apparmor: fix printing to file

AppArmor denies writing to .ps files and dealing with temporaries needed
for "Print to file" functionality. Add .ps to the allowed extensions
list, also giving access to rm executable together with writing
printing-related temporary file.

Change-Id: I415e1401878bff6459f42162d4e8b517261b9cec
Reviewed-on: https://gerrit.libreoffice.org/59114
Tested-by: Jenkins
Reviewed-by: Rene Engelhard <rene@debian.org>
Gbp-Pq: Name apparmor-fixes.diff

diff --git a/sysui/desktop/apparmor/program.soffice.bin b/sysui/desktop/apparmor/program.soffice.bin
index 1c3b0fa455c6809d7ab0eec590860a7f1a4892f5..50389691e784d35f92d8b93d61167657ccd61cb0 100644 (file)
--- a/sysui/desktop/apparmor/program.soffice.bin
+++ b/sysui/desktop/apparmor/program.soffice.bin
@@ -37,6 +37,8 @@
 @{libreoffice_ext} += {,x,X}[hH][tT][mM]{,l,L}
 #.epub
 @{libreoffice_ext} += [eE][pP][uU][bB]
+#.ps (printing to file)
+@{libreoffice_ext} += [pP][sS]
 
 #Images
 @{libreoffice_ext} += [jJ][pP][gG]
@@ -113,6 +115,7 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin flags=(complain) {
   owner @{HOME}/.cache/fontconfig/**    rw,
   owner @{HOME}/.config/gtk-???/bookmarks r,  #Make bookmarks work
   owner @{HOME}/.recently-used          rwk,
+  owner /tmp/psp[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]* rw, #/tmp/psp1534203998 (printing to file)
 
   owner /{,var/}run/user/*/dconf/user   rw,
   owner @{HOME}/.config/dconf/user      r,
@@ -127,6 +130,7 @@ profile libreoffice-soffice INSTDIR-program/soffice.bin flags=(complain) {
   /{usr/,}bin/sh                        rmix,
   /{usr/,}bin/bash                      rmix,
   /{usr/,}bin/dash                      rmix,
+  /{usr/,}bin/rm                        rmix, #deleting /tmp/psp1534203998 (printing to file)
   /usr/bin/bluetooth-sendto             rmPUx,
   /usr/bin/lpr                          rmPUx,
   /usr/bin/paperconf                    rmix,