diff --git a/apparmor.d/groups/gvfs/gvfsd-dav b/apparmor.d/groups/gvfs/gvfsd-dav index 0963b552..cc40a6ee 100644 --- a/apparmor.d/groups/gvfs/gvfsd-dav +++ b/apparmor.d/groups/gvfs/gvfsd-dav @@ -1,5 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Mikhail Morfikov +# 2021 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , @@ -10,8 +11,28 @@ include @{exec_path} += /usr/{lib,libexec}/gvfsd-dav profile gvfsd-dav @{exec_path} { include + include + include + include + include + include + + network inet stream, + network inet6 stream, + network inet dgram, + network inet6 dgram, + network netlink raw, @{exec_path} mr, + /usr/share/glib-2.0/schemas/gschemas.compiled r, + /usr/share/mime/mime.cache r, + + include + owner @{run}/user/[0-9]*/dconf/ rw, + owner @{run}/user/[0-9]*/dconf/user rw, + + owner @{run}/user/[0-9]*/gvfsd/ rw, + owner @{run}/user/[0-9]*/gvfsd/socket-[a-zA-z0-9]* rw, include if exists } diff --git a/apparmor.d/groups/gvfs/gvfsd-recent b/apparmor.d/groups/gvfs/gvfsd-recent index 0a3d059d..482e7a63 100644 --- a/apparmor.d/groups/gvfs/gvfsd-recent +++ b/apparmor.d/groups/gvfs/gvfsd-recent @@ -1,5 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Mikhail Morfikov +# 2021 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , @@ -10,10 +11,24 @@ include @{exec_path} += /usr/{lib,libexec}/gvfsd-recent profile gvfsd-recent @{exec_path} { include + include + include @{exec_path} mr, + /usr/share/mime/mime.cache r, - owner @{user_share_dirs}/recently-used.xbel r, + owner @{HOME}/.zshenv r, + owner @{user_config_dirs}/user-dirs.dirs r, + owner @{HOME}/.local/share/recently-used.xbel r, + + owner @{run}/user/[0-9]*/gvfsd/ rw, + owner @{run}/user/[0-9]*/gvfsd/socket-[a-zA-z0-9]* rw, + + owner @{PROC}/81380/mountinfo r, + @{PROC}/sys/kernel/random/boot_id r, + + @{run}/systemd/userdb/ r, + @{run}/mount/utab r, include if exists }