What packages are "responsible" for /tmp/xauth-1000* ?

Wed, 08 Aug 2018 07:13:08 -0700 

Hi Debian Developers,
While debugging some AppArmor-related stuff I've discovered that some application uses `/tmp/xauth-1000-_0` files instead of `~/.Xauthority`, and started discussion on upstream AppArmor mailing list [0] on how to deal with such cases. 


Simon McVittie enlightened me [1] (thanks!) that having different Xauthority paths can be influenced 
by desktop managers, remote desktop access applications, and else.



Now, knowing that there can be different paths depending on "parent" application that influences 
interaction with X, instead of patching AppArmors so-called "X" abstraction (basically an include 
file [2]) for every use case we know or don't know yet, we could deal with Xauthority alternatives 
by utilizing AppArmor variables.



To achieve that, I would need to find packages that "decide", affect Xauthority path. Then, I would 
discuss with it's maintainers about possibility to ship single file with additions to the the 
upstream AppArmor variable, adding single line with "new", additional path[s] to the Xauthority file 
like this:


(example for package "foo")

cat /etc/apparmor.d/tunables/env.d/foo
@{XAUTHORITY} += /run/user/[0-9]*/foo/xauth-*


This will make dealing with changing paths (not only XAUTHORITY; for TMPDIR and else too!) with 
AppArmor easier, less upstream-dependent, and in more load-balanced way by putting less burden on 
limited AppArmor team. I believe making AppArmor more configurable, flexible is really important as 
we are targeting to enable it (or should I say "keep enabled" as it is enabled now for the 
experiment) by default.



So the main question is, how do I start? How do I find as much packages as possible to start 
discussions with their maintainers about shipping additional file, to make us of this env.d idea?



Maybe Debian Developers reading this knows ( or even are responsible for ) already quite a few 
packages that in fact that uses "unusual" Xauthority paths?


Big thanks!

P.S. CC to intrigeri, our AppArmor maintainer, for relevance and possibly help.

[0] https://lists.ubuntu.com/archives/apparmor/2018-July/011714.html
[1] https://lists.ubuntu.com/archives/apparmor/2018-July/011727.html

[2] 
https://salsa.debian.org/apparmor-team/apparmor/blob/69be44e5ef31905eb27be0c04c1346061b0cbc78/profiles/apparmor.d/abstractions/X#L20
























					Reply via email to