mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-15 07:54:17 +01:00
feat(profiles): update kde group.
This commit is contained in:
Alexandre Pujol
parent
aea0034fcc
commit
0c151259d2
@ -15,6 +15,8 @@ profile gmenudbusmenuproxy @{exec_path} {
|
||||
include <abstractions/qt5>
|
||||
include <abstractions/X-strict>
|
||||
|
||||
ptrace (read) peer=kded5,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/hwdata/*.ids r,
|
||||
|
||||
@ -30,12 +30,12 @@ profile kactivitymanagerd @{exec_path} {
|
||||
|
||||
owner @{user_cache_dirs}/ksycoca5_* r,
|
||||
|
||||
owner @{user_config_dirs}/kactivitymanagerdrc r,
|
||||
owner @{user_config_dirs}/#@{int} rw,
|
||||
owner @{user_config_dirs}/kactivitymanagerdrc.lock rwk,
|
||||
owner @{user_config_dirs}/kactivitymanagerdrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
|
||||
owner @{user_config_dirs}/kdeglobals r,
|
||||
owner @{user_config_dirs}/menus/ r,
|
||||
owner @{user_config_dirs}/menus/applications-merged/ r,
|
||||
owner @{user_config_dirs}/menus/{,**} r,
|
||||
|
||||
owner @{user_share_dirs}/kactivitymanagerd/{,**} rwlk,
|
||||
owner @{user_share_dirs}/kservices5/{,**} r,
|
||||
|
||||
@ -17,28 +17,29 @@ profile kconf_update @{exec_path} {
|
||||
include <abstractions/perl>
|
||||
include <abstractions/python>
|
||||
include <abstractions/qt5>
|
||||
include <abstractions/vulkan>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/{,ba,da}sh rix,
|
||||
@{bin}/grep rix,
|
||||
@{bin}/{,p}grep rix,
|
||||
@{bin}/python3.[0-9]* rix,
|
||||
@{bin}/qtpaths rix,
|
||||
@{bin}/sed rix,
|
||||
|
||||
@{lib}/kconf_update_bin/breeze* rix,
|
||||
@{lib}/kconf_update_bin/konsole_show_menubar rix,
|
||||
@{lib}/kconf_update_bin/krunnerglobalshortcuts rix,
|
||||
@{lib}/kconf_update_bin/krunnerhistory rix,
|
||||
@{lib}/kconf_update_bin/plasmashell-* rix,
|
||||
/usr/share/kconf_update/kcminputrc_migrate_repeat_value.py rix,
|
||||
/usr/share/kconf_update/konsole_add_hamburgermenu_to_toolbar.sh rix,
|
||||
@{lib}/kconf_update_bin/* rix,
|
||||
/usr/share/kconf_update/*.py rix,
|
||||
/usr/share/kconf_update/*.sh rix,
|
||||
|
||||
/usr/share/kconf_update/{,**} r,
|
||||
/usr/share/icu/@{int}.@{int}/*.dat r,
|
||||
/usr/share/kconf_update/{,**} r,
|
||||
/usr/share/kglobalaccel/org.kde.krunner.desktop r,
|
||||
|
||||
/etc/machine-id r,
|
||||
/etc/xdg/kdeglobals r,
|
||||
/etc/xdg/konsolerc r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/#@{int} rw,
|
||||
owner @{user_config_dirs}/akregatorrc.lock rwk,
|
||||
@ -79,6 +80,8 @@ profile kconf_update @{exec_path} {
|
||||
owner @{user_config_dirs}/plasmashellrc r,
|
||||
|
||||
owner @{user_share_dirs}/#@{int} rw,
|
||||
owner @{user_share_dirs}/krunnerstaterc.lock rwk,
|
||||
owner @{user_share_dirs}/krunnerstaterc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
|
||||
owner /tmp/#@{int} rw,
|
||||
owner /tmp/kconf_update.@{rand6}.lock rwk,
|
||||
|
||||
@ -11,6 +11,7 @@ profile kded5 @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/audio>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/dri-common>
|
||||
include <abstractions/dri-enumerate>
|
||||
@ -38,7 +39,7 @@ profile kded5 @{exec_path} {
|
||||
member=PropertiesChanged
|
||||
peer=(name=:*),
|
||||
|
||||
@{exec_path} mr,
|
||||
@{exec_path} mrix,
|
||||
|
||||
@{bin}/kcminit rPx,
|
||||
@{bin}/pgrep rCx -> pgrep,
|
||||
@ -76,7 +77,7 @@ profile kded5 @{exec_path} {
|
||||
owner @{user_config_dirs}/bluedevilglobalrc.lock rwk,
|
||||
owner @{user_config_dirs}/bluedevilglobalrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/gtk-{3,4}.0/{,**} rwl,
|
||||
owner @{user_config_dirs}/gtk-{3,4}/settings.ini.lock rk,
|
||||
owner @{user_config_dirs}/gtk-{3,4}.0/settings.ini.lock rk,
