mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-14 23:43:56 +01:00
feat(profile): general update.
This commit is contained in:
Alexandre Pujol
parent
43ab1d064d
commit
197c1bd78a
@ -11,8 +11,6 @@ profile default-sudo @{exec_path} {
|
||||
include <abstractions/app/sudo>
|
||||
|
||||
capability chown,
|
||||
capability dac_override,
|
||||
capability dac_read_search,
|
||||
capability mknod,
|
||||
capability sys_ptrace,
|
||||
|
||||
@ -21,7 +19,6 @@ profile default-sudo @{exec_path} {
|
||||
|
||||
ptrace (read),
|
||||
|
||||
@{bin}/sudo mr,
|
||||
@{bin}/su mr,
|
||||
|
||||
@{bin}/** Px,
|
||||
@ -31,20 +28,13 @@ profile default-sudo @{exec_path} {
|
||||
/var/db/sudo/lectured/ r,
|
||||
/var/lib/extrausers/shadow r,
|
||||
/var/lib/sudo/lectured/ r,
|
||||
/var/lib/sudo/ts/ rw,
|
||||
/var/lib/sudo/ts/* rwk,
|
||||
/var/log/sudo.log wk,
|
||||
owner /var/db/sudo/lectured/@{uid} rw,
|
||||
owner /var/lib/sudo/lectured/* rw,
|
||||
|
||||
owner @{HOME}/.sudo_as_admin_successful rw,
|
||||
|
||||
@{run}/ r,
|
||||
@{run}/faillock/{,*} rwk,
|
||||
@{run}/systemd/sessions/* r,
|
||||
owner @{run}/sudo/ rw,
|
||||
owner @{run}/sudo/ts/ rw,
|
||||
owner @{run}/sudo/ts/* rwk,
|
||||
@{run}/ r,
|
||||
@{run}/systemd/sessions/* r,
|
||||
|
||||
include if exists <local/default-sudo>
|
||||
}
|
||||
@ -17,13 +17,10 @@ profile signal-desktop @{exec_path} {
|
||||
include <abstractions/audio-client>
|
||||
include <abstractions/common/chromium>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/desktop>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/freedesktop.org>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/mesa>
|
||||
include <abstractions/graphics>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/opencl-intel>
|
||||
include <abstractions/user-download-strict>
|
||||
|
||||
# Needed?
|
||||
@ -60,11 +57,6 @@ profile signal-desktop @{exec_path} {
|
||||
|
||||
@{run}/systemd/inhibit/*.ref rw,
|
||||
|
||||
@{sys}/devices/@{pci}/{irq,vendor,device} r,
|
||||
@{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r,
|
||||
@{sys}/devices/virtual/tty/tty@{int}/active r,
|
||||
@{sys}/fs/cgroup/** r,
|
||||
|
||||
@{PROC}/ r,
|
||||
@{PROC}/@{pids}/stat r,
|
||||
@{PROC}/sys/fs/inotify/max_user_watches r,
|
||||
|
||||
@ -34,12 +34,12 @@ profile firefox-crashreporter @{exec_path} flags=(attach_disconnected) {
|
||||
@{bin}/mv rix,
|
||||
|
||||
owner "@{config_dirs}/firefox/Crash Reports/{,**}" rw,
|
||||
owner @{config_dirs}/*.*/crashes/{,**} rw,
|
||||
owner @{config_dirs}/*.*/crashes/events/@{uuid} rw,
|
||||
owner @{config_dirs}/*.*/extensions/*.xpi r,
|
||||
owner @{config_dirs}/*.*/minidumps/{,**} rw,
|
||||
owner @{config_dirs}/*.*/minidumps//@{uuid}.{dmp,extra} r,
|
||||
owner @{config_dirs}/*.*/storage/default/* r,
|
||||
owner @{config_dirs}/firefox/*.*/crashes/{,**} rw,
|
||||
owner @{config_dirs}/firefox/*.*/crashes/events/@{uuid} rw,
|
||||
owner @{config_dirs}/firefox/*.*/extensions/*.xpi r,
|
||||
owner @{config_dirs}/firefox/*.*/minidumps/{,**} rw,
|
||||
owner @{config_dirs}/firefox/*.*/minidumps//@{uuid}.{dmp,extra} r,
|
||||
owner @{config_dirs}/firefox/*.*/storage/default/* r,
|
||||
|
||||
owner @{cache_dirs}/firefox/*.*/** r,
|
||||
|
||||
|
||||
@ -27,7 +27,7 @@ profile dbus-accessibility @{exec_path} flags=(attach_disconnected) {
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
|
||||
@{exec_path} mrix,
|
||||
|
||||
@{bin}/dbus-broker rix,
|
||||
|
||||
@ -23,12 +23,15 @@ profile dbus-system flags=(attach_disconnected) {
|
||||
capability net_admin,
|
||||
capability setgid,
|
||||
capability setuid,
|
||||
capability sys_ptrace,
|
||||
capability sys_resource,
|
||||
|
||||
network netlink raw,
|
||||
network bluetooth stream,
|
||||
network bluetooth seqpacket,
|
||||
|
||||
ptrace (read) peer=@{systemd},
|
||||
|
||||
dbus bus=system,
|
||||
|
||||
@{exec_path} mrix,
|
||||
@ -59,6 +62,9 @@ profile dbus-system flags=(attach_disconnected) {
|
||||
@{sys}/module/apparmor/parameters/enabled r,
|
||||
|
||||
@{PROC}/@{pid}/cmdline r,
|
||||
@{PROC}/@{pid}/environ r,
|
||||
@{PROC}/cmdline r,
|
||||
@{PROC}/sys/kernel/osrelease r,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
owner @{PROC}/@{pid}/oom_score_adj rw,
|
||||
|
||||
