mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-14 23:43:56 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add /mnt as possible mount point.

Browse Source
This commit is contained in:
Alexandre Pujol 2021-04-01 21:56:33 +01:00
parent 84f24133e9
commit 0ad600f90f
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
4 changed files with 22 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
apparmor.d/abstractions/trash
View File

@ -23,22 +23,22 @@
owner @{user_share_dirs}/Trash/expunged/[0-9]* rw, owner @{user_share_dirs}/Trash/expunged/[0-9]* rw,
# Partitions' trash location when the admin creates the .Trash/ folder in the top lvl dir # Partitions' trash location when the admin creates the .Trash/ folder in the top lvl dir
owner /media/*/.Trash/ rw, owner /{media,mnt}/*/.Trash/ rw,
owner /media/*/.Trash/[0-9]*/ rw, owner /{media,mnt}/*/.Trash/[0-9]*/ rw,
owner /media/*/.Trash/[0-9]*/#[0-9]*[0-9] rw, owner /{media,mnt}/*/.Trash/[0-9]*/#[0-9]*[0-9] rw,
owner /media/*/.Trash/[0-9]*/directorysizes{,.*} rwl -> /media/*/.Trash/[0-9]*/#[0-9]*[0-9], owner /{media,mnt}/*/.Trash/[0-9]*/directorysizes{,.*} rwl -> /{media,mnt}/*/.Trash/[0-9]*/#[0-9]*[0-9],
owner /media/*/.Trash/[0-9]*/files/{,**} rw, owner /{media,mnt}/*/.Trash/[0-9]*/files/{,**} rw,
owner /media/*/.Trash/[0-9]*/info/ rw, owner /{media,mnt}/*/.Trash/[0-9]*/info/ rw,
owner /media/*/.Trash/[0-9]*/info/*.trashinfo{,.*} rw, owner /{media,mnt}/*/.Trash/[0-9]*/info/*.trashinfo{,.*} rw,
owner /media/*/.Trash/[0-9]*/expunged/ rw, owner /{media,mnt}/*/.Trash/[0-9]*/expunged/ rw,
owner /media/*/.Trash/[0-9]*/expunged/[0-9]* rw, owner /{media,mnt}/*/.Trash/[0-9]*/expunged/[0-9]* rw,
# Partitions' trash location when the admin doesn't create the .Trash/ folder in the top lvl dir # Partitions' trash location when the admin doesn't create the .Trash/ folder in the top lvl dir
owner /media/*/.Trash-[0-9]*/ rw, owner /{media,mnt}/*/.Trash-[0-9]*/ rw,
owner /media/*/.Trash-[0-9]*/#[0-9]*[0-9] rw, owner /{media,mnt}/*/.Trash-[0-9]*/#[0-9]*[0-9] rw,
owner /media/*/.Trash-[0-9]*/directorysizes{,.*} rwl -> /media/*/.Trash-[0-9]*/#[0-9]*[0-9], owner /{media,mnt}/*/.Trash-[0-9]*/directorysizes{,.*} rwl -> /{media,mnt}/*/.Trash-[0-9]*/#[0-9]*[0-9],
owner /media/*/.Trash-[0-9]*/files/{,**} rw, owner /{media,mnt}/*/.Trash-[0-9]*/files/{,**} rw,
owner /media/*/.Trash-[0-9]*/info/ rw, owner /{media,mnt}/*/.Trash-[0-9]*/info/ rw,
owner /media/*/.Trash-[0-9]*/info/*.trashinfo{,.*} rw, owner /{media,mnt}/*/.Trash-[0-9]*/info/*.trashinfo{,.*} rw,
owner /media/*/.Trash-[0-9]*/expunged/ rw, owner /{media,mnt}/*/.Trash-[0-9]*/expunged/ rw,
owner /media/*/.Trash-[0-9]*/expunged/[0-9]* rw, owner /{media,mnt}/*/.Trash-[0-9]*/expunged/[0-9]* rw,

3
apparmor.d/abstractions/user-download-strict
View File

@ -10,6 +10,9 @@
owner /media/*/@{XDG_DOWNLOAD_DIR}/ r, owner /media/*/@{XDG_DOWNLOAD_DIR}/ r,
owner /media/*/@{XDG_DOWNLOAD_DIR}/** rwl, owner /media/*/@{XDG_DOWNLOAD_DIR}/** rwl,
owner /mnt/*/@{XDG_DOWNLOAD_DIR}/ r,
owner /mnt/*/@{XDG_DOWNLOAD_DIR}/** rwl,
owner @{HOME}/@{XDG_DESKTOP_DIR}/ r, owner @{HOME}/@{XDG_DESKTOP_DIR}/ r,
owner @{HOME}/@{XDG_DESKTOP_DIR}/** rwl, owner @{HOME}/@{XDG_DESKTOP_DIR}/** rwl,

1
apparmor.d/groups/gpg/gpg
View File

@ -64,6 +64,7 @@ profile gpg @{exec_path} {
# Verify files # Verify files
owner @{HOME}/** r, owner @{HOME}/** r,
owner /mnt/*/** r,
owner /media/*/** r, owner /media/*/** r,
owner @{PROC}/@{pid}/task/@{tid}/stat rw, owner @{PROC}/@{pid}/task/@{tid}/stat rw,

1
apparmor.d/profiles-a-l/blkid
View File

@ -30,6 +30,7 @@ profile blkid @{exec_path} {
# Image files # Image files
@{HOME}/** r, @{HOME}/** r,
/media/*/** r, /media/*/** r,
/mnt/*/** r,
include if exists <local/blkid> include if exists <local/blkid>
} }