mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-14 23:43:56 +01:00
@{HOME}/.cache -> @{user_cache_dirs}
This commit is contained in:
Alexandre Pujol
parent
091d20d086
commit
1c9fc00c13
@ -12,7 +12,7 @@
|
|||||||
deny owner @{run}/user/[0-9]*/dconf/{,**} rw,
|
deny owner @{run}/user/[0-9]*/dconf/{,**} rw,
|
||||||
|
|
||||||
deny owner @{HOME}/.config/dconf/{,**} rw,
|
deny owner @{HOME}/.config/dconf/{,**} rw,
|
||||||
deny owner @{HOME}/.cache/dconf/{,**} rw,
|
deny owner @{user_cache_dirs}/dconf/{,**} rw,
|
||||||
|
|
||||||
# When GSETTINGS_BACKEND=keyfile
|
# When GSETTINGS_BACKEND=keyfile
|
||||||
deny owner @{HOME}/.config/glib-2.0/ rw,
|
deny owner @{HOME}/.config/glib-2.0/ rw,
|
||||||
|
|||||||
@ -10,11 +10,11 @@
|
|||||||
# fontconfig cache if some cache files are missing, so if this behavior is desirable, you can use
|
# fontconfig cache if some cache files are missing, so if this behavior is desirable, you can use
|
||||||
# the "fontconfig-cache-write" abstraction.
|
# the "fontconfig-cache-write" abstraction.
|
||||||
|
|
||||||
owner @{HOME}/.cache/fontconfig/ r,
|
owner @{user_cache_dirs}/fontconfig/ r,
|
||||||
deny @{HOME}/.cache/fontconfig/ w,
|
deny @{user_cache_dirs}/fontconfig/ w,
|
||||||
deny @{HOME}/.cache/fontconfig/** w,
|
deny @{user_cache_dirs}/fontconfig/** w,
|
||||||
owner @{HOME}/.cache/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} r,
|
owner @{user_cache_dirs}/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} r,
|
||||||
owner @{HOME}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,
|
owner @{user_cache_dirs}/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,
|
||||||
|
|
||||||
owner @{HOME}/.fontconfig/ r,
|
owner @{HOME}/.fontconfig/ r,
|
||||||
deny @{HOME}/.fontconfig/ w,
|
deny @{HOME}/.fontconfig/ w,
|
||||||
|
|||||||
@ -4,9 +4,9 @@
|
|||||||
|
|
||||||
abi <abi/3.0>,
|
abi <abi/3.0>,
|
||||||
|
|
||||||
owner @{HOME}/.cache/fontconfig/ rw,
|
owner @{user_cache_dirs}/fontconfig/ rw,
|
||||||
owner @{HOME}/.cache/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw,
|
owner @{user_cache_dirs}/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw,
|
||||||
owner @{HOME}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rwk,
|
owner @{user_cache_dirs}/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rwk,
|
||||||
|
|
||||||
owner @{HOME}/.fontconfig/ rw,
|
owner @{HOME}/.fontconfig/ rw,
|
||||||
owner @{HOME}/.fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw,
|
owner @{HOME}/.fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw,
|
||||||
|
|||||||
@ -40,8 +40,8 @@
|
|||||||
#owner @{HOME}/.local/share/kfile/bookmarks.xml* rwl -> @{HOME}/.local/share/kfile/#[0-9]*[0-9],
|
#owner @{HOME}/.local/share/kfile/bookmarks.xml* rwl -> @{HOME}/.local/share/kfile/#[0-9]*[0-9],
