules, and using an abstraction may be ok.
But wouldn't it simply be enough to use: @{multiarch} ?
I apologize for taking so long to reply.
If /b
Hi Colin,
I'm a little confused, while confining pulseaudio is a good idea,
pulseaudio should no longer be setuid, and hasn't been by default in
Ubuntu since at least before 10.04 LTS. The reason it was setuid in the
past was to give itself realtime priority (which requires CAP_SYS_NICE,
see capab
