Package: surf
Version: 2.0+git20180223-1
Severity: normal
Tags: patch
User: pkg-apparmor-t...@lists.alioth.debian.org
Usertags: modify-profile
The attached patch (meant to apply on top of the series proposed on
#901416) makes the included usr.bin.surf AppArmor profile compatible
with apparmor-profiles-extra 1.22, that I've just uploaded to
experimental in order to avoid breaking surf right away.
Uploading this will require a little bit of coordination; given the
patches for #901416 introduce a new binary package, this will have to
go through the NEW queue so I propose this course of action:
1. upload src:surf to experimental with the patches for #901416 and
for this bug applied
2. wait for it to pass NEW
3. upload to unstable
4. notify me
5. I'll upload apparmor-profiles-extra 1.22+ to unstable ASAP.
I would like to do #5 within a month. Assuming quick NEW processing,
will this work for you?
And if on #901416 you decide against moving the AppArmor profile to
a new binary package, things will be much simpler: just upload to sid
and I'll upload apparmor-profiles-extra ASAP to minimize
installability issues :)
Cheers,
--
intrigeri
>From 6f7a5f0a42ebf08ef9201ff14a8458d8ef8ecdb1 Mon Sep 17 00:00:00 2001
From: intrigeri <intrig...@debian.org>
Date: Sat, 27 Oct 2018 09:36:32 +0000
Subject: [PATCH 3/3] AppArmor: adjust policy for new apparmor-profiles-extra
and version the dependency accordingly.
The gst_plugin_scanner was folded into the gstreamer abstraction. The registry
cache and orcexec rules are now also part of the gstreamer abstraction.
---
debian/control | 2 +-
debian/usr.bin.surf | 4 ----
2 files changed, 1 insertion(+), 5 deletions(-)
diff --git a/debian/control b/debian/control
index d0b22f2..89afc5a 100644
--- a/debian/control
+++ b/debian/control
@@ -27,7 +27,7 @@ Description: Simple web browser by suckless community
Package: surf-apparmor
Architecture: all
-Depends: apparmor-profiles-extra
+Depends: apparmor-profiles-extra (>= 1.22)
Description: Simple web browser by suckless community (AppArmor profile)
surf is a simple web browser based on WebKit/GTK+. It is able to display
websites and follow links. It supports the XEmbed protocol which makes it
diff --git a/debian/usr.bin.surf b/debian/usr.bin.surf
index 012f5f2..d64581a 100644
--- a/debian/usr.bin.surf
+++ b/debian/usr.bin.surf
@@ -28,10 +28,6 @@
# GStreamer
#include <abstractions/gstreamer>
- /usr/lib/@{multiarch}/gstreamer[0-9].[0-9]/gstreamer-[0-9].[0-9]/gst-plugin-scanner Pix -> gst_plugin_scanner,
- owner @{HOME}/.cache/gstreamer-[0-9].[0-9]/registry.*.bin* rw,
- owner @{HOME}/orcexec.* w,
-
# WebKit
/usr/lib/@{multiarch}/webkit2gtk-4.0/WebKit*Process ix,
--
2.19.1
