[28326] in Source-Commits
apparmor-config commit: Transform the xdg-desktop abstraction for dconf
daemon@ATHENA.MIT.EDU (Jonathan D Reed)
Sun Jul 6 19:05:52 2014
Date: Sun, 6 Jul 2014 19:05:45 -0400
From: Jonathan D Reed <jdreed@MIT.EDU>
Message-Id: <201407062305.s66N5jse018450@drugstore.mit.edu>
To: source-commits@MIT.EDU
https://github.com/mit-athena/apparmor-config/commit/b6d2fe5795b70dcdecc0c6c798c7a820e9b37c50
commit b6d2fe5795b70dcdecc0c6c798c7a820e9b37c50
Author: Jonathan Reed <jdreed@mit.edu>
Date: Sun Jul 6 18:50:00 2014 -0400
Transform the xdg-desktop abstraction for dconf
Upstream is dumb, and nothing takes into account the fact
that you might want to use a DCONF_PROFILE other than "user",
and thus would need access to read said profile out of
/etc/dconf. So we transform xdg-desktop to allow read access
to everything below /etc/dconf, and while we're at it, make it
aware of the fact that XDG_CACHE_HOME can, like, point to other
directories. (Trac: #1505)
debian/changelog | 8 ++++++++
debian/rules | 6 ++++++
debian/transform_xdg-desktop.debathena | 3 +++
3 files changed, 17 insertions(+), 0 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index cb1c458..2e43c92 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+debathena-apparmor-config (1.2.8) unstable; urgency=low
+
+ * Transform the xdg-desktop profile to take into account the fact that
+ the XDG cache may now be in /var/run, and also to explicitly allow
+ dconf profiles (Trac: #1505)
+
+ -- Jonathan Reed <jdreed@mit.edu> Sun, 06 Jul 2014 18:49:08 -0400
+
debathena-apparmor-config (1.2.7) unstable; urgency=low
* Reflect apparmor configuration changes in Ubuntu 14.04
diff --git a/debian/rules b/debian/rules
index 7a17cc4..7fca2ab 100755
--- a/debian/rules
+++ b/debian/rules
@@ -19,6 +19,12 @@ else
DEB_UNDIVERT_FILES_debathena-apparmor-config += /etc/apparmor.d/abstractions/X.debathena
endif
+ifneq ($(wildcard /etc/apparmor.d/abstractions/xdg-desktop),)
+ DEB_TRANSFORM_FILES_debathena-apparmor-config += /etc/apparmor.d/abstractions/xdg-desktop.debathena
+else
+ DEB_UNDIVERT_FILES_debathena-apparmor-config += /etc/apparmor.d/abstractions/xdg-desktop.debathena
+endif
+
ifneq ($(wildcard /etc/apparmor.d/abstractions/nameservice),)
DEB_TRANSFORM_FILES_debathena-apparmor-config += /etc/apparmor.d/abstractions/nameservice.debathena
else
diff --git a/debian/transform_xdg-desktop.debathena b/debian/transform_xdg-desktop.debathena
new file mode 100755
index 0000000..19eb9ef
--- /dev/null
+++ b/debian/transform_xdg-desktop.debathena
@@ -0,0 +1,3 @@
+#!/usr/bin/perl -p0
+s|^(\s*)owner \@\{HOME\}/.cache/\s+rw,$|$&\n$1owner /{,var/}run/athena-sessions/xdgcache-*/** rw,|m or die;
+s|$|\n\n # Allow access to dconf profiles and databases\n /etc/dconf/** r,\n| or die;
