[pkg-apparmor] Bug#948142: apparmor: Update abstractions/ibus socket path

Changwoo Ryu cwryu at debian.org
Sat Jan 4 14:58:24 GMT 2020 

Package: apparmor
Version: 2.13.3-7
Severity: normal

In short, the ibus socket path in <abstractions/ibus> needs to be changed 
for the recent ibus versions like this:

 unix (connect, receive, send)
       type=stream
       peer=(addr="@{HOME}/.cache/ibus/dbus-*"),

Details:

This is follow-up to debian/patches/debian/allow-access-to-ibus-socket.patch.

In IBus upstream 1.5.21, the upstream has changed the default socket path
to"/tmp/ibus" to make it distinguishable. But it is not secure as a malicious
user can create "/tmp/ibus" with restrictive permission. In IBus upstream git
after 1.5.21, the upstream has changed the socket path to
"$XDG_CACHE_HOME/ibus" for Linux and "/tmp" for non-Linux. (See
https://github.com/ibus/ibus/issues/2095 and
https://github.com/ibus/ibus/issues/2116 for more information.) AppArmor is
Linux specific so allowing Unix socket "${HOME}.cache/ibus/dbus-*" is enough.

Debian ibus 1.5.21-5 has these changes (to fix non-linux FTBFS).

You can also remove the old socket path and then "ibus (<< 1.5.21-5)" should be
added to Breaks.


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.3.0-3-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=ko_KR.UTF-8, LC_CTYPE=ko_KR.UTF-8 (charmap=UTF-8), LANGUAGE=ko_KR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apparmor depends on:
ii  debconf [debconf-2.0]  1.5.73
ii  libc6                  2.29-7
ii  lsb-base               11.1.0
ii  python3                3.7.5-3

apparmor recommends no packages.

Versions of packages apparmor suggests:
pn  apparmor-profiles-extra  <none>
pn  apparmor-utils           <none>

-- debconf information:
  apparmor/homedirs:

More information about the pkg-apparmor-team mailing list