About possibility to translate AppArmor tunables

To: debian-i18n@lists.debian.org
Cc: intrigeri <intrigeri@debian.org>
Subject: About possibility to translate AppArmor tunables
From: Vincas Dargis <vindrg@gmail.com>
Date: Sat, 5 Jan 2019 14:18:43 +0200
Message-id: <[🔎] 0ff6099c-f34c-927d-ad08-6e308091de81@gmail.com>

Hi!

AppArmor is MAC system that is currently (so far) enabled by default on Debian Buster.

When developer writes AppArmor profile that defines how application "Foo" is confined, it is commonto include so-called "tunable" include files, that define useful variables ("tunbales") like`@{XDG_DESKTOP_DIR}` that expand to a path string.

Let's look at one tunable file example. Currently, Debian and upstream version of`/etc/apparmor.d/tunables/xdg-user-dirs` (from apparmor package) have these contents:


```
@{XDG_DESKTOP_DIR}="Desktop"
@{XDG_DOWNLOAD_DIR}="Downloads"
@{XDG_TEMPLATES_DIR}="Templates"
@{XDG_PUBLICSHARE_DIR}="Public"
@{XDG_DOCUMENTS_DIR}="Documents"
@{XDG_MUSIC_DIR}="Music"
@{XDG_PICTURES_DIR}="Pictures"
@{XDG_VIDEOS_DIR}="Videos"

```

As you can see, it has only original English versions of some interesting paths. It's same onDebian, Ubuntu, openSUSE, etc., as currently there's no i18n solution nor in upstream, neither indistributions I've checked.

The problem is that on my machine, "Desktop" is actually "Darbastalis", and that means that ifAppArmor profile for application "Foo" defines rule `@{XDG_DESKTOP_DIR}/** r,` to allow reading fromdesktop, it will not work for my localized desktop directory name.

So this brings the question - would it be possible to translate these variables, using some sort ofhook or some other techniques, depending on what languages are "relevant" for that particular machine?

One way this could be done is by rendering new file`/etc/apparmor.d/tunables/xdg-user-dirs.d/debian` (exact file name is debatable of course) uponinstalling language pack (I actually do not know how these languages are "brought" to the system),or AppArmor itself, with these contents: (example for Lithuanian and Latvian languages):


```
@{XDG_DESKTOP_DIR}+="Darbastalis" #lt
@{XDG_DESKTOP_DIR}+="Darbvirsma" #lv
@{XDG_DOWNLOAD_DIR}+="Atsisiuntimai" #lt
@{XDG_DOWNLOAD_DIR}+="Lejupielādes" #lv
...
```

Though I am not sure how that could be achieved, hence I ask this list for guidance.

If we reach some consensus for acceptable solution, I would allocate my time for implementing thisfeature.


P.S. CC intrigeri, our AppArmor maintainer, for obvious relevance.

Reply to:

Follow-Ups:
- Bug#918548: About possibility to translate AppArmor tunables
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>

Next by Date: Re: #918253: dgit: [INTL:nl] Dutch po file for the dgit-user_7 manpage
Next by thread: Bug#918548: About possibility to translate AppArmor tunables
Index(es):
- Date
- Thread