diff --git a/common/tooling/apparmor/default.nix b/common/tooling/apparmor/default.nix index 1065aa7..849d8e5 100644 --- a/common/tooling/apparmor/default.nix +++ b/common/tooling/apparmor/default.nix @@ -120,15 +120,10 @@ in profile osu-lazer @{bin}/osu\! flags=(attach_disconnected) { include # read access to /nix/store, basic presets for most apps -# include include -# include include -# include -# include include include -# include include include @@ -173,54 +168,24 @@ in owner @{HOME}/@{XDG_CONFIG_DIR}/mimeapps* rwk, owner @{HOME}/@{XDG_DATA_DIR}/applications/discord-*.desktop rwk, - / r, /nix/store/*-etc-os-release rk, /nix/store/*/share/zoneinfo/** rk, owner /tmp/** rwk, /usr/lib/ r, - /var/cache/ldconfig/ rw, + owner /var/cache/ldconfig/ rw, owner /etc/ld.so* rw, - @{PROC}/@{pid}/stat rk, - @{PROC}/@{pid}/task/@{pid}/comm wr, - @{PROC}@{sys}/kernel/os{type,release} rk, - @{PROC}/version r, - @{PROC}/{sys,@{pid}}/net/** rk, - @{PROC}/@{pid}/maps rk, + owner @{PROC}/@{pid}/{maps,stat} rk, + @{PROC}/sys/kernel/os{type,release} rk, /dev/snd/** rw, - /dev/input/ r, - /dev/dri/** wr, - /dev/input/** r, /dev/udmabuf wr, - /dev/hidraw* rw, /.host-etc/alsa/conf.d/{,**} r, /.host-etc/ssl/certs/{,**} r, /.host-etc/resolv.conf rk, - - /run/udev/data/* r, - -# @{sys}/devices/@{pci}device r, -# @{sys}/devices/@{pci}boot_vga r, -# @{sys}/devices/@{pci}subsystem_vendor r, -# @{sys}/devices/@{pci}subsystem_device r, -# @{sys}/devices/virtual/dmi/id/* r, -# @{sys}/devices/@{pci}uevent r, -# @{sys}/devices/virtual/sound/** r, -# @{sys}/devices/virtual/block/** r, -# @{sys}/block/ r, -# @{sys}/devices@{sys}tem/node/ r, -# @{sys}/fs/cgroup/{,**/} r, -# @{sys}/fs/cgroup/** r, -# @{sys}/devices/@{pci}sound/** r, -# @{sys}/devices/@{pci}vendor r, -# @{sys}/class/hidraw/ r, -# @{sys}/class/input/ r, -# @{sys}/class/input/{,**} r, -# @{sys}/devices/**/input/** r, } ''; };