[apparmor] [PATCH] audio and base abstraction updates
John Johansen
john.johansen at canonical.com
Tue Apr 9 01:04:18 UTC 2013
On 04/08/2013 05:43 PM, Jamie Strandboge wrote:
> Hi,
>
> In Ubuntu, pulseaudio's now has a directory in /run and its cookie file
> location moved. 0001-update-pulseaudio-paths.patch updates the audio
> abstraction for this.
>
> Recent kernels/glibc also now trigger reads for
> /proc/sys/vm/overcommit_memory. This is explained in both malloc(3) and
> proc(5). Basically, there are different memory allocation strategies and
> /proc/sys/vm/overcommit_memory contains the 'virtual memory accounting'
> mode. The update for the base abstraction gives read access to this file.
>
> -- Jamie Strandboge http://www.ubuntu.com/
>
looks okay to me
Acked-by: John Johansen <john.johansen at canonical.com>
>
> 0001-update-pulseaudio-paths.patch
>
>
> Author: Jamie Strandboge <jamie at canonical.com>
> Description: update pulseaudio directory and cookie file paths
> Forwarded: yes
>
> Index: apparmor-2.8.0/profiles/apparmor.d/abstractions/audio
> ===================================================================
> --- apparmor-2.8.0.orig/profiles/apparmor.d/abstractions/audio 2013-04-08 15:04:41.000000000 -0500
> +++ apparmor-2.8.0/profiles/apparmor.d/abstractions/audio 2013-04-08 15:05:32.000000000 -0500
> @@ -55,6 +55,9 @@
> owner @{HOME}/.pulse-cookie rwk,
> owner @{HOME}/.pulse/ rw,
> owner @{HOME}/.pulse/* rwk,
> +owner /{,var/}run/user/*/pulse/ rw,
> +owner /{,var/}run/user/*/pulse/* rwk,
> +owner @{HOME}/.config/pulse/cookie rwk,
> owner /tmp/pulse-*/ rw,
> owner /tmp/pulse-*/* rw,
>
>
>
> 0002-add-vm_overcommit_memory.patch
>
>
> Author: Jamie Strandboge <jamie at canonical.com>
> Description: add read access to @{PROC}/sys/vm/overcommit_memory as used by
> glibc
> Forwarded: yes
>
> Index: apparmor-2.8.0/profiles/apparmor.d/abstractions/base
> ===================================================================
> --- apparmor-2.8.0.orig/profiles/apparmor.d/abstractions/base 2012-02-09 21:06:24.000000000 -0600
> +++ apparmor-2.8.0/profiles/apparmor.d/abstractions/base 2013-04-08 13:23:03.000000000 -0500
> @@ -100,6 +100,9 @@
> # glibc statvfs
> @{PROC}/filesystems r,
>
> + # glibc malloc (man 5 proc)
> + @{PROC}/sys/vm/overcommit_memory r,
> +
> # Workaround https://launchpad.net/bugs/359338 until upstream handles stacked
> # filesystems generally. This does not appreciably decrease security with
> # Ubuntu profiles because the user is expected to have access to files owned
>
>
>
> -- AppArmor mailing list AppArmor at lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>
More information about the AppArmor
mailing list