boinc ubuntu 12.04 headless with apparmor

Hi

Under Ubuntu 12.04 amd64 the package dependencies are (seems to me) broken, it want’s  to install about 300MB packages. After fiddling arround with apt-get I found the proper option

apt-get --no-install-recommends install boinc-client

Now I want to activate my worldcommunitygrid.org account. Were doing this:

boinccmd --lookup_account http://www.worldcommunitygrid.org username yourpassword

Weg get an hash returned, and with the hash we do:

boinccmd --host localhost --project_attach https://www.worldcommunitygrid.org hash

That’s it. Now were computing for worldcommunitygrid.org
Since I’m a little paranoid, I don’t trust anything which downloads binaries and executes them on my computer automatically. Therefore is a solution to isolate the processes at kernel space. Apparmor. Here my profile:

# vim:syntax=apparmor
# Last Modified: Mon Jul 30 23:00:13 2007
#include <tunables/global>

/usr/bin/boinc {
  #include <abstractions/base>
  #include <abstractions/bash>
  #include <abstractions/nameservice>
  #include <abstractions/wutmp>

  /SYSV* mrw,
  /bin/dash ixr,
  /bin/uname ixr,
  /dev/ r,
  /dev/pts/ r,
  /etc/boinc-client/* r,
  /etc/gai.conf r,
  /etc/magic r,
  /lib/ r,
  /proc/ r,
  /proc/** r,
  /usr/lib/ r,
  /usr/bin/boinc mr,
  /usr/bin/file ixr,
  /usr/sbin/sendmail ixr,
  /usr/share/file/magic.mgc r,
  /var/lib/boinc-client/ r,
  /var/lib/boinc-client/** krwixr,
}

I’ve simply adopted the profile from:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/129574
Save the profile under /etc/apparmor.d/usr.bin.boinc and run:

aa-enforce /etc/apparmor.d/usr.bin.boinc

If youre missing the command aa-enforce try to install the package apparmor-utils

Have fun!