|
||||||
|
|
||||||
# Common cache files
|
# Common cache files
|
||||||
#owner @{HOME}/.cache/icon-cache.kcache rw,
|
#owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||||
#owner @{HOME}/.cache/ksycoca5_* r,
|
#owner @{user_cache_dirs}/ksycoca5_* r,
|
||||||
|
|
||||||
# Think what to do about this #FIXME#
|
# Think what to do about this #FIXME#
|
||||||
# It seems when a QT app is started in Plasma5/KDE5 environment it also wants the following.
|
# It seems when a QT app is started in Plasma5/KDE5 environment it also wants the following.
|
||||||
|
|||||||
@ -8,6 +8,6 @@
|
|||||||
owner @{HOME}/thumbnails/{large,normal}/ r,
|
owner @{HOME}/thumbnails/{large,normal}/ r,
|
||||||
owner @{HOME}/thumbnails/{large,normal}/[a-f0-9]*.png r,
|
owner @{HOME}/thumbnails/{large,normal}/[a-f0-9]*.png r,
|
||||||
|
|
||||||
owner @{HOME}/.cache/thumbnails/ r,
|
owner @{user_cache_dirs}/thumbnails/ r,
|
||||||
owner @{HOME}/.cache/thumbnails/{large,normal}/ r,
|
owner @{user_cache_dirs}/thumbnails/{large,normal}/ r,
|
||||||
owner @{HOME}/.cache/thumbnails/{large,normal}/[a-f0-9]*.png r,
|
owner @{user_cache_dirs}/thumbnails/{large,normal}/[a-f0-9]*.png r,
|
||||||
|
|||||||
@ -7,9 +7,9 @@
|
|||||||
owner @{HOME}/thumbnails/ rw,
|
owner @{HOME}/thumbnails/ rw,
|
||||||
owner @{HOME}/thumbnails/{large,normal}/ rw,
|
owner @{HOME}/thumbnails/{large,normal}/ rw,
|
||||||
owner @{HOME}/thumbnails/{large,normal}/#[0-9]*[0-9] rw,
|
owner @{HOME}/thumbnails/{large,normal}/#[0-9]*[0-9] rw,
|
||||||
owner @{HOME}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{HOME}/.cache/thumbnails/{large,normal}/#[0-9]*[0-9],
|
owner @{HOME}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{user_cache_dirs}/thumbnails/{large,normal}/#[0-9]*[0-9],
|
||||||
|
|
||||||
owner @{HOME}/.cache/thumbnails/ rw,
|
owner @{user_cache_dirs}/thumbnails/ rw,
|
||||||
owner @{HOME}/.cache/thumbnails/{large,normal}/ rw,
|
owner @{user_cache_dirs}/thumbnails/{large,normal}/ rw,
|
||||||
owner @{HOME}/.cache/thumbnails/{large,normal}/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/thumbnails/{large,normal}/#[0-9]*[0-9] rw,
|
||||||
owner @{HOME}/.cache/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{HOME}/.cache/thumbnails/{large,normal}/#[0-9]*[0-9],
|
owner @{user_cache_dirs}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{user_cache_dirs}/thumbnails/{large,normal}/#[0-9]*[0-9],
|
||||||
|
|||||||
@ -28,14 +28,14 @@
|
|||||||
/usr/share/** r,
|
/usr/share/** r,
|
||||||
/{media,mnt,opt,srv}/** r,
|
/{media,mnt,opt,srv}/** r,
|
||||||
|
|
||||||
owner @{HOME}/.cache/mesa/** rwk,
|
owner @{user_cache_dirs}/mesa/** rwk,
|
||||||
owner @{HOME}/.cache/thumbnails/** rw,
|
owner @{user_cache_dirs}/thumbnails/** rw,
|
||||||
owner @{HOME}/.cache/totem/ rw,
|
owner @{user_cache_dirs}/totem/ rw,
|
||||||
owner @{HOME}/.cache/totem/** rwk,
|
owner @{user_cache_dirs}/totem/** rwk,
|
||||||
owner @{HOME}/.cache/totem-* rwk,
|
owner @{user_cache_dirs}/totem-* rwk,
|
||||||
owner @{HOME}/.cache/tracker/db-locale.txt r,
|
owner @{user_cache_dirs}/tracker/db-locale.txt r,
|
||||||
owner @{HOME}/.cache/tracker/meta.db{,-shm,-journal,-wal} rwk,
|
owner @{user_cache_dirs}/tracker/meta.db{,-shm,-journal,-wal} rwk,
|
||||||
owner @{HOME}/.cache/tracker/ontologies.gvdb r,
|
owner @{user_cache_dirs}/tracker/ontologies.gvdb r,
|
||||||
owner @{HOME}/.config/totem/ rwk,
|
owner @{HOME}/.config/totem/ rwk,
|
||||||
owner @{HOME}/.config/totem/** rwk,
|
owner @{HOME}/.config/totem/** rwk,
|
||||||
owner @{HOME}/.local/share/grilo-plugins/ rwk,
|
owner @{HOME}/.local/share/grilo-plugins/ rwk,
|
||||||
|
|||||||
@ -4,11 +4,11 @@
|
|||||||
|
|
||||||
abi <abi/3.0>,
|
