No abstraction over xdg-basedirs and xdg-user-dirs
Bug #1061693 reported by
Iain Lane
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
Fix Released
|
Medium
|
Jamie Strandboge | ||
apparmor (Ubuntu) |
Fix Released
|
Medium
|
Seth Arnold |
Bug Description
Per a freedesktop.org spec
http://
users may modify certain environment variables to override the locations in which applications store / cache data.
Most of the apparmor profiles shipped by Ubuntu hardcode the defaults specified by XDG, meaning that if someone wants to change this, they need to modify every profile for the change. It would be great if this could be made easier, either by whitelisting these environment variables or by introducing a tunable and modifying all profiles shipped by default to use it.
Related branches
Changed in apparmor (Ubuntu): | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in apparmor: | |
status: | Confirmed → Triaged |
Changed in apparmor (Ubuntu): | |
status: | Confirmed → Triaged |
Changed in apparmor: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Here are some thoughts I had to fix this. It is not fully realized:
We take advantage of tunables in the following manner: DESKTOP_ DIR}=@{ HOMEDIRS} /*/Desktop DESKTOP_ DIR}+=@ {HOMEDIRS} /*/TranslatedDe sktop
* create tunables/xdg to have:
@{XDG_
#include <tunables/xdg.d>
* tunables/xdg.d could include files with contents of the form:
@{XDG_
* we could then have some sort of a hook, perhaps a dpkg trigger that would generate files in tunables/xdg.d based on installed locales
Rules that were of the form of:
owner @{HOME}/Desktop/** r,
would become: DIR/** r,
owner @{XDG_DESKTOP_
This also has the advantage of opening the possibility of handling migrations like those with /var/run/user/ to be handled more gracefully.