20 Dec
2017
20 Dec
'17
4:50 a.m.
Jamie Strandboge:
On Tue, 2017-12-19 at 16:03 +0100, Christian Ehrhardt wrote:
+ # Alow access to ecryptfs files (LP: #591769) + @{HOME}/.Private/** mrwlk, + @{HOMEDIRS}/.ecryptfs/*/.Private/** mrwlk,
Hrmm, these rules were never meant to last as long as they have. That said, they are already a part of the AppArmor base abstraction (using owner match though) and virt-aa-helper uses '#include <abstractions/base>'. Are these rules still needed considering the base abstraction? I imagine at worst virt-aa-helper would only need 'r' for some of these...
I concur with Jamie: I'd rather can avoid spreading copies of these rules around if we can. Cheers, -- intrigeri