abi <abi/3.0>,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/vlc/ rw,
|
owner @{user_cache_dirs}/vlc/ rw,
|
||||||
owner @{HOME}/.cache/vlc/art/ rw,
|
owner @{user_cache_dirs}/vlc/art/ rw,
|
||||||
owner @{HOME}/.cache/vlc/art/artistalbum/ rw,
|
owner @{user_cache_dirs}/vlc/art/artistalbum/ rw,
|
||||||
owner @{HOME}/.cache/vlc/art/artistalbum/**/ rw,
|
owner @{user_cache_dirs}/vlc/art/artistalbum/**/ rw,
|
||||||
owner @{HOME}/.cache/vlc/art/artistalbum/**/art rw,
|
owner @{user_cache_dirs}/vlc/art/artistalbum/**/art rw,
|
||||||
owner @{HOME}/.cache/vlc/art/artistalbum/**/art.jpg rw,
|
owner @{user_cache_dirs}/vlc/art/artistalbum/**/art.jpg rw,
|
||||||
|
|
||||||
|
|||||||
@ -133,22 +133,22 @@ profile android-studio @{exec_path} {
|
|||||||
owner @{HOME}/.config/Google/ rw,
|
owner @{HOME}/.config/Google/ rw,
|
||||||
owner @{HOME}/.config/Google/** rwk,
|
owner @{HOME}/.config/Google/** rwk,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner "@{HOME}/.cache/Android Open Source Project/" rw,
|
owner "@{user_cache_dirs}/Android Open Source Project/" rw,
|
||||||
owner "@{HOME}/.cache/Android Open Source Project/**" rw,
|
owner "@{user_cache_dirs}/Android Open Source Project/**" rw,
|
||||||
|
|
||||||
owner @{HOME}/.cache/Google/ rw,
|
owner @{user_cache_dirs}/Google/ rw,
|
||||||
owner @{HOME}/.cache/Google/** rwk,
|
owner @{user_cache_dirs}/Google/** rwk,
|
||||||
# To remove the following error:
|
# To remove the following error:
|
||||||
# Location: /home/morfik/.cache/Google/AndroidStudio4.1/tmp
|
# Location: /home/morfik/.cache/Google/AndroidStudio4.1/tmp
|
||||||
# java.io.IOException: Cannot run program
|
# java.io.IOException: Cannot run program
|
||||||
# "/home/morfik/.cache/Google/AndroidStudio4.1/tmp/ij659840309.tmp": error=13, Permission denied
|
# "/home/morfik/.cache/Google/AndroidStudio4.1/tmp/ij659840309.tmp": error=13, Permission denied
|
||||||
owner @{HOME}/.cache/Google/AndroidStudio*/tmp/ij[0-9]*.tmp rwkix,
|
owner @{user_cache_dirs}/Google/AndroidStudio*/tmp/ij[0-9]*.tmp rwkix,
|
||||||
#
|
#
|
||||||
owner @{HOME}/.cache/Google/AndroidStudio*/tmp/jna[0-9]*.tmp mrwk,
|
owner @{user_cache_dirs}/Google/AndroidStudio*/tmp/jna[0-9]*.tmp mrwk,
|
||||||
|
|
||||||
owner @{HOME}/.cache/JNA/ rw,
|
owner @{user_cache_dirs}/JNA/ rw,
|
||||||
owner @{HOME}/.cache/JNA/** rw,
|
owner @{user_cache_dirs}/JNA/** rw,
|
||||||
|
|
||||||
owner @{HOME}/.gradle/ rw,
|
owner @{HOME}/.gradle/ rw,
|
||||||
owner @{HOME}/.gradle/** mrwkix,
|
owner @{HOME}/.gradle/** mrwkix,
|
||||||
|
|||||||
@ -93,18 +93,18 @@ profile calibre @{exec_path} {
|
|||||||
owner @{HOME}/.local/share/calibre-ebook.com/calibre/ rw,
|
owner @{HOME}/.local/share/calibre-ebook.com/calibre/ rw,
|
||||||
owner @{HOME}/.local/share/calibre-ebook.com/calibre/** rwk,
|
owner @{HOME}/.local/share/calibre-ebook.com/calibre/** rwk,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/calibre/ rw,
|
owner @{user_cache_dirs}/calibre/ rw,
|
||||||
owner @{HOME}/.cache/calibre/** rwkl -> @{HOME}/.cache/calibre/**,
|
owner @{user_cache_dirs}/calibre/** rwkl -> @{user_cache_dirs}/calibre/**,
|
||||||
|
|
||||||
owner @{HOME}/.cache/qtshadercache/ rw,
|
owner @{user_cache_dirs}/qtshadercache/ rw,
|
||||||
owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw,
|
||||||
owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9],
|
owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9],
|
||||||
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
|
||||||
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
|
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
|
||||||
|
|
||||||
owner @{HOME}/.cache/gstreamer-[0-9]*/ rw,
|
owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
|
||||||
owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
||||||
|
|
||||||
owner /tmp/calibre_*_tmp_*/{,**} rw,
|
owner /tmp/calibre_*_tmp_*/{,**} rw,
|
||||||
owner /tmp/calibre-*/{,**} rw,
|
owner /tmp/calibre-*/{,**} rw,
|
||||||
|
|||||||
@ -8,7 +8,7 @@ include <tunables/global>
|
|||||||
|
|
||||||
@{DISCORD_LIBDIR} = /usr/share/discord
|
@{DISCORD_LIBDIR} = /usr/share/discord
|
||||||
@{DISCORD_HOMEDIR} = @{HOME}/.config/discord
|
@{DISCORD_HOMEDIR} = @{HOME}/.config/discord
|
||||||
@{DISCORD_CACHEDIR} = @{HOME}/.cache/discord
|
@{DISCORD_CACHEDIR} = @{user_cache_dirs}/discord
|
||||||
|
|
||||||
@{exec_path} = @{DISCORD_LIBDIR}/Discord /{usr/,}bin/discord
|
@{exec_path} = @{DISCORD_LIBDIR}/Discord /{usr/,}bin/discord
|
||||||
profile discord @{exec_path} {
|
profile discord @{exec_path} {
|
||||||
|
|||||||
@ -8,7 +8,7 @@ include <tunables/global>
|
|||||||
|
|
||||||
@{DISCORD_LIBDIR} = /usr/share/discord
|
@{DISCORD_LIBDIR} = /usr/share/discord
|
||||||
@{DISCORD_HOMEDIR} = @{HOME}/.config/discord
|
@{DISCORD_HOMEDIR} = @{HOME}/.config/discord
|
||||||
@{DISCORD_CACHEDIR} = @{HOME}/.cache/discord
|
@{DISCORD_CACHEDIR} = @{user_cache_dirs}/discord
|
||||||
|
|
||||||
@{exec_path} = @{DISCORD_LIBDIR}/chrome-sandbox
|
@{exec_path} = @{DISCORD_LIBDIR}/chrome-sandbox
|
||||||
|
|
||||||
|
|||||||
@ -33,8 +33,8 @@ profile filezilla @{exec_path} {
|
|||||||
owner @{HOME}/.config/filezilla/ rw,
|
owner @{HOME}/.config/filezilla/ rw,
|
||||||
owner @{HOME}/.config/filezilla/* rwk,
|
owner @{HOME}/.config/filezilla/* rwk,
|
||||||
|
|
||||||
owner @{HOME}/.cache/filezilla/ rw,
|
owner @{user_cache_dirs}/filezilla/ rw,
|
||||||
owner @{HOME}/.cache/filezilla/default_*.png rw,
|
owner @{user_cache_dirs}/filezilla/default_*.png rw,
|
||||||
|
|
||||||
/usr/share/filezilla/{,**} r,
|
/usr/share/filezilla/{,**} r,
|
||||||
|
|
||||||
|
|||||||
@ -57,8 +57,8 @@ profile okular @{exec_path} {
|
|||||||
owner @{HOME}/.config/qt5ct/{,**} r,
|
owner @{HOME}/.config/qt5ct/{,**} r,
|
||||||
/usr/share/qt5ct/** r,
|
/usr/share/qt5ct/** r,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/okular/{,**} rw,
|
owner @{user_cache_dirs}/okular/{,**} rw,
|
||||||
|
|
||||||
/usr/share/okular/{,**} r,
|
/usr/share/okular/{,**} r,
|
||||||
/usr/share/kxmlgui5/okular/{,*} r,
|
/usr/share/kxmlgui5/okular/{,*} r,
|
||||||
|
|||||||
@ -33,9 +33,9 @@ profile spotify @{exec_path} {
|
|||||||
owner @{HOME}/.config/spotify/ rw,
|
owner @{HOME}/.config/spotify/ rw,
|
||||||
owner @{HOME}/.config/spotify/** rw,
|
owner @{HOME}/.config/spotify/** rw,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/spotify/ rw,
|
owner @{user_cache_dirs}/spotify/ rw,
|
||||||
owner @{HOME}/.cache/spotify/** rwk,
|
owner @{user_cache_dirs}/spotify/** rwk,
|
||||||
|
|
||||||
owner @{HOME}/.Xauthority r,
|
owner @{HOME}/.Xauthority r,
|
||||||
|
|
||||||
|
|||||||
@ -11,7 +11,7 @@ include <tunables/global>
|
|||||||
|
|
||||||
@{MOZ_LIBDIR} = /{usr/,}lib/thunderbird
|
@{MOZ_LIBDIR} = /{usr/,}lib/thunderbird
|
||||||
@{MOZ_HOMEDIR} = @{HOME}/.thunderbird
|
@{MOZ_HOMEDIR} = @{HOME}/.thunderbird
|
||||||
@{MOZ_CACHEDIR} = @{HOME}/.cache/thunderbird
|
@{MOZ_CACHEDIR} = @{user_cache_dirs}/thunderbird
|
||||||
|
|
||||||
@{exec_path} = @{MOZ_LIBDIR}/thunderbird{,-bin}
|
@{exec_path} = @{MOZ_LIBDIR}/thunderbird{,-bin}
|
||||||
@{exec_path} += /{usr/,}bin/thunderbird
|
@{exec_path} += /{usr/,}bin/thunderbird
|
||||||
@ -83,7 +83,7 @@ profile thunderbird @{exec_path} {
|
|||||||
deny @{HOME}/.mozilla/** mrwkl,
|
deny @{HOME}/.mozilla/** mrwkl,
|
||||||
|
|
||||||
# Cache
|
# Cache
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{MOZ_CACHEDIR}/{,**} rw,
|
owner @{MOZ_CACHEDIR}/{,**} rw,
|
||||||
|
|
||||||
