From 572bab7e84f846dfb83f032b2c80733403039ce1 Mon Sep 17 00:00:00 2001 From: Jamie Strandboge Date: Fri, 6 Jan 2012 11:45:44 -0600 Subject: [PATCH] add p11-kit abstraction (LP: #912754, LP: #912752) From the README in the toplevel source: "[P11-KIT] Provides a way to load and enumerate PKCS#11 modules. Provides a standard configuration setup for installing PKCS#11 modules in such a way that they're discoverable." File locatations are described in [1]. There is a global configuration file in /etc/pkcs11/pkcs11.conf. Per module configuration happens in /etc/pkcs11/. There is also user configuration in ~/.pkcs11, but IMO this should not be allowed in the abstraction. Example configuration can be seen in the upstream documentation[2]. This will likely need to be refined as more applications use p11-kit. [1]http://p11-glue.freedesktop.org/doc/p11-kit/config-locations.html [2]http://p11-glue.freedesktop.org/doc/p11-kit/config-example.html Acked-by: Jamie Strandboge --- profiles/apparmor.d/abstractions/p11-kit | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 profiles/apparmor.d/abstractions/p11-kit diff --git a/profiles/apparmor.d/abstractions/p11-kit b/profiles/apparmor.d/abstractions/p11-kit new file mode 100644 index 000000000..721931f1f --- /dev/null +++ b/profiles/apparmor.d/abstractions/p11-kit @@ -0,0 +1,18 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2012 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + + /etc/pkcs11/ r, + /etc/pkcs11/pkcs11.conf r, + /etc/pkcs11/modules/ r, + /etc/pkcs11/modules/* r, + + # p11-kit also supports reading user configuration from ~/.pkcs11 depending + # on how /etc/pkcs11/pkcs11.conf is configured. This should generally not be + # included in this abstraction.