Bug#857798: Please add an AppArmor profile for Pulseaudio
Ulrike Uhlig
ulrike at debian.org
Wed Mar 15 16:57:00 UTC 2017
Hi Felipe,
>>> + # install apparmor profile
>>> + cp debian/apparmor/usr.bin.pulseaudio
>>> debian/pulseaudio/etc/apparmor.d/usr.bin.pulseaudio
>>>
>>> This would install the file with whatever umask is currently set.
>>
>> Thanks for making this clear.
>> Yes. root:root 644 is correct.
>
> Thanks. I have changed this to install -m 644 instead of cp.
Perfect.
> BTW, I still would like an answer to this question:
>
> Wouldn't that benefit be best achieved if the profile was shipped
> by (pulse) upstream?
>
> AFAICT, this file should be distro-agnostic, so it should be safe to
> ship in the upstream package, wouldn't it?
The apparmor profile itself could indeed be part of the upstream package.
Currently, these profiles are worked on collectively by people from
Ubuntu, Debian/Tails and OpenSuSe and we use a shared Git repository
between our three distributions.
For torbrowser-launcher we upstreamed the profile for example, also
because upstream is very responsive about patches. But I have no other
examples in mind where this would be the case.
Would you care to ask upstream if they'd like to include it?
Cheers!
ulrike
More information about the pkg-pulseaudio-devel
mailing list