Bug#857798: Please add an AppArmor profile for Pulseaudio
Felipe Sateler
fsateler at debian.org
Wed Mar 15 16:13:35 UTC 2017
On Wed, Mar 15, 2017 at 11:56 AM, Ulrike Uhlig <ulrike at debian.org> wrote:
> Control: tags + patch
>
> Hi!
>
> Felipe Sateler:
>> On Wed, Mar 15, 2017 at 11:23 AM, Ulrike Uhlig <ulrike at debian.org> wrote:
>>> tags + patch
>>>
>>> Hi,
>>>
>>>>> I'll try to prepare a patch to make it easier for you to integrate it.
>>>>
>>>> That would be great.
>>>
>>> Please find a patch attached.
>>
>> Thanks.
>>
>>>
>>> The will simply to copy the file to /etc/apparmor.d/ and only if the
>>> user has AppArmor installed and enabled, this will then confine the
>>> pulseaudio executable. Furthremore, dh_apparmor should create an empty
>>> file /etc/apparmor.d/local/usr.bin.pulseaudio which can be used for
>>> local overrides.
>>
>>
>> + # install apparmor profile
>> + cp debian/apparmor/usr.bin.pulseaudio
>> debian/pulseaudio/etc/apparmor.d/usr.bin.pulseaudio
>>
>> This would install the file with whatever umask is currently set.
>
> Thanks for making this clear.
>
>> Which permissions should the file have? root:root 644 ?
>
> Yes. root:root 644 is correct.
Thanks. I have changed this to install -m 644 instead of cp.
BTW, I still would like an answer to this question:
Wouldn't that benefit be best achieved if the profile was shipped
by (pulse) upstream?
AFAICT, this file should be distro-agnostic, so it should be safe to
ship in the upstream package, wouldn't it?
--
Saludos,
Felipe Sateler
More information about the pkg-pulseaudio-devel
mailing list