Bug#887593: libreoffice-common: apparmor profiles triggers lot of ALLOWED entries
On Fri, Jan 19, 2018 at 12:52:32PM +0100, Christian Boltz wrote:
> just a quick note:
>
> > + /usr/bin/gpg rmix,
> > + /usr/bin/gpgsm rmix,
>
> and in a later comment
>
> > Thinking about it, we probably also would need owner
> > "@{HOME}/.gnupg/* rwk," then for gpg. This gets interesting...
>
> I'd recommend to use Cx (child profile) rules for gpg so that only gpg
> (and not libreoffice) get access to ~/.gnupg/
So you basically say this should be
/usr/bin/gpg rmCx,
/usr/bin/gpgsm rmCx,
?
At least that is how I read
https://github.com/coderbunker/linux/wiki/Apparmor-how-to
Something special for .gnupg then? Right now there is
https://cgit.freedesktop.org/libreoffice/core/commit/?id=c6a19889e91f2585453636667e3d5779b153ab86:
owner @{HOME}/.gnupg/* r,
Regards,
Rene
Reply to: