Accepting request 127199 from home:msmeissn:branches:GNOME:Factory

- Add a apparmor profile for usr.lib.colord OBS-URL: https://build.opensuse.org/request/show/127199 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/colord?expand=0&rev=42
2012-07-16 20:21:24 +00:00 · 2012-07-16 20:21:24 +00:00 · 0653ef90b3
commit 0653ef90b3
parent 95e67e5621
4 changed files with 52 additions and 0 deletions
--- a/colord-gtk.spec
+++ b/colord-gtk.spec
@ -28,6 +28,7 @@ License:        GPL-2.0+
 Group:          System/Daemons
 Url:            http://colord.hughsie.com/
 Source0:        http://www.freedesktop.org/software/colord/releases/%{_name}-%{version}.tar.xz
 Source1:        usr.lib.colord
 Source99:       baselibs.conf
 BuildRequires:  gobject-introspection-devel
 BuildRequires:  intltool
@ -145,6 +146,8 @@ find %{buildroot} -type f -name '*.la' -delete -print
 %if !%{build_gtk}
 mkdir %{buildroot}/etc/apparmor.d
 install -c -m 644 %{SOURCE1} %{buildroot}/etc/apparmor.d/
 # Manually install prebuilt man pages, since we don't have docbook2man
 pushd man
 test ! -f %{buildroot}%{_mandir}/man1/*
@ -223,6 +226,8 @@ exit 0
 %{_mandir}/man1/cd-create-profile.1%{?ext_man}
 %{_mandir}/man1/cd-fix-profile.1%{?ext_man}
 %{_mandir}/man1/colormgr.1%{?ext_man}
 %dir /etc/apparmor.d/
 %config /etc/apparmor.d/usr.lib.colord
 %files -n libcolord1
 %defattr(-, root, root)
--- a/colord.changes
+++ b/colord.changes
@ -1,3 +1,8 @@
 -------------------------------------------------------------------
 Thu Jul  5 14:47:17 UTC 2012 - meissner@suse.com
 - Add a apparmor profile for usr.lib.colord
 -------------------------------------------------------------------
 Wed May 23 19:18:54 UTC 2012 - zaitor@opensuse.org
--- a/colord.spec
+++ b/colord.spec
@ -27,6 +27,7 @@ License:        GPL-2.0+
 Group:          System/Daemons
 Url:            http://colord.hughsie.com/
 Source0:        http://www.freedesktop.org/software/colord/releases/%{_name}-%{version}.tar.xz
 Source1:        usr.lib.colord
 Source99:       baselibs.conf
 BuildRequires:  gobject-introspection-devel
 BuildRequires:  intltool
@ -144,6 +145,8 @@ find %{buildroot} -type f -name '*.la' -delete -print
 %if !%{build_gtk}
 mkdir %{buildroot}/etc/apparmor.d
 install -c -m 644 %{SOURCE1} %{buildroot}/etc/apparmor.d/
 # Manually install prebuilt man pages, since we don't have docbook2man
 pushd man
 test ! -f %{buildroot}%{_mandir}/man1/*
@ -222,6 +225,8 @@ exit 0
 %{_mandir}/man1/cd-create-profile.1%{?ext_man}
 %{_mandir}/man1/cd-fix-profile.1%{?ext_man}
 %{_mandir}/man1/colormgr.1%{?ext_man}
 %dir /etc/apparmor.d/
 %config /etc/apparmor.d/usr.lib.colord
 %files -n libcolord1
 %defattr(-, root, root)
--- a/usr.lib.colord
+++ b/usr.lib.colord
@ -0,0 +1,37 @@
 # Last Modified: Thu Jul  5 16:42:52 2012
 #include <tunables/global>
 /usr/lib/colord {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  deny /usr/share/gvfs/remote-volume-monitors/ r,
  deny /usr/share/gvfs/remote-volume-monitors/afc.monitor r,
  deny /usr/share/gvfs/remote-volume-monitors/udisks2.monitor r,
  /etc/colord.conf r,
  /etc/fstab r,
  /etc/udev/udev.conf r,
  /proc/*/mounts r,
  /run/udev/data/* r,
  /sys/bus/ r,
  /sys/bus/usb/devices/ r,
  /sys/class/ r,
  /sys/devices/** r,
  /usr/lib/colord mr,
  /usr/share/color/**/ r,
  /usr/share/color/icc/** r,
  /usr/share/dbus-1/interfaces/org.freedesktop.ColorManager.Device.xml r,
  /usr/share/dbus-1/interfaces/org.freedesktop.ColorManager.Profile.xml r,
  /usr/share/dbus-1/interfaces/org.freedesktop.ColorManager.Sensor.xml r,
  /usr/share/dbus-1/interfaces/org.freedesktop.ColorManager.xml r,
  /usr/share/gvfs/remote-volume-monitors/gphoto2.monitor r,
  /usr/share/locale-bundle/**.mo r,
  /var/lib/color/icc/ r,
  /var/lib/colord/mapping.db rwk,
  /var/lib/colord/mapping.db-journal rw,
  /var/lib/colord/storage.db rwk,
  /var/lib/colord/storage.db-journal rw,
 }