mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Description: Remove access to pulseaudio debug socket from audio abstraction

Browse source 
Grant access to specific files in the /var/run/user/UID/pulse/ directory to
 remove access to potentially dangerous and non-essential files such as the
 debug (cli) socket provided by the module-cli-protocol-unix module.
Author: Tyler Hicks <tyhicks@canonical.com>
Bug-Ubuntu: https://launchpad.net/bugs/1211380
Acked-by: Steve Beattie <steve@nxnw.org>
This commit is contained in:
Seth Arnold 2014-02-13 17:25:31 -08:00
parent b70d3fe48e
commit 3ee30ca14c
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
profiles/apparmor.d/abstractions/audio
View file

@ -56,7 +56,7 @@ owner @{HOME}/.pulse-cookie rwk,
owner @{HOME}/.pulse/ rw,
owner @{HOME}/.pulse/* rwk,
owner /{,var/}run/user/*/pulse/ rw,
owner /{,var/}run/user/*/pulse/* rwk,
owner /{,var/}run/user/*/pulse/{native,pid} rwk,
owner @{HOME}/.config/pulse/cookie rwk,
owner /tmp/pulse-*/ rw,
owner /tmp/pulse-*/* rw,