Bug#788009: xserver-xorg-input-synaptics: Please add apparmor profile for syndaemon

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#788009: xserver-xorg-input-synaptics: Please add apparmor profile for syndaemon
From: Cameron Norman <camerontnorman@gmail.com>
Date: Sun, 7 Jun 2015 12:21:31 -0700
Message-id: <[🔎] CALZWFRJMrs=YL0tbwhc8ma1+vaXDmg-6zNFu1dbmyFQFLxTDsg@mail.gmail.com>
Reply-to: Cameron Norman <camerontnorman@gmail.com>, 788009@bugs.debian.org

Package: xserver-xorg-input-synaptics
Version: 1.8.2-1
Severity: wishlist
Tags: patch

Dear Maintainer,

Please use the patch attached to add an apparmor profile for syndaemon
to your package.

At least for now, the profile is in "complain" mode, which means that
if syndaemon does something not defined in the profile, it will not be
impeded by apparmor -- only a message in the logs will appear. This
ensures that no permission issues will appear with the addition of
this profile.

Cheers,
--
Cameron Norman

commit 7b4b7db32648c26d7eca22b05285c0d663bdf0d1
Author: Cameron Norman <camerontnorman@gmail.com>
Date:   Sun Jun 7 12:06:40 2015 -0700

    Added apparmor profile for syndaemon (in complain mode)

diff --git a/debian/rules b/debian/rules
index 29f61aa..f759022 100755
--- a/debian/rules
+++ b/debian/rules
@@ -6,6 +6,7 @@ override_dh_auto_install:
 
 # Kill *.la files, and forget no-one:
 override_dh_install:
+	dh_apparmor --profile-name=usr.bin.syndaemon -pxserver-xorg-input-synaptics
 	find debian/tmp -name '*.la' -delete
 	dh_install --fail-missing
 
diff --git a/debian/usr.bin.syndaemon b/debian/usr.bin.syndaemon
new file mode 100644
index 0000000..6e502b8
--- /dev/null
+++ b/debian/usr.bin.syndaemon
@@ -0,0 +1,23 @@
+# vim:syntax=apparmor
+
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2015 Cameron Norman <camerontnorman@gmail.com>
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include <tunables/global>
+
+/usr/bin/syndaemon flags=(complain) {
+  #include <abstractions/base>
+  #include <abstractions/X>
+
+  owner /{,var/}run/user/*/syndaemon.pid rw,
+
+  # Site-specific additions and overrides. See local/README for details.
+  #include <local/usr.bin.syndaemon>
+}
diff --git a/debian/xserver-xorg-input-synaptics.install b/debian/xserver-xorg-input-synaptics.install
index 0835787..d5bef51 100644
--- a/debian/xserver-xorg-input-synaptics.install
+++ b/debian/xserver-xorg-input-synaptics.install
@@ -2,3 +2,4 @@ usr/lib/xorg/modules/input/*.so
 usr/bin/*
 usr/share/man
 usr/share/X11
+debian/usr.bin.syndaemon /etc/apparmor.d/

Reply to:

Follow-Ups:
- Processed: Re: Bug#788009: xserver-xorg-input-synaptics: Please add apparmor profile for syndaemon
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Processed: Re: Bug#788009: xserver-xorg-input-synaptics: Please add apparmor profile for syndaemon
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: Re: Bug#787241 closed by Julien Cristau <jcristau@debian.org> (Re: Bug#787241: xserver-xorg-video-intel: VT never returns from powersave on Haswell)
Next by Date: Bug#788009: xserver-xorg-input-synaptics: Please add apparmor profile for syndaemon
Previous by thread: Processed: Re: Bug#787241 closed by Julien Cristau <jcristau@debian.org> (Re: Bug#787241: xserver-xorg-video-intel: VT never returns from powersave on Haswell)
Next by thread: Processed: Re: Bug#788009: xserver-xorg-input-synaptics: Please add apparmor profile for syndaemon
Index(es):
- Date
- Thread