@ -22,8 +22,5 @@ profile dconf-editor @{exec_path} {
|
||||
owner @{user_config_dirs}/glib-2.0/settings/keyfile rw,
|
||||
owner @{user_config_dirs}/glib-2.0/settings/.goutputstream-@{rand6} rw,
|
||||
|
||||
owner @{HOME}/.Xauthority r,
|
||||
owner /dev/tty@{int} rw,
|
||||
|
||||
include if exists <local/dconf-editor>
|
||||
}
|
||||
|
||||
@ -28,7 +28,6 @@ profile update-desktop-database @{exec_path} flags=(attach_disconnected) {
|
||||
/var/lib/snapd/desktop/applications/mimeinfo.cache w,
|
||||
|
||||
owner @{user_share_dirs}/.mimeinfo.cache.* rw,
|
||||
owner @{user_share_dirs}/{,**/} r,
|
||||
owner @{user_share_dirs}/**.desktop r,
|
||||
owner @{user_share_dirs}/applications/.mimeinfo.cache.* rw,
|
||||
owner @{user_share_dirs}/applications/mimeinfo.cache w,
|
||||
@ -37,6 +36,7 @@ profile update-desktop-database @{exec_path} flags=(attach_disconnected) {
|
||||
# Inherit silencer
|
||||
deny network inet6 stream,
|
||||
deny network inet stream,
|
||||
deny network netlink raw,
|
||||
|
||||
include if exists <local/update-desktop-database>
|
||||
}
|
||||
|
||||
@ -59,10 +59,9 @@ profile xdg-settings @{exec_path} {
|
||||
@{bin}/dbus-send mr,
|
||||
@{bin}/dbus-daemon rPx,
|
||||
|
||||
# for dbus-launch
|
||||
owner @{HOME}/.dbus/session-bus/@{hex}-[0-9] w,
|
||||
|
||||
@{HOME}/.Xauthority r,
|
||||
include if exists <local/xdg-settings_dbus>
|
||||
}
|
||||
|
||||
include if exists <local/xdg-settings>
|
||||
|
||||
@ -11,13 +11,11 @@ profile epiphany-search-provider @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/enchant>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/gnome-strict>
|
||||
include <abstractions/graphics>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/p11-kit>
|
||||
include <abstractions/ssl_certs>
|
||||
include <abstractions/X-strict>
|
||||
|
||||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
|
||||
@ -21,6 +21,7 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
|
||||
capability kill,
|
||||
capability net_admin,
|
||||
capability sys_nice,
|
||||
capability sys_tty_config,
|
||||
|
||||
network netlink raw,
|
||||
|
||||
@ -32,6 +33,7 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
|
||||
signal (send) set=(term) peer=gdm-session-worker,
|
||||
signal (send) set=(term) peer=gdm-session,
|
||||
signal (send) set=(term) peer=gnome-session-binary,
|
||||
signal (send) set=(term) peer=jackdbus,
|
||||
signal (send) set=(term) peer=tracker-miner,
|
||||
signal (send) set=(term) peer=xdg-*,
|
||||
signal (send) set=(term) peer=xorg,
|
||||
@ -52,10 +54,12 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
|
||||
@{exec_path} mr,
|
||||
|
||||
@{sh_path} rix,
|
||||
@{bin}/chvt rix,
|
||||
@{bin}/pidof rPx,
|
||||
@{bin}/plymouth rPx,
|
||||
@{bin}/prime-switch rPUx,
|
||||
@{bin}/sleep rix,
|
||||
@{bin}/systemd-cat rPx,
|
||||
@{lib}/{,gdm/}gdm-session-worker rPx,
|
||||
/etc/gdm{3,}/PrimeOff/Default rix,
|
||||
|
||||
@ -70,7 +74,10 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
|
||||
/etc/sysconfig/displaymanager r,
|
||||
/etc/sysconfig/windowmanager r,
|
||||
|
||||
/var/{lib,log}/gdm{3,}/ rw,
|
||||
/var/lib/gdm{3,}/ rw,
|
||||
/var/lib/gdm{3,}/block-initial-setup rw,
|
||||
|
||||
/var/log/gdm{3,}/ rw,
|
||||
|
||||
owner @{GDM_HOME}/block-initial-setup rw,
|
||||
|
||||
@ -81,6 +88,8 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
|
||||
owner @{run}/gdm{3,}.pid rw,
|
||||
owner @{run}/gdm{3,}/ rw,
|
||||
owner @{run}/gdm{3,}/custom.conf r,
|
||||
owner @{run}/gdm{3,}/dbus/ w,
|
||||
owner @{run}/gdm{3,}/dbus/dbus-@{rand8} w,
|
||||
owner @{run}/gdm{3,}/gdm.pid rw,
|
||||
|
||||
@{run}/udev/data/+drm:card@{int}-* r, # For screen outputs
|
||||
@ -92,6 +101,7 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
|
||||
@{sys}/devices/**/uevent r,
|
||||
@{sys}/devices/@{pci}/boot_vga r,
|
||||
@{sys}/devices/virtual/tty/tty@{int}/active r,
|
||||
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/session-@{int}.scope/cgroup.events r,
|
||||
|
||||
@{PROC}/@{pid}/cgroup r,
|
||||
@{PROC}/1/environ r,
|
||||
|
||||
@ -52,7 +52,7 @@ profile gdm-session @{exec_path} {
|
||||
|
||||
owner @{gdm_cache_dirs}/gdm/ rw,
|
||||
owner @{gdm_cache_dirs}/gdm/Xauthority rw,
|
||||
owner @{gdm_config_dirs}/.config/dconf/user r,
|
||||
