Bug#670528: evince: please include AppArmor profile

2012-06-12 Thread intrigeri 
hi,

intrig...@debian.org wrote (25 Apr 2012 20:53:36 GMT) :
 Please include AppArmor profile for evince.

Is there anything I can do to increase the chances of this patch to be
applied in time for Wheezy?

Thank you for maintaining Evince in Debian.



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#670528: evince: please include AppArmor profile

2012-05-19 Thread intrigeri 
Hi,

 I have been testing evince for a few months, on a Debian sid system,
 with the AppArmor profile shipped by Ubuntu's evince (3.3.5-0ubuntu1
 and 3.4.0-0ubuntu1). I have not run into any single problem with it.

Now that evince 3.4 is in sid, I have tested the proposed profile
against this version and did not notice any problem (this is no
wonder, given Ubuntu is shipping it with evince 3.4, but I think it
was worth confirming).



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#670528: evince: please include AppArmor profile

2012-04-26 Thread intrigeri 
Source: evince
Version: 3.2.1-1+b1
Severity: wishlist
Tags: patch
User: appar...@packages.debian.org
Usertags: new-profile
thanks

Please include AppArmor profile for evince.

Since it handles untrusted data, and has been affected by a number of
potential security issues in past years relating to its handling of
those, it seems like an ideal candidate for confining:
https://wiki.debian.org/AppArmor

I have been testing evince for a few months, on a Debian sid system,
with the AppArmor profile shipped by Ubuntu's evince (3.3.5-0ubuntu1
and 3.4.0-0ubuntu1). I have not run into any single problem with it.

Attached is a patch that adds this AppArmor support to evince.
Please consider applying it.

Note that enforcing AppArmor profiles is currently opt-in: applying
the attached does not change anything for users unless they enable
AppArmor system-wide themselves.

diff -Naur evince-3.2.1-1.orig/debian/apparmor-profile evince-3.2.1/debian/apparmor-profile
--- evince-3.2.1-1.orig/debian/apparmor-profile	1970-01-01 01:00:00.0 +0100
+++ evince-3.2.1/debian/apparmor-profile	2012-04-08 09:05:20.240673780 +0200
@@ -0,0 +1,147 @@
+# vim:syntax=apparmor
+# Author: Kees Cook k...@canonical.com
+# Jamie Strandboge ja...@canonical.com
+
+#include tunables/global
+
+/usr/bin/evince {
+  #include abstractions/audio
+  #include abstractions/bash
+  #include abstractions/cups-client
+  #include abstractions/dbus-session
+  #include abstractions/evince
+  #include abstractions/ibus
+  #include abstractions/nameservice
+  #include abstractions/launchpad-integration
+
+  #include abstractions/ubuntu-browsers
+  #include abstractions/ubuntu-console-browsers
+  #include abstractions/ubuntu-email
+  #include abstractions/ubuntu-console-email
+  #include abstractions/ubuntu-media-players
+
+  # Terminals for using console applications. These abstractions should ideally
+  # have 'ix' to restrict access to what only evince is allowed to do
+  #include abstractions/ubuntu-gnome-terminal
+
+  # By default, we won't support launching a terminal program in Xterm or
+  # KDE's konsole. It opens up too many unnecessary files for most users.
+  # People who need this functionality can uncomment the following:
+  ##include abstractions/ubuntu-xterm
+  ##include abstractions/ubuntu-konsole
+
+  /usr/bin/evince rmPx,
+  /usr/bin/evince-previewer Px,
+  /usr/bin/yelp Cx - sanitized_helper,
+  /usr/bin/bug-buddy px,
+  /usr/bin/nautilus Cx - sanitized_helper,
+
+  # For text attachments
+  /usr/bin/gedit ixr,
+
+  # For Send to
+  /usr/bin/nautilus-sendto Cx - sanitized_helper,
+
+  # allow directory listings (ie 'r' on directories) so browsing via the file
+  # dialog works
+  / r,
+  /**/ r,
+
+  @{HOME}/ r,
+
+  # This is need for saving files in your home directory without an extension.
+  # Changing this to '@{HOME}/** r' makes it require an extension and more
+  # secure (but with 'rw', we still have abstractions/private-files-strict in
+  # effect).
+  @{HOME}/** rw,
+  @{HOME}/.local/share/gvfs-metadata/** l,
+
+  @{HOME}/.gnome2/evince/*   rwl,
+  @{HOME}/.gnome2/accels/rw,
+  @{HOME}/.gnome2/accelsevince   rw,
+  @{HOME}/.gnome2/accels/evince  rw,
+
+  # from http://live.gnome.org/Evince/SupportedDocumentFormats. Allow
+  # read and write for all supported file formats
+  /**.[bB][mM][pP] rw,
+  /**.[dD][jJ][vV][uU] rw,
+  /**.[dD][vV][iI] rw,
+  /**.[gG][iI][fF] rw,
+  /**.[jJ][pP][gG] rw,
+  /**.[jJ][pP][eE][gG] rw,
+  /**.[oO][dD][pP] rw,
+  /**.[fFpP][dD][fF]   rw,
+  /**.[pP][nN][mM] rw,
+  /**.[pP][nN][gG] rw,
+  /**.[pP][sS] rw,
+  /**.[eE][pP][sS] rw,
+  /**.[tT][iI][fF] rw,
+  /**.[tT][iI][fF][fF] rw,
+  /**.[xX][pP][mM] rw,
+  /**.[gG][zZ] rw,
+  /**.[bB][zZ]2rw,
+  /**.[cC][bB][rRzZ7]  rw,
+
+  # evince creates a temporary stream file like '.goutputstream-XX' in the
+  # directory a file is saved. This allows that behavior.
+  owner /**/.goutputstream-* w,
+}
+
+/usr/bin/evince-previewer {
+  #include abstractions/audio
+  #include abstractions/bash
+  #include abstractions/cups-client
+  #include abstractions/dbus-session
+  #include abstractions/evince
+  #include abstractions/ibus
+  #include abstractions/nameservice
+  #include abstractions/launchpad-integration
+
+  #include abstractions/ubuntu-browsers
+  #include abstractions/ubuntu-console-browsers
+  #include abstractions/ubuntu-email
+  #include abstractions/ubuntu-console-email
+  #include abstractions/ubuntu-media-players
+
+  # Terminals for using console applications. These abstractions should ideally
+  # have 'ix' to restrict access to what only evince is allowed to do
+  #include abstractions/ubuntu-gnome-terminal
+
+  # By default, we won't support launching a terminal program in Xterm or
+  # KDE's konsole. It opens up too many unnecessary files for most users.
+  # People who need this functionality can uncomment the following:
+  ##include