明日やってみる
How to create an AppArmor Profile | Ubuntu https://ubuntu.com/tutorials/beginning-apparmor-profile-development#1-overview
aa-logprofにファイルぐっちゃぐちゃにされたw ( #include <abstractions/lightdm> するのが良さそうなのはわかった)
libreofficeのgpgにlightdmを許したらgpg鍵で電子署名できるようになった(一歩前進)
$ diff -uNr apparmor.d.20200702 apparmor.d
diff -uNr apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin apparmor.d/usr.lib.libreoffice.program.soffice.bin
--- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 10:31:21.000000000 -1000
+++ apparmor.d/usr.lib.libreoffice.program.soffice.bin 2020-07-02 08:17:52.880685438 -1000
@@ -216,6 +216,7 @@
# there is abstractions/gnupg but that's just for gpg1...
profile gpg {
#include <abstractions/base>
+ #include <abstractions/lightdm>
/usr/bin/gpgconf rm,
/usr/bin/gpg rm,
apparmorでUNIXドメインソケットの書き方がわかったー
/etc$ diff -uNr apparmor.d.20200702 apparmor.d
diff -uNr apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin apparmor.d/usr.lib.libreoffice.program.soffice.bin
--- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 10:31:21.000000000 -1000
+++ apparmor.d/usr.lib.libreoffice.program.soffice.bin 2020-07-02 08:59:44.516754728 -1000
@@ -223,6 +223,7 @@
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
+ owner /{,var/}run/user/*/** rw,
}
# probably should become a subprofile like gpg above, but then it doesn't
Ubuntuさんにご報告した。なおるといいな
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092