diff --git a/apparmor.d/profiles-g-l/gimp b/apparmor.d/profiles-g-l/gimp new file mode 100644 index 00000000..bfdc6d64 --- /dev/null +++ b/apparmor.d/profiles-g-l/gimp @@ -0,0 +1,54 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/gimp{,-*} +profile gimp @{exec_path} { + include + include + include + include + include + include + + #aa:dbus talk bus=session name=org.gnome.Shell.Screenshot label=gnome-shell + #aa:dbus talk bus=session name=org.gtk.vfs label="gvfsd{,-*}" + + @{exec_path} mr, + + @{lib}/gimp/*/plug-ins/** rix, + + @{open_path} rPx -> child-open-help, + + /usr/share/gimp/{,**} r, + /usr/share/mypaint-data/{,**} r, + /usr/share/xml/iso-codes/{,**} r, + + /etc/gimp/{,**} r, + + owner @{user_documents_dirs}/{,**} rw, + owner @{user_pictures_dirs}/{,**} rw, + owner @{user_work_dirs}/{,**} rw, + + owner @{user_cache_dirs}/babl/{,**} rw, + owner @{user_cache_dirs}/gegl-*/{,**} r, + owner @{user_cache_dirs}/gegl-*/{,**} r, + owner @{user_cache_dirs}/gimp/{,**} rw, + owner @{user_cache_dirs}/GIMP/{,**} rw, + + owner @{user_config_dirs}/gimp/{,**} rw, + owner @{user_config_dirs}/GIMP/{,**} rw, + + owner @{user_share_dirs}/gegl-*/{,**} r, + owner @{user_share_dirs}/GIMP/{,**} rw, + + owner @{tmp}/gimp/{,**} rw, + + include if exists +} + +# vim:syntax=apparmor diff --git a/dists/flags/main.flags b/dists/flags/main.flags index f2091d4f..158f1079 100644 --- a/dists/flags/main.flags +++ b/dists/flags/main.flags @@ -134,6 +134,7 @@ gdm-generate-config complain gdm-runtime-config complain gdm-session attach_disconnected,complain gdm-xsession complain +gimp complain gmenudbusmenuproxy complain gnome-boxes complain gnome-browser-connector-host complain