Bug#911897: AppArmor "complain" for oosplash & soffice

[Vincas Dargis <vindrg@gmail.com>]

Hi,

I too seen these /tmp/xauth.. stuff (I'm KDE user), and asked about it in AppArmor mailing list [0], 
and later in debian-devel [1].

Nothing new since when, haven given it any more time, but what I would like to achieve is as 
"agreement", that if some Debian package changes some "popular" environment variable (like 
XAUTHORITY or TMPDIR or whatver), it should ship a AppArmor "tunable" file with these variables 
appended. Like in this case, it could be `/etc/apparmor.d/tunables/env.d/kde-plasma` file with these 
contents:

```
XAUTHORITY += /tmp/xauth-@{uid}-_[0-9]* r,
```

And that XAUTHORITY would be used in abstractions/X [2] include, that is used in every GUI 
application profile.

If you take a look at these mailing list emails, you'll see that not all applicatios use /tmp/xauth, 
some still use ~/.Xauthority... I do not know what's the deal here...

Maybe I should just propose to add this `/tmp/xauth..` path into AppArmor upstream X abstraction, or 
we just add it into LO profile. In most cases, if application includes "kde" abstraction, it allows 
reading `/tmp/*` via `user-tmp` abstraction [3], so no problems are seen. For more smaller 
`oosplash` - it's otherwise.

[0] https://lists.ubuntu.com/archives/apparmor/2018-July/011714.html
[1] https://lists.debian.org/debian-devel/2018/08/msg00107.html
[2] 
https://gitlab.com/apparmor/apparmor/blob/f729391deb165a0100e27659a0d93bcf17eae067/profiles/apparmor.d/abstractions/X#L20
[3] 
https://gitlab.com/apparmor/apparmor/blob/f729391deb165a0100e27659a0d93bcf17eae067/profiles/apparmor.d/abstractions/kde#L17