# Needed for system mails
|
# Needed for system mails
|
||||||
|
|||||||
@ -122,7 +122,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
|
|||||||
owner @{HOME}/.config/soffice.binrc rwl -> @{HOME}/.config/#[0-9]*,
|
owner @{HOME}/.config/soffice.binrc rwl -> @{HOME}/.config/#[0-9]*,
|
||||||
owner @{HOME}/.config/soffice.binrc.* rwl -> @{HOME}/.config/#[0-9]*,
|
owner @{HOME}/.config/soffice.binrc.* rwl -> @{HOME}/.config/#[0-9]*,
|
||||||
owner @{HOME}/.config/soffice.binrc.lock rwk,
|
owner @{HOME}/.config/soffice.binrc.lock rwk,
|
||||||
owner @{HOME}/.cache/fontconfig/** rw,
|
owner @{user_cache_dirs}/fontconfig/** rw,
|
||||||
owner @{HOME}/.config/gtk-???/bookmarks r, #Make bookmarks work
|
owner @{HOME}/.config/gtk-???/bookmarks r, #Make bookmarks work
|
||||||
|
|
||||||
owner /{,var/}run/user/*/dconf/user rw,
|
owner /{,var/}run/user/*/dconf/user rw,
|
||||||
@ -153,7 +153,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
|
|||||||
/dev/tty rw,
|
/dev/tty rw,
|
||||||
|
|
||||||
/usr/lib{,32,64}/@{multiarch}/gstreamer???/gstreamer-???/gst-plugin-scanner rmPUx,
|
/usr/lib{,32,64}/@{multiarch}/gstreamer???/gstreamer-???/gst-plugin-scanner rmPUx,
|
||||||
owner @{HOME}/.cache/gstreamer-???/** rw,
|
owner @{user_cache_dirs}/gstreamer-???/** rw,
|
||||||
unix peer=(addr=@/tmp/.ICE-unix/* label=unconfined), #Gstreamer doesn't work without this
|
unix peer=(addr=@/tmp/.ICE-unix/* label=unconfined), #Gstreamer doesn't work without this
|
||||||
|
|
||||||
/usr/lib{,32,64}/jvm/ r,
|
/usr/lib{,32,64}/jvm/ r,
|
||||||
@ -234,7 +234,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
|
|||||||
/usr/share/plasma/look-and-feel/**/contents/defaults r,
|
/usr/share/plasma/look-and-feel/**/contents/defaults r,
|
||||||
|
|
||||||
# TODO: remove when rules are available in abstractions/kde
|
# TODO: remove when rules are available in abstractions/kde
|
||||||
owner @{HOME}/.cache/ksycoca5_??_* r, # KDE System Configuration Cache
|
owner @{user_cache_dirs}/ksycoca5_??_* r, # KDE System Configuration Cache
|
||||||
owner @{HOME}/.config/baloofilerc r, # indexing options (excludes, etc), used by KFileWidget
|
owner @{HOME}/.config/baloofilerc r, # indexing options (excludes, etc), used by KFileWidget
|
||||||
owner @{HOME}/.config/dolphinrc r, # settings used by KFileWidget
|
owner @{HOME}/.config/dolphinrc r, # settings used by KFileWidget
|
||||||
owner @{HOME}/.config/kde.org/libphonon.conf r, # for KNotifications::sendEvent()
|
owner @{HOME}/.config/kde.org/libphonon.conf r, # for KNotifications::sendEvent()
|
||||||
@ -243,7 +243,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
|
|||||||
/usr/share/knotifications5/*.notifyrc r, # KNotification::sendEvent
|
/usr/share/knotifications5/*.notifyrc r, # KNotification::sendEvent
|
||||||
|
|
||||||
# TODO: remove when rules are available in abstractions/kde-write-icon-cache or similar
|
# TODO: remove when rules are available in abstractions/kde-write-icon-cache or similar
|
||||||
owner @{HOME}/.cache/icon-cache.kcache rw, # for KIconLoader
|
owner @{user_cache_dirs}/icon-cache.kcache rw, # for KIconLoader
|
||||||
|
|
||||||
# TODO: remove when rules are available in abstractions/kdeframeworks5 or similar
|
# TODO: remove when rules are available in abstractions/kdeframeworks5 or similar
|
||||||
/usr/share/kservices5/*.protocol r,
|
/usr/share/kservices5/*.protocol r,
|
||||||
@ -256,7 +256,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
|
|||||||
owner @{HOME}/.config/QtProject.conf.lock rwk,
|
owner @{HOME}/.config/QtProject.conf.lock rwk,
|
||||||
|
|
||||||
# TODO: use qt5-compose-cache-write abstraction when it is available
|
# TODO: use qt5-compose-cache-write abstraction when it is available
|
||||||
owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* r,
|
owner @{user_cache_dirs}/qt_compose_cache_{little,big}_endian_* r,
|
||||||
|
|
||||||
# TODO: use recent-documents-write abstraction when it is available
|
# TODO: use recent-documents-write abstraction when it is available
|
||||||
owner @{HOME}/.local/share/RecentDocuments/** r,
|
owner @{HOME}/.local/share/RecentDocuments/** r,
|
||||||
|
|||||||
@ -102,9 +102,9 @@ profile vlc @{exec_path} {
|
|||||||
owner @{HOME}/.config/vlc/* rwkl -> @{HOME}/.config/vlc/#[0-9]*[0-9],
|
owner @{HOME}/.config/vlc/* rwkl -> @{HOME}/.config/vlc/#[0-9]*[0-9],
|
||||||
owner @{HOME}/.local/share/vlc/{,*} rw,
|
owner @{HOME}/.local/share/vlc/{,*} rw,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/vlc/{,**} rw,
|
owner @{user_cache_dirs}/vlc/{,**} rw,
|
||||||
owner @{HOME}/.cache/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/#[0-9]*[0-9] rw,
|
||||||
|
|
||||||
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
|
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
|
||||||
owner @{HOME}/.config/qt5ct/{,**} r,
|
owner @{HOME}/.config/qt5ct/{,**} r,
|
||||||
|
|||||||
@ -102,10 +102,10 @@ profile aptitude @{exec_path} flags=(complain) {
|
|||||||
owner /tmp/aptitude-*.@{pid}:*/cache{ContentCompressed,Extracted}* rw,
|
owner /tmp/aptitude-*.@{pid}:*/cache{ContentCompressed,Extracted}* rw,
|
||||||
owner /tmp/aptitude-*.@{pid}:*/aptitude-download-* rw,
|
owner /tmp/aptitude-*.@{pid}:*/aptitude-download-* rw,
|
||||||
owner /tmp/aptitude-*.@{pid}:*/parsedchangelog* w,
|
owner /tmp/aptitude-*.@{pid}:*/parsedchangelog* w,
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/aptitude/ rw,
|
owner @{user_cache_dirs}/aptitude/ rw,
|
||||||
owner @{HOME}/.cache/aptitude/metadata-download{,-journal} rw,
|
owner @{user_cache_dirs}/aptitude/metadata-download{,-journal} rw,
|
||||||
owner @{HOME}/.cache/aptitude/metadata-download rwk,
|
owner @{user_cache_dirs}/aptitude/metadata-download rwk,
|
||||||
/{usr/,}bin/sensible-pager rCx -> pager,
|
/{usr/,}bin/sensible-pager rCx -> pager,
|
||||||
|
|
||||||
# For aptitude-run-state-bundle
|
# For aptitude-run-state-bundle
|
||||||
|
|||||||
@ -8,7 +8,7 @@ include <tunables/global>
|
|||||||
|
|
||||||
@{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev}
|
@{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev}
|
||||||
@{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
@{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||||
@{BRAVE_CACHEDIR} = @{HOME}/.cache/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
@{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||||
|
|
||||||
@{exec_path} = @{BRAVE_INSTALLDIR}/brave{,-beta,-dev}
|
@{exec_path} = @{BRAVE_INSTALLDIR}/brave{,-beta,-dev}
|
||||||
profile brave @{exec_path} {
|
profile brave @{exec_path} {
|
||||||
@ -94,8 +94,8 @@ profile brave @{exec_path} {
|
|||||||
owner @{BRAVE_HOMEDIR}/WidevineCdm/libwidevinecdm.so mrw,
|
owner @{BRAVE_HOMEDIR}/WidevineCdm/libwidevinecdm.so mrw,
|
||||||
|
|
||||||
# Cache files
|
# Cache files
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/BraveSoftware/ rw,
|
owner @{user_cache_dirs}/BraveSoftware/ rw,
|
||||||
owner @{BRAVE_CACHEDIR}/{,**/} rw,
|
owner @{BRAVE_CACHEDIR}/{,**/} rw,
|
||||||
owner @{BRAVE_CACHEDIR}/*/**/{*-,}index rw,
|
owner @{BRAVE_CACHEDIR}/*/**/{*-,}index rw,
|
||||||
owner @{BRAVE_CACHEDIR}/*/**/[a-f0-9]*_? rw,
|
owner @{BRAVE_CACHEDIR}/*/**/[a-f0-9]*_? rw,
|
||||||
|
|||||||
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
@{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev}
|
@{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev}
|
||||||
@{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
