diff --git a/apparmor.d/profiles-s-z/task b/apparmor.d/profiles-s-z/task new file mode 100644 index 00000000..3c161081 --- /dev/null +++ b/apparmor.d/profiles-s-z/task @@ -0,0 +1,70 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Zane Zakraisek +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/task +profile task @{exec_path} { + include + include + include + include + + # Task can optionally connect to a taskserver + network inet dgram, + network inet6 dgram, + network inet stream, + network inet6 stream, + network netlink raw, + + @{exec_path} mr, + + @{sh_path} rix, + + @{bin}/vim rCx -> editor, + @{bin}/vim.* rCx -> editor, + @{bin}/sensible-editor rCx -> editor, + + /usr/share/{doc/,}task{warrior,}/** r, + + # Task can edit it's own config, so write is needed + owner @{HOME}/.taskrc rw, + owner @{HOME}/.task/{,**} rwk, + + profile editor { + include + include + + @{bin}/sensible-editor mr, + @{bin}/vim mrix, + @{bin}/vim.* mrix, + @{sh_path} rix, + @{bin}/which{,.debianutils} rix, + + /usr/share/vim/{,**} r, + /usr/share/terminfo/** r, + + /etc/vimrc r, + /etc/vim/{,**} r, + + owner @{HOME}/.selected_editor r, + owner @{HOME}/.viminfo{,.tmp} rw, + owner @{HOME}/.vimrc r, + + # Vim swap file + owner @{HOME}/ r, + owner @{user_cache_dirs}/ r, + owner @{user_cache_dirs}/vim/** wr, + + # Taskwarrior related files + owner @{HOME}/.task/ r, + owner @{HOME}/.task/* rw, + + include if exists + } + + include if exists +} diff --git a/apparmor.d/profiles-s-z/taskwarrior-tui b/apparmor.d/profiles-s-z/taskwarrior-tui new file mode 100644 index 00000000..f3678ff8 --- /dev/null +++ b/apparmor.d/profiles-s-z/taskwarrior-tui @@ -0,0 +1,32 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Zane Zakraisek +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/taskwarrior-tui +profile taskwarrior-tui @{exec_path} { + include + include + + @{exec_path} mr, + + @{bin}/task rPx, + + /usr/share/{doc/,}task{warrior,}/** r, + + owner @{HOME}/.taskrc r, + owner @{HOME}/.task/{,**} rwlk, + + owner @{user_share_dirs}/taskwarrior-tui/{,**} rwk, + owner @{user_config_dirs}/taskwarrior-tui/{,**} r, + + owner @{PROC}/@{pid}/cgroup r, + owner @{PROC}/@{pid}/mountinfo r, + + @{sys}/fs/cgroup/**/cpu.max r, + + include if exists +}