StarMirror/qTox
1
0
Fork 0
mirror of https://github.com/qTox/qTox.git synced 2024-03-22 14:00:36 +08:00
Code Issues Projects Releases Wiki Activity
7,666 Commits 3 Branches 42 Tags 60 MiB
b357de02e0
Commit Graph

4 Commits

Author SHA1 Message Date
Vincas Dargis
6a21d96214 fix(apparmor): Allow access to Aspell personal dictionaries 
Running qTox under AppArmor confinement produces these `DENIED` messages:

```
type=AVC msg=audit(1589897925.045:793): apparmor="DENIED"
operation="open" profile="qtox" name="/home/vincas/.aspell.en.pws"
pid=36671 comm="qtox" requested_mask="r" denied_mask="r" fsuid=1000
ouid=1000
```
```
type=AVC msg=audit(1589897925.045:794): apparmor="DENIED"
operation="open" profile="qtox" name="/home/vincas/.aspell.en.prepl"
pid=36671 comm="qtox" requested_mask="r" denied_mask="r" fsuid=1000
ouid=1000
```
```
type=AVC msg=audit(1589996245.245:1193): apparmor="DENIED"
operation="file_lock" profile="qtox" name="/home/vincas/.aspell.en.pws"
pid=53202 comm="qtox" requested_mask="k" denied_mask="k" fsuid=1000
ouid=1000
```
```
type=AVC msg=audit(1589996245.245:1194): apparmor="DENIED"
operation="file_lock" profile="qtox"
name="/home/vincas/.aspell.en.prepl" pid=53202 comm="qtox"
requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000
```

Add file rule to allow reading and locking Aspell-specific user files [0].

[0] http://aspell.net/man-html/Format-of-the-Personal-and-Replacement-Dictionaries.html
 2020-05-20 20:44:44 +03:00
Vincas Dargis
2ebf51b5b7 fix(apparmor): Allow spellchecking 
qTox 1.17.2 produces these DENIED messages on Debian Sid:

```
type=AVC msg=audit(1588944857.534:854): apparmor="DENIED"
operation="open" profile="qtox"
name="/usr/share/hspell/hebrew.wgz.sizes" pid=29172 comm="qtox"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
```

```
type=AVC msg=audit(1588945073.014:885): apparmor="DENIED"
operation="open" profile="qtox"
name="/usr/share/kf5/sonnet/trigrams.map" pid=29334 comm="qtox" req
uested_mask="r" denied_mask="r" fsuid=1000 ouid=0
```

```
type=AVC msg=audit(1588945273.590:905): apparmor="DENIED"
operation="open" profile="qtox" name="/var/lib/aspell/sl.rws" pid=29391
comm="qtox" requested_mask=
"r" denied_mask="r" fsuid=1000 ouid=0
```

Add file read rules to allow reading spellcheck-related files.
 2020-05-19 09:14:37 +03:00
Vincas Dargis
a01d31445f feat(apparmor): Update AppArmor 2.13.3 profile 
AppArmor 2.13.3 now has updated abstractions, and that means we no
longer need manual backports in qTox profile.

Remove redundant rules from qTox profile that are already available in
AppArmor 2.13.3.
 2019-09-29 15:42:26 +03:00
Vincas Dargis
2d22a76ed3 feat(apparmor): Add AppArmor 2.13.3 profile 
Copy 2.13.2 into 2.13.3 for updated AppArmor profile.
 2019-09-29 15:39:28 +03:00