owner @{gdm_config_dirs}/dconf/user r,
|
||||
owner @{GDM_HOME}/greeter-dconf-defaults r,
|
||||
|
||||
owner @{run}/gdm{3,}/custom.conf r,
|
||||
|
||||
@ -69,6 +69,11 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
|
||||
/usr/share/wayland-sessions/*.desktop r,
|
||||
/usr/share/xsessions/gnome-xorg.desktop r,
|
||||
|
||||
# Add user; set password on first login
|
||||
/etc/.pwd.lock wk,
|
||||
/etc/nshadow rw,
|
||||
/etc/shadow w,
|
||||
|
||||
@{etc_ro}/environment r,
|
||||
@{etc_ro}/security/limits.d/{,*.conf} r,
|
||||
/etc/default/locale r,
|
||||
@ -93,30 +98,28 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
|
||||
owner @{run}/systemd/seats/seat@{int} r,
|
||||
owner @{run}/user/@{uid}/keyring/control rw,
|
||||
|
||||
@{run}/gdm{3,}/custom.conf r,
|
||||
owner @{run}/gdm{3,}/dbus/ w,
|
||||
owner @{run}/gdm{3,}/dbus/dbus-@{rand8} w,
|
||||
|
||||
@{run}/cockpit/active.motd r,
|
||||
@{run}/faillock/[a-zA-z0-9]* rwk,
|
||||
@{run}/gdm{3,}/custom.conf r,
|
||||
@{run}/motd.d/{,*} r,
|
||||
@{run}/systemd/sessions/* r,
|
||||
@{run}/systemd/sessions/*.ref rw,
|
||||
@{run}/systemd/users/@{uid} r,
|
||||
@{run}/utmp rwk,
|
||||
|
||||
@{PROC}/@{pids}/cgroup r,
|
||||
@{PROC}/1/limits r,
|
||||
@{PROC}/keys r,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
owner @{PROC}/@{pid}/loginuid rw,
|
||||
owner @{PROC}/@{pid}/task/@{tid}/attr/exec rw,
|
||||
owner @{PROC}/@{pid}/uid_map r,
|
||||
@{PROC}/@{pids}/cgroup r,
|
||||
@{PROC}/1/limits r,
|
||||
@{PROC}/keys r,
|
||||
|
||||
/dev/tty rw,
|
||||
/dev/tty@{int} rw,
|
||||
|
||||
# Add user; set password on first login
|
||||
/etc/.pwd.lock wk,
|
||||
/etc/nshadow rw,
|
||||
/etc/shadow w,
|
||||
|
||||
include if exists <local/gdm-session-worker>
|
||||
}
|
||||
|
||||
@ -9,12 +9,10 @@ include <tunables/global>
|
||||
@{exec_path} = @{bin}/gkbd-keyboard-display
|
||||
profile gkbd-keyboard-display @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/gnome-strict>
|
||||
include <abstractions/dconf-write>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/X11/{,**} r,
|
||||
|
||||
include if exists <local/gkbd-keyboard-display>
|
||||
}
|
||||
@ -60,6 +60,8 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
|
||||
/usr/share/language-tools/language2locale rix,
|
||||
/usr/share/language-tools/language-options rPUx,
|
||||
|
||||
@{open_path} rPx -> child-open-browsers,
|
||||
|
||||
/opt/**/share/icons/{,**} r,
|
||||
/snap/*/@{int}/**.png r,
|
||||
/usr/share/backgrounds/{,**} r,
|
||||
@ -99,6 +101,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
|
||||
owner @{user_cache_dirs}/gnome-control-center/{,**} rw,
|
||||
owner @{user_cache_dirs}/thumbnails/{,**} rw,
|
||||
|
||||
owner @{user_config_dirs}/background rw,
|
||||
owner @{user_config_dirs}/gnome-control-center/{,**} rw,
|
||||
owner @{user_config_dirs}/ibus/bus/ r,
|
||||
owner @{user_config_dirs}/ibus/bus/@{hex32}-unix-{,wayland-}@{int} r,
|
||||
|
||||
@ -17,6 +17,7 @@ profile gnome-desktop-thumbnailers flags=(attach_disconnected) {
|
||||
@{bin}/bwrap mr,
|
||||
@{bin}/*-thumbnailer rix,
|
||||
|
||||
/usr/share/ladspa/rdf/{,**} r,
|
||||
/usr/share/poppler/{,**} r,
|
||||
|
||||
owner @{user_cache_dirs}/gnome-desktop-thumbnailer/{,**} rw,
|
||||
|
||||
@ -76,7 +76,6 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
||||
@{etc_ro}/xdg/autostart/{,*.desktop} r,
|
||||
|
||||
owner @{gdm_cache_dirs}/gdm/Xauthority r,
|
||||
owner @{gdm_cache_dirs}/mesa_shader_cache/index rw,
|
||||
owner @{gdm_config_dirs}/dconf/user rw,
|
||||
owner @{gdm_config_dirs}/gnome-session/ rw,
|
||||
owner @{gdm_config_dirs}/gnome-session/saved-session/ rw,
|
||||
@ -140,7 +139,6 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
||||
@{lib}/{,at-spi2{,-core}/}at-spi-bus-launcher rPx,
|
||||
@{lib}/{,gnome-shell/}gnome-shell-overrides-migration.sh rPx,
|
||||
@{lib}/@{multiarch}/xapps/sn-watcher/xapp-sn-watcher rPUx,
|
||||
@{lib}/baloo_file rPx,
|
||||
@{lib}/caribou/caribou rPUx,
|
||||
@{lib}/deja-dup/deja-dup-monitor rPx,
|
||||
@{lib}/gsd-disk-utility-notify rPx,
|
||||
@ -149,6 +147,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
||||
@{thunderbird_path} rPx,
|
||||
/usr/share/libpam-kwallet-common/pam_kwallet_init rPUx,
|
||||
|
||||
#aa:exec baloo
|
||||
#aa:exec evolution-alarm-notify
