[pkg-aa-profiles-team] [apparmor-profiles-extra] 05/07: Refresh Evince profile from the Ubuntu package (3.10.3-0ubuntu16, bzr r205).

Intrigeri intrigeri at moszumanska.debian.org
Thu Aug 21 11:38:49 UTC 2014 

This is an automated email from the git hooks/post-receive script.

intrigeri pushed a commit to branch master
in repository apparmor-profiles-extra.

commit dccf5a2ed71473cbced1d62573131822cacde284
Author: intrigeri <intrigeri at boum.org>
Date:   Thu Aug 21 11:19:52 2014 +0000

    Refresh Evince profile from the Ubuntu package (3.10.3-0ubuntu16, bzr r205).
---
 profiles/abstractions/evince |  9 +++++++++
 profiles/usr.bin.evince      | 43 +++++++++++++++++++++++++++----------------
 2 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/profiles/abstractions/evince b/profiles/abstractions/evince
index f9a13a1..e6a5757 100644
--- a/profiles/abstractions/evince
+++ b/profiles/abstractions/evince
@@ -24,12 +24,20 @@
   # apport
   /etc/default/apport r,
 
+  # XFCE
+  /etc/xfce4/defaults.list r,
+
+  # Lubuntu
+  /etc/xdg/lubuntu/applications/defaults.list r,
+
   # evince specific
   /etc/ r,
   /etc/fstab r,
   /etc/texmf/ r,
   /etc/texmf/** r,
   /etc/xpdf/* r,
+  owner @{HOME}/.config/evince/   rw,
+  owner @{HOME}/.config/evince/** rwkl,
 
   /usr/bin/gs-esp ixr,
   /usr/bin/mktexpk Cx -> sanitized_helper,
@@ -71,6 +79,7 @@
   /**.[pP][nN][gG]     r,
   /**.[pP][sS]         r,
   /**.[eE][pP][sS]     r,
+  /**.[eE][pP][sS][fFiI23] r,
   /**.[tT][iI][fF]     r,
   /**.[tT][iI][fF][fF] r,
   /**.[xX][pP][mM]     r,
diff --git a/profiles/usr.bin.evince b/profiles/usr.bin.evince
index 48773ce..d77fb3b 100644
--- a/profiles/usr.bin.evince
+++ b/profiles/usr.bin.evince
@@ -10,6 +10,7 @@
   #include <abstractions/cups-client>
   #include <abstractions/dbus>
   #include <abstractions/dbus-session>
+  #include <abstractions/dbus-accessibility>
   #include <abstractions/evince>
   #include <abstractions/ibus>
   #include <abstractions/nameservice>
@@ -34,7 +35,11 @@
   /usr/bin/evince-previewer Px,
   /usr/bin/yelp Cx -> sanitized_helper,
   /usr/bin/bug-buddy px,
-  /usr/bin/nautilus Cx -> sanitized_helper,
+  # 'Show Containing Folder' (LP: #1022962)
+  /usr/bin/nautilus Cx -> sanitized_helper, # Gnome
+  /usr/bin/pcmanfm Cx -> sanitized_helper,  # LXDE
+  /usr/bin/krusader Cx -> sanitized_helper, # KDE
+  /usr/bin/thunar Cx -> sanitized_helper,   # XFCE
 
   # For Xubuntu to launch the browser
   /usr/bin/exo-open ixr,
@@ -53,23 +58,31 @@
   / r,
   /**/ r,
 
-  @{HOME}/ r,
-
   # This is need for saving files in your home directory without an extension.
   # Changing this to '@{HOME}/** r' makes it require an extension and more
   # secure (but with 'rw', we still have abstractions/private-files-strict in
   # effect).
-  @{HOME}/** rw,
-  @{HOME}/.local/share/gvfs-metadata/** l,
+  owner @{HOME}/** rw,
+  owner /media/**  rw,
+  owner @{HOME}/.local/share/gvfs-metadata/** l,
+  owner /{,var/}run/user/*/gvfs-metadata/** l,
 
-  @{HOME}/.gnome2/evince/*       rwl,
-  @{HOME}/.gnome2/accels/        rw,
-  @{HOME}/.gnome2/accelsevince   rw,
-  @{HOME}/.gnome2/accels/evince  rw,
+  owner @{HOME}/.gnome2/evince/*       rwl,
+  owner @{HOME}/.gnome2/accels/        rw,
+  owner @{HOME}/.gnome2/accelsevince   rw,
+  owner @{HOME}/.gnome2/accels/evince  rw,
 
   # Maybe add to an abstraction?
-  owner /{,var/}run/user/*/dconf/          w,
-  owner /{,var/}run/user/*/dconf/user      rw,
+  /etc/dconf/**                                       r,
+  owner @{HOME}/.cache/dconf/user                     rw,
+  owner @{HOME}/.config/dconf/user                    r,
+  owner /{,var/}run/user/*/dconf/                     w,
+  owner /{,var/}run/user/*/dconf/user                 rw,
+  owner /{,var/}run/user/*/dconf-service/keyfile/     w,
+  owner /{,var/}run/user/*/dconf-service/keyfile/user rw,
+
+  owner /{,var/}run/user/*/at-spi2-*/   rw,
+  owner /{,var/}run/user/*/at-spi2-*/** rw,
 
   # from http://live.gnome.org/Evince/SupportedDocumentFormats. Allow
   # read and write for all supported file formats
@@ -93,10 +106,6 @@
   /**.[cC][bB][rRzZ7]  rw,
   /**.[xX][zZ]         rw,
 
-  # allow creating directories that we own
-  owner /media/**/ w,
-  owner @{HOME}/**/ w,
-
   # evince creates a temporary stream file like '.goutputstream-XXXXXX' in the
   # directory a file is saved. This allows that behavior.
   owner /**/.goutputstream-* w,
@@ -107,6 +116,7 @@
   #include <abstractions/bash>
   #include <abstractions/cups-client>
   #include <abstractions/dbus-session>
+  #include <abstractions/dbus-accessibility>
   #include <abstractions/evince>
   #include <abstractions/ibus>
   #include <abstractions/nameservice>
@@ -162,5 +172,6 @@
   # Lenient, but remember we still have abstractions/private-files-strict in
   # effect).
   @{HOME}/ r,
-  @{HOME}/** rw,
+  owner @{HOME}/** rw,
+  owner /media/**  rw,
 }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/apparmor-profiles-extra.git

More information about the Pkg-aa-profiles-team mailing list