[apparmor] New LibreOffice Profile

[Bryan Quigley]

Hello

>but the excessive variable definition
>in the soffice.bin profile uncovered a bug in aa-complain ;-)
Glad I could help :).

>BTW: On openSUSE, LibreOffice is installed to /usr/lib64/... on 64bit
>systems, so you might want to change the profile names to /usr/lib*/...
Changed them all to lib{,32,64}

>Oh, at least openSUSE ships /etc/apparmor.d/abstractions/ubuntu-* (as
>contained in bzr and the release tarball). I'm not too happy about the
>naming scheme, but they can be useful nevertheless ;-)
Switched xdg-open to use sanitized helper.. Works fine.

>Another interesting discussion point. I'm not a fan of shipping profiles
>disabled or in complain mode, because it could give users a false sense
>of feeling protected.
Agreed, I'm going to approach upstream and see what they say.   I don't think
it's out of the question to just make a seperate package libreoffice-apparmor
that turns them on by default.

>Besides that, the file has an interesting[tm] mix of tabs and spaces,
All spaces now.

>After proofreading the profiles, I actually tested them - and have several
additions ;-)
Thanks!

>>+  /home/*/.execooo* mrw,   # probably tempfiles, * are 6 random chars
That's actual been "fixed" in
https://bugs.documentfoundation.org/show_bug.cgi?id=72755

>BTW: Interestingly, oosplash keeps running all the time (and killing it
>kills LibreOffice). Should oosplash also have a profile?
Tried making a simple one for it, mostly is fine, but I'm leaving the
Java part alone.

Thanks again for all the reviews!
Bryan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: usr.lib.libreoffice.program.soffice.bin
Type: application/octet-stream
Size: 5710 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150410/00503820/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: usr.lib.libreoffice.program.senddoc
Type: application/octet-stream
Size: 1262 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150410/00503820/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: usr.lib.libreoffice.program.open-url
Type: application/octet-stream
Size: 1117 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150410/00503820/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: usr.lib.libreoffice.program.oosplash
Type: application/octet-stream
Size: 1063 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150410/00503820/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: usr.lib.libreoffice.program.xpdfimport
Type: application/octet-stream
Size: 977 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150410/00503820/attachment-0003.obj>