|
||||
@{lib}/kdeconnectd rPUx,
|
||||
@{lib}/@{multiarch}/{,libexec/}kdeconnectd rPUx,
|
||||
|
||||
@ -87,6 +87,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||
|
||||
# Talk with gnome-shell
|
||||
|
||||
#aa:dbus talk bus=system name=org.freedesktop.ColorManager label=colord
|
||||
#aa:dbus talk bus=system name=org.gnome.DisplayManager label=gdm
|
||||
|
||||
#aa:dbus talk bus=session name=com.rastersoft.ding label=gnome-extension-ding
|
||||
@ -109,15 +110,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||
member={RegisterWithCapabilities,Unregister}
|
||||
peer=(name=:*, label=NetworkManager),
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/ColorManager
|
||||
interface=org.freedesktop.ColorManager
|
||||
member=DeleteDevice
|
||||
peer=(name=:*, label=colord),
|
||||
dbus receive bus=system path=/org/freedesktop/ColorManager
|
||||
interface=org.freedesktop.ColorManager
|
||||
member=ProfileAdded
|
||||
peer=(name=:*, label=colord),
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/login1/seat/seat@{int}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged
|
||||
@ -252,11 +244,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||
owner @{gdm_cache_dirs}/gstreamer-@{int}/registry.*.bin{,.tmp@{rand6}} rw,
|
||||
owner @{gdm_cache_dirs}/ibus/dbus-@{rand8} rw,
|
||||
owner @{gdm_cache_dirs}/libgweather/ r,
|
||||
owner @{gdm_cache_dirs}/mesa_shader_cache/ rw,
|
||||
owner @{gdm_cache_dirs}/mesa_shader_cache/@{h}@{h}/ rw,
|
||||
owner @{gdm_cache_dirs}/mesa_shader_cache/@{h}@{h}/@{hex} rw,
|
||||
owner @{gdm_cache_dirs}/mesa_shader_cache/@{h}@{h}/@{hex}.tmp rwk,
|
||||
owner @{gdm_cache_dirs}/mesa_shader_cache/index rw,
|
||||
owner @{gdm_config_dirs}/dconf/user r,
|
||||
owner @{gdm_config_dirs}/ibus/ rw,
|
||||
owner @{gdm_config_dirs}/ibus/bus/ rw,
|
||||
@ -314,7 +301,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||
|
||||
/tmp/.X@{int}-lock rw,
|
||||
/tmp/dbus-@{rand8} rw,
|
||||
owner /tmp/[0-9A-Z]*.shell-extension.zip rw,
|
||||
owner /tmp/@{rand6}.shell-extension.zip rw,
|
||||
owner /tmp/gdkpixbuf-xpm-tmp.@{rand6} rw,
|
||||
|
||||
@{run}/systemd/users/@{uid} r,
|
||||
|
||||
@ -11,13 +11,9 @@ profile kgx @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/dri-common>
|
||||
include <abstractions/dri-enumerate>
|
||||
include <abstractions/gnome-strict>
|
||||
include <abstractions/mesa>
|
||||
include <abstractions/graphics>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/nvidia>
|
||||
include <abstractions/vulkan>
|
||||
|
||||
capability sys_ptrace,
|
||||
|
||||
|
||||
@ -13,7 +13,7 @@ profile loupe @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/gnome-strict>
|
||||
include <abstractions/graphics>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/user-read>
|
||||
include <abstractions/trash-strict>
|
||||
|
||||
signal (send) set=(kill) peer=loupe//bwrap,
|
||||
|
||||
@ -23,6 +23,8 @@ profile loupe @{exec_path} flags=(attach_disconnected) {
|
||||
|
||||
/usr/share/glycin-loaders/{,**} r,
|
||||
|
||||
/ r,
|
||||
|
||||
@{sys}/fs/cgroup/user.slice/cpu.max r,
|
||||
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/cpu.max r,
|
||||
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/cpu.max r,
|
||||
|
||||
@ -27,9 +27,9 @@ profile org.gnome.NautilusPreviewer @{exec_path} {
|
||||
|
||||
@{open_path} rPx -> child-open,
|
||||
|
||||
/usr/share/ladspa/rdf/{,**} r,
|
||||
/usr/share/poppler/{,**} r,
|
||||
/usr/share/sushi/org.gnome.NautilusPreviewer.*.gresource r,
|
||||
/usr/share/ladspa/rdf/{,**} r,
|
||||
|
||||
/etc/machine-id r,
|
||||
|
||||
|
||||
@ -31,11 +31,23 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) {
|
||||
#aa:dbus own bus=session name=org.freedesktop.Tracker3.Miner.Files
|
||||
#aa:dbus own bus=session name=org.freedesktop.Tracker3.Miner.RSS
|
||||
|
||||
dbus receive bus=session path=/org/freedesktop/Tracker3/Endpoint
|
||||
interface=org.freedesktop.DBus.Peer
|
||||
member=Ping
|
||||
peer=(name=:*, label=nautilus),
|
||||
dbus receive bus=session path=/org/freedesktop/Tracker3/Endpoint
|
||||
interface=org.freedesktop.Tracker3.Endpoint
|
||||
member=Query
|
||||
peer=(name=:*, label=nautilus),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{lib}/tracker-extract-3 rix,
|
||||
|
