From b3c157faeb945fd689fcc8561a520d9e611a7419 Mon Sep 17 00:00:00 2001 From: Vincas Dargis Date: Sat, 4 Aug 2018 17:40:05 +0300 Subject: [PATCH] apparmor: use dri-enumerate abstraction Remove backported rule and use new dri-enumerate abstraction instead. dri-enumerate is available in AppArmor 2.13, which recently migrated into Debian Buster. Change-Id: I64919edc1882f7bc1e65cfb94686464c5350f699 --- sysui/desktop/apparmor/program.soffice.bin | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin index 2fc7fd6b5735..33ad6f933ef6 100644 --- a/sysui/desktop/apparmor/program.soffice.bin +++ b/sysui/desktop/apparmor/program.soffice.bin @@ -82,6 +82,7 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin { #include #include #include + #include #include #include #include @@ -179,7 +179,6 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin { #Likely moving to abstractions in the future owner @{HOME}/.icons/*/cursors/* r, /etc/fstab r, # Solid::DeviceNotifier::instance() TODO: deny? - /sys/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r, # for libdrm /usr/share/*-fonts/conf.avail/*.conf r, /usr/share/fonts-config/conf.avail/*.conf r, /{,var/}run/udev/data/+usb:* r, # Solid::Device::listFromQuery() From 5054f7067cc5ee43933893b682e02540fce043b4 Mon Sep 17 00:00:00 2001 From: Rene Engelhard Date: Sat, 20 Jun 2020 15:33:34 +0200 Subject: deb#962903 #include to allow /tmp/something/* Change-Id: I6377db152ededc4d46ba7bbbaa9bc66210964e18 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/96770 Tested-by: Jenkins Reviewed-by: Thorsten Behrens --- sysui/desktop/apparmor/program.senddoc | 4 ++-- sysui/desktop/apparmor/program.soffice.bin | 3 ++- sysui/desktop/apparmor/program.xpdfimport | 5 ++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/sysui/desktop/apparmor/program.senddoc b/sysui/desktop/apparmor/program.senddoc index d659ec9b98b3..969130f4ea90 100644 --- a/sysui/desktop/apparmor/program.senddoc +++ b/sysui/desktop/apparmor/program.senddoc @@ -17,8 +17,8 @@ profile libreoffice-senddoc INSTDIR-program/senddoc { #include - owner /tmp/lu** rw, #makes files like luRRRRR.tmp/lubRRRR.tmp where R is random - #Note, usually it's lub or luc, don't know why. + #include + /{usr/,}bin/sh rmix, /{usr/,}bin/bash rmix, /{usr/,}bin/dash rmix, diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin index 212eb7c62b15..42053db2abef 100644 --- a/sysui/desktop/apparmor/program.soffice.bin +++ b/sysui/desktop/apparmor/program.soffice.bin @@ -92,6 +92,8 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin { #include #include + #include + #List directories for file browser / r, /**/ r, @@ -116,7 +118,6 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin { owner @{HOME}/.config/soffice.binrc.lock rwk, owner @{HOME}/.cache/fontconfig/** rw, owner @{HOME}/.config/gtk-???/bookmarks r, #Make bookmarks work - owner /tmp/psp[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]* rw, #/tmp/psp1534203998 (printing to file) owner /{,var/}run/user/*/dconf/user rw, owner @{HOME}/.config/dconf/user r, diff --git a/sysui/desktop/apparmor/program.xpdfimport b/sysui/desktop/apparmor/program.xpdfimport index efe10dce020d..f8bfbfe8fa49 100644 --- a/sysui/desktop/apparmor/program.xpdfimport +++ b/sysui/desktop/apparmor/program.xpdfimport @@ -17,9 +17,8 @@ profile libreoffice-xpdfimport INSTDIR-program/xpdfimport { #include - owner /tmp/* r, #Seems to need to read file created with pattern /tmp/RRRRRR - owner /tmp/lu** rw, #makes files like luRRRRR.tmp/lubRRRR.tmp where R is random - #Note, usually it's lub or luc, don't know why. + #include + /usr/share/poppler/** r, /usr/share/libreoffice/share/config/* r, owner @{HOME}/.config/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw, -- cgit v1.2.1