Commit 899357b2 authored by Simon McVittie's avatar Simon McVittie

AppArmor: Stop using non-standard XDGRUNTIMEDIR tunable

Tunables are intended to be used for paths that can legitimately
vary, particularly those that can vary according to sysadmin or
OS integrator preference. XDGRUNTIMEDIR is not one of those: the
pattern used to form XDG_RUNTIME_DIR is hard-coded in systemd-logind
and is unlikely to change without good reason.

This avoids using a non-upstream tunable that we currently patch
into the apparmor package, which we would like to remove (T3612).

Apertis: https://phabricator.apertis.org/T4015Signed-off-by: Simon McVittie's avatarSimon McVittie <smcv@collabora.com>
Reviewed-by: Emanuele Aina's avatarEmanuele Aina <emanuele.aina@collabora.co.uk>
Differential Revision: https://phabricator.apertis.org/D6866
parent 1eb04f29
......@@ -32,10 +32,10 @@
# $XDG_RUNTIME_DIR/dconf is used by the reader for storing an mmaped
# copy of the database.
# Write access here is equivalent to read access for the process.
owner @{XDGRUNTIMEDIR}/dconf/ rw,
owner /run/user/[0-9]*/dconf/ rw,
# This rule matches the files "user" and "user.XXXXX". The latter is a
# random temp file written by dconf, which is then renamed on top of "user".
owner @{XDGRUNTIMEDIR}/dconf/user* rw,
owner /run/user/[0-9]*/dconf/user* rw,
# ~/.cache/ is the fallback directory for g_get_user_runtime_dir()
# if XDG_RUNTIME_DIR is unset. If something uses this, it's scrubbing
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment