mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-22 09:55:36 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2024-02-15 00:19:13 +00:00
parent a334b461d0
commit 14fe43714a
Failed to generate hash of commit
12 changed files with 24 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/apps/calibre
View file

@ -15,9 +15,9 @@ include <tunables/global>
@{exec_path} += @{bin}/web2disk @{exec_path} += @{bin}/web2disk
profile calibre @{exec_path} { profile calibre @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/bus/org.a11y>
include <abstractions/bus-accessibility> include <abstractions/bus-accessibility>
include <abstractions/bus-session> include <abstractions/bus-session>
include <abstractions/bus/org.a11y>
include <abstractions/bus/org.gtk.vfs.MountTracker> include <abstractions/bus/org.gtk.vfs.MountTracker>
include <abstractions/chromium-common> include <abstractions/chromium-common>
include <abstractions/devices-usb> include <abstractions/devices-usb>

1
apparmor.d/groups/bus/dbus-daemon
View file

@ -27,6 +27,7 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) {
network bluetooth stream, network bluetooth stream,
network bluetooth seqpacket, network bluetooth seqpacket,
signal (receive) set=(cont term) peer=@{systemd_user},
signal (receive) set=(term hup kill) peer=at-spi-bus-launcher, signal (receive) set=(term hup kill) peer=at-spi-bus-launcher,
signal (receive) set=(term hup kill) peer=dbus-run-session, signal (receive) set=(term hup kill) peer=dbus-run-session,
signal (receive) set=(term hup kill) peer=gdm*, signal (receive) set=(term hup kill) peer=gdm*,

2
apparmor.d/groups/freedesktop/at-spi-bus-launcher
View file

@ -55,7 +55,7 @@ profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) {
@{sys}/module/apparmor/parameters/enabled r, @{sys}/module/apparmor/parameters/enabled r,
@{PROC}/@{pid}/cmdline r, @{PROC}/@{pid}/cmdline r,
@{PROC}/@{pid}/oom_score_adj r, @{PROC}/@{pid}/oom_score_adj rw,
@{PROC}/@{pids}/mounts r, @{PROC}/@{pids}/mounts r,
@{PROC}/1/cgroup r, @{PROC}/1/cgroup r,
owner @{PROC}/@{pid}/attr/apparmor/current r, owner @{PROC}/@{pid}/attr/apparmor/current r,

2
apparmor.d/groups/freedesktop/polkit-agent-helper
View file

@ -42,6 +42,8 @@ profile polkit-agent-helper @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/unix_chkpwd rPx,
owner @{HOME}/.xsession-errors w, owner @{HOME}/.xsession-errors w,
@{run}/faillock/[a-zA-z0-9]* rwk, @{run}/faillock/[a-zA-z0-9]* rwk,

8
apparmor.d/groups/freedesktop/pulseaudio
View file

@ -41,11 +41,9 @@ profile pulseaudio @{exec_path} {
network bluetooth stream, network bluetooth stream,
network bluetooth seqpacket, network bluetooth seqpacket,
dbus bind bus=session name=org.freedesktop.ReserveDevice1.Audio1, # dbus: own bus=session name=org.freedesktop.ReserveDevice1.Audio@{int}
# dbus: own bus=session name=org.PulseAudio1
dbus bind bus=session name=org.PulseAudio1, # dbus: own bus=session name=org.pulseaudio*
dbus bind bus=session name=org.pulseaudio*,
dbus receive bus=session dbus receive bus=session
interface=org.freedesktop.DBus.Introspectable interface=org.freedesktop.DBus.Introspectable

21
apparmor.d/groups/ubuntu/update-notifier
View file

@ -22,23 +22,16 @@ profile update-notifier @{exec_path} {
include <abstractions/openssl> include <abstractions/openssl>
include <abstractions/python> include <abstractions/python>
dbus receive bus=session path=/org/ayatana/NotificationItem{,/**} # dbus: talk bus=system name=org.debian.apt label=apt
interface={com.canonical.dbusmenu,org.freedesktop.DBus.Properties}
peer=(name=:*, label=gnome-shell),
dbus send bus=session path=/StatusNotifierWatcher # dbus receive bus=session path=/org/ayatana/NotificationItem{,/**}
interface=org.kde.StatusNotifierWatcher # interface={com.canonical.dbusmenu,org.freedesktop.DBus.Properties}
member=RegisterStatusNotifierItem # peer=(name=:*, label=gnome-shell),
peer=(name=:*, label=gnome-shell),
dbus send bus=system path=/org/debian/apt dbus receive bus=session path=/org/ayatana/NotificationItem/software_update_available
interface=org.debian.apt
member=GetActiveTransactions
peer=(name=:*, label=apt),
dbus send bus=system path=/org/debian/apt
interface=org.freedesktop.DBus.Properties interface=org.freedesktop.DBus.Properties
member=GetAll member={Get,GetAll}
peer=(name=:*, label=apt), peer=(name=:*, label=gnome-shell),
@{exec_path} mr, @{exec_path} mr,

1
apparmor.d/profiles-a-f/file-roller
View file

@ -11,6 +11,7 @@ profile file-roller @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/bus-accessibility> include <abstractions/bus-accessibility>
include <abstractions/bus-session> include <abstractions/bus-session>
include <abstractions/bus/org.a11y>
include <abstractions/dconf-write> include <abstractions/dconf-write>
include <abstractions/desktop> include <abstractions/desktop>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>

2
apparmor.d/profiles-g-l/grpck
View file

@ -8,7 +8,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = @{bin}/grpck @{exec_path} = @{bin}/grpck
profile grpck @{exec_path} { profile grpck @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>

2
apparmor.d/profiles-m-r/pwck
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = @{bin}/pwck @{exec_path} = @{bin}/pwck
profile pwck @{exec_path} { profile pwck @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/consoles> include <abstractions/consoles>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>

2
apparmor.d/profiles-s-z/snapd-aa-prompt-listener
View file

@ -16,6 +16,8 @@ profile snapd-aa-prompt-listener @{exec_path} {
@{lib_dirs}/snapd/info r, @{lib_dirs}/snapd/info r,
@{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
@{PROC}/cmdline r, @{PROC}/cmdline r,
include if exists <local/snapd-aa-prompt-listener> include if exists <local/snapd-aa-prompt-listener>

2
apparmor.d/profiles-s-z/spice-vdagent
View file

@ -42,7 +42,9 @@ profile spice-vdagent @{exec_path} flags=(attach_disconnected) {
/etc/pipewire/client.conf r, /etc/pipewire/client.conf r,
/var/lib/gdm{3,}/.config/pulse/cookie rk,
/var/lib/gdm{3,}/.config/user-dirs.dirs r, /var/lib/gdm{3,}/.config/user-dirs.dirs r,
/var/lib/nscd/passwd r, /var/lib/nscd/passwd r,
owner @{user_config_dirs}/user-dirs.dirs r, owner @{user_config_dirs}/user-dirs.dirs r,