||||
/usr/share/dconf/profile/gdm r,
|
||||
/usr/share/gdm/greeter/applications/{,mimeinfo.cache,*.list} r,
|
||||
/usr/share/gvfs/remote-volume-monitors/{,*.monitor} r,
|
||||
/usr/share/ladspa/rdf/{,**} r,
|
||||
/usr/share/tracker3-miners/{,**} r,
|
||||
/usr/share/tracker3/{,**} r,
|
||||
|
||||
|
||||
@ -54,6 +54,7 @@ profile gpg @{exec_path} {
|
||||
owner /var/tmp/zypp.@{rand6}/ rw,
|
||||
owner /var/tmp/zypp.@{rand6}/** rwkl -> /var/tmp/zypp.@{rand6}/**,
|
||||
|
||||
#aa:exclude ubuntu
|
||||
owner /tmp/ostree-gpg-*/ r,
|
||||
owner /tmp/ostree-gpg-*/** rwkl -> /tmp/ostree-gpg-*/**,
|
||||
|
||||
|
||||
@ -8,7 +8,7 @@ abi <abi/3.0>,
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/konsole
|
||||
profile konsole @{exec_path} flags=(attach_disconnected) {
|
||||
profile konsole @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/audio-client>
|
||||
include <abstractions/bus-accessibility>
|
||||
|
||||
@ -16,10 +16,10 @@ profile pacman-hook-dkms @{exec_path} flags=(attach_disconnected) {
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/bash rix,
|
||||
@{bin}/dkms rPx,
|
||||
@{bin}/kmod rPx,
|
||||
@{bin}/nproc rix,
|
||||
@{sh_path} rix,
|
||||
@{bin}/dkms rPx,
|
||||
@{bin}/kmod rPx,
|
||||
@{bin}/nproc rix,
|
||||
|
||||
/usr/src/ r,
|
||||
/usr/src/**.conf r,
|
||||
|
||||
@ -83,8 +83,6 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
|
||||
@{etc_ro}/ssh/sshd_config.d/{,*} r,
|
||||
/etc/ssh/ssh_host_* r,
|
||||
|
||||
/var/lib/extrausers/shadow r,
|
||||
|
||||
# For scp
|
||||
owner @{user_download_dirs}/{,**} rwl,
|
||||
owner @{user_sync_dirs}/{,**} rwl,
|
||||
|
||||
@ -9,6 +9,7 @@ include <tunables/global>
|
||||
@{exec_path} = @{bin}/systemd-path
|
||||
profile systemd-path @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
||||
@ -39,6 +39,10 @@ profile update-notifier @{exec_path} {
|
||||
member={AboutToShow,GetGroupProperties,GetLayout}
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/org/ayatana/NotificationItem/*
|
||||
interface=org.kde.StatusNotifierItem
|
||||
peer=(name=org.freedesktop.DBus, label=gnome-shell),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{sh_path} rix,
|
||||
|
||||
@ -19,15 +19,6 @@ profile boltd @{exec_path} flags=(attach_disconnected) {
|
||||
|
||||
#aa:dbus own bus=system name=org.freedesktop.bolt
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/bolt
|
||||
interface=org.freedesktop.bolt1.Manager
|
||||
member=ListDevices
|
||||
peer=(name=:*, label=kded),
|
||||
|
||||
dbus (send,receive) bus=system path=/org/freedesktop/bolt{,/**}
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=Get,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/var/lib/boltd/{,**} rw,
|
||||
@ -42,14 +33,16 @@ profile boltd @{exec_path} flags=(attach_disconnected) {
|
||||
@{sys}/bus/thunderbolt/devices/ r,
|
||||
@{sys}/bus/wmi/devices/ r,
|
||||
@{sys}/class/ r,
|
||||
@{sys}/devices/@{pci}/@{uuid}/uevent r,
|
||||
@{sys}/devices/@{pci}/device r,
|
||||
@{sys}/devices/@{pci}/domain@{int}/boot_acl rw,
|
||||
@{sys}/devices/@{pci}/domain@{int}/ r,
|
||||
@{sys}/devices/@{pci}/domain@{int}/{security,uevent} r,
|
||||
@{sys}/devices/@{pci}/domain@{int}/**/ r,
|
||||
@{sys}/devices/@{pci}/domain@{int}/**/{authorized,generation} r,
|
||||
@{sys}/devices/@{pci}/domain@{int}/**/{uevent,unique_id} r,
|
||||
@{sys}/devices/@{pci}/domain@{int}/**/{boot,rx_lanes,rx_speed,tx_lanes,tx_speed} r,
|
||||
@{sys}/devices/@{pci}/domain@{int}/**/{uevent,unique_id} r,
|
||||
@{sys}/devices/@{pci}/domain@{int}/**/{vendor,device}_name r,
|
||||
@{sys}/devices/@{pci}/domain@{int}/boot_acl rw,
|
||||
@{sys}/devices/@{pci}/domain@{int}/iommu_dma_protection r,
|
||||
@{sys}/devices/platform/**/uevent r,
|
||||
@{sys}/devices/platform/*/wmi_bus/wmi_bus-*/@{uuid}/force_power rw,
|
||||
|
||||
@ -24,46 +24,20 @@ profile dkms @{exec_path} flags=(attach_disconnected) {
|
||||
@{exec_path} rm,
|
||||
|
||||
@{sh_path} rix,
|
||||
@{bin}/{,e,f}grep rix,
|
||||
@{bin}/{,g,m}awk rix,
|
||||
@{coreutils_path} rix,
|
||||
@{bin}/as rix,
|
||||
@{bin}/cat rix,
|
||||
@{bin}/cp rix,
|
||||
@{bin}/cut rix,
|
||||
@{bin}/date rix,
|
||||
@{bin}/diff rix,
|
||||
@{bin}/echo rix,
|
||||
@{bin}/find rix,
|
||||
@{bin}/gcc rix,
|
||||
@{bin}/getconf rix,
|
||||
@{bin}/head rix,
