[apparmor] [patch] allow ubuntu-helpers to generate texlive fonts (LP: #1010909)
Jamie Strandboge
jamie at canonical.com
Wed Apr 8 15:06:53 UTC 2015
On 04/07/2015 04:51 PM, Steve Beattie wrote:
> Bug: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1010909
>
> When evince opens a dvi file, it updates the user fonts using
> texlive commands in /usr/share/texlive/texmf-dist/web2c/ (or possibly
> /usr/share/texlive/texmf/web2c/ in older releases). This patch adjusts
> the sanitized_helper profile to allow these tools to run.
>
> Nominated for trunk and 2.9.
>
> Signed-off-by: Steve Beattie <steve at nxnw.org>
Acked-By: Jamie Strandboge <jamie at canonical.com>
> ---
> profiles/apparmor.d/abstractions/ubuntu-helpers | 3 +++
> 1 file changed, 3 insertions(+)
>
> Index: b/profiles/apparmor.d/abstractions/ubuntu-helpers
> ===================================================================
> --- a/profiles/apparmor.d/abstractions/ubuntu-helpers
> +++ b/profiles/apparmor.d/abstractions/ubuntu-helpers
> @@ -59,6 +59,9 @@ profile sanitized_helper {
> # permissions for /usr/share, but for now just do this. (LP: #972367)
> /usr/share/software-center/* Pixr,
>
> + # Allow exec of texlive font build scripts (LP: #1010909)
> + /usr/share/texlive/texmf{,-dist}/web2c/{,**/}* Pixr,
> +
> # While the chromium and chrome sandboxes are setuid root, they only link
> # in limited libraries so glibc's secure execution should be enough to not
> # require the santized_helper (ie, LD_PRELOAD will only use standard system
>
>
>
--
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150408/e7e4b84b/attachment.pgp>
More information about the AppArmor
mailing list