From: CameronNemo <CameronNemo@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: [PR PATCH] [Updated] apparmor: update pulseaudio profile
Date: Mon, 26 Oct 2020 04:09:08 +0100 [thread overview]
Message-ID: <20201026030908.62t3Mtg0o1XSUup709umvELma-cabizynLYD65FbWsU@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-24734@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 442 bytes --]
There is an updated pull request by CameronNemo against master on the void-packages repository
https://github.com/CameronNemo/void-packages aa-pulse
https://github.com/void-linux/void-packages/pull/24734
apparmor: update pulseaudio profile
The pulseaudio profile was referring to the gconf helper, which has been
replaced with the gsettings-helper.
A patch file from https://github.com/void-linux/void-packages/pull/24734.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-aa-pulse-24734.patch --]
[-- Type: text/x-diff, Size: 3336 bytes --]
From 463962b347c4174cbe5e8962f7a6dd28e2f7a0ab Mon Sep 17 00:00:00 2001
From: Cameron Nemo <cnemo@tutanota.com>
Date: Mon, 7 Sep 2020 07:56:34 -0700
Subject: [PATCH] apparmor: update pulseaudio profile
The pulseaudio profile was referring to the gconf helper, which has been
replaced with the gsettings-helper.
---
.../files/profiles/usr.bin.pulseaudio | 20 ++++++++++++-------
srcpkgs/apparmor/template | 4 ++--
2 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/srcpkgs/apparmor/files/profiles/usr.bin.pulseaudio b/srcpkgs/apparmor/files/profiles/usr.bin.pulseaudio
index e23c5bf0043..4b17e6edc08 100644
--- a/srcpkgs/apparmor/files/profiles/usr.bin.pulseaudio
+++ b/srcpkgs/apparmor/files/profiles/usr.bin.pulseaudio
@@ -1,6 +1,6 @@
#include <tunables/global>
-/usr/bin/pulseaudio {
+profile pulseaudio /usr/bin/pulseaudio {
#include <abstractions/base>
#include <abstractions/audio>
#include <abstractions/dbus-session>
@@ -23,6 +23,7 @@
unix (connect, receive, send) type=stream peer=(addr="@/tmp/.ICE-unix/[0-9]*"),
ptrace (read,trace) peer=@{profile_name},
+ signal (send) peer=pulseaudio//pulse-gsettings-helper,
/usr/bin/pulseaudio mixr,
@@ -70,7 +71,7 @@
/usr/share/applications/* r,
/usr/share/pulseaudio/** r,
/usr/lib/pulse-[1-9]*.[0-9]/modules/*.so mr,
- /usr/lib/pulseaudio/pulse/gconf-helper Cx,
+ /usr/libexec/pulse/gsettings-helper Cx,
owner /var/lib/gdm3/.config/pulse/ rw,
owner /var/lib/gdm3/.config/pulse/* rw,
@@ -89,8 +90,7 @@
/var/lib/pulse/*.tdb rw,
owner @{PROC}/@{pid}/fd/ r,
- owner @{PROC}/@{pid}/maps r,
- owner @{PROC}/@{pid}/stat r,
+ owner @{PROC}/@{pid}/{maps,mountinfo,stat} r,
owner /tmp/pulse-*/pid rwk,
owner /tmp/pulse-*/native rwk,
@@ -105,10 +105,16 @@
owner /tmp/.esd-@{pid}*/ rw,
owner /tmp/.esd-@{pid}*/socket rw,
- profile /usr/lib/pulseaudio/pulse/gconf-helper {
+ profile pulse-gsettings-helper /usr/libexec/pulse/gsettings-helper {
#include <abstractions/base>
-
- /usr/lib/pulseaudio/pulse/gconf-helper mr,
+ #include <abstractions/gnome>
+ #include <abstractions/dconf>
+
+ /usr/libexec/pulse/gsettings-helper mr,
+ owner /{,var/}run/user/*/dconf/user rw,
+ owner @{HOME}/.config/dconf/user rw,
+ owner @{PROC}/@{pid}/fd/ r,
+ signal (receive) peer=pulseaudio,
}
# Site-specific additions and overrides. See local/README for details.
diff --git a/srcpkgs/apparmor/template b/srcpkgs/apparmor/template
index aec653c100c..1ce7af5d4ee 100644
--- a/srcpkgs/apparmor/template
+++ b/srcpkgs/apparmor/template
@@ -1,7 +1,7 @@
# Template file for 'apparmor'
pkgname=apparmor
version=2.13.4
-revision=4
+revision=5
wrksrc="${pkgname}-v${version}"
build_wrksrc=libraries/libapparmor
build_style=gnu-configure
@@ -26,7 +26,7 @@ fi
post_patch() {
# Make.rules feeds some system headers to the C preprocessor to produce
# lists of capability and address-family names that, respectively,
- # populate `parser/cap_names.h` and `parser/af_names.h`. The escaping
+ # populate 'parser/cap_names.h' and 'parser/af_names.h'. The escaping
# backslash in the '\#include" directives here is seen by the
# preprocessor, causing it to skip the system headers and produce empty
# files. Removing the backslash ensures correct behavior.
next prev parent reply other threads:[~2020-10-26 3:09 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-24734@inbox.vuxu.org>
2020-09-29 3:29 ` CameronNemo
2020-09-29 3:30 ` CameronNemo
2020-09-29 4:36 ` ericonr
2020-10-13 2:28 ` [PR PATCH] [Updated] " CameronNemo
2020-10-13 2:30 ` CameronNemo
2020-10-22 2:31 ` [PR REVIEW] " ericonr
2020-10-22 18:50 ` CameronNemo
2020-10-26 3:09 ` CameronNemo [this message]
2020-10-26 4:21 ` [PR PATCH] [Merged]: " ericonr
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201026030908.62t3Mtg0o1XSUup709umvELma-cabizynLYD65FbWsU@z \
--to=cameronnemo@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).