Bug#788009: xserver-xorg-input-synaptics: Please add apparmor profile for syndaemon

Sun, 07 Jun 2015 12:25:18 -0700 

Package: xserver-xorg-input-synaptics
Version: 1.8.2-1
Severity: wishlist
Tags: patch

Dear Maintainer,

Please use the patch attached to add an apparmor profile for syndaemon
to your package.

At least for now, the profile is in "complain" mode, which means that
if syndaemon does something not defined in the profile, it will not be
impeded by apparmor -- only a message in the logs will appear. This
ensures that no permission issues will appear with the addition of
this profile.

Cheers,
--
Cameron Norman

commit 7b4b7db32648c26d7eca22b05285c0d663bdf0d1
Author: Cameron Norman <camerontnor...@gmail.com>
Date:   Sun Jun 7 12:06:40 2015 -0700

    Added apparmor profile for syndaemon (in complain mode)

diff --git a/debian/rules b/debian/rules
index 29f61aa..f759022 100755
--- a/debian/rules
+++ b/debian/rules
@@ -6,6 +6,7 @@ override_dh_auto_install:
 
 # Kill *.la files, and forget no-one:
 override_dh_install:
+       dh_apparmor --profile-name=usr.bin.syndaemon 
-pxserver-xorg-input-synaptics
        find debian/tmp -name '*.la' -delete
        dh_install --fail-missing
 
diff --git a/debian/usr.bin.syndaemon b/debian/usr.bin.syndaemon
new file mode 100644
index 0000000..6e502b8
--- /dev/null
+++ b/debian/usr.bin.syndaemon
@@ -0,0 +1,23 @@
+# vim:syntax=apparmor
+
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2015 Cameron Norman <camerontnor...@gmail.com>
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#include <tunables/global>
+
+/usr/bin/syndaemon flags=(complain) {
+  #include <abstractions/base>
+  #include <abstractions/X>
+
+  owner /{,var/}run/user/*/syndaemon.pid rw,
+
+  # Site-specific additions and overrides. See local/README for details.
+  #include <local/usr.bin.syndaemon>
+}
diff --git a/debian/xserver-xorg-input-synaptics.install 
b/debian/xserver-xorg-input-synaptics.install
index 0835787..d5bef51 100644
--- a/debian/xserver-xorg-input-synaptics.install
+++ b/debian/xserver-xorg-input-synaptics.install
@@ -2,3 +2,4 @@ usr/lib/xorg/modules/input/*.so
 usr/bin/*
 usr/share/man
 usr/share/X11
+debian/usr.bin.syndaemon /etc/apparmor.d/

Reply via email to