diff options
| author | Vincas Dargis <vindrg@gmail.com> | 2018-08-07 20:34:21 +0300 |
|---|---|---|
| committer | Katarina Behrens <Katarina.Behrens@cib.de> | 2018-08-14 13:28:01 +0200 |
| commit | c86e4ad53391d17d1eb54845b5999889f7e65061 (patch) | |
| tree | 852632658cfaee96243fbb80d18b543b499f0876 /sysui | |
| parent | 9f4d23c15115d64febd6bf01f870cc157badd350 (diff) | |
apparmor: update program.soffice.bin for KDE
Add rules to fix file dialog and other issues with 6.2 alpha1 on Debian
Buster with KDE desktop.
Change-Id: Ib1b20c5809ac9bdea1bf2623eff4345fa42fd4f3
Reviewed-on: https://gerrit.libreoffice.org/58702
Tested-by: Jenkins
Reviewed-by: Jan-Marek Glogowski <glogow@fbihome.de>
Reviewed-by: Katarina Behrens <Katarina.Behrens@cib.de>
Diffstat (limited to 'sysui')
| -rw-r--r-- | sysui/desktop/apparmor/program.soffice.bin | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin index a6802609dcfa..ebb012aa867f 100644 --- a/sysui/desktop/apparmor/program.soffice.bin +++ b/sysui/desktop/apparmor/program.soffice.bin @@ -98,6 +98,7 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin { owner @{libo_user_dirs}/**~lock.* rw, #lock file support owner @{libo_user_dirs}/**.@{libreoffice_ext} rwk, #Open files rw with the right exts owner @{libo_user_dirs}/{,**/}lu??????????{,?}.tmp rwk, #Temporary file used when saving + owner @{libo_user_dirs}/{,**/}.directory r, #Read directory settings on KDE # Settings /etc/libreoffice/ r, @@ -107,6 +108,9 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin { /proc/*/status r, owner @{HOME}/.config/libreoffice{,dev}/** rwk, + owner @{HOME}/.config/soffice.binrc rwl -> @{HOME}/.config/#[0-9]*, + owner @{HOME}/.config/soffice.binrc.* rwl -> @{HOME}/.config/#[0-9]*, + owner @{HOME}/.config/soffice.binrc.lock rwk, owner @{HOME}/.cache/fontconfig/** rw, owner @{HOME}/.config/gtk-???/bookmarks r, #Make bookmarks work owner @{HOME}/.recently-used rwk, @@ -174,9 +178,18 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin { #Likely moving to abstractions in the future owner @{HOME}/.icons/*/cursors/* r, + /etc/fstab r, # Solid::DeviceNotifier::instance() TODO: deny? /sys/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r, # for libdrm /usr/share/*-fonts/conf.avail/*.conf r, /usr/share/fonts-config/conf.avail/*.conf r, + /{,var/}run/udev/data/+usb:* r, # Solid::Device::listFromQuery() + /{,var/}run/udev/data/{c,b}*:* r, # Solid::Device::description(), Solid::Device::listFromQuery() + @{PROC}/sys/kernel/random/boot_id r, # KRecentDocument::add() -> QSysInfo::bootUniqueId() + + #To avoid "Unable to create io-slave." for file dialog + owner /{,var/}run/user/[0-9]*/#[0-9]* rw, + #For KIO IO::Slave::createSlave() + owner /{,var/}run/user/[0-9]*/soffice.bin*.slave-socket wl -> /{,var/}run/user/[0-9]*/#[0-9]*, owner @{HOME}/.mozilla/firefox/profiles.ini r, owner @{HOME}/.mozilla/firefox/*/secmod.db r, @@ -184,6 +197,9 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin { owner @{HOME}/.mozilla/firefox/*/cert8.db r, # firefox >= 58 owner @{HOME}/.mozilla/firefox/*/cert9.db r, + + owner @{HOME}/.local/share/user-places.xbel r, + # there is abstractions/gnupg but that's just for gpg1... profile gpg { #include <abstractions/base> @@ -204,4 +220,38 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin { /usr/lib/*/qt5/plugins/** rm, /usr/share/plasma/look-and-feel/**/contents/defaults r, + # TODO: remove when rules are available in abstractions/kde + owner @{HOME}/.cache/ksycoca5_??_* r, # KDE System Configuration Cache + owner @{HOME}/.config/baloofilerc r, # indexing options (excludes, etc), used by KFileWidget + owner @{HOME}/.config/dolphinrc r, # settings used by KFileWidget + owner @{HOME}/.config/kde.org/libphonon.conf r, # for KNotifications::sendEvent() + owner @{HOME}/.config/klanguageoverridesrc r, # per-application languages, for KDEPrivate::initializeLanguages() from libKF5XmlGui.so + owner @{HOME}/.config/trashrc r, # user by KFileWidget + /usr/share/knotifications5/*.notifyrc r, # KNotification::sendEvent + + # TODO: remove when rules are available in abstactions/kde-write-icon-cache or similar + owner @{HOME}/.cache/icon-cache.kcache rw, # for KIconLoader + + # TODO: remove when rules are available in abstractions/kdeframeworks5 or simiar + /usr/share/kservices5/*.protocol r, + + # TODO: use qt5-settings-write abstraction when it is available + owner @{HOME}/.config/QtProject.conf rw, + owner @{HOME}/.config/QtProject.conf.?????? l -> @{HOME}/.config/#[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9], + owner @{HOME}/.config/QtProject.conf.?????? rw, # for temporary files like QtProject.conf.Aqrgeb + owner @{HOME}/.config/QtProject.conf.lock rwk, + + # TODO: use qt5-compose-cache-write abstraction when it is available + owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* r, + + # TODO: use recent-documents-write abstaction when it is available + owner @{HOME}/.local/share/RecentDocuments/** r, + owner @{HOME}/.local/share/RecentDocuments/*.desktop rwl -> @{HOME}/.local/share/RecentDocuments/#[0-9]*, + owner @{HOME}/.local/share/RecentDocuments/#[0-9]* rw, + owner @{HOME}/.local/share/RecentDocuments/*.lock rwk, + + # TODO: use kde-globals-write abstraction when it is available + owner @{HOME}/.config/kdeglobals rw, + owner @{HOME}/.config/kdeglobals.* rwl -> @{HOME}/.config/#[0-9]*, + owner @{HOME}/.config/kdeglobals.lock rwk, } |