[apparmor] New LibreOffice Profile
Bryan Quigley
bryan.quigley at canonical.com
Mon Apr 6 16:04:41 UTC 2015
> These are looking impressive;
Thanks!
> I noticed a stray /** r, permission in one of the files; it might be best
> to replace that with / r, /**/ r, and re-test.
Couldn't find that, but I did post a few versions really quick.
>> I added profiles for LibreOffice's built-in launching programs which
>> make some of the abstractions/ubuntu useless.
>
> I did wonder if some of the xdg-open kinds of rmPUx permissions might be
> replaced with the sanitized_helper that ubuntu uses elsewhere.
Quite possible, but I was trying to make it more cross distro.
>> my takeaways from profiling:
>> LibreOffice should use a prefix when writing tmp files
>> Moving to just always use xdg-open might get rid of 3 scripts in LO.
>
> Both seem like good ideas. We might want to try to get Sweetshark's input
> on changing some tmp filenames.
I plan to propose both in future LibreOffice releases.
> It'd be far better to #include <abstractions/base> in each of the
> profiles:
Oh, that was mentioned previously, guess I didn't fully grep it.
>Another option is shipping them in the package, but disabled by default via
/etc/apparmor.d/disabled, like Ubuntu does with firefox and rsyslog now.
I'll approach LibreOffice upstream to see if we can get it included
there.. then all distros could inherit the right one for the version
they are using.
Thanks again!
Bryan
Attached for a last review here.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: usr.lib.libreoffice.program.soffice.bin
Type: application/octet-stream
Size: 4759 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150406/cc8dabfa/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: usr.lib.libreoffice.program.senddoc
Type: application/octet-stream
Size: 1095 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150406/cc8dabfa/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: usr.lib.libreoffice.program.open-url
Type: application/octet-stream
Size: 941 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150406/cc8dabfa/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: usr.lib.libreoffice.program.xpdfimport
Type: application/octet-stream
Size: 918 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150406/cc8dabfa/attachment-0002.obj>
More information about the AppArmor
mailing list