Comment # 17 on bug 1065388 from 
(In reply to Christian Boltz from comment #14)

> As you noticed, groff wants to execute several helper binaries:
>   operation="exec" name="/usr/bin/eqn" comm="groff" 
>   operation="exec" name="/usr/bin/grotty" comm="groff" 
>   operation="exec" name="/usr/bin/pic" comm="groff" 
>   operation="exec" name="/usr/bin/soelim" comm="groff" 
>   operation="exec" name="/usr/bin/tbl" comm="groff" 
>   operation="exec" name="/usr/bin/troff" comm="groff" 

That seems the perfect case or an abstraction .. that is that we migth think
about a file gorff below /etc/apparmor.d/abstractions/ which includes those
lines?

Beside this the line

  /usr/bin/id mrix,

should be removed as this was for debugging only:

> All listed binaries somehow belong to groff (according to a quick look at
> their manpage), so that's fine and means to add the following rules to the
> profile:
> 
>   /usr/bin/eqn mrix,
>   /usr/bin/grotty mrix,
>   /usr/bin/id mrix,

^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>   /usr/bin/pic mrix,
>   /usr/bin/soelim mrix,
>   /usr/bin/tbl mrix,
>   /usr/bin/troff mrix,

You are receiving this mail because: