[apparmor] [profile] Thunderbird: lack of '/dev/nvidiactl' rule (or <abstraction/nvidia>)?
Seth Arnold
seth.arnold at canonical.com
Wed May 17 23:48:44 UTC 2017
On Wed, May 17, 2017 at 05:20:54PM +0200, daniel curtis wrote:
> If it's about the second rule, in my case there was two types of
> requested/denied_mask: "c" and "wrc". I would like to ask a question; can I
> use something like this (related to a DENIED entries from a log files):
>
> owner /{,var/}run/user/*/dconf/user rwc,
Hello Daniel, the kernel reports 'c' (for 'create') but the userspace
language doesn't have any way to express "create but not write". We may
introduce it some day, which is why the logs are the way the are. Anyway,
'rw' in a profile will satisfy a denied_mask='rwc'.
This rule probably makes sense for thunderbird.
> Is it better to use <abstraction/nvidia> (there is such a rule) or this one
> is completely enough?
>
> /dev/nvidiactl rw,
I suspect this means the thunderbird team is moving to using faster
rendering methods. I suggest the <abstractions/nvidia> rule, as you're
likely to need more than just the control socket to make use of the
hardware acceleration.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170517/762f6bfb/attachment.pgp>
More information about the AppArmor
mailing list