abstractions/user-tmp doesn't include /run/user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
New
|
Undecided
|
Unassigned |
Bug Description
Hi. While debugging a firefox apparmor denied messages in Debian 9, I noticed that the file abstractions/
Should user-tmp have:
owner /run/user/[0-9]/**
?
I had to put that in my firefox profile. And I'm wondering if it should be standard. I noticed that icedove adds it to their own profile (/run/user/
To be more specific, I work on Whonix and our users often use FoxyProxy. As far as I can tell, Firefox creates dconf/user inside /run/user when certain addons are installed (even if never used, apparently). This leads to an error and confusion for our users.
tags: | added: aa-policy |
> Should user-tmp have:
> owner /run/user/[0-9]/**
> ?
IMO, absolutely not: I don't think giving full read-write access to
dconf settings is an expected/intended consequence of including the
user-tmp abstraction.
If we agree about this, then I think this bug report is essentially /bugs.launchpad .net/apparmor/ +bug/1633733
a duplicate of https:/