@{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||||
@{BRAVE_CACHEDIR} = @{HOME}/.cache/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
@{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||||
|
|
||||||
abi <abi/3.0>,
|
abi <abi/3.0>,
|
||||||
|
|
||||||
|
|||||||
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
@{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev}
|
@{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev}
|
||||||
@{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
@{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||||
@{BRAVE_CACHEDIR} = @{HOME}/.cache/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
@{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||||
|
|
||||||
abi <abi/3.0>,
|
abi <abi/3.0>,
|
||||||
|
|
||||||
|
|||||||
@ -8,7 +8,7 @@ include <tunables/global>
|
|||||||
|
|
||||||
@{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium
|
@{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium
|
||||||
@{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium
|
@{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium
|
||||||
@{CHROMIUM_CACHEDIR} = @{HOME}/.cache/chromium
|
@{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium
|
||||||
|
|
||||||
@{exec_path} = /{usr/,}bin/chromium
|
@{exec_path} = /{usr/,}bin/chromium
|
||||||
profile chromium @{exec_path} {
|
profile chromium @{exec_path} {
|
||||||
|
|||||||
@ -8,7 +8,7 @@ include <tunables/global>
|
|||||||
|
|
||||||
@{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium
|
@{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium
|
||||||
@{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium
|
@{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium
|
||||||
@{CHROMIUM_CACHEDIR} = @{HOME}/.cache/chromium
|
@{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium
|
||||||
|
|
||||||
@{exec_path} = @{CHROMIUM_INSTALLDIR}/chrome-sandbox
|
@{exec_path} = @{CHROMIUM_INSTALLDIR}/chrome-sandbox
|
||||||
|
|
||||||
|
|||||||
@ -8,7 +8,7 @@ include <tunables/global>
|
|||||||
|
|
||||||
@{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium
|
@{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium
|
||||||
@{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium
|
@{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium
|
||||||
@{CHROMIUM_CACHEDIR} = @{HOME}/.cache/chromium
|
@{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium
|
||||||
|
|
||||||
@{exec_path} = @{CHROMIUM_INSTALLDIR}/chromium
|
@{exec_path} = @{CHROMIUM_INSTALLDIR}/chromium
|
||||||
profile chromium-chromium @{exec_path} {
|
profile chromium-chromium @{exec_path} {
|
||||||
@ -91,7 +91,7 @@ profile chromium-chromium @{exec_path} {
|
|||||||
owner @{HOME}/.local/share/.org.chromium.Chromium.* rw,
|
owner @{HOME}/.local/share/.org.chromium.Chromium.* rw,
|
||||||
|
|
||||||
# Cache files
|
# Cache files
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{CHROMIUM_CACHEDIR}/{,**/} rw,
|
owner @{CHROMIUM_CACHEDIR}/{,**/} rw,
|
||||||
owner @{CHROMIUM_CACHEDIR}/*/**/{*-,}index rw,
|
owner @{CHROMIUM_CACHEDIR}/*/**/{*-,}index rw,
|
||||||
owner @{CHROMIUM_CACHEDIR}/*/**/[a-f0-9]*_? rw,
|
owner @{CHROMIUM_CACHEDIR}/*/**/[a-f0-9]*_? rw,
|
||||||
|
|||||||
@ -8,7 +8,7 @@ include <tunables/global>
|
|||||||
|
|
||||||
@{MOZ_LIBDIR} = /{usr/,}lib/firefox{,-esr}
|
@{MOZ_LIBDIR} = /{usr/,}lib/firefox{,-esr}
|
||||||
@{MOZ_HOMEDIR} = @{HOME}/.mozilla
|
@{MOZ_HOMEDIR} = @{HOME}/.mozilla
|
||||||
@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla
|
@{MOZ_CACHEDIR} = @{user_cache_dirs}/mozilla
|
||||||
|
|
||||||
@{exec_path} = @{MOZ_LIBDIR}/firefox{,-bin,-esr}
|
@{exec_path} = @{MOZ_LIBDIR}/firefox{,-bin,-esr}
|
