Ubuntu
apparmor package

  1. Bug #1507469
  2. Comment #8

Comment 8 for bug 1507469

Revision history for this message
Simon McVittie (smcv) wrote : Re: Evince's Apparmour profile prevents opening docs from other apps under Wayland

There is now an <abstractions/wayland>, which is #include'd by <abstractions/gnome>. It includes weston-shared, but not the Wayland socket itself.

I suspect a better rule for that would be:

owner /run/user/*/wayland-[0-9]* rw,

so that the numbered sockets that are conventionally used are matched more precisely.

The complete set of possible fd-passed shared-memory backing files is more like:

owner /run/user/*/{mesa,mutter,sdl,weston,xwayland}-shared-* rw,

because the Wayland code to create an anonymous backing file for shared memory has been copied and pasted all over the place, with some instances changing the name.