[Libreoffice-commits] core.git: Branch 'libreoffice-6-0' - sysui/desktop

Wed Feb 7 12:32:03 UTC 2018

sysui/desktop/apparmor/program.soffice.bin |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

New commits:
commit 36aeb9c7a361e37433b6db280eac99eb5ab93891
Author: Rene Engelhard <rene at debian.org>
Date:   Sun Jan 21 14:48:02 2018 +0100

    apparmor: fix @{HOME}/.mozilla/firefox access for XML signing
    
    the #include <abstractions/private-files-strict> bringing
    "audit deny @{HOME}/.mozilla/** mrwkl," in actually denies everything here.
    Use just <abstractions/private-files> and allow profiles.ini, secmod.db
    and cert8.db.
    
    At least opening the Digital Signatures dialog doesn't log apparmor DENIED
    now...
    
    Change-Id: Id557626fc26745841f0cca005d483fd1e6ac922d
    Reviewed-on: https://gerrit.libreoffice.org/48264
    Tested-by: Jenkins <ci at libreoffice.org>
    Reviewed-by: Michael Stahl <mstahl at redhat.com>
    Reviewed-on: https://gerrit.libreoffice.org/49253
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>
    Tested-by: Caolán McNamara <caolanm at redhat.com>

diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin
index 84c4d543c48d..74320a6ff5ee 100644
--- a/sysui/desktop/apparmor/program.soffice.bin
+++ b/sysui/desktop/apparmor/program.soffice.bin
@@ -63,7 +63,7 @@
 #include <tunables/global>
 
 profile libreoffice-soffice INSTDIR-program/soffice.bin {
-  #include <abstractions/private-files-strict>
+  #include <abstractions/private-files>
 
   #include <abstractions/audio>
   #include <abstractions/bash>
@@ -165,6 +165,9 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin {
   /usr/share/*-fonts/conf.avail/*.conf  r,
   /usr/share/fonts-config/conf.avail/*.conf r,
 
+  owner @{HOME}/.mozilla/firefox/profiles.ini r,
+  owner @{HOME}/.mozilla/firefox/*/secmod.db r,
+  owner @{HOME}/.mozilla/firefox/*/cert8.db r,
   # there is abstractions/gnupg but that's just for gpg1...
   profile gpg {
     #include <abstractions/base>
