On Fri, Jan 06, 2012 at 11:53:50AM -0600, Jamie Strandboge wrote: > Several applications are linking against p11-kit[1] and we are seeing > AppArmor denials in Ubuntu as a result[2][3]. > > From the README in the toplevel source: > "[P11-KIT] Provides a way to load and enumerate PKCS#11 modules. > Provides a standard configuration setup for installing PKCS#11 modules > in such a way that they're discoverable." > > File locatations are described in [4]. There is a global configuration > file in /etc/pkcs11/pkcs11.conf. Per module configuration happens > in /etc/pkcs11/<module name>. There is also user configuration in > ~/.pkcs11, but IMO this should not be allowed in the abstraction.
Yeah, I agree. > Example configuration can be seen in the upstream documentation[5]. > > This will likely need to be refined as more applications use p11-kit. > > Attached is a second patch to add p11-kit to the authentication > abstraction, since PKCS#11 deals with cryptographic tokens used in > authentication. Acked-By: Steve Beattie <[email protected]> for both patches, thanks. > This could conceivably also be added to the gnome abstraction since > anything using gnome-keyring will now require the pk11-kit abstraction, > but since most gnome applications don't use gnome-keyring I don't think > this is desired. Agreed. -- Steve Beattie <[email protected]> http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
