On 7/22/18 3:19 PM, intrigeri wrote:
Vincas Dargis:
Now that "/sys/devices/system/memory/block_size_bytes r," needs simple
backport, as
is is already available in more recent AppArmor [0].
Unless this denial triggers important user-visible issues, I say let's
ignore it for Stretch and for testing/sid it'll be fixed soon anyway.
I guess so we could do that this way.
Let's talk about these "rwm" then. This is a kinda known issue.
NVIDIA drivers tries to mmap() for execution some sort of optimization-related
generated files from these paths OP mentioned [1]. […]
In the Thunderbird case, I don't think we need to make things
complicated to maintain/update/etc. and I suggest we merely silence
these with "deny" rules.
Yes, my plan is to deny them, and add TODO to switch to using conditionals when
they are available.
