[Libreoffice-commits] core.git: sysui/desktop

Bryan Quigley gquigs at gmail.com
Thu Apr 14 12:30:59 UTC 2016


 sysui/desktop/apparmor/program.oosplash    |    9 ++++---
 sysui/desktop/apparmor/program.senddoc     |    4 +--
 sysui/desktop/apparmor/program.soffice.bin |   11 +++++----
 sysui/desktop/apparmor/program.xpdfimport  |    2 -
 sysui/desktop/share/apparmor.sh            |   33 +++++++++++++++--------------
 5 files changed, 32 insertions(+), 27 deletions(-)

New commits:
commit 577fbba417454da8cd461da71fee8b97896d2497
Author: Bryan Quigley <gquigs at gmail.com>
Date:   Tue Apr 12 15:08:51 2016 -0400

    tdf#99251 Update AppArmor Profiles
    
    Make them less resrictive when executing other exes
    This lets the splash screen work again.
    
    Modify AppArmor.sh to be more useful.
    
    Change-Id: Icf06910c845d9389b9b75c1623037e1d07489728
    Reviewed-on: https://gerrit.libreoffice.org/24043
    Tested-by: Jenkins <ci at libreoffice.org>
    Reviewed-by: Björn Michaelsen <bjoern.michaelsen at canonical.com>

diff --git a/sysui/desktop/apparmor/program.oosplash b/sysui/desktop/apparmor/program.oosplash
index 99ba58e..fef54b7 100644
--- a/sysui/desktop/apparmor/program.oosplash
+++ b/sysui/desktop/apparmor/program.oosplash
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2015 Canonical Ltd.
+#    Copyright (C) 2016 Canonical Ltd.
 #
 #    This Source Code Form is subject to the terms of the Mozilla Public
 #    License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -20,10 +20,11 @@ profile libreoffice-oopslash INSTDIR-program/oosplash {
   /etc/passwd                           r,
   /etc/nsswitch.conf                    r,
   /run/nscd/passwd                      r,
-  /usr/lib{,32,64}/ure/bin/javaldx      Cx,
+  /usr/lib{,32,64}/ure/bin/javaldx      rmpux,
   /usr/share/libreoffice/program/*      r,
-  INSTDIR-program/soffice.bin rmPUx,
-  INSTDIR-program/javaldx rmPUx,
+  INSTDIR-program/** 			r,
+  INSTDIR-program/soffice.bin rmpx,
+  INSTDIR-program/javaldx rmpux,
   owner @{HOME}/.Xauthority             r,
   owner @{HOME}/.config/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw,
   unix peer=(addr=@/tmp/.ICE-unix/* label=unconfined),
diff --git a/sysui/desktop/apparmor/program.senddoc b/sysui/desktop/apparmor/program.senddoc
index f258114..42c2740 100644
--- a/sysui/desktop/apparmor/program.senddoc
+++ b/sysui/desktop/apparmor/program.senddoc
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2015 Canonical Ltd.
+#    Copyright (C) 2016 Canonical Ltd.
 #
 #    This Source Code Form is subject to the terms of the Mozilla Public
 #    License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -27,7 +27,7 @@ profile libreoffice-senddoc INSTDIR-/usr/lib{,32,64}/libreoffice/program/senddoc
   /bin/uname            rmix,
   /usr/bin/xdg-open     Cxr -> sanitized_helper,
   /dev/null             rw,
-  INSTDIR-program/uri-encode rmPUx,
+  INSTDIR-program/uri-encode rmpux,
   /usr/share/libreoffice/share/config/* r,
   owner @{HOME}/.config/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw,
 }
diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin
index e62216c..285b499 100644
--- a/sysui/desktop/apparmor/program.soffice.bin
+++ b/sysui/desktop/apparmor/program.soffice.bin
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2015 Canonical Ltd.
+#    Copyright (C) 2016 Canonical Ltd.
 #
 #    This Source Code Form is subject to the terms of the Mozilla Public
 #    License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -33,7 +33,7 @@
 @{libreoffice_ext} += [jJ][pP][eE][gG]
 @{libreoffice_ext} += [pP][nN][gG]
 @{libreoffice_ext} += [sS][vV][gG]
-@{libreoffice_ext} += [sS][vV][gG][zZ]
+@{libreoffice_ext} += [sS][vV][gG][zZ]99251
 @{libreoffice_ext} += [tT][iI][fF]
 @{libreoffice_ext} += [tT][iI][fF][fF]
 
@@ -50,7 +50,7 @@
 #Impress/Draw
 @{libreoffice_ext} += [pP][pP][tTsS]{,x,X}
 @{libreoffice_ext} += [pP][oO][tT]{,m,M}
-@{libreoffice_ext} += [sS][wW][fF]
+@{libreoffice_ext} += [sS][wW][fF]  #Flash
 @{libreoffice_ext} += [pP][sS][dD]  #Photoshop
 
