Hi,
[dropping pkg-apparmor from the Cc list since our team list gets all
bug report communication already]
Michael Biebl:
> This makes me wonder if
> owner /{,var/}run/user/*/dconf/ w,
> owner /{,var/}run/user/*/dconf/user rw,
> and
> owner @{HOME}/.local/share/gvfs-metadata/** l,
> owner /{,var/}run/user/*/gvfs-metadata/** l,
> shouldn't be moved somewhere else as well.
> Those paths are implementation details of dconf and gvfs. A lot of GNOME
> applications use either dconf or gvfs, so duplicating that information
> in every application seems wrong.
Wrt. dconf: right. We have a dconf abstraction already, that gives
read-only access to dconf. I guess it would be nice to have
a dconf-read-write abstraction that would grant read-write access to
dconf. I've started a discussion about it upstream:
https://bugs.launchpad.net/apparmor/+bug/1633733
Regarding gvfs: on my system, only the Evince AppArmor profile has
these lines, so I'll need more data points before it's clear to me
what the right refactoring is.
Regards,
--
intrigeri
