Skip to content

Draft: Define XDG variables from the Freedesktop specification

ShellCode requested to merge ShellCode33/apparmor:master into master

Related issue: #347 (closed)

People involved: @cboltz @setharnold @jjohansen

Before we can consider this ready to merge, there are a few things I'd like to discuss.

The first thing relates to the scope of XDG_*_DIRS variables. Should it contain only paths relative to the home directory or should it contain system paths as well ?

The Freedesktop specification states the following:

If $XDG_DATA_DIRS is either not set or empty, a value equal to /usr/local/share/:/usr/share/ should be used.

So in my first commit of this MR you can see I did the following:

@{XDG_DATA_DIRS}=@{XDG_DATA_HOME}
@{XDG_DATA_DIRS}+=/usr/share/
@{XDG_DATA_DIRS}+=/usr/local/share/

Even if this is not mentioned in the spec, we could extend this principle to other things as well, for example I also did the following:

@{XDG_BIN_DIRS}=@{XDG_BIN_HOME}
@{XDG_BIN_DIRS}+=/bin
@{XDG_BIN_DIRS}+=/usr/bin
@{XDG_BIN_DIRS}+=/usr/local/bin

But then it got me wondering, from a security perspective, is it ok to consider user directories and system ones the same way in AppArmor profiles ? I think most of the time it makes sense because usually system-wide stuff (configurations, binaries, etc.) is overridden by user stuff. But there are probably edge-cases where this is not the case. Considering system-wide configurations and user ones in the same way would probably allow many AppArmor profiles to be factorized, but probably not if we consider the owner directive. Is the following something supported by the AppArmor parser ?

@{XDG_DATA_DIRS}=owner @{XDG_DATA_HOME}
@{XDG_DATA_DIRS}+=/usr/share/
@{XDG_DATA_DIRS}+=/usr/local/share/

(Notice the additional owner keyword)

A second thing I'd like to discuss is the share tunnable. Instead of using the variables @{system_share_dirs} and @{user_share_dirs}, would it make sense to append Flatpak folders to the new XDG_DATA_DIRS instead ?

The last thing I'd like to discuss is profiles/apparmor.d/tunables/xdg-user-dirs, currently they are not absolute paths. For consistence it would probably make sense to do the following instead:

@{XDG_DESKTOP_DIR}="@{HOME}/Desktop"
@{XDG_DOWNLOAD_DIR}="@{HOME}/Downloads"
@{XDG_TEMPLATES_DIR}="@{HOME}/Templates"
@{XDG_PUBLICSHARE_DIR}="@{HOME}/Public"
@{XDG_DOCUMENTS_DIR}="@{HOME}/Documents"
@{XDG_MUSIC_DIR}="@{HOME}/Music"
@{XDG_PICTURES_DIR}="@{HOME}/Pictures"
@{XDG_VIDEOS_DIR}="@{HOME}/Videos"

These variables don't seem to be mentioned in any Freedesktop specs but are still widely used. Both Ubuntu and ArchLinux manpage on xdg-user-dirs-update state that:

PATH must be an absolute path, e.g. $HOME/Some/Directory.

Thanks for reading me, let me know what are your thoughts on this 🙂

Edited by ShellCode

Merge request reports