[apparmor] New LibreOffice Profile
Bryan Quigley
bryan.quigley at canonical.com
Fri Apr 3 17:57:21 UTC 2015
I've pretty much re-reviewed every line and determined a couple
abstractions could be dropped.
/tmp access was able to be refined a bunch
>>> This profile should not be turned on by default because:
>>
>> That means it should probably live in the extra profiles directory, with
>> the disadvantage that not too many people look into it or use it.
Upon reviewing the Ubuntu apparmor-profiles package I noticed that it
does complain mode by default. That should be fine. So maybe not in
-extra?
>> Indeed, the soffice.bin comes with an impressive collection of
>> abstractions and other permissions. (I hope you have good reasons for
>> each of them ;-)
Tried to make that better, but it seems I still need the read
everywhere for the file selector. I couldn't find a way to just give
"directory listing" permissions everywhere..
I added profiles for LibreOffice's built-in launching programs which
make some of the abstractions/ubuntu useless.
Thanks!
Bryan
my takeaways from profiling:
LibreOffice should use a prefix when writing tmp files
Moving to just always use xdg-open might get rid of 3 scripts in LO.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: usr.lib.libreoffice.program.soffice.bin
Type: application/octet-stream
Size: 4918 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150403/bf134ff8/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: usr.lib.libreoffice.program.senddoc
Type: application/octet-stream
Size: 1351 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150403/bf134ff8/attachment-0003.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: usr.lib.libreoffice.program.open-url
Type: application/octet-stream
Size: 1197 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150403/bf134ff8/attachment-0004.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: usr.lib.libreoffice.program.xpdfimport
Type: application/octet-stream
Size: 1183 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150403/bf134ff8/attachment-0005.obj>
More information about the AppArmor
mailing list