On 2019-01-10 9:54 a.m., Kai Weber wrote:
> * Simon Deziel <si...@sdeziel.info>:
>
>> Actually, please use this new attached profile which is identical in
>> purpose but uses better names.
>
> The profile works with the secret-tool solution.
Great, thanks for testing, I really appreciate it.
> If the maintainers choose to restrict the use of "secret helpers" to
> only gpg* and secret-tool than this should be mentioned in the
> documentation/README/NEWS.
I agree, it's worth mentioning in the doc. Those 2 helpers were selected
because they are mentioned in msmtp's man page. Authorizing more helpers
is doable but should be evaluated case by case.
Also, we cannot cover every use cases so for some folks if Apparmor gets
in the way, they can either tune the profile or disable it.
> Is there any decision yet that says where the restriction of
> AppArmor should be documented in Debian?
I would think that putting it in the README and NEWS is good enough.
> AppArmor restrictions might bring up a lot of bug reports in the
> future.
That is a good point and that's why it's important to tackle the common
use cases ASAP.
If it turns out to not be enough to please the users and maintainers it
is always be possible to ship the profile in complain mode. This would
make the security benefits an "opt-in" choice.
> One addition: I chose to place my logfiles into $XDG_CACHE_HOME, which
> by default is $HOME/.cache. I am no longer able to go this way. Should a
> user not allowed to write in any file at any place in it's home
> directory?
For the Apparmor profile to bring security, it needs to authorize just
enough to cover common use cases. Apparmor removes flexibility so it's a
matter of balancing security with convenience.
> This is my current setting
>
> logfile ~/.cache/msmtp/msmtp.log
You make a case for authorizing ~/.cache/msmtp. How about adding those
rules:
owner @{HOME}/.cache/msmtp/* r,
owner @{HOME}/.cache/msmtp/*.log wk,
> and the error is not very helpful because it never mentions AppArmor:
>
> msmtp: cannot log to /home/kai/.cache/msmtp/msmtp.log: cannot open:
> Permission denied
That is how Apparmor works unfortunately. Everything goes into dmesg.
Regards,
Simon
