touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #24879
[Bug 1094789] Re: Pulseaudio Profile
We won't be adding new profiles to the apparmor-profiles package but
instead profiles should be added to the pusleaudio package, please
consider filing a new bug against pulseaudio. Thanks
** Changed in: apparmor (Ubuntu)
Status: Fix Committed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1094789
Title:
Pulseaudio Profile
Status in “apparmor” package in Ubuntu:
Won't Fix
Bug description:
This profile works on 64bit, and is pretty restrictive. Maybe it'll be
of use for someone?
I tested it on Ubuntu 12.10 64bit (it needs 32bit variables,
naturally) and I can play sound from my browser and videos just fine.
It's setuid so it obviously needs a ton of capabilities, but file
access can be restricted quite a lot. It may need more work, but I
figure someone can build from this? It might be worth packaging.
# Last Modified: Sun Dec 30 19:06:02 2012
#include <tunables/global>
/usr/bin/pulseaudio {
capability chown,
capability dac_override,
capability fowner,
capability fsetid,
capability kill,
capability setgid,
capability setuid,
capability sys_nice,
capability sys_ptrace,
capability sys_resource,
/usr/lib/locale/locale-archive r,
/dev/null rw,
/dev/random r,
/dev/snd/controlC* rw,
/dev/snd/pcm* rw,
/dev/urandom r,
/etc/group r,
/etc/ld.so.cache r,
/etc/locale.alias r,
/etc/localtime r,
/etc/nsswitch.conf r,
/etc/passwd r,
/etc/pulse/client.conf r,
/etc/pulse/daemon.conf r,
/etc/pulse/default.pa r,
/etc/pulse/system.pa r,
/etc/udev/udev.conf r,
/home/*/.ICEauthority r,
/home/*/.Xauthority r,
/home/*/.esd_auth rwk,
/home/*/.pulse-cookie rwk,
/home/*/.pulse/ rw,
/home/*/.pulse/* rw,
/home/*/orcexec.* rw,
/lib/x86_64-linux-gnu/libc-*.so mr,
/lib/x86_64-linux-gnu/libdbus-*.so.* mr,
/lib/x86_64-linux-gnu/libdl-*.so mr,
/lib/x86_64-linux-gnu/libglib-*.so.* mr,
/lib/x86_64-linux-gnu/libm-*.so mr,
/lib/x86_64-linux-gnu/libnsl-*.so mr,
/lib/x86_64-linux-gnu/libnss_compat-*.so mr,
/lib/x86_64-linux-gnu/libnss_files-*.so mr,
/lib/x86_64-linux-gnu/libnss_nis-*.so mr,
/lib/x86_64-linux-gnu/libpthread-*.so mr,
/lib/x86_64-linux-gnu/libresolv-*.so mr,
/lib/x86_64-linux-gnu/librt-*.so mr,
/lib/x86_64-linux-gnu/libudev.so.* mr,
/lib/x86_64-linux-gnu/libuuid.so.* mr,
/lib/x86_64-linux-gnu/libwrap.so.* mr,
/proc/asound/card*/ r,
/proc/asound/card*/pc*/ r,
/proc/asound/card*/pc*/sub*/ r,
/proc/asound/card*/pc*/sub*/status r,
/proc/cpuinfo r,
/proc/stat r,
/proc/sys/kernel/ngroups_max r,
/root/.esd_auth rwk,
/root/.pulse-cookie rw,
/root/.pulse/ rw,
/root/.pulse/* rw,
/run/pulse/ rw,
/run/pulse/.pulse-cookie rwk,
/run/pulse/dbus-socket rwk,
/run/pulse/native rwk,
/run/pulse/pid rwk,
/run/shm/ r,
/run/shm/* rw,
/run/udev/data/+sound:card* r,
/sys/bus/ r,
/sys/class/ r,
/sys/class/sound/ r,
/sys/devices/pci[0-9]*/**/*class r,
/sys/devices/pci[0-9]*/**/uevent r,
/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/online r,
/sys/devices/virtual/dmi/id/bios_vendor r,
/sys/devices/virtual/dmi/id/board_vendor r,
/sys/devices/virtual/dmi/id/sys_vendor r,
owner /tmp/** mrwk,
/usr/bin/pulseaudio mrix,
/usr/lib/ r,
/usr/lib/libpulse*.so* mr,
/usr/lib/pulse-*/modules/*.so* mr,
/usr/lib/pulseaudio/pulse/gconf-helper rix,
/usr/lib/x86_64-linux-gnu/alsa-lib/*pulse.so mr,
/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache mr,
/usr/lib/x86_64-linux-gnu/libFLAC.so.* mr,
/usr/lib/x86_64-linux-gnu/libICE.so.* mr,
/usr/lib/x86_64-linux-gnu/libSM.so.* mr,
/usr/lib/x86_64-linux-gnu/libX11-xcb.so.* mr,
/usr/lib/x86_64-linux-gnu/libX11.so.* mr,
/usr/lib/x86_64-linux-gnu/libXau.so.* mr,
/usr/lib/x86_64-linux-gnu/libXdmcp.so.* mr,
/usr/lib/x86_64-linux-gnu/libXext.so.* mr,
/usr/lib/x86_64-linux-gnu/libXtst.so.* mr,
/usr/lib/x86_64-linux-gnu/libasound.so.* mr,
/usr/lib/x86_64-linux-gnu/libasyncns.so.* mr,
/usr/lib/x86_64-linux-gnu/libgconf-2.so.* mr,
/usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.* r,
/usr/lib/x86_64-linux-gnu/libgobject-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libjson.so.* mr,
/usr/lib/x86_64-linux-gnu/libltdl.so.* mr,
/usr/lib/x86_64-linux-gnu/libogg.so.* mr,
/usr/lib/x86_64-linux-gnu/liborc-*.so.* mr,
/usr/lib/x86_64-linux-gnu/libpulse.so.* mr,
/usr/lib/x86_64-linux-gnu/libsamplerate.so.* mr,
/usr/lib/x86_64-linux-gnu/libsndfile.so.* mr,
/usr/lib/x86_64-linux-gnu/libspeexdsp.so.* mr,
/usr/lib/x86_64-linux-gnu/libtdb.so.* mr,
/usr/lib/x86_64-linux-gnu/libvorbis.so.* mr,
/usr/lib/x86_64-linux-gnu/libvorbisenc.so.* mr,
/usr/lib/x86_64-linux-gnu/libxcb.so.* mr,
/usr/lib/x86_64-linux-gnu/pulseaudio/lib*-*.so* mr,
/usr/share/alsa/** r,
/usr/share/applications/ r,
/usr/share/applications/* r,
/usr/share/pulseaudio/** r,
/var/lib/dbus/machine-id r,
/var/lib/lightdm/.Xauthority r,
/var/lib/lightdm/.esd_auth rwk,
owner /var/lib/lightdm/.pulse-cookie rwk,
/var/lib/lightdm/.pulse/ r,
owner /var/lib/lightdm/.pulse/* w,
/var/lib/lightdm/.pulse/* r,
/var/lib/pulse/ rw,
/var/lib/pulse/*-default-sink rw,
/var/lib/pulse/*-default-source rw,
/var/lib/pulse/*.tdb rw,
@{PROC}/[0-9]*/fd/ r,
@{PROC}/[0-9]*/maps r,
@{PROC}/[0-9]*/stat r,
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1094789/+subscriptions
