Bug#857798: Please add an AppArmor profile for Pulseaudio
Felipe Sateler
fsateler at debian.org
Wed Sep 20 18:04:12 UTC 2017
On Wed, Mar 15, 2017 at 1:57 PM, Ulrike Uhlig <ulrike at debian.org> wrote:
> Hi Felipe,
>
>>>> + # install apparmor profile
>>>> + cp debian/apparmor/usr.bin.pulseaudio
>>>> debian/pulseaudio/etc/apparmor.d/usr.bin.pulseaudio
>>>>
>>>> This would install the file with whatever umask is currently set.
>>>
>>> Thanks for making this clear.
>>> Yes. root:root 644 is correct.
>>
>> Thanks. I have changed this to install -m 644 instead of cp.
>
> Perfect.
>
>> BTW, I still would like an answer to this question:
>>
>> Wouldn't that benefit be best achieved if the profile was shipped
>> by (pulse) upstream?
>>
>> AFAICT, this file should be distro-agnostic, so it should be safe to
>> ship in the upstream package, wouldn't it?
>
> The apparmor profile itself could indeed be part of the upstream package.
>
> Currently, these profiles are worked on collectively by people from
> Ubuntu, Debian/Tails and OpenSuSe and we use a shared Git repository
> between our three distributions.
>
> For torbrowser-launcher we upstreamed the profile for example, also
> because upstream is very responsive about patches. But I have no other
> examples in mind where this would be the case.
>
> Would you care to ask upstream if they'd like to include it?
Better late than never, I have asked upstream and they are receptive
to adding the profile there. Could you please propose a patch on the
upstream mailing list?
https://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss
--
Saludos,
Felipe Sateler
More information about the pkg-pulseaudio-devel
mailing list