|
||||
owner @{user_config_dirs}/kcminputrc r,
|
||||
owner @{user_config_dirs}/kconf_updaterc rw,
|
||||
owner @{user_config_dirs}/kconf_updaterc.lock rwk,
|
||||
@ -87,12 +88,12 @@ profile kded5 @{exec_path} {
|
||||
owner @{user_config_dirs}/kded5rc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/kdedefaults/{,**} r,
|
||||
owner @{user_config_dirs}/kdeglobals r,
|
||||
owner @{user_config_dirs}/kwalletrc r,
|
||||
owner @{user_config_dirs}/khotkeysrc{,.@{rand6}} rw,
|
||||
owner @{user_config_dirs}/khotkeysrc.@{rand6} l -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/khotkeysrc.lock rwk,
|
||||
owner @{user_config_dirs}/khotkeysrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/kioslaverc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/ktimezonedrc r,
|
||||
owner @{user_config_dirs}/ktimezonedrc.lock rwk,
|
||||
owner @{user_config_dirs}/ktimezonedrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/kwalletrc r,
|
||||
owner @{user_config_dirs}/kwinrc.lock rwk,
|
||||
owner @{user_config_dirs}/kwinrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/kxkbrc r,
|
||||
|
||||
@ -11,11 +11,12 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dri-common>
|
||||
include <abstractions/dri-enumerate>
|
||||
include <abstractions/fontconfig-cache-write>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/freedesktop.org>
|
||||
include <abstractions/freedesktop.org>
|
||||
include <abstractions/mesa>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/freedesktop.org>
|
||||
include <abstractions/vulkan>
|
||||
include <abstractions/wayland>
|
||||
|
||||
@ -61,12 +62,10 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
|
||||
|
||||
owner /var/lib/sddm/.config/#@{int} rw,
|
||||
owner /var/lib/sddm/.config/kdeglobals r,
|
||||
owner /var/lib/sddm/.config/kglobalshortcutsrc rw,
|
||||
owner /var/lib/sddm/.config/kglobalshortcutsrc.lock rwk,
|
||||
owner /var/lib/sddm/.config/kglobalshortcutsrc.@{rand6} rwl -> /var/lib/sddm/.config/#@{int},
|
||||
owner /var/lib/sddm/.config/kwinrc rw,
|
||||
owner /var/lib/sddm/.config/kglobalshortcutsrc{,.@{rand6}} rwl -> /var/lib/sddm/.config/#@{int},
|
||||
owner /var/lib/sddm/.config/kwinrc.lock rwk,
|
||||
owner /var/lib/sddm/.config/kwinrc.@{rand6} rwl -> /var/lib/sddm/.config/#@{int},
|
||||
owner /var/lib/sddm/.config/kwinrc{,.@{rand6}} rwl -> /var/lib/sddm/.config/#@{int},
|
||||
|
||||
owner @{user_cache_dirs}/{,plasma-svgelements} r,
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
@ -81,8 +80,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
|
||||
owner @{user_config_dirs}/kglobalshortcutsrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/kglobalshortcutsrc.lock rwk,
|
||||
owner @{user_config_dirs}/kscreenlockerrc r,
|
||||
owner @{user_config_dirs}/kwinrc rw,
|
||||
owner @{user_config_dirs}/kwinrc.@{rand6} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/kwinrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/kwinrc.lock rwk,
|
||||
owner @{user_config_dirs}/kwinrulesrc r,
|
||||
owner @{user_config_dirs}/kxkbrc r,
|
||||
@ -98,17 +96,16 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
|
||||
|
||||
@{run}/udev/data/+acpi:* r, # for ACPI
|
||||
@{run}/udev/data/+dmi* r, # for ?
|
||||
@{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
|
||||
@{run}/udev/data/+platform:* r, # for ?
|
||||
|
||||
@{run}/udev/data/c13:@{int} r, # for /dev/input/*
|
||||
@{run}/udev/data/c226:@{int} r, # for /dev/dri/card*
|
||||
|
||||
@{run}/udev/data/+hid:* r, # for HID subsystem
|
||||
@{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
|
||||
@{run}/udev/data/+pci:* r,
|
||||
@{run}/udev/data/+platform:* r, # for ?
