StarMirror/qTox
1
0
Fork 0
mirror of https://github.com/qTox/qTox.git synced 2024-03-22 14:00:36 +08:00
Code Issues Projects Releases Wiki Activity
7,479 Commits 3 Branches 42 Tags 60 MiB
54345d1085
Commit Graph

4 Commits

Author SHA1 Message Date
Vincas Dargis
44299604b0
fix(apparmor): Allow access to Aspell personal dictionaries 
Running qTox under AppArmor confinement produces these `DENIED` messages:

```
type=AVC msg=audit(1589897925.045:793): apparmor="DENIED"
operation="open" profile="qtox" name="/home/vincas/.aspell.en.pws"
pid=36671 comm="qtox" requested_mask="r" denied_mask="r" fsuid=1000
ouid=1000
```
```
type=AVC msg=audit(1589897925.045:794): apparmor="DENIED"
operation="open" profile="qtox" name="/home/vincas/.aspell.en.prepl"
pid=36671 comm="qtox" requested_mask="r" denied_mask="r" fsuid=1000
ouid=1000
```
```
type=AVC msg=audit(1589996245.245:1193): apparmor="DENIED"
operation="file_lock" profile="qtox" name="/home/vincas/.aspell.en.pws"
pid=53202 comm="qtox" requested_mask="k" denied_mask="k" fsuid=1000
ouid=1000
```
```
type=AVC msg=audit(1589996245.245:1194): apparmor="DENIED"
operation="file_lock" profile="qtox"
name="/home/vincas/.aspell.en.prepl" pid=53202 comm="qtox"
requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000
```

Add file rule to allow reading and locking Aspell-specific user files [0].

[0] http://aspell.net/man-html/Format-of-the-Personal-and-Replacement-Dictionaries.html

(cherry picked from commit 6a21d96214)
 2020-11-22 19:58:42 -08:00
Vincas Dargis
7cc0e69591
fix(apparmor): Allow spellchecking 
qTox 1.17.2 produces these DENIED messages on Debian Sid:

```
type=AVC msg=audit(1588944857.534:854): apparmor="DENIED"
operation="open" profile="qtox"
name="/usr/share/hspell/hebrew.wgz.sizes" pid=29172 comm="qtox"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
```

```
type=AVC msg=audit(1588945073.014:885): apparmor="DENIED"
operation="open" profile="qtox"
name="/usr/share/kf5/sonnet/trigrams.map" pid=29334 comm="qtox" req
uested_mask="r" denied_mask="r" fsuid=1000 ouid=0
```

```
type=AVC msg=audit(1588945273.590:905): apparmor="DENIED"
operation="open" profile="qtox" name="/var/lib/aspell/sl.rws" pid=29391
comm="qtox" requested_mask=
"r" denied_mask="r" fsuid=1000 ouid=0
```

Add file read rules to allow reading spellcheck-related files.

(cherry picked from commit 2ebf51b5b7)
 2020-11-22 19:58:35 -08:00
Vincas Dargis
99321c95c3
feat(apparmor): Update AppArmor 2.13.3 profile 
AppArmor 2.13.3 now has updated abstractions, and that means we no
longer need manual backports in qTox profile.

Remove redundant rules from qTox profile that are already available in
AppArmor 2.13.3.

(cherry picked from commit a01d31445f)
 2020-11-22 19:57:29 -08:00
Vincas Dargis
3db20a608b
feat(apparmor): Add AppArmor 2.13.3 profile 
Copy 2.13.2 into 2.13.3 for updated AppArmor profile.

(cherry picked from commit 2d22a76ed3)
 2020-11-22 19:57:22 -08:00