[Libreoffice-commits] core.git: sysui/desktop

Libreoffice Gerrit user logerrit at kemper.freedesktop.org
Mon Aug 27 14:30:47 UTC 2018 

 sysui/desktop/apparmor/program.soffice.bin |    4 ++++
 1 file changed, 4 insertions(+)

New commits:
commit 136077b40cdabab83aec6833bf3895d4305d30a3
Author:     Vincas Dargis <vindrg at gmail.com>
AuthorDate: Tue Aug 14 21:34:59 2018 +0300
Commit:     Rene Engelhard <rene at debian.org>
CommitDate: Mon Aug 27 16:30:26 2018 +0200

    apparmor: fix printing to file
    
    AppArmor denies writing to .ps files and dealing with temporaries needed
    for "Print to file" functionality. Add .ps to the allowed extensions
    list, also giving access to rm executable together with writing
    printing-related temporary file.
    
    Change-Id: I415e1401878bff6459f42162d4e8b517261b9cec
    Reviewed-on: https://gerrit.libreoffice.org/59114
    Tested-by: Jenkins
    Reviewed-by: Rene Engelhard <rene at debian.org>

diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin
index 45252291938e..90d663a9d54a 100644
--- a/sysui/desktop/apparmor/program.soffice.bin
+++ b/sysui/desktop/apparmor/program.soffice.bin
@@ -37,6 +37,8 @@
 @{libreoffice_ext} += {,x,X}[hH][tT][mM]{,l,L}
 #.epub
 @{libreoffice_ext} += [eE][pP][uU][bB]
+#.ps (printing to file)
+@{libreoffice_ext} += [pP][sS]
 
 #Images
 @{libreoffice_ext} += [jJ][pP][gG]
@@ -117,6 +119,7 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
   owner @{HOME}/.cache/fontconfig/**    rw,
   owner @{HOME}/.config/gtk-???/bookmarks r,  #Make bookmarks work
   owner @{HOME}/.recently-used          rwk,
+  owner /tmp/psp[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]* rw, #/tmp/psp1534203998 (printing to file)
 
   owner /{,var/}run/user/*/dconf/user   rw,
   owner @{HOME}/.config/dconf/user      r,
@@ -131,6 +134,7 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
   /{usr/,}bin/sh                        rmix,
   /{usr/,}bin/bash                      rmix,
   /{usr/,}bin/dash                      rmix,
+  /{usr/,}bin/rm                        rmix, #deleting /tmp/psp1534203998 (printing to file)
   /usr/bin/bluetooth-sendto             rmPUx,
   /usr/bin/lpr                          rmPUx,
   /usr/bin/paperconf                    rmix,

More information about the Libreoffice-commits mailing list