|
||||
@{bin}/id rPx,
|
||||
@{bin}/kmod rCx -> kmod,
|
||||
@{bin}/ld rix,
|
||||
@{bin}/ln rix,
|
||||
@{bin}/ls rix,
|
||||
@{bin}/lsb_release rPx -> lsb_release,
|
||||
@{bin}/make rix,
|
||||
@{bin}/mkdir rix,
|
||||
@{bin}/mktemp rix,
|
||||
@{bin}/mv rix,
|
||||
@{bin}/nproc rix,
|
||||
@{bin}/objcopy rix,
|
||||
@{bin}/pahole rix,
|
||||
@{bin}/pwd rix,
|
||||
@{bin}/readelf rix,
|
||||
@{bin}/readlink rix,
|
||||
@{bin}/rm rix,
|
||||
@{bin}/rmdir rix,
|
||||
@{bin}/sed rix,
|
||||
@{bin}/sleep rix,
|
||||
@{bin}/sort rix,
|
||||
@{bin}/rpm rPUx,
|
||||
@{bin}/strip rix,
|
||||
@{bin}/uname rix,
|
||||
@{bin}/uniq rix,
|
||||
@{bin}/update-secureboot-policy rPUx,
|
||||
@{bin}/wc rix,
|
||||
@{bin}/xargs rix,
|
||||
@{bin}/zstd rix,
|
||||
|
||||
@{lib}/gcc/@{multiarch}/@{int}*/* rix,
|
||||
@ -84,11 +58,17 @@ profile dkms @{exec_path} flags=(attach_disconnected) {
|
||||
@{lib}/modules/*/updates/dkms/{,*,*/,**.ko.xz,**.ko.zst} rw,
|
||||
@{lib}/modules/*/kernel/drivers/{,*,*/,**.ko.xz,**.ko.zst} rw,
|
||||
|
||||
/etc/lsb-release r,
|
||||
/etc/dkms/{,**} r,
|
||||
|
||||
/var/ r,
|
||||
/var/lib/ r,
|
||||
|
||||
/var/lib/dkms/ r,
|
||||
/var/lib/dkms/** rw,
|
||||
|
||||
/etc/lsb-release r,
|
||||
/etc/dkms/{,**} r,
|
||||
/var/lib/rpm/ r,
|
||||
/var/lib/rpm/** rw,
|
||||
|
||||
# For building module in /usr/src/ subdirs
|
||||
/usr/include/**.h r,
|
||||
|
||||
@ -16,30 +16,12 @@ profile engrampa @{exec_path} {
|
||||
include <abstractions/bus/org.gtk.Private.RemoteVolumeMonitor>
|
||||
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/desktop>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/freedesktop.org>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/ibus>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/thumbnails-cache-read>
|
||||
include <abstractions/user-download-strict>
|
||||
include <abstractions/X-strict>
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member=GetId
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-session),
|
||||
|
||||
dbus receive bus=session path=/org/gtk/Application/anonymous
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*),
|
||||
|
||||
dbus receive bus=session path=/org/gtk/Application/anonymous{,/window/@{int}}
|
||||
interface=org.gtk.Actions
|
||||
member=DescribeAll
|
||||
peer=(name=:*),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
||||
@ -17,10 +17,15 @@ profile glib-compile-schemas @{exec_path} {
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/glib-2.0/schemas/{,*} r,
|
||||
/usr/share/glib-2.0/schemas/gschemas.compiled.[A-Z0-9]* rw,
|
||||
/usr/share/glib-2.0/schemas/gschemas.compiled.@{rand6} rw,
|
||||
/usr/share/glib-2.0/schemas/gschemas.compiled rw,
|
||||
|
||||
/usr/share/gnome-shell/extensions/*/schemas/org.gnome.shell.extensions.*.gschema.xml r,
|
||||
|
||||
owner @{user_share_dirs}/gnome-shell/extension-updates/*/schemas/ r,
|
||||
owner @{user_share_dirs}/gnome-shell/extension-updates/*/schemas/gschemas.compiled rw,
|
||||
owner @{user_share_dirs}/gnome-shell/extension-updates/*/schemas/gschemas.compiled.@{rand6} rw,
|
||||
owner @{user_share_dirs}/gnome-shell/extension-updates/*/schemas/org.gnome.shell.extensions.*.gschema.xml r,
|
||||
|
||||
include if exists <local/glib-compile-schemas>
|
||||
}
|
||||
|
||||
@ -7,11 +7,19 @@ abi <abi/3.0>,
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/jackdbus
|
||||
profile jackdbus @{exec_path} {
|
||||
profile jackdbus @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus-session>
|
||||
|
||||
signal (receive) set=(term) peer=gdm,
|
||||
|
||||
#aa:dbus own bus=session name=org.jackaudio.service
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{DESKTOP_HOME}/.log/ w,
|
||||
owner @{DESKTOP_HOME}/.log/jack/{,**} rw,
|
||||
|
||||
owner @{HOME}/.log/ w,
|
||||
owner @{HOME}/.log/jack/{,**} rw,
|
||||
|
||||
|
||||
@ -32,6 +32,8 @@ profile locale-gen @{exec_path} {
|
||||
|
||||
/etc/locale.gen r,
|
||||
|
||||
/var/lib/locales/supported.d/{,**} r,
|
||||
|
||||
# Inherit Silencer
|
||||
deny network inet6 stream,
|
||||
deny network inet stream,
|
||||
|
||||
@ -49,6 +49,7 @@ profile pkexec @{exec_path} {
|
||||
/etc/default/locale r,
|
||||
/etc/shells r,
|
||||
|
||||
@{PROC}/@{pid}/fdinfo/@{int} r,
|
||||
