sysui/desktop/apparmor/program.soffice.bin | 50 +++++++++++++++++++++++++++++
1 file changed, 50 insertions(+)
New commits:
commit c86e4ad53391d17d1eb54845b5999889f7e65061
Author: Vincas Dargis <vin...@gmail.com>
AuthorDate: Tue Aug 7 20:34:21 2018 +0300
Commit: Katarina Behrens <katarina.behr...@cib.de>
CommitDate: Tue Aug 14 13:28:01 2018 +0200
apparmor: update program.soffice.bin for KDE
Add rules to fix file dialog and other issues with 6.2 alpha1 on Debian
Buster with KDE desktop.
Change-Id: Ib1b20c5809ac9bdea1bf2623eff4345fa42fd4f3
Reviewed-on: https://gerrit.libreoffice.org/58702
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glo...@fbihome.de>
Reviewed-by: Katarina Behrens <katarina.behr...@cib.de>
diff --git a/sysui/desktop/apparmor/program.soffice.bin
b/sysui/desktop/apparmor/program.soffice.bin
index a6802609dcfa..ebb012aa867f 100644
--- a/sysui/desktop/apparmor/program.soffice.bin
+++ b/sysui/desktop/apparmor/program.soffice.bin
@@ -98,6 +98,7 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
owner @{libo_user_dirs}/**~lock.* rw, #lock file support
owner @{libo_user_dirs}/**.@{libreoffice_ext} rwk, #Open files rw with the
right exts
owner @{libo_user_dirs}/{,**/}lu??????????{,?}.tmp rwk, #Temporary file used
when saving
+ owner @{libo_user_dirs}/{,**/}.directory r, #Read directory settings on KDE
# Settings
/etc/libreoffice/ r,
@@ -107,6 +108,9 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
/proc/*/status r,
owner @{HOME}/.config/libreoffice{,dev}/** rwk,
+ owner @{HOME}/.config/soffice.binrc rwl -> @{HOME}/.config/#[0-9]*,
+ owner @{HOME}/.config/soffice.binrc.* rwl -> @{HOME}/.config/#[0-9]*,
+ owner @{HOME}/.config/soffice.binrc.lock rwk,
owner @{HOME}/.cache/fontconfig/** rw,
owner @{HOME}/.config/gtk-???/bookmarks r, #Make bookmarks work
owner @{HOME}/.recently-used rwk,
@@ -174,9 +178,18 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
#Likely moving to abstractions in the future
owner @{HOME}/.icons/*/cursors/* r,
+ /etc/fstab r, # Solid::DeviceNotifier::instance() TODO: deny?
/sys/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor}
r, # for libdrm
/usr/share/*-fonts/conf.avail/*.conf r,
/usr/share/fonts-config/conf.avail/*.conf r,
+ /{,var/}run/udev/data/+usb:* r, # Solid::Device::listFromQuery()
+ /{,var/}run/udev/data/{c,b}*:* r, # Solid::Device::description(),
Solid::Device::listFromQuery()
+ @{PROC}/sys/kernel/random/boot_id r, # KRecentDocument::add() ->
QSysInfo::bootUniqueId()
+
+ #To avoid "Unable to create io-slave." for file dialog
+ owner /{,var/}run/user/[0-9]*/#[0-9]* rw,
+ #For KIO IO::Slave::createSlave()
+ owner /{,var/}run/user/[0-9]*/soffice.bin*.slave-socket wl ->
/{,var/}run/user/[0-9]*/#[0-9]*,
owner @{HOME}/.mozilla/firefox/profiles.ini r,
owner @{HOME}/.mozilla/firefox/*/secmod.db r,
@@ -184,6 +197,9 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
owner @{HOME}/.mozilla/firefox/*/cert8.db r,
# firefox >= 58
owner @{HOME}/.mozilla/firefox/*/cert9.db r,
+
+ owner @{HOME}/.local/share/user-places.xbel r,
+
# there is abstractions/gnupg but that's just for gpg1...
profile gpg {
#include <abstractions/base>
@@ -204,4 +220,38 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
/usr/lib/*/qt5/plugins/** rm,
/usr/share/plasma/look-and-feel/**/contents/defaults r,
+ # TODO: remove when rules are available in abstractions/kde
+ owner @{HOME}/.cache/ksycoca5_??_* r, # KDE System Configuration Cache
+ owner @{HOME}/.config/baloofilerc r, # indexing options (excludes, etc),
used by KFileWidget
+ owner @{HOME}/.config/dolphinrc r, # settings used by KFileWidget
+ owner @{HOME}/.config/kde.org/libphonon.conf r, # for
KNotifications::sendEvent()
+ owner @{HOME}/.config/klanguageoverridesrc r, # per-application languages,
for KDEPrivate::initializeLanguages() from libKF5XmlGui.so
+ owner @{HOME}/.config/trashrc r, # user by KFileWidget
+ /usr/share/knotifications5/*.notifyrc r, # KNotification::sendEvent
+
+ # TODO: remove when rules are available in abstactions/kde-write-icon-cache
or similar
+ owner @{HOME}/.cache/icon-cache.kcache rw, # for KIconLoader
+
+ # TODO: remove when rules are available in abstractions/kdeframeworks5 or
simiar
+ /usr/share/kservices5/*.protocol r,
+
+ # TODO: use qt5-settings-write abstraction when it is available
+ owner @{HOME}/.config/QtProject.conf rw,
+ owner @{HOME}/.config/QtProject.conf.?????? l ->
@{HOME}/.config/#[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],
+ owner @{HOME}/.config/QtProject.conf.?????? rw, # for temporary files like
QtProject.conf.Aqrgeb
+ owner @{HOME}/.config/QtProject.conf.lock rwk,
+
+ # TODO: use qt5-compose-cache-write abstraction when it is available
+ owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* r,
+
+ # TODO: use recent-documents-write abstaction when it is available
+ owner @{HOME}/.local/share/RecentDocuments/** r,
+ owner @{HOME}/.local/share/RecentDocuments/*.desktop rwl ->
@{HOME}/.local/share/RecentDocuments/#[0-9]*,
+ owner @{HOME}/.local/share/RecentDocuments/#[0-9]* rw,
+ owner @{HOME}/.local/share/RecentDocuments/*.lock rwk,
+
+ # TODO: use kde-globals-write abstraction when it is available
+ owner @{HOME}/.config/kdeglobals rw,
+ owner @{HOME}/.config/kdeglobals.* rwl -> @{HOME}/.config/#[0-9]*,
+ owner @{HOME}/.config/kdeglobals.lock rwk,
}
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