 #Math
@@ -122,10 +122,11 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
   /usr/lib{,32,64}/jvm/**                       r,
   INSTDIR-**                        ra,
   INSTDIR-**.so                     rm,
+  INSTDIR-share/uno_packages/cache/* rw,
   INSTDIR-program/soffice.bin       rmix,
-  INSTDIR-program/xpdfimport        rPx,
+  INSTDIR-program/xpdfimport        rpx,
   /usr/bin/xdg-open                 rPUx,
-  INSTDIR-program/senddoc           rPx,
+  INSTDIR-program/senddoc           rpx,
 
   /usr/share/java/**.jar                r,
   /usr/share/hunspell/                  r,
diff --git a/sysui/desktop/apparmor/program.xpdfimport b/sysui/desktop/apparmor/program.xpdfimport
index a83827f..ba0e1d2 100644
--- a/sysui/desktop/apparmor/program.xpdfimport
+++ b/sysui/desktop/apparmor/program.xpdfimport
@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2015 Canonical Ltd.
+#    Copyright (C) 2016 Canonical Ltd.
 #
 #    This Source Code Form is subject to the terms of the Mozilla Public
 #    License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/sysui/desktop/share/apparmor.sh b/sysui/desktop/share/apparmor.sh
index 88baff8..4a91310 100755
--- a/sysui/desktop/share/apparmor.sh
+++ b/sysui/desktop/share/apparmor.sh
@@ -2,7 +2,7 @@
 # This file is part of the LibreOffice project.
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2015 Canonical Ltd.
+#    Copyright (C) 2016 Canonical Ltd.
 #
 #    This Source Code Form is subject to the terms of the Mozilla Public
 #    License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -13,36 +13,39 @@
 # ------------------------------------------------------------------
 
 # This is a simple script to help get AppArmor working on different distros
+# Generally these apparmor profiles target the latest LibreOffice
 
 INST_ROOT=$1  #Where libreoffice program folder can be found
 PROFILESFROM=$2  #Where the profile files are
-INSTALLTO=$3  #Where should the apparmor profiles live (to be be linked to)
-INSTALL=$4  #True means try to run sudo to link (doesn't reload profiles)
+INSTALLTO=$3  #Where should the apparmor profiles (For manual use should be /etc/apparmor.d)
+RESTART=$4 #Should we restart apparmor using service?
 
-#For example to get this to work on Ubuntu 15.10 with stock LibreOffice:
-# ./sysui/desktop/share/apparmor.sh /usr/lib/libreoffice/ sysui/desktop/apparmor/ /mnt/store/git/libo/instdir/apparmor-testing/ true
+#Example uses:
+#Ubuntu 16.04 with stock LibreOffice:
+# sudo ./sysui/desktop/share/apparmor.sh /usr/lib/libreoffice/ sysui/desktop/apparmor/ /etc/apparmor.d/ true
 
-#For example on Ubuntu 15.10, with built debs from the LibreOffice website
-# At the current time you need run /opt/libreofficedev5.1/program/soffice.bin directly - splash screen doesn't work
-# ./sysui/desktop/share/apparmor.sh /opt/libreofficedev5.1/ sysui/desktop/apparmor/ /mnt/store/git/libo/instdir/apparmor-testing/ true
+#Ubuntu 16.04, with built debs from LibreOffice git
+# sudo ./sysui/desktop/share/apparmor.sh /opt/libreofficedev5.2/ sysui/desktop/apparmor/ /etc/apparmor.d/ true
 
-mkdir -p $INSTALLTO
+#Ubuntu 16.04, running from git!
+# sudo ./sysui/desktop/share/apparmor.sh /mnt/store/git/libo/instdir/ sysui/desktop/apparmor/ /etc/apparmor.d/ true
 
 #Need to convert / to . for profile names
 INST_ROOT_FORMAT=${INST_ROOT/\//}
 INST_ROOT_FORMAT=${INST_ROOT_FORMAT////.}
 
-#Need to escale / for sed
+#Need to escape / for sed
 INST_ROOT_SED=${INST_ROOT////\\/}
 
 for filename in `ls $PROFILESFROM`
 do
     tourl=$INSTALLTO$INST_ROOT_FORMAT$filename
     cat $PROFILESFROM$filename | sed "s/INSTDIR-/$INST_ROOT_SED/g" > $tourl
-
-    if [ "$INSTALL" = true ] ; then
-        sudo rm /etc/apparmor.d/$INST_ROOT_FORMAT$filename
-        sudo ln -s $tourl /etc/apparmor.d/$INST_ROOT_FORMAT$filename
-    fi
+    echo "$tourl"
 
 done
+
+if [ "$RESTART" = true ] ; then
+    echo "Restarting AppArmor"
+    service apparmor restart
+fi


More information about the Libreoffice-commits mailing list