sysui/desktop/apparmor/program.oosplash | 9 ++++--- sysui/desktop/apparmor/program.senddoc | 4 +-- sysui/desktop/apparmor/program.soffice.bin | 11 +++++---- sysui/desktop/apparmor/program.xpdfimport | 2 - sysui/desktop/share/apparmor.sh | 33 +++++++++++++++-------------- 5 files changed, 32 insertions(+), 27 deletions(-)
New commits: commit 577fbba417454da8cd461da71fee8b97896d2497 Author: Bryan Quigley <[email protected]> Date: Tue Apr 12 15:08:51 2016 -0400 tdf#99251 Update AppArmor Profiles Make them less resrictive when executing other exes This lets the splash screen work again. Modify AppArmor.sh to be more useful. Change-Id: Icf06910c845d9389b9b75c1623037e1d07489728 Reviewed-on: https://gerrit.libreoffice.org/24043 Tested-by: Jenkins <[email protected]> Reviewed-by: Björn Michaelsen <[email protected]> diff --git a/sysui/desktop/apparmor/program.oosplash b/sysui/desktop/apparmor/program.oosplash index 99ba58e..fef54b7 100644 --- a/sysui/desktop/apparmor/program.oosplash +++ b/sysui/desktop/apparmor/program.oosplash @@ -1,6 +1,6 @@ # ------------------------------------------------------------------ # -# Copyright (C) 2015 Canonical Ltd. +# Copyright (C) 2016 Canonical Ltd. # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this @@ -20,10 +20,11 @@ profile libreoffice-oopslash INSTDIR-program/oosplash { /etc/passwd r, /etc/nsswitch.conf r, /run/nscd/passwd r, - /usr/lib{,32,64}/ure/bin/javaldx Cx, + /usr/lib{,32,64}/ure/bin/javaldx rmpux, /usr/share/libreoffice/program/* r, - INSTDIR-program/soffice.bin rmPUx, - INSTDIR-program/javaldx rmPUx, + INSTDIR-program/** r, + INSTDIR-program/soffice.bin rmpx, + INSTDIR-program/javaldx rmpux, owner @{HOME}/.Xauthority r, owner @{HOME}/.config/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw, unix peer=(addr=@/tmp/.ICE-unix/* label=unconfined), diff --git a/sysui/desktop/apparmor/program.senddoc b/sysui/desktop/apparmor/program.senddoc index f258114..42c2740 100644 --- a/sysui/desktop/apparmor/program.senddoc +++ b/sysui/desktop/apparmor/program.senddoc @@ -1,6 +1,6 @@ # ------------------------------------------------------------------ # -# Copyright (C) 2015 Canonical Ltd. +# Copyright (C) 2016 Canonical Ltd. # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this @@ -27,7 +27,7 @@ profile libreoffice-senddoc INSTDIR-/usr/lib{,32,64}/libreoffice/program/senddoc /bin/uname rmix, /usr/bin/xdg-open Cxr -> sanitized_helper, /dev/null rw, - INSTDIR-program/uri-encode rmPUx, + INSTDIR-program/uri-encode rmpux, /usr/share/libreoffice/share/config/* r, owner @{HOME}/.config/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw, } diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin index e62216c..285b499 100644 --- a/sysui/desktop/apparmor/program.soffice.bin +++ b/sysui/desktop/apparmor/program.soffice.bin @@ -1,6 +1,6 @@ # ------------------------------------------------------------------ # -# Copyright (C) 2015 Canonical Ltd. +# Copyright (C) 2016 Canonical Ltd. # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this @@ -33,7 +33,7 @@ @{libreoffice_ext} += [jJ][pP][eE][gG] @{libreoffice_ext} += [pP][nN][gG] @{libreoffice_ext} += [sS][vV][gG] -@{libreoffice_ext} += [sS][vV][gG][zZ] +@{libreoffice_ext} += [sS][vV][gG][zZ]99251 @{libreoffice_ext} += [tT][iI][fF] @{libreoffice_ext} += [tT][iI][fF][fF] @@ -50,7 +50,7 @@ #Impress/Draw @{libreoffice_ext} += [pP][pP][tTsS]{,x,X} @{libreoffice_ext} += [pP][oO][tT]{,m,M} -@{libreoffice_ext} += [sS][wW][fF] +@{libreoffice_ext} += [sS][wW][fF] #Flash @{libreoffice_ext} += [pP][sS][dD] #Photoshop #Math @@ -122,10 +122,11 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin { /usr/lib{,32,64}/jvm/** r, INSTDIR-** ra, INSTDIR-**.so rm, + INSTDIR-share/uno_packages/cache/* rw, INSTDIR-program/soffice.bin rmix, - INSTDIR-program/xpdfimport rPx, + INSTDIR-program/xpdfimport rpx, /usr/bin/xdg-open rPUx, - INSTDIR-program/senddoc rPx, + INSTDIR-program/senddoc rpx, /usr/share/java/**.jar r, /usr/share/hunspell/ r, diff --git a/sysui/desktop/apparmor/program.xpdfimport b/sysui/desktop/apparmor/program.xpdfimport index a83827f..ba0e1d2 100644 --- a/sysui/desktop/apparmor/program.xpdfimport +++ b/sysui/desktop/apparmor/program.xpdfimport @@ -1,6 +1,6 @@ # ------------------------------------------------------------------ # -# Copyright (C) 2015 Canonical Ltd. +# Copyright (C) 2016 Canonical Ltd. # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this diff --git a/sysui/desktop/share/apparmor.sh b/sysui/desktop/share/apparmor.sh index 88baff8..4a91310 100755 --- a/sysui/desktop/share/apparmor.sh +++ b/sysui/desktop/share/apparmor.sh @@ -2,7 +2,7 @@ # This file is part of the LibreOffice project. # ------------------------------------------------------------------ # -# Copyright (C) 2015 Canonical Ltd. +# Copyright (C) 2016 Canonical Ltd. # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this @@ -13,36 +13,39 @@ # ------------------------------------------------------------------ # This is a simple script to help get AppArmor working on different distros +# Generally these apparmor profiles target the latest LibreOffice INST_ROOT=$1 #Where libreoffice program folder can be found PROFILESFROM=$2 #Where the profile files are -INSTALLTO=$3 #Where should the apparmor profiles live (to be be linked to) -INSTALL=$4 #True means try to run sudo to link (doesn't reload profiles) +INSTALLTO=$3 #Where should the apparmor profiles (For manual use should be /etc/apparmor.d) +RESTART=$4 #Should we restart apparmor using service? -#For example to get this to work on Ubuntu 15.10 with stock LibreOffice: -# ./sysui/desktop/share/apparmor.sh /usr/lib/libreoffice/ sysui/desktop/apparmor/ /mnt/store/git/libo/instdir/apparmor-testing/ true +#Example uses: +#Ubuntu 16.04 with stock LibreOffice: +# sudo ./sysui/desktop/share/apparmor.sh /usr/lib/libreoffice/ sysui/desktop/apparmor/ /etc/apparmor.d/ true -#For example on Ubuntu 15.10, with built debs from the LibreOffice website -# At the current time you need run /opt/libreofficedev5.1/program/soffice.bin directly - splash screen doesn't work -# ./sysui/desktop/share/apparmor.sh /opt/libreofficedev5.1/ sysui/desktop/apparmor/ /mnt/store/git/libo/instdir/apparmor-testing/ true +#Ubuntu 16.04, with built debs from LibreOffice git +# sudo ./sysui/desktop/share/apparmor.sh /opt/libreofficedev5.2/ sysui/desktop/apparmor/ /etc/apparmor.d/ true -mkdir -p $INSTALLTO +#Ubuntu 16.04, running from git! +# sudo ./sysui/desktop/share/apparmor.sh /mnt/store/git/libo/instdir/ sysui/desktop/apparmor/ /etc/apparmor.d/ true #Need to convert / to . for profile names INST_ROOT_FORMAT=${INST_ROOT/\//} INST_ROOT_FORMAT=${INST_ROOT_FORMAT////.} -#Need to escale / for sed +#Need to escape / for sed INST_ROOT_SED=${INST_ROOT////\\/} for filename in `ls $PROFILESFROM` do tourl=$INSTALLTO$INST_ROOT_FORMAT$filename cat $PROFILESFROM$filename | sed "s/INSTDIR-/$INST_ROOT_SED/g" > $tourl - - if [ "$INSTALL" = true ] ; then - sudo rm /etc/apparmor.d/$INST_ROOT_FORMAT$filename - sudo ln -s $tourl /etc/apparmor.d/$INST_ROOT_FORMAT$filename - fi + echo "$tourl" done + +if [ "$RESTART" = true ] ; then + echo "Restarting AppArmor" + service apparmor restart +fi
_______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
