[apparmor] [patch] allow ubuntu-helpers to generate texlive fonts (LP: #1010909)
Steve Beattie
steve at nxnw.org
Tue Apr 7 21:51:34 UTC 2015
Bug: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1010909
When evince opens a dvi file, it updates the user fonts using
texlive commands in /usr/share/texlive/texmf-dist/web2c/ (or possibly
/usr/share/texlive/texmf/web2c/ in older releases). This patch adjusts
the sanitized_helper profile to allow these tools to run.
Nominated for trunk and 2.9.
Signed-off-by: Steve Beattie <steve at nxnw.org>
---
profiles/apparmor.d/abstractions/ubuntu-helpers | 3 +++
1 file changed, 3 insertions(+)
Index: b/profiles/apparmor.d/abstractions/ubuntu-helpers
===================================================================
--- a/profiles/apparmor.d/abstractions/ubuntu-helpers
+++ b/profiles/apparmor.d/abstractions/ubuntu-helpers
@@ -59,6 +59,9 @@ profile sanitized_helper {
# permissions for /usr/share, but for now just do this. (LP: #972367)
/usr/share/software-center/* Pixr,
+ # Allow exec of texlive font build scripts (LP: #1010909)
+ /usr/share/texlive/texmf{,-dist}/web2c/{,**/}* Pixr,
+
# While the chromium and chrome sandboxes are setuid root, they only link
# in limited libraries so glibc's secure execution should be enough to not
# require the santized_helper (ie, LD_PRELOAD will only use standard system
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150407/6a3063f2/attachment.pgp>
More information about the AppArmor
mailing list