On Wed, Mar 15, 2017 at 1:57 PM, Ulrike Uhlig <ulr...@debian.org> wrote: > Hi Felipe, > >>>> + # install apparmor profile >>>> + cp debian/apparmor/usr.bin.pulseaudio >>>> debian/pulseaudio/etc/apparmor.d/usr.bin.pulseaudio >>>> >>>> This would install the file with whatever umask is currently set. >>> >>> Thanks for making this clear. >>> Yes. root:root 644 is correct. >> >> Thanks. I have changed this to install -m 644 instead of cp. > > Perfect. > >> BTW, I still would like an answer to this question: >> >> Wouldn't that benefit be best achieved if the profile was shipped >> by (pulse) upstream? >> >> AFAICT, this file should be distro-agnostic, so it should be safe to >> ship in the upstream package, wouldn't it? > > The apparmor profile itself could indeed be part of the upstream package. > > Currently, these profiles are worked on collectively by people from > Ubuntu, Debian/Tails and OpenSuSe and we use a shared Git repository > between our three distributions. > > For torbrowser-launcher we upstreamed the profile for example, also > because upstream is very responsive about patches. But I have no other > examples in mind where this would be the case. > > Would you care to ask upstream if they'd like to include it?
Better late than never, I have asked upstream and they are receptive to adding the profile there. Could you please propose a patch on the upstream mailing list? https://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss -- Saludos, Felipe Sateler
