Mailinglist Archive: opensuse-bugs (4069 mails)

< Previous Next >
[Bug 643387] Not operating profiles from templates

--- Comment #25 from Christian Boltz <suse-beta@xxxxxxxxx> 2011-08-03 14:05:44
CEST ---
Patch for sent upstream (in a slightly modified version).

@Alexander: As I said in comment #19, the firefox and opera profile changes
most probably won't be accepted upstream because some of the changes are too
permissive or look unrelated.

For firefox: Can you please revert to the original profile and check if the
following permissions are really needed?
- /dev/shm/* r, # there could be any file from any user
- /etc/pulse/client.conf r, # test with videos, sound etc.
- @{PROC}/*/mountinfo r, #
- @{HOME}/** rw, # should be restricted to @{HOME}/Downloads/** rw,

For opera: well, read the diff yourself and judge if it makes sense. If unsure,
revert this part and try what happens. There are too many changes to comment on
each of them separately.

@Jeff: security:apparmor:factory apparmor has a merge conflict. Can you please
run "osc pull" and then fix and commit the specfile?

(In reply to comment #23)
I'm actually in the process of updating the security:apparmor:factory apparmor
package to 2.6.1 anyway. What would be useful is to cherry pick any profile
changes beyond 2.6.1 (in the 2.7/master branch) and pull those into our

It might be easier to replace the complete profiles folder with the 2.7
profiles ;-) (or, if you want a patch, diff -r the 2.6.1 and 2.7 profiles)

If you wouldn't mind pushing the leftover patches we're still carrying
upstream, I'd be happy to answer any followup questions.

I can try, but I can't guarantee any timeframe.

I'm currently doing the jobs of about 3 people, so I haven't had the time. :)

Sounds interesting[tm], but not really unknown to me. Everything related to
Linux is more or less a hobby for me, and with working on openSUSE and
developing PostfixAdmin I can't say I'm bored ;-)

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >