From 0817f1556d6d55e057d1d6bc44467ea60bdcad3a Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Sun, 9 Dec 2018 16:17:21 +0100
Subject: enable apparmor in libreoffice profile

depends on aa37fe19fed6be8e44db461691149237ee71da94
---
 etc/libreoffice.profile | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile
index 1a3f6cbd1..102760513 100644
--- a/etc/libreoffice.profile
+++ b/etc/libreoffice.profile
@@ -24,23 +24,27 @@ include disable-programs.inc
 
 include whitelist-var-common.inc
 
-# Ubuntu 18.04 uses its own apparmor profile
-# uncomment the next line if you are not on Ubuntu
-#apparmor
+# ubuntu 18.04 comes with its own apparmor profile, but it is not in enforce mode.
+# comment the next line to use the ubuntu profile instead of firejail's apparmor profile
+apparmor
 caps.drop all
 machine-id
 netfilter
 #nodbus
 nodvd
 nogroups
-#nonewprivs - fix for Ubuntu 18.04/Debian 10
+# comment nonewprivs when using the ubuntu 18.04/debian 10 apparmor profile
+nonewprivs
 noroot
 notv
 nou2f
-#protocol unix,inet,inet6  - fix for Ubuntu 18.04/Debian 10
-#seccomp  - fix for Ubuntu 18.04/Debian 10
+# comment the protocol line when using the ubuntu 18.04/debian 10 apparmor profile
+protocol unix,inet,inet6
+# comment seccomp when using the ubuntu 18.04/debian 10 apparmor profile
+seccomp
 shell none
-#tracelog - problems reported by Ubuntu 18.04 apparmor profile in /var/log/syslog
+# comment tracelog when using the ubuntu 18.04/debian 10 apparmor profile
+tracelog
 
 private-dev
 private-tmp
-- 
cgit v1.2.3-54-g00ecf