From 3ee30ca14cf107a389d36f7eeaa648cc9d37f89f Mon Sep 17 00:00:00 2001 From: Seth Arnold Date: Thu, 13 Feb 2014 17:25:31 -0800 Subject: [PATCH] Description: Remove access to pulseaudio debug socket from audio abstraction Grant access to specific files in the /var/run/user/UID/pulse/ directory to remove access to potentially dangerous and non-essential files such as the debug (cli) socket provided by the module-cli-protocol-unix module. Author: Tyler Hicks Bug-Ubuntu: https://launchpad.net/bugs/1211380 Acked-by: Steve Beattie --- profiles/apparmor.d/abstractions/audio | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/apparmor.d/abstractions/audio b/profiles/apparmor.d/abstractions/audio index ef9b4310c..e9643253e 100644 --- a/profiles/apparmor.d/abstractions/audio +++ b/profiles/apparmor.d/abstractions/audio @@ -56,7 +56,7 @@ owner @{HOME}/.pulse-cookie rwk, owner @{HOME}/.pulse/ rw, owner @{HOME}/.pulse/* rwk, owner /{,var/}run/user/*/pulse/ rw, -owner /{,var/}run/user/*/pulse/* rwk, +owner /{,var/}run/user/*/pulse/{native,pid} rwk, owner @{HOME}/.config/pulse/cookie rwk, owner /tmp/pulse-*/ rw, owner /tmp/pulse-*/* rw,