Add /mnt as possible mount point.

2024-11-14 23:43:56 +01:00 · 2021-04-01 21:56:33 +01:00 · 2021-04-01 21:56:33 +01:00 · 0ad600f90f
commit 0ad600f90f
parent 84f24133e9
4 changed files with 22 additions and 17 deletions
--- a/apparmor.d/abstractions/trash
+++ b/apparmor.d/abstractions/trash
@ -23,22 +23,22 @@
  owner @{user_share_dirs}/Trash/expunged/[0-9]* rw,

  # Partitions' trash location when the admin creates the .Trash/ folder in the top lvl dir
-  owner /media/*/.Trash/ rw,
-  owner /media/*/.Trash/[0-9]*/ rw,
-  owner /media/*/.Trash/[0-9]*/#[0-9]*[0-9] rw,
-  owner /media/*/.Trash/[0-9]*/directorysizes{,.*} rwl -> /media/*/.Trash/[0-9]*/#[0-9]*[0-9],
-  owner /media/*/.Trash/[0-9]*/files/{,**} rw,
-  owner /media/*/.Trash/[0-9]*/info/ rw,
-  owner /media/*/.Trash/[0-9]*/info/*.trashinfo{,.*} rw,
-  owner /media/*/.Trash/[0-9]*/expunged/ rw,
-  owner /media/*/.Trash/[0-9]*/expunged/[0-9]* rw,
+  owner /{media,mnt}/*/.Trash/ rw,
+  owner /{media,mnt}/*/.Trash/[0-9]*/ rw,
+  owner /{media,mnt}/*/.Trash/[0-9]*/#[0-9]*[0-9] rw,
+  owner /{media,mnt}/*/.Trash/[0-9]*/directorysizes{,.*} rwl -> /{media,mnt}/*/.Trash/[0-9]*/#[0-9]*[0-9],
+  owner /{media,mnt}/*/.Trash/[0-9]*/files/{,**} rw,
+  owner /{media,mnt}/*/.Trash/[0-9]*/info/ rw,
+  owner /{media,mnt}/*/.Trash/[0-9]*/info/*.trashinfo{,.*} rw,
+  owner /{media,mnt}/*/.Trash/[0-9]*/expunged/ rw,
+  owner /{media,mnt}/*/.Trash/[0-9]*/expunged/[0-9]* rw,

  # Partitions' trash location when the admin doesn't create the .Trash/ folder in the top lvl dir
-  owner /media/*/.Trash-[0-9]*/ rw,
-  owner /media/*/.Trash-[0-9]*/#[0-9]*[0-9] rw,
-  owner /media/*/.Trash-[0-9]*/directorysizes{,.*} rwl -> /media/*/.Trash-[0-9]*/#[0-9]*[0-9],
-  owner /media/*/.Trash-[0-9]*/files/{,**} rw,
-  owner /media/*/.Trash-[0-9]*/info/ rw,
-  owner /media/*/.Trash-[0-9]*/info/*.trashinfo{,.*} rw,
-  owner /media/*/.Trash-[0-9]*/expunged/ rw,
-  owner /media/*/.Trash-[0-9]*/expunged/[0-9]* rw,
+  owner /{media,mnt}/*/.Trash-[0-9]*/ rw,
+  owner /{media,mnt}/*/.Trash-[0-9]*/#[0-9]*[0-9] rw,
+  owner /{media,mnt}/*/.Trash-[0-9]*/directorysizes{,.*} rwl -> /{media,mnt}/*/.Trash-[0-9]*/#[0-9]*[0-9],
+  owner /{media,mnt}/*/.Trash-[0-9]*/files/{,**} rw,
+  owner /{media,mnt}/*/.Trash-[0-9]*/info/ rw,
+  owner /{media,mnt}/*/.Trash-[0-9]*/info/*.trashinfo{,.*} rw,
+  owner /{media,mnt}/*/.Trash-[0-9]*/expunged/ rw,
+  owner /{media,mnt}/*/.Trash-[0-9]*/expunged/[0-9]* rw,
--- a/apparmor.d/abstractions/user-download-strict
+++ b/apparmor.d/abstractions/user-download-strict
@ -10,6 +10,9 @@
  owner /media/*/@{XDG_DOWNLOAD_DIR}/ r,
  owner /media/*/@{XDG_DOWNLOAD_DIR}/** rwl,

+  owner /mnt/*/@{XDG_DOWNLOAD_DIR}/ r,
+  owner /mnt/*/@{XDG_DOWNLOAD_DIR}/** rwl,
+
  owner @{HOME}/@{XDG_DESKTOP_DIR}/ r,
  owner @{HOME}/@{XDG_DESKTOP_DIR}/** rwl,

--- a/apparmor.d/groups/gpg/gpg
+++ b/apparmor.d/groups/gpg/gpg
@ -64,6 +64,7 @@ profile gpg @{exec_path} {

  # Verify files
  owner @{HOME}/** r,
+  owner /mnt/*/** r,
  owner /media/*/** r,

  owner @{PROC}/@{pid}/task/@{tid}/stat rw,
--- a/apparmor.d/profiles-a-l/blkid
+++ b/apparmor.d/profiles-a-l/blkid
@ -30,6 +30,7 @@ profile blkid @{exec_path} {
  # Image files
  @{HOME}/** r,
  /media/*/** r,
+  /mnt/*/** r,

  include if exists <local/blkid>
 }