[apparmor] New LibreOffice Profile

[Christian Boltz]

Hello,

Am Freitag, 10. April 2015 schrieb Seth Arnold:
> On Fri, Apr 10, 2015 at 02:54:26PM -0400, Bryan Quigley wrote:
> > >BTW: On openSUSE, LibreOffice is installed to /usr/lib64/... on
> > >64bit
> > >systems, so you might want to change the profile names to
> > >/usr/lib*/...> 
> > Changed them all to lib{,32,64}

Thanks, I'll test them over the weekend.

> With the changed names, the profile names are now even more
> complicated; I think it's time to name the profiles separate from
> their attachment specification:
> 
> /usr/lib{,32,64}/libreoffice/program/soffice.bin {
> /usr/lib{,32,64}/libreoffice/program/senddoc {
> /usr/lib{,32,64}/libreoffice/program/open-url {
> /usr/lib{,32,64}/libreoffice/program/oosplash {
> 
> profile lo-soffice /usr/lib{,32,64}/libreoffice/program/soffice.bin {
> profile lo-senddoc /usr/lib{,32,64}/libreoffice/program/senddoc {
> profile lo-open-url /usr/lib{,32,64}/libreoffice/program/open-url {
> profile lo-oosplash /usr/lib{,32,64}/libreoffice/program/oosplash {
> 
> This way ps auxZ and aa-status output will be more legible.

Agreed, but I'd avoid abbr. and use names like libreoffice-soffice. 
That's still shorter than the average profile names [1], but 
understandable for everybody.

Note that you'll need the latest aa-* utils from bzr trunk if you want 
to use aa-logprof on such profiles. Older versions will ignore events 
for profiles with an attachment specification.


Regards,

Christian Boltz

[1] for example, "/usr/sbin/avahi-daemon" is longer than 
    "libreoffice-soffice"
-- 
Jungchen, so jemand wie Du kommt hier immer mal wieder vorbei. Wir
füttern ihn ne Weile und dann binden wir ihn auf ner Raststätte an und
hoffen, dass ihn kein Tierheim aufnimmt ;) [Jan Trippler in suse-linux]