Commit b9f76b53 authored by Simon McVittie's avatar Simon McVittie

<abstractions/chaiwala-user-read>: Add doc-comment, mark as deprecated

Signed-off-by: default avatarSimon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: André Magalhães's avatarAndré Magalhães <andre.magalhaes@collabora.co.uk>
Differential Revision: https://phabricator.apertis.org/D5730
parent c2fef7b4
......@@ -10,6 +10,22 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
###
# <abstractions/chaiwala-user-read>: allow reading miscellaneous user files
#
# This abstraction gives the confined process read access to the entire
# home directory, as well as several obsolete directories that no
# longer exist. It is a mixture of per-app and general paths, which
# seems undesired; in particular, blanket access to @{HOME} and
# @{XDGRUNTIMEDIR} seems like a bad idea.
# See https://phabricator.apertis.org/T3599
#
# Status: Apertis-specific, deprecated, candidate for deletion
# Privilege level: elevated privilege
# Known users: none
# Dependencies: <tunables/chaiwala/chaiwala-user>, <tunables/global>
###
owner @{APPLICATION_DATA_USER}/ r,
owner @{APPLICATION_DATA_USER}/** r,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment