Bug#857798: Please add an AppArmor profile for Pulseaudio
fsateler at debian.org
Wed Mar 15 16:13:35 UTC 2017
On Wed, Mar 15, 2017 at 11:56 AM, Ulrike Uhlig <ulrike at debian.org> wrote:
> Control: tags + patch
> Felipe Sateler:
>> On Wed, Mar 15, 2017 at 11:23 AM, Ulrike Uhlig <ulrike at debian.org> wrote:
>>> tags + patch
>>>>> I'll try to prepare a patch to make it easier for you to integrate it.
>>>> That would be great.
>>> Please find a patch attached.
>>> The will simply to copy the file to /etc/apparmor.d/ and only if the
>>> user has AppArmor installed and enabled, this will then confine the
>>> pulseaudio executable. Furthremore, dh_apparmor should create an empty
>>> file /etc/apparmor.d/local/usr.bin.pulseaudio which can be used for
>>> local overrides.
>> + # install apparmor profile
>> + cp debian/apparmor/usr.bin.pulseaudio
>> This would install the file with whatever umask is currently set.
> Thanks for making this clear.
>> Which permissions should the file have? root:root 644 ?
> Yes. root:root 644 is correct.
Thanks. I have changed this to install -m 644 instead of cp.
BTW, I still would like an answer to this question:
Wouldn't that benefit be best achieved if the profile was shipped
by (pulse) upstream?
AFAICT, this file should be distro-agnostic, so it should be safe to
ship in the upstream package, wouldn't it?
More information about the pkg-pulseaudio-devel