[pkg-apparmor] Bug#866792: irssi profile should be in complain mode

Antoine Beaupre anarcat at debian.org
Sat Jul 1 18:20:00 UTC 2017 

Package: apparmor-profiles-extra
Version: 1.11
Severity: normal

The apparmor profile for irssi is way too restrictive. A first
failure, in my use case, is restricting logs to be in ~/irclogs. While
this *is* the upstream default, it seems rather unusual to enforce
this in apparmor. A more common location would be, i believe, in
~/.irssi/irclogs, which I have been using forever. I would suggest at
least supporting that configuration.

But then there are so many plugins and tools out there for irssi, that
I find it very unlikely that the current configuration would fit even
a majority of use cases. People customize their clients like crazy and
tons of things are broken by the current profile. On the top of my
head, it will break:

 * chanpeak.pl
 * notify.pl
 * and probably more

Here's the modification I made locally to that profile:

diff --git a/apparmor.d/usr.bin.irssi b/apparmor.d/usr.bin.irssi
index 52a55b7b..9ba8e1c0 100644
--- a/apparmor.d/usr.bin.irssi
+++ b/apparmor.d/usr.bin.irssi
@@ -41,9 +41,10 @@
   owner @{HOME}/.irssi/*.theme wk,
 
   # http://www.irssi.org/documentation/startup states that ~/irclogs is the
-  # default location for logs.
-  owner @{HOME}/irclogs/ r,
-  owner @{HOME}/irclogs/** rwk,
+  # default location for logs. Also allow the common configuration of logging
+  # inside the .irssi directory.
+  owner @{HOME}/{.irssi/,}irclogs/ r,
+  owner @{HOME}/{.irssi/,}irclogs/** rwk,
 
   # for fnotify
   owner @{HOME}/.irssi/fnotify rwk,
diff --git a/apparmor.d/usr.bin.irssi b/apparmor.d/usr.bin.irssi
index ab9470c9..52a55b7b 100644
--- a/apparmor.d/usr.bin.irssi
+++ b/apparmor.d/usr.bin.irssi
@@ -2,7 +2,7 @@
 #         For use with irssi within screen
 #include <tunables/global>
 
-/usr/bin/irssi {
+/usr/bin/irssi flags=(complain) {
   #include <abstractions/base>
   #include <abstractions/nameservice>
   #include <abstractions/perl>

-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (500, 'stable'), (1, 'experimental'), (1, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: armhf

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apparmor-profiles-extra depends on:
ii  apparmor  2.11.0-3

apparmor-profiles-extra recommends no packages.

apparmor-profiles-extra suggests no packages.

-- no debconf information

More information about the pkg-apparmor-team mailing list