Bug 143281 - Insuffisient settings in default profiles, at least for man & gaim:
Summary: Insuffisient settings in default profiles, at least for man & gaim:
Status: RESOLVED FIXED
Alias: None
Product: SUSE LINUX 10.0
Classification: openSUSE
Component: AppArmor (show other bugs)
Version: Final
Hardware: i686 SuSE Linux 10.0
: P3 - Medium : Major
Target Milestone: ---
Assignee: Seth R Arnold
QA Contact: Dominic W Reynolds
URL:
Whiteboard:
Keywords: accessibility, easy_fix, Fix_No_Build
Depends on:
Blocks:
 
Reported: 2006-01-15 06:02 UTC by Olli Artemjev
Modified: 2007-01-26 22:58 UTC (History)
0 users

See Also:
Found By: Customer
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Olli Artemjev 2006-01-15 06:02:43 UTC 
I've the following REJECTs on my system, that probably OK to allow (I dont' include others):
skylab:~ # grep "SubDomain: REJECTING r access to " /var/log/warn | awk -- '{print $6,$7,$8,$9,$10,$11,$13,$14,$15,$16}'| grep man | uniq
SubDomain: REJECTING r access to /opt/gnome/man/man1 profile /usr/lib/man-db/man active /usr/lib/man-db/man)
skylab:~ # grep "SubDomain: REJECTING " /var/log/warn | grep " access to "| grep gaim | grep -v font | grep mcop| uniq | awk -- '{print $6,$7,$8,$9,$10,$11}' | sort|uniq
SubDomain: REJECTING r access to /home/olli/.mcop/random-seed
SubDomain: REJECTING w access to /home/olli/.mcop/random-seed
skylab:~ # grep "SubDomain: REJECTING r access to " /var/log/warn | grep gaim | grep font | uniq | awk -- '{print $6,$7,$8,$9,$10,$11}'|sort|uniq
SubDomain: REJECTING r access to /usr/local/share/fonts
SubDomain: REJECTING r access to /usr/local/share/fonts/fonts.cache-1
skylab:~ # grep "SubDomain: REJECTING " /var/log/warn | grep " access to "| grep /gaim | grep -v font | grep -v mcop | uniq | awk -- '{print $6,$7,$8,$9,$10,$11}'| grep sox | sort|uniq
SubDomain: REJECTING r access to /usr/bin/sox
SubDomain: REJECTING x access to /usr/bin/sox
skylab:~ # grep "SubDomain: REJECTING " /var/log/warn | grep " access to "| grep /gaim | grep -v font | grep -v mcop | uniq | awk -- '{print $6,$7,$8,$9,$10,$11}'|grep name|sort|uniq
SubDomain: REJECTING r access to /bin/basename
SubDomain: REJECTING r access to /bin/uname
SubDomain: REJECTING x access to /bin/basename
SubDomain: REJECTING x access to /bin/uname
skylab:~ #

The uname's needed if specifying play as sound player.

I'm setting this to major since some man pages will be blocked w/ default profiles.
Comment 1 Dominic W Reynolds 2006-01-31 00:39:12 UTC 
OK. thanks. will update profiles. i'll close this bug when a maintenance fix is scheduled for release.
Comment 2 Olli Artemjev 2006-02-11 04:36:51 UTC 
That's more thing that should be allowed:
==============log========================
Feb 11 07:02:00 skylab kernel: SubDomain: REJECTING r access to /usr/share/texmf/teTeX/man/man1/xdvi.1.gz (man(3325) profile /usr/lib/man-db/man active /usr/lib/man-db/man)
Feb 11 07:02:02 skylab kernel: SubDomain: REJECTING r access to /usr/share/texmf/teTeX/man/man1/xdvi.1.gz (man(3325) profile /usr/lib/man-db/man active /usr/lib/man-db/man)
==============log========================

Due to that I had the following case, when tried to remind '-s' switch:

==============terminal========================
$ man xdvi

Beware: man aliased to: man -a .

man: can't open /usr/share/texmf/teTeX/man/man1/xdvi.1.gz: Permission denied
No manual entry for xdvi
==============terminal========================
That's obviousely wrong answer. =)
Comment 3 Dominic W Reynolds 2007-01-26 22:35:14 UTC 
Seth. A few more updates here. Can we stick these in extras ad close.
Comment 4 Seth R Arnold 2007-01-26 22:58:26 UTC 
Thanks Olli; I integrated the manpage fix and most of the gaim fixes; i'm disinclined to add the 'play' line, though, as that feels too much like a local configuration option to me. (You like play, someone else may like mplayer or xine or sox..)