@Simon, finally, in reading the patch this will affect both strict and devmode and so the patch should "if startswith 'snap.' and process is in enforce mode ; then block recording".
This will be needed for the phase 2 implementation as well, so it is not wasted effort. I've asked the apparmor devs to comment in the trello card if there is an apparmor API for this. Be cognizant of TOUCTOU here but also understand that a snap is not able to change its enforcement mode so a TOCTOU is not security relevant for this particular change. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1583057 Title: Deny audio recording for all snap applications To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1583057/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
