[Pkg-privacy-commits] [onionshare] 74/256: Improve AppArmor profiles and enforce them.
Ulrike Uhlig
ulrike at moszumanska.debian.org
Fri May 26 12:53:16 UTC 2017
This is an automated email from the git hooks/post-receive script.
ulrike pushed a commit to branch master
in repository onionshare.
commit 6cceac3b3eca9ce2cc13cde4d16f7291b565c720
Author: Ulrike Uhlig <u at 451f.org>
Date: Wed Jan 18 20:58:03 2017 +0100
Improve AppArmor profiles and enforce them.
Work from Tails Developers, main git repository, currently devel branch.
Upstream commits:
commit 6e7ad41ca9664246856fe9553c202f09a1d1066b
Remove superfluous AppArmor rule.
The pattern `[^.]*` matches a subset of `[^.]**`, so we only need to
keep the latter.
commit b3a827d8e3c3fee78ec18450dfaf38a3d4eaf270
Make onionshare-gui able to access folders beneath $HOME.
Without this change e.g. ~/Documents is inaccessible. To be honest,
this does not makes sense to me, as my interpretation of the old
patterns clearly should allow subfolders and files therein.
commit db2b3a3f73aa01a54c9b7cb5ab83da1d083b7169
WIP: AppArmor profile improvements.
---
apparmor/abstractions/onionshare | 18 ++++++++----------
apparmor/usr.bin.onionshare | 2 +-
apparmor/usr.bin.onionshare-gui | 8 +++++---
3 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/apparmor/abstractions/onionshare b/apparmor/abstractions/onionshare
index d5c7c18..fa94e68 100644
--- a/apparmor/abstractions/onionshare
+++ b/apparmor/abstractions/onionshare
@@ -1,5 +1,6 @@
#include <abstractions/base>
#include <abstractions/nameservice>
+#include <abstractions/private-files-strict>
#include <abstractions/python>
# Why are these not in abstractions/python?
@@ -16,16 +17,13 @@
/sbin/ldconfig rix,
/sbin/ldconfig.real rix,
/bin/uname rix,
-/{,lib/live/mount/rootfs/filesystem.squashfs/}etc/mime.types r,
-/{,lib/live/mount/rootfs/filesystem.squashfs/}usr/share/onionshare/ r,
-/{,lib/live/mount/rootfs/filesystem.squashfs/}usr/share/onionshare/** r,
+/etc/mime.types r,
+/usr/share/onionshare/ r,
+/usr/share/onionshare/** r,
/tmp/ rw,
/tmp/** rw,
-# Allow all user data except .gnupg, .ssh and other potential
-# places for critically sensitive application data.
-audit deny @{HOME}/.* mrwkl,
-audit deny @{HOME}/.*/ mrwkl,
-audit deny @{HOME}/.*/** mrwkl,
-owner @{HOME}/ r,
-owner @{HOME}/** r,
+# Allow read on almost anything in @{HOME}. Lenient, but
+# private-files-strict is in effect.
+owner @{HOME}/ r,
+owner @{HOME}/[^.]** r,
diff --git a/apparmor/usr.bin.onionshare b/apparmor/usr.bin.onionshare
index 225e545..1c14ccc 100644
--- a/apparmor/usr.bin.onionshare
+++ b/apparmor/usr.bin.onionshare
@@ -1,6 +1,6 @@
#include <tunables/global>
-/usr/bin/onionshare flags=(complain) {
+/usr/bin/onionshare {
#include <abstractions/onionshare>
/usr/bin/ r,
diff --git a/apparmor/usr.bin.onionshare-gui b/apparmor/usr.bin.onionshare-gui
index ed69e83..746dadc 100644
--- a/apparmor/usr.bin.onionshare-gui
+++ b/apparmor/usr.bin.onionshare-gui
@@ -1,6 +1,6 @@
#include <tunables/global>
-/usr/bin/onionshare-gui flags=(complain) {
+/usr/bin/onionshare-gui {
#include <abstractions/gnome>
#include <abstractions/ibus>
#include <abstractions/onionshare>
@@ -8,14 +8,16 @@
/usr/bin/ r,
/usr/bin/onionshare-gui r,
/proc/*/cmdline r,
- /usr/share/icons/Adwaita/index.theme r,
+
+ # The freedesktop.org abstraction doesn't allow `k`
+ /usr/share/icons/*/index.theme k,
# Why do these still emit audit journal entries?
owner @{HOME}/.config/ibus/bus/ rw,
owner @{HOME}/.config/ibus/bus/* rw,
deny @{HOME}/.ICEauthority r,
- deny /{,lib/live/mount/rootfs/filesystem.squashfs/}etc/machine-id r,
+ deny /etc/machine-id r,
deny /var/lib/dbus/machine-id.* rw,
# Accessibility support
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/onionshare.git
More information about the Pkg-privacy-commits
mailing list