[apparmor] [RFC] How should we deal with /tmp/xauth* ?
Vincas Dargis
vindrg at gmail.com
Wed Jul 25 16:22:40 UTC 2018
On 7/25/18 4:38 PM, Jamie Strandboge wrote:
> I like the idea of tunables/env and tunables/env.d. With env.d, it
> seems that system administrators could just drop something in there
> instead of needing to use /etc/apparmor.d/local/tunables/env?
It could, but that's gamble against name clashing with some package installed in the future. Idea
with env.d is that it should be populated only by packages.
If administrator installs package that makes `xauth*` stored in some unusual places, it would drop
file inside env.d, appending `@{XAUTHORITY}`.
intrigeri suggested to use `local/tunables` for local changes in my first attempt to discuss about
using variables more [0].
[0] https://lists.ubuntu.com/archives/apparmor/2017-December/011353.html
I still haven't figured out what package on Debian "deals" with that "/tmp/xauth*" (I just haven't
ask enough yet). I would ask maintainers about how they would see on deploying
`/etc/apparmor.d/tunables/env.d/sddm_kde_or_something` file with XAUTHORITY modification. I would
happily prepare MR to introduce (and use) "env" tunable if we see this as a solution.
More information about the AppArmor
mailing list