|
||||
@{run}/udev/data/+sound:card@{int} r,
|
||||
@{run}/udev/data/+usb:* r,
|
||||
|
||||
@{run}/udev/data/c13:@{int} r, # for /dev/input/*
|
||||
@{run}/udev/data/c189:@{int} r, # for /dev/bus/usb/**
|
||||
@{run}/udev/data/c226:@{int} r, # for /dev/dri/card*
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
|
||||
|
||||
@ -56,9 +56,9 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
|
||||
@{lib}/kf5/kioslave5 rPx,
|
||||
@{lib}/kf5/kdesu{,d} rix,
|
||||
@{bin}/dolphin rPUx, # TODO: rPx,
|
||||
@{bin}/ksysguardd rix,
|
||||
@{bin}/ksysguardd rix,
|
||||
@{bin}/plasma-discover rPUx,
|
||||
@{bin}/xrdb rPx,
|
||||
@{bin}/xrdb rPx,
|
||||
|
||||
/usr/share/akonadi/firstrun/{,*} r,
|
||||
/usr/share/akonadi/plugins/serializer/{,*.desktop} r,
|
||||
@ -72,9 +72,11 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
|
||||
/usr/share/kservices5/{,**} r,
|
||||
/usr/share/kservicetypes5/{,**} r,
|
||||
/usr/share/lshw/artwork/logo.svg r,
|
||||
/usr/share/metainfo/{,**} r,
|
||||
/usr/share/mime/{,**} r,
|
||||
/usr/share/plasma/{,**} r,
|
||||
/usr/share/solid/actions/{,**} r,
|
||||
/usr/share/swcatalog/{,**} r,
|
||||
/usr/share/templates/{,*.desktop} r,
|
||||
/usr/share/wallpapers/{,**} r,
|
||||
|
||||
@ -96,16 +98,19 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
|
||||
|
||||
owner @{user_cache_dirs}/ r,
|
||||
owner @{user_cache_dirs}/#@{int} rwk,
|
||||
owner @{user_cache_dirs}/appstream/ rw,
|
||||
owner @{user_cache_dirs}/appstream/*.xb rw,
|
||||
owner @{user_cache_dirs}/bookmarksrunner/ rw,
|
||||
owner @{user_cache_dirs}/bookmarksrunner/** rwkl -> @{user_cache_dirs}/bookmarksrunner/#@{int},
|
||||
owner @{user_cache_dirs}/event-sound-cache.tdb.@{md5}.x86_64-pc-linux-gnu rwk,
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_cache_dirs}/ksycoca5_* rwlk -> @{user_cache_dirs}/#@{int},
|
||||
owner @{user_cache_dirs}/org.kde.dirmodel-qml.kcache rw,
|
||||
owner @{user_cache_dirs}/plasma_theme_*.kcache rw,
|
||||
owner @{user_cache_dirs}/plasma-svgelements{,.@{rand6}} rwlk -> @{user_cache_dirs}/#@{int},
|
||||
owner @{user_cache_dirs}/plasma-svgelements.lock rwk,
|
||||
owner @{user_cache_dirs}/plasmashell/qmlcache/{,**} rwl,
|
||||
owner @{user_cache_dirs}/bookmarksrunner/ rw,
|
||||
owner @{user_cache_dirs}/bookmarksrunner/** rwkl -> @{user_cache_dirs}/bookmarksrunner/#@{int},
|
||||
owner @{user_cache_dirs}/plasma-svgelements{,.@{rand6}} rwlk -> @{user_cache_dirs}/#@{int},
|
||||
owner @{user_cache_dirs}/plasmashell/ rw,
|
||||
owner @{user_cache_dirs}/plasmashell/** rwkl -> @{user_cache_dirs}/plasmashell/**,
|
||||
|
||||
owner @{user_config_dirs}/{KDE,kde.org}/ rw,
|
||||
owner @{user_config_dirs}/{KDE,kde.org}/** rwkl -> @{user_config_dirs}/{KDE,kde.org}/#@{int},
|
||||
@ -113,21 +118,19 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
|
||||
owner @{user_config_dirs}/#@{int} rwk,
|
||||
owner @{user_config_dirs}/akonadi* r,
|
||||
owner @{user_config_dirs}/akonadi/akonadi*rc r,
|
||||
owner @{user_config_dirs}/baloofilerc r,
|
||||
owner @{user_config_dirs}/baloofileinformationrc r,
|
||||
owner @{user_config_dirs}/baloofilerc r,
|
||||
owner @{user_config_dirs}/dolphinrc r,
|
||||
owner @{user_config_dirs}/eventviewsrc r,
