http://bugzilla.opensuse.org/show_bug.cgi?id=1065388 http://bugzilla.opensuse.org/show_bug.cgi?id=1065388#c17 --- Comment #17 from Dr. Werner Fink <werner@suse.com> --- (In reply to Christian Boltz from comment #14)
As you noticed, groff wants to execute several helper binaries: operation="exec" name="/usr/bin/eqn" comm="groff" operation="exec" name="/usr/bin/grotty" comm="groff" operation="exec" name="/usr/bin/pic" comm="groff" operation="exec" name="/usr/bin/soelim" comm="groff" operation="exec" name="/usr/bin/tbl" comm="groff" operation="exec" name="/usr/bin/troff" comm="groff"
That seems the perfect case or an abstraction .. that is that we migth think about a file gorff below /etc/apparmor.d/abstractions/ which includes those lines? Beside this the line /usr/bin/id mrix, should be removed as this was for debugging only:
All listed binaries somehow belong to groff (according to a quick look at their manpage), so that's fine and means to add the following rules to the profile:
/usr/bin/eqn mrix, /usr/bin/grotty mrix, /usr/bin/id mrix,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/usr/bin/pic mrix, /usr/bin/soelim mrix, /usr/bin/tbl mrix, /usr/bin/troff mrix,
-- You are receiving this mail because: You are on the CC list for the bug.