@{PROC}/@{pids}/stat r,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
owner @{PROC}/@{pid}/loginuid r,
|
||||
|
||||
@ -9,6 +9,7 @@ include <tunables/global>
|
||||
@{exec_path} = @{bin}/YACReader
|
||||
profile YACReader @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/audio-client>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/desktop>
|
||||
include <abstractions/graphics>
|
||||
@ -36,11 +37,6 @@ profile YACReader @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||
owner @{user_share_dirs}/YACReader/YACReader/ rw,
|
||||
owner @{user_share_dirs}/YACReader/YACReader/** rwlk,
|
||||
|
||||
owner @{user_config_dirs}/pulse/client.conf r,
|
||||
owner @{user_config_dirs}/pulse/cookie rk,
|
||||
|
||||
owner @{run}/user/@{uid}/pulse/ r,
|
||||
|
||||
/dev/shm/ r,
|
||||
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
|
||||
@ -9,6 +9,7 @@ include <tunables/global>
|
||||
@{exec_path} = @{bin}/spice-vdagent
|
||||
profile spice-vdagent @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/audio-client>
|
||||
include <abstractions/audio-server>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
|
||||
@ -46,8 +46,7 @@ profile umount @{exec_path} {
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
|
||||
owner @{run}/mount/ rw,
|
||||
owner @{run}/mount/utab.lock wk,
|
||||
@{run}/mount/utab{,.*} rw,
|
||||
owner @{run}/mount/utab{,.*} rwk,
|
||||
|
||||
include if exists <local/umount>
|
||||
}
|
||||
|
||||
@ -11,6 +11,8 @@ profile update-cracklib @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
capability dac_read_search,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{sh_path} rix,
|
||||
|
||||
@ -85,8 +85,6 @@ profile vlc @{exec_path} {
|
||||
|
||||
@{bin}/xdg-screensaver rPx,
|
||||
|
||||
/usr/share/hwdata/pnp.ids r,
|
||||
/usr/share/qt5ct/** r,
|
||||
/usr/share/vlc/{,**} r,
|
||||
|
||||
/etc/fstab r,
|
||||
|
||||
@ -9,6 +9,7 @@ include <tunables/global>
|
||||
@{exec_path} = @{lib}/vlc/vlc-cache-gen
|
||||
profile vlc-cache-gen @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2002-2005 Novell/SUSE
|
||||
# 2018-2021 Mikhail Morfikov
|
||||
# Copyright (C) 2018-2021 Mikhail Morfikov
|
||||
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
@ -8,60 +8,47 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
# pcap pcapng
|
||||
@{wireshark_ext} = [pP][cC][aA][pP]{,[nN][gG]}
|
||||
|
||||
@{exec_path} = @{bin}/wireshark
|
||||
profile wireshark @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/dri-enumerate>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/freedesktop.org>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/mesa>
|
||||
include <abstractions/nameservice>
|
||||
include <abstractions/nvidia>
|
||||
include <abstractions/private-files-strict>
|
||||
include <abstractions/qt5-compose-cache-write>
|
||||
include <abstractions/qt5-settings-write>
|
||||
include <abstractions/desktop>
|
||||
include <abstractions/graphics>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/user-download-strict>
|
||||
include <abstractions/X>
|
||||
include <abstractions/user-read>
|
||||
|
||||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
network inet stream,
|
||||
network inet6 stream,
|
||||
network netlink raw,
|
||||
|
||||
signal (send) peer=dumpcap,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/dumpcap rPx,
|
||||
@{bin}/xdg-open rCx -> open,
|
||||
@{open_path} rPx -> child-open-browsers,
|
||||
|
||||
# For reading pcaps
|
||||
/ r,
|
||||
/tmp/ r,
|
||||
/home/ r,
|
||||
owner @{HOME}/ r,
|
||||
owner @{HOME}/**/ r,
|
||||
@{MOUNTS}/ r,
|
||||
owner @{MOUNTS}/**/ r,
|
||||
owner /{tmp,home,media}/**.@{wireshark_ext}{,.gz} rw,
|
||||
|
||||
# Wireshark files
|
||||
/usr/share/wireshark/** r,
|
||||
@{lib}/@{multiarch}/wireshark/extcap/* rix,
|
||||
@{lib}/@{multiarch}/wireshark/plugins/*/{codecs,epan,wiretap}/*.so mr,
|
||||
/etc/wireshark/init.lua r,
|
||||
|
||||
# Wireshark home files
|
||||
/usr/share/GeoIP/{,**} r,
|
||||
/usr/share/wireshark/** r,
|
||||
|
||||
/etc/wireshark/init.lua r,
|
||||
/etc/fstab r,
|
||||
|
||||
# For reading pcaps
|
||||
owner @{user_projects_dirs}/{,**} r,
|
||||
|
||||
owner @{HOME}/.wireshark/{,**} rw,
|
||||
owner @{user_config_dirs}/wireshark/{,**} rw,
|
||||
|
||||
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
