diff options
author | Rene Engelhard <rene@debian.org> | 2018-01-21 14:48:02 +0100 |
---|---|---|
committer | Michael Stahl <mstahl@redhat.com> | 2018-02-01 14:12:45 +0100 |
commit | b6176bde1dc267601839d0d6510beaa07a28d8fa (patch) | |
tree | abdb555c75216a9bb97e0a02150af117bcc72e7e /sysui | |
parent | 2521401271820be9f42cb24e7dce12609e8f4686 (diff) |
apparmor: fix @{HOME}/.mozilla/firefox access for XML signing
the #include <abstractions/private-files-strict> bringing
"audit deny @{HOME}/.mozilla/** mrwkl," in actually denies everything here.
Use just <abstractions/private-files> and allow profiles.ini, secmod.db
and cert8.db.
At least opening the Digital Signatures dialog doesn't log apparmor DENIED
now...
Change-Id: Id557626fc26745841f0cca005d483fd1e6ac922d
Reviewed-on: https://gerrit.libreoffice.org/48264
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Michael Stahl <mstahl@redhat.com>
Diffstat (limited to 'sysui')
-rw-r--r-- | sysui/desktop/apparmor/program.soffice.bin | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin index d2042d352830..4fafdd9a8b5b 100644 --- a/sysui/desktop/apparmor/program.soffice.bin +++ b/sysui/desktop/apparmor/program.soffice.bin @@ -73,7 +73,7 @@ #include <tunables/global> profile libreoffice-soffice INSTDIR-program/soffice.bin { - #include <abstractions/private-files-strict> + #include <abstractions/private-files> #include <abstractions/audio> #include <abstractions/bash> @@ -175,7 +175,9 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin { /usr/share/*-fonts/conf.avail/*.conf r, /usr/share/fonts-config/conf.avail/*.conf r, - owner @{HOME}/.mozilla/firefox/** r, + owner @{HOME}/.mozilla/firefox/profiles.ini r, + owner @{HOME}/.mozilla/firefox/*/secmod.db r, + owner @{HOME}/.mozilla/firefox/*/cert8.db r, # there is abstractions/gnupg but that's just for gpg1... profile gpg { #include <abstractions/base> |