package: irssi severity: wishlist x-debugs-cc: pkg-aa-profiles-t...@lists.alioth.debian.org tags: patch
Hi Rhonda,
thanks for maintaining irssi!
Please include the attached profile file for AppArmor into the irssi package.
You will need to build depend on dh_apparmor and add something like the
following to debian/rules:
mkdir -p debian/irssi/etc/apparmor.d/
cp debian/usr.bin.irssi debian/irssi/etc/apparmor.d/
dh_apparmor --profile-name=usr.bin.irssi -pirssi
git.debian.org/git/collab-maint/apparmor-profiles-extra.git is where the
attached irssi profile was develop.
Originally it was taken from the launchpad apparmor-profiles repository at
revision 125, and now has two local patches submitted upstream as
https://code.launchpad.net/~intrigeri/apparmor-profiles/irssi-
updates/+merge/229357
I've been running irssi confined with this profile since 2 weeks with no
problems whatsoever, both with 0.8.15 and 0.8.16~bpo70+1.
cheers,
Holger
# Author: Jamie Strandboge
# For use with irssi within screen
#include <tunables/global>
/usr/bin/irssi {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/perl>
#include <abstractions/ssl_certs>
/usr/share/irssi/themes/*.theme r,
/usr/share/irssi/help/* r,
# Enable system wide scripts
/usr/share/irssi/scripts/* r,
/usr/share/ca-certificates/** r,
@{PROC}/uptime r,
/bin/dash ix,
# for screen_away
#include <abstractions/wutmp>
/usr/bin/screen ix,
owner /{,var/}run/screen/** r,
owner /{,var/}run/screen/S-[a-zA-Z0-9]*/[0-9]* w,
@{PROC}/[0-9]*/stat r,
# for /uptime
/usr/bin/gawk ix,
/usr/bin/expr ix,
/bin/date ix,
# for /calc
/usr/bin/bc ix,
/bin/which ixr,
# config files, etc
/etc/irssi.conf r,
owner @{HOME}/.irssi/ r,
owner @{HOME}/.irssi/** r,
owner @{HOME}/.irssi/away.log wk,
owner @{HOME}/.irssi/config{,.autosave} wk,
owner @{HOME}/.irssi/*.theme wk,
# http://www.irssi.org/documentation/startup states that ~/irclogs is the
# default location for logs.
owner @{HOME}/irclogs/ r,
owner @{HOME}/irclogs/** rwk,
# for fnotify
owner @{HOME}/.irssi/fnotify rwk,
}
signature.asc
Description: This is a digitally signed message part.
