[pkg-apparmor] [apparmor-profiles-extra] 04/06: Totem, gstreamer abstraction, gst_plugin_scanner: update to https://code.launchpad.net/~intrigeri/apparmor-profiles/+git/apparmor-profiles/+merge/332769.
Intrigeri
intrigeri at moszumanska.debian.org
Wed Oct 25 09:02:13 UTC 2017
This is an automated email from the git hooks/post-receive script.
intrigeri pushed a commit to branch master
in repository apparmor-profiles-extra.
commit d7b74da90b293e202cd79984fc1fc8d1e443d9cc
Author: intrigeri <intrigeri at boum.org>
Date: Wed Oct 25 08:53:42 2017 +0000
Totem, gstreamer abstraction, gst_plugin_scanner: update to https://code.launchpad.net/~intrigeri/apparmor-profiles/+git/apparmor-profiles/+merge/332769.
---
debian/README.Debian | 4 ++--
profiles/abstractions/gstreamer | 8 +++++++-
profiles/abstractions/totem | 2 +-
profiles/gst_plugin_scanner | 3 +++
profiles/usr.bin.totem | 2 ++
5 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/debian/README.Debian b/debian/README.Debian
index 8ef2e61..d732222 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -7,7 +7,7 @@ Included profiles
- irssi: taken from the apparmor-profiles repository at commit 5ba92ee.
- Pidgin: taken from the apparmor-profiles repository at commit 5ba92ee.
- Totem: taken from the apparmor-profiles repository at commit bfc0bff.
- + https://code.launchpad.net/~talkless/apparmor-profiles/+git/apparmor-profiles/+merge/332143.
+ + https://code.launchpad.net/~intrigeri/apparmor-profiles/+git/apparmor-profiles/+merge/332769.
Sources
=======
@@ -17,4 +17,4 @@ apparmor-profiles repository
https://code.launchpad.net/~apparmor-dev/apparmor-profiles/+git/apparmor-profiles/+ref/master
- -- intrigeri <intrigeri at debian.org>, Wed, 20 Sep 2017 17:47:18 +0200
+ -- intrigeri <intrigeri at debian.org>, Wed, 25 Oct 2017 10:54:11 +0200
diff --git a/profiles/abstractions/gstreamer b/profiles/abstractions/gstreamer
index ef8c3ef..893e672 100644
--- a/profiles/abstractions/gstreamer
+++ b/profiles/abstractions/gstreamer
@@ -4,12 +4,18 @@
/etc/udev/udev.conf r,
+ /dev/dri/ r,
+
# /dev/shm is a symlink to /run/shm on ubuntu
owner /{dev,run}/shm/shmfd-* rw,
+ /run/udev/data/c* r,
/run/udev/data/+pci:* r,
+ /run/udev/data/+usb* r,
- /sys/devices/pci[0-9]*/**/{busnum,devnum,descriptors,speed,uevent} r,
+ /sys/devices/pci[0-9]*/**/{busnum,config,devnum,descriptors,speed,uevent} r,
+ /sys/devices/system/node/ r,
+ /sys/devices/system/node/*/meminfo r,
owner /tmp/orcexec.* mrw,
owner /{,var/}run/user/[0-9]*/orcexec.* mrw,
diff --git a/profiles/abstractions/totem b/profiles/abstractions/totem
index 1147200..67fe3cf 100644
--- a/profiles/abstractions/totem
+++ b/profiles/abstractions/totem
@@ -28,7 +28,7 @@
/usr/share/** r,
/{media,mnt,opt,srv}/** r,
- /usr/lib/@{multiarch}/gstreamer[0-9]*.[0-9]*/gstreamer-[0-9]*.[0-9]*/gst-plugin-scanner Cix -> gst_plugin_scanner,
+ /usr/lib/@{multiarch}/gstreamer[0-9]*.[0-9]*/gstreamer-[0-9]*.[0-9]*/gst-plugin-scanner px -> gst_plugin_scanner,
owner @{HOME}/.cache/gstreamer-[0-9]*.[0-9]*/ rw,
owner @{HOME}/.cache/gstreamer-[0-9]*.[0-9]*/registry.*.bin rw,
diff --git a/profiles/gst_plugin_scanner b/profiles/gst_plugin_scanner
index d74d00e..bea6c32 100644
--- a/profiles/gst_plugin_scanner
+++ b/profiles/gst_plugin_scanner
@@ -7,6 +7,9 @@ profile gst_plugin_scanner {
#include <abstractions/gstreamer>
#include <abstractions/X>
+ # TODO: adjust when support finer-grained netlink rules
+ network netlink raw,
+
/dev/ r,
/dev/bus/usb/ r,
diff --git a/profiles/usr.bin.totem b/profiles/usr.bin.totem
index 8bde7be..0b01bac 100644
--- a/profiles/usr.bin.totem
+++ b/profiles/usr.bin.totem
@@ -10,6 +10,8 @@
#include <abstractions/python>
#include <abstractions/totem>
+ signal (send) set=("kill") peer=unconfined,
+
# Maybe in an abstraction?
/usr/include/**/pyconfig.h r,
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/apparmor-profiles-extra.git
More information about the pkg-apparmor-team
mailing list