wellington1993 · November 1, 2024 21:56
diff --git a/A.sh b/A.sh
 sudo apparmor_parser -r /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
 sudo systemctl restart apparmor
diff --git a/etc-apparmor.d-usr.lib.libreoffice.program.soffice.bin b/etc-apparmor.d-usr.lib.libreoffice.program.soffice.bin
 # Last Modified: Fri Nov  1 18:28:26 2024
 include <tunables/global>

 profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(complain) {
  include <abstractions/base>
  include <abstractions/audio>
  include <abstractions/bash>
  include <abstractions/cups-client>
  include <abstractions/dbus-accessibility>
  include <abstractions/dbus-session>
  include <abstractions/dbus>
  include <abstractions/dri-enumerate>
  include <abstractions/gnome>
  include <abstractions/ibus>
  include <abstractions/mesa>
  include <abstractions/nameservice>
  include <abstractions/opencl-intel>
  include <abstractions/opencl-mesa>
  include <abstractions/opencl-nvidia>
  include <abstractions/p11-kit>
  include <abstractions/private-files>
  include <abstractions/python>
  include <abstractions/user-tmp>

  network,
  capability,

  unix peer=(addr=@/tmp/.ICE-unix/* label=unconfined),

  / r,
  /** rwix,

  /dev/tty rw,
  /etc/cups/ppd/*.ppd r,
  /etc/fstab r,
  /etc/java-??-openjdk/security/java.security r,
  /etc/libreoffice/ r,
  /etc/libreoffice/** r,
  /etc/xml/catalog r,
  /proc/*/status r,
  /proc/version r,
  /usr/bin/** mr,
  /usr/lib/*/qt5/plugins/** mr,
  /usr/lib/libreoffice/** rw,
  /usr/lib/libreoffice/**.so m,
  /usr/lib{,32,64}/@{multiarch}/gstreamer???/gstreamer-???/gst-plugin-scanner mr,
  /usr/lib{,32,64}/jvm/** r,
  /usr/lib{,32,64}/jvm/**/bin/java mix,
  /usr/lib{,32,64}/jvm/**/jre/bin/java mix,
  /usr/share/** r,
  /var/cache/fontconfig/ rw,
  /var/spool/libreoffice/** rw,
  /{,var/}run/udev/data/** r,
  /{usr/,}bin/** m,
  @{PROC}/sys/kernel/random/boot_id r,
  owner @{HOME}/.thunderbird/** rwk,
  owner @{HOME}/.config/libreoffice/** rwk,
  owner @{HOME}/Downloads/** rwk,
  owner /tmp/** rwk,
  owner /{,var/}run/user/** rw,

  signal send set=exists peer=unconfined,

  profile gpg {
    include <abstractions/base>

    /usr/bin/gpg mr,
    /usr/bin/gpgconf mr,
    /usr/bin/gpgsm mr,
    owner /{,var/}run/user/[0-9]*/gnupg/** rw,
    owner @{HOME}/.gnupg/** rwk,
  }
 }
	sudo apparmor_parser -r /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
	sudo systemctl restart apparmor
	# Last Modified: Fri Nov 1 18:28:26 2024
	include <tunables/global>

	profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(complain) {
	include <abstractions/base>
	include <abstractions/audio>
	include <abstractions/bash>
	include <abstractions/cups-client>
	include <abstractions/dbus-accessibility>
	include <abstractions/dbus-session>
	include <abstractions/dbus>
	include <abstractions/dri-enumerate>
	include <abstractions/gnome>
	include <abstractions/ibus>
	include <abstractions/mesa>
	include <abstractions/nameservice>
	include <abstractions/opencl-intel>
	include <abstractions/opencl-mesa>
	include <abstractions/opencl-nvidia>
	include <abstractions/p11-kit>
	include <abstractions/private-files>
	include <abstractions/python>
	include <abstractions/user-tmp>

	network,
	capability,

	unix peer=(addr=@/tmp/.ICE-unix/* label=unconfined),

	/ r,
	/** rwix,

	/dev/tty rw,
	/etc/cups/ppd/*.ppd r,
	/etc/fstab r,
	/etc/java-??-openjdk/security/java.security r,
	/etc/libreoffice/ r,
	/etc/libreoffice/** r,
	/etc/xml/catalog r,
	/proc/*/status r,
	/proc/version r,
	/usr/bin/** mr,
	/usr/lib//qt5/plugins/* mr,
	/usr/lib/libreoffice/** rw,
	/usr/lib/libreoffice/**.so m,
	/usr/lib{,32,64}/@{multiarch}/gstreamer???/gstreamer-???/gst-plugin-scanner mr,
	/usr/lib{,32,64}/jvm/** r,
	/usr/lib{,32,64}/jvm/**/bin/java mix,
	/usr/lib{,32,64}/jvm/**/jre/bin/java mix,
	/usr/share/** r,
	/var/cache/fontconfig/ rw,
	/var/spool/libreoffice/** rw,
	/{,var/}run/udev/data/** r,
	/{usr/,}bin/** m,
	@{PROC}/sys/kernel/random/boot_id r,
	owner @{HOME}/.thunderbird/** rwk,
	owner @{HOME}/.config/libreoffice/** rwk,
	owner @{HOME}/Downloads/** rwk,
	owner /tmp/** rwk,
	owner /{,var/}run/user/** rw,

	signal send set=exists peer=unconfined,

	profile gpg {
	include <abstractions/base>

	/usr/bin/gpg mr,
	/usr/bin/gpgconf mr,
	/usr/bin/gpgsm mr,
	owner /{,var/}run/user/[0-9]/gnupg/* rw,
	owner @{HOME}/.gnupg/** rwk,
	}
	}