|
||||
owner @{user_config_dirs}/qt5ct/{,**} r,
|
||||
/usr/share/qt5ct/** r,
|
||||
/usr/share/qt5/translations/*.qm r,
|
||||
owner /tmp/wireshark_extcap_ciscodump_@{int}_* rw,
|
||||
|
||||
deny @{PROC}/sys/kernel/random/boot_id r,
|
||||
deny owner @{PROC}/@{pid}/cmdline r,
|
||||
@ -71,46 +58,8 @@ profile wireshark @{exec_path} {
|
||||
@{PROC}/@{pid}/mountinfo r,
|
||||
@{PROC}/@{pid}/mounts r,
|
||||
|
||||
/etc/fstab r,
|
||||
|
||||
/usr/share/hwdata/pnp.ids r,
|
||||
|
||||
/usr/share/GeoIP/{,**} r,
|
||||
|
||||
/dev/shm/#@{int} rw,
|
||||
|
||||
owner /tmp/wireshark_extcap_ciscodump_@{int}_* rw,
|
||||
|
||||
# Allowed apps to open
|
||||
@{lib}/firefox/firefox rPUx,
|
||||
|
||||
# file_inherit
|
||||
owner /dev/shm/#@{int} rw,
|
||||
owner /dev/tty@{int} rw,
|
||||
|
||||
|
||||
profile open {
|
||||
include <abstractions/base>
|
||||
include <abstractions/xdg-open>
|
||||
|
||||
@{bin}/xdg-open mr,
|
||||
|
||||
@{sh_path} rix,
|
||||
@{bin}/{m,g,}awk rix,
|
||||
@{bin}/readlink rix,
|
||||
@{bin}/basename rix,
|
||||
|
||||
owner @{HOME}/ r,
|
||||
|
||||
owner @{run}/user/@{uid}/ r,
|
||||
|
||||
# Allowed apps to open
|
||||
@{lib}/firefox/firefox rPUx,
|
||||
|
||||
# file_inherit
|
||||
owner @{HOME}/.xsession-errors w,
|
||||
|
||||
include if exists <local/wireshark_open>
|
||||
}
|
||||
|
||||
include if exists <local/wireshark>
|
||||
}
|
||||
|
||||
@ -49,9 +49,9 @@
|
||||
@{open_path} += @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop
|
||||
|
||||
# Coreutils programs that should not have dedicated profile
|
||||
@{coreutils} = {,m}awk b2sum base32 base64 basename basenc cat chcon chgrp chmod chown
|
||||
@{coreutils} += cksum comm cp csplit cut date dd df dir dircolors dirname du echo env expand
|
||||
@{coreutils} += expr factor false find fmt fold gawk grep head hostid id install join link
|
||||
@{coreutils} = {,g,m}awk b2sum base32 base64 basename basenc cat chcon chgrp chmod chown
|
||||
@{coreutils} += cksum comm cp csplit cut date dd df dir dircolors dirname diff du echo env expand
|
||||
@{coreutils} += expr factor false find fmt fold gawk {,e,f}grep head hostid id install join link
|
||||
@{coreutils} += ln logname ls md5sum mkdir mkfifo mknod mktemp mv nice nl nohup nproc numfmt
|
||||
@{coreutils} += od paste pathchk pinky pr printenv printf ptx pwd readlink realpath rm rmdir
|
||||
@{coreutils} += runcon sed seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf sleep
|
||||
|
||||
@ -84,9 +84,9 @@ cups-notifier-mailto complain
|
||||
cups-notifier-rss complain
|
||||
cups-pk-helper-mechanism complain
|
||||
cupsd attach_disconnected,complain
|
||||
dbus-broker attach_disconnected,complain
|
||||
dbus-broker-launch attach_disconnected,complain
|
||||
dbus-daemon attach_disconnected,complain
|
||||
dbus-accessibility attach_disconnected,complain
|
||||
dbus-session attach_disconnected,complain
|
||||
dbus-system attach_disconnected,complain
|
||||
DiscoverNotifier complain
|
||||
dkms attach_disconnected,complain
|
||||
docker-proxy complain
|
||||
@ -200,7 +200,7 @@ kio_http_cache_cleaner complain
|
||||
kiod complain
|
||||
kioworker complain
|
||||
kmod attach_disconnected,complain
|
||||
konsole attach_disconnected,complain
|
||||
konsole attach_disconnected,mediate_deleted,complain
|
||||
kscreen_backend_launcher complain
|
||||
kscreen_osd_service complain
|
||||
ksmserver attach_disconnected,mediate_deleted,complain
|
||||
@ -213,7 +213,6 @@ landscape-sysinfo.wrapper complain
|
||||
language-validate attach_disconnected,complain
|
||||
last complain
|
||||
lastlog complain
|
||||
ldconfig.service complain
|
||||
libvirt-dbus complain
|
||||
libvirtd attach_disconnected,complain
|
||||
lightdm attach_disconnected,complain
|
||||
@ -330,7 +329,6 @@ systemd-generator-run attach_disconnected,complain
|
||||
systemd-generator-system-update attach_disconnected,complain
|
||||
systemd-generator-user-autostart complain
|
||||
systemd-generator-user-environment complain
|
||||
systemd-generator-user-environment-flatpak complain
|
||||
systemd-generator-veritysetup attach_disconnected,complain
|
||||
systemd-homed attach_disconnected,complain
|
||||
systemd-homework complain
|
||||
|
||||
Loading…
Reference in New Issue
Block a user