Package: apparmor / 2.13.4-3

debian/allow-access-to-ibus-socket.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
From: Jamie Strandboge <jamie@ubuntu.com>
Date: Mon, 29 Jan 2018 12:26:43 +0000
Subject: Allow access to the Ubuntu-specific path for ibus-daemon

im-config, in Ubuntu, was modified to start the ibus-daemon with the
"--address 'unix:tmpdir=/tmp/ibus'" command line option. It previously
used a UNIX domain socket path that was indistinguishable from the
session bus daemon's path. This patch adjusts the ibus abstraction so
that access to the new path can be granted to confined ibus-daemon
client applications.

Later updated for ibus 1.5.22, due to LP: #1856738

Bug-Ubuntu: https://launchpad.net/bugs/1580463
Forwarded: not-needed

Forwarded: no
---
 profiles/apparmor.d/abstractions/ibus | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/profiles/apparmor.d/abstractions/ibus b/profiles/apparmor.d/abstractions/ibus
index c76fe3b..a4431b9 100644
--- a/profiles/apparmor.d/abstractions/ibus
+++ b/profiles/apparmor.d/abstractions/ibus
@@ -13,3 +13,17 @@
   owner @{HOME}/.config/ibus/ r,
   owner @{HOME}/.config/ibus/bus/ rw,
   owner @{HOME}/.config/ibus/bus/* rw,
+
+  # abstract path in ibus < 1.5.22 uses /tmp
+  unix (connect, receive, send)
+       type=stream
+       peer=(addr="@/tmp/ibus/dbus-*"),
+
+  # abstract path in ibus >= 1.5.22 uses $XDG_CACHE_HOME (ie, @{HOME}/.cache)
+  # This should use this, but due to LP: #1856738 we cannot
+  #unix (connect, receive, send)
+  #    type=stream
+  #    peer=(addr="@@{HOME}/.cache/ibus/dbus-*"),
+  unix (connect, receive, send)
+       type=stream
+       peer=(addr="@/home/*/.cache/ibus/dbus-*"),