summaryrefslogtreecommitdiffstats
path: root/debian/patches/apparmor-cleanups.diff
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/apparmor-cleanups.diff')
-rw-r--r--debian/patches/apparmor-cleanups.diff105
1 files changed, 105 insertions, 0 deletions
diff --git a/debian/patches/apparmor-cleanups.diff b/debian/patches/apparmor-cleanups.diff
new file mode 100644
index 000000000..c4b17e995
--- /dev/null
+++ b/debian/patches/apparmor-cleanups.diff
@@ -0,0 +1,105 @@
+From b3c157faeb945fd689fcc8561a520d9e611a7419 Mon Sep 17 00:00:00 2001
+From: Vincas Dargis <vindrg@gmail.com>
+Date: Sat, 4 Aug 2018 17:40:05 +0300
+Subject: [PATCH] apparmor: use dri-enumerate abstraction
+
+Remove backported rule and use new dri-enumerate abstraction instead.
+dri-enumerate is available in AppArmor 2.13, which recently migrated
+into Debian Buster.
+
+Change-Id: I64919edc1882f7bc1e65cfb94686464c5350f699
+---
+ sysui/desktop/apparmor/program.soffice.bin | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin
+index 2fc7fd6b5735..33ad6f933ef6 100644
+--- a/sysui/desktop/apparmor/program.soffice.bin
++++ b/sysui/desktop/apparmor/program.soffice.bin
+@@ -82,6 +82,7 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
+ #include <abstractions/dbus>
+ #include <abstractions/dbus-session>
+ #include <abstractions/dbus-accessibility>
++ #include <abstractions/dri-enumerate>
+ #include <abstractions/ibus>
+ #include <abstractions/nameservice>
+ #include <abstractions/gnome>
+@@ -179,7 +179,6 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
+ #Likely moving to abstractions in the future
+ owner @{HOME}/.icons/*/cursors/* r,
+ /etc/fstab r, # Solid::DeviceNotifier::instance() TODO: deny?
+- /sys/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r, # for libdrm
+ /usr/share/*-fonts/conf.avail/*.conf r,
+ /usr/share/fonts-config/conf.avail/*.conf r,
+ /{,var/}run/udev/data/+usb:* r, # Solid::Device::listFromQuery()
+
+From 5054f7067cc5ee43933893b682e02540fce043b4 Mon Sep 17 00:00:00 2001
+From: Rene Engelhard <rene@debian.org>
+Date: Sat, 20 Jun 2020 15:33:34 +0200
+Subject: deb#962903 #include <abstractions/user-tmp> to allow /tmp/something/*
+
+Change-Id: I6377db152ededc4d46ba7bbbaa9bc66210964e18
+Reviewed-on: https://gerrit.libreoffice.org/c/core/+/96770
+Tested-by: Jenkins
+Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
+---
+ sysui/desktop/apparmor/program.senddoc | 4 ++--
+ sysui/desktop/apparmor/program.soffice.bin | 3 ++-
+ sysui/desktop/apparmor/program.xpdfimport | 5 ++---
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/sysui/desktop/apparmor/program.senddoc b/sysui/desktop/apparmor/program.senddoc
+index d659ec9b98b3..969130f4ea90 100644
+--- a/sysui/desktop/apparmor/program.senddoc
++++ b/sysui/desktop/apparmor/program.senddoc
+@@ -17,8 +17,8 @@
+ profile libreoffice-senddoc INSTDIR-program/senddoc {
+ #include <abstractions/base>
+
+- owner /tmp/lu** rw, #makes files like luRRRRR.tmp/lubRRRR.tmp where R is random
+- #Note, usually it's lub or luc, don't know why.
++ #include <abstractions/user-tmp>
++
+ /{usr/,}bin/sh rmix,
+ /{usr/,}bin/bash rmix,
+ /{usr/,}bin/dash rmix,
+diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin
+index 212eb7c62b15..42053db2abef 100644
+--- a/sysui/desktop/apparmor/program.soffice.bin
++++ b/sysui/desktop/apparmor/program.soffice.bin
+@@ -92,6 +92,8 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
+ #include <abstractions/python>
+ #include <abstractions/p11-kit>
+
++ #include <abstractions/user-tmp>
++
+ #List directories for file browser
+ / r,
+ /**/ r,
+@@ -116,7 +118,6 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
+ owner @{HOME}/.config/soffice.binrc.lock rwk,
+ owner @{HOME}/.cache/fontconfig/** rw,
+ owner @{HOME}/.config/gtk-???/bookmarks r, #Make bookmarks work
+- owner /tmp/psp[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]* rw, #/tmp/psp1534203998 (printing to file)
+
+ owner /{,var/}run/user/*/dconf/user rw,
+ owner @{HOME}/.config/dconf/user r,
+diff --git a/sysui/desktop/apparmor/program.xpdfimport b/sysui/desktop/apparmor/program.xpdfimport
+index efe10dce020d..f8bfbfe8fa49 100644
+--- a/sysui/desktop/apparmor/program.xpdfimport
++++ b/sysui/desktop/apparmor/program.xpdfimport
+@@ -17,9 +17,8 @@
+ profile libreoffice-xpdfimport INSTDIR-program/xpdfimport {
+ #include <abstractions/base>
+
+- owner /tmp/* r, #Seems to need to read file created with pattern /tmp/RRRRRR
+- owner /tmp/lu** rw, #makes files like luRRRRR.tmp/lubRRRR.tmp where R is random
+- #Note, usually it's lub or luc, don't know why.
++ #include <abstractions/user-tmp>
++
+ /usr/share/poppler/** r,
+ /usr/share/libreoffice/share/config/* r,
+ owner @{HOME}/.config/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw,
+--
+cgit v1.2.1
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-22 14:22:59 +0000