[pkg-apparmor] Bug#808859: apparmor-profiles-extra: Totem needs extra locks for grilo-plugins
intrigeri
intrigeri at debian.org
Wed Dec 30 10:35:50 UTC 2015
Control: tag -1 + moreinfo
Hi Julian,
Julian Andres Klode wrote (23 Dec 2015 20:58:56 GMT) :
> Grilo, which seems responsible for the video list in the
> startup screen of totem needs lock access to a bunch of
> lock files. I added:
> owner @{HOME}/.local/share/grilo-plugins/*.db-shm k,
> to my local additions.
Thanks for reporting this bug! I also see a bunch of DENIED messages,
that indeed disappear once I give Totem these bonus access rights.
Now, I'd like to make sure it's actually useful (otherwise, we can
simply silence these denied accesses): what is the actual effect of
granting Totem these extra access rights? I could not tell the
difference on my system (possibly because I already have some cache or
DB generated somewhere?).
Once this has been clarified, I think we'll want to include these
changes in the 'totem' abstraction:
--- a/apparmor.d/abstractions/totem
+++ b/apparmor.d/abstractions/totem
@@ -32,4 +32,4 @@
owner @{HOME}/.cache/tracker/meta.db k,
owner @{HOME}/.cache/tracker/meta.db-shm k,
- owner @{HOME}/.local/share/grilo-plugins/*.db k,
+ owner @{HOME}/.local/share/grilo-plugins/*.db{,-shm} k,
(in lp:~apparmor-dev/apparmor-profiles/master)
Cheers!
--
intrigeri
More information about the pkg-apparmor-team
mailing list