[apparmor] [PATCH 1/3] Allow Totem to read /etc/wildmidi/wildmidi.cfg.
intrigeri
intrigeri at debian.org
Wed Oct 23 08:21:01 UTC 2013
Hi Jamie,
Jamie Strandboge wrote (09 Oct 2013 14:55:53 GMT) :
> gst-plugin-scanner is actually used for audio and video codecs so
> keeping it out of the audio profile makes some degree of sense.
OK, I'll add a gstreamer abstraction, then.
> I'm also not a huge fan of adding ix rules to the upstream
> abstractions unless we absolutely have to, so would prefer if the ix
> was left in the totem profile. If others strongly disagree, I could
> be convinced otherwise.
Do you mean the gstreamer abstraction should not itself grant any
execution right on gst-plugin-scanner, or something else that
I'm missing?
> FYI, I don't think this needs to be done now, but I've found the audio
> abstraction a bit wide in modern distributions and I will probably be proposing
> a patch set in the future that breaks both gstreamer and pulseaudio out into
> their own abstractions, and have audio #include them.
Full ACK. Security put aside, this could also help discovering
interesting discrepancies (e.g. in volume handling), I mean
unsuspected cases where components of a modern DE access raw sound
devices instead of using the relevant abstraction layer.
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
More information about the AppArmor
mailing list