|
||||
owner @{user_config_dirs}/kactivitymanagerd-statsrc r,
|
||||
owner @{user_config_dirs}/kactivitymanagerd-switcher rw,
|
||||
owner @{user_config_dirs}/kactivitymanagerd-switcher.lock rwk,
|
||||
owner @{user_config_dirs}/kactivitymanagerd-switcher.* rwl,
|
||||
owner @{user_config_dirs}/kactivitymanagerd-*.lock rwk,
|
||||
owner @{user_config_dirs}/kactivitymanagerd-*{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/kcookiejarrc r,
|
||||
owner @{user_config_dirs}/kdedefaults/* r,
|
||||
owner @{user_config_dirs}/kdeglobals r,
|
||||
owner @{user_config_dirs}/kdiff3fileitemactionrc r,
|
||||
owner @{user_config_dirs}/kioslaverc r,
|
||||
owner @{user_config_dirs}/klipperrc r,
|
||||
owner @{user_config_dirs}/kmail2.notifyrc r,
|
||||
owner @{user_config_dirs}/kcookiejarrc r,
|
||||
owner @{user_config_dirs}/korganizerrc r,
|
||||
owner @{user_config_dirs}/krunnerrc r,
|
||||
owner @{user_config_dirs}/ksmserverrc r,
|
||||
@ -154,7 +157,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
|
||||
owner @{user_share_dirs}/ktp/cache.db rwk,
|
||||
owner @{user_share_dirs}/plasma_icons/*.desktop r,
|
||||
owner @{user_share_dirs}/plasma/plasmoids/{,**} r,
|
||||
owner @{user_share_dirs}/user-places.xbel r,
|
||||
owner @{user_share_dirs}/user-places.xbel{,*} rwl -> @{user_share_dirs}/#@{int},
|
||||
|
||||
owner /tmp/#@{int} rw,
|
||||
|
||||
|
||||
@ -41,7 +41,7 @@ profile startplasma @{exec_path} {
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{user_cache_dirs}/#@{int} rw,
|
||||
owner @{user_cache_dirs}/kcrash-metadata/ rw,
|
||||
owner @{user_cache_dirs}/ksycoca5* rwkl -> @{user_cache_dirs}/#@{int},
|
||||
owner @{user_cache_dirs}/ksycoca5_* rwkl -> @{user_cache_dirs}/#@{int},
|
||||
owner @{user_cache_dirs}/plasma-svgelements rw,
|
||||
|
||||
owner @{user_config_dirs}/#@{int} rw,
|
||||
@ -50,7 +50,8 @@ profile startplasma @{exec_path} {
|
||||
owner @{user_config_dirs}/kcminputrc r,
|
||||
owner @{user_config_dirs}/kdedefaults/ rw,
|
||||
owner @{user_config_dirs}/kdedefaults/** rwkl -> @{user_config_dirs}/kdedefaults/**,
|
||||
owner @{user_config_dirs}/kdeglobals* rwl,
|
||||
owner @{user_config_dirs}/kdeglobals.lock rwk,
|
||||
owner @{user_config_dirs}/kdeglobals{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/ksplashrc r,
|
||||
owner @{user_config_dirs}/kwinkdeglobalsrc.lock rwk,
|
||||
owner @{user_config_dirs}/menus/{,**.menu} r,
|
||||
@ -60,13 +61,13 @@ profile startplasma @{exec_path} {
|
||||
owner @{user_config_dirs}/startkderc r,
|
||||
owner @{user_config_dirs}/Trolltech.conf rwl,
|
||||
owner @{user_config_dirs}/Trolltech.conf.lock rwk,
|
||||
owner @{user_share_dirs}/kservices5/{,**} r,
|
||||
|
||||
owner @{user_share_dirs}/sddm/xorg-session.log rw,
|
||||
owner @{user_share_dirs}/kservices5/{,**} r,
|
||||
owner @{user_share_dirs}/sddm/wayland-session.log rw,
|
||||
owner @{user_share_dirs}/sddm/xorg-session.log rw,
|
||||
|
||||
owner /tmp/#@{int} rw,
|
||||
owner /tmp/startplasma-x11.@{rand6} rwl,
|
||||
owner /tmp/startplasma-{x11,wayland}.@{rand6} rwl -> /tmp/#@{int},
|
||||
|
||||
owner @{run}/user/@{uid}/ r,
|
||||
@{run}/user/@{uid}/xauth_@{rand6} rl,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user