||||||
profile firefox @{exec_path} {
|
profile firefox @{exec_path} {
|
||||||
@ -84,12 +84,12 @@ profile firefox @{exec_path} {
|
|||||||
owner @{MOZ_HOMEDIR}/native-messaging-hosts/org.keepassxc.keepassxc_browser.json r,
|
owner @{MOZ_HOMEDIR}/native-messaging-hosts/org.keepassxc.keepassxc_browser.json r,
|
||||||
|
|
||||||
# Cache
|
# Cache
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{MOZ_CACHEDIR}/ rw,
|
owner @{MOZ_CACHEDIR}/ rw,
|
||||||
owner @{MOZ_CACHEDIR}/** rwk,
|
owner @{MOZ_CACHEDIR}/** rwk,
|
||||||
|
|
||||||
owner @{HOME}/.cache/gstreamer-[0-9]*/ rw,
|
owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
|
||||||
owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
||||||
|
|
||||||
deny @{sys}/devices/system/cpu/present r,
|
deny @{sys}/devices/system/cpu/present r,
|
||||||
deny @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r,
|
deny @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r,
|
||||||
|
|||||||
@ -8,7 +8,7 @@ include <tunables/global>
|
|||||||
|
|
||||||
@{MOZ_LIBDIR} = /{usr/,}lib/firefox
|
@{MOZ_LIBDIR} = /{usr/,}lib/firefox
|
||||||
@{MOZ_HOMEDIR} = @{HOME}/.mozilla
|
@{MOZ_HOMEDIR} = @{HOME}/.mozilla
|
||||||
@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla
|
@{MOZ_CACHEDIR} = @{user_cache_dirs}/mozilla
|
||||||
|
|
||||||
@{exec_path} = @{MOZ_LIBDIR}/crashreporter
|
@{exec_path} = @{MOZ_LIBDIR}/crashreporter
|
||||||
profile firefox-crashreporter @{exec_path} {
|
profile firefox-crashreporter @{exec_path} {
|
||||||
|
|||||||
@ -8,7 +8,7 @@ include <tunables/global>
|
|||||||
|
|
||||||
@{MOZ_LIBDIR} = /{usr/,}lib/firefox
|
@{MOZ_LIBDIR} = /{usr/,}lib/firefox
|
||||||
@{MOZ_HOMEDIR} = @{HOME}/.mozilla
|
@{MOZ_HOMEDIR} = @{HOME}/.mozilla
|
||||||
@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla
|
@{MOZ_CACHEDIR} = @{user_cache_dirs}/mozilla
|
||||||
|
|
||||||
@{exec_path} = /{usr/,}lib/firefox/minidump-analyzer
|
@{exec_path} = /{usr/,}lib/firefox/minidump-analyzer
|
||||||
profile firefox-minidump-analyzer @{exec_path} {
|
profile firefox-minidump-analyzer @{exec_path} {
|
||||||
|
|||||||
@ -8,7 +8,7 @@ include <tunables/global>
|
|||||||
|
|
||||||
@{MOZ_LIBDIR} = /{usr/,}lib/firefox
|
@{MOZ_LIBDIR} = /{usr/,}lib/firefox
|
||||||
@{MOZ_HOMEDIR} = @{HOME}/.mozilla
|
@{MOZ_HOMEDIR} = @{HOME}/.mozilla
|
||||||
@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla
|
@{MOZ_CACHEDIR} = @{user_cache_dirs}/mozilla
|
||||||
|
|
||||||
@{exec_path} = @{MOZ_LIBDIR}/pingsender
|
@{exec_path} = @{MOZ_LIBDIR}/pingsender
|
||||||
profile firefox-pingsender @{exec_path} {
|
profile firefox-pingsender @{exec_path} {
|
||||||
|
|||||||
@ -8,7 +8,7 @@ include <tunables/global>
|
|||||||
|
|
||||||
@{MOZ_LIBDIR} = /{usr/,}lib/firefox{,-esr}
|
@{MOZ_LIBDIR} = /{usr/,}lib/firefox{,-esr}
|
||||||
@{MOZ_HOMEDIR} = @{HOME}/.mozilla
|
@{MOZ_HOMEDIR} = @{HOME}/.mozilla
|
||||||
@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla
|
@{MOZ_CACHEDIR} = @{user_cache_dirs}/mozilla
|
||||||
|
|
||||||
@{exec_path} = @{MOZ_LIBDIR}/plugin-container
|
@{exec_path} = @{MOZ_LIBDIR}/plugin-container
|
||||||
profile firefox-plugin-container @{exec_path} {
|
profile firefox-plugin-container @{exec_path} {
|
||||||
|
|||||||
@ -8,7 +8,7 @@ include <tunables/global>
|
|||||||
|
|
||||||
@{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable}
|
@{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable}
|
||||||
@{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable}
|
@{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable}
|
||||||
@{CHROME_CACHEDIR} = @{HOME}/.cache/google-chrome{,-beta,-unstable}
|
@{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable}
|
||||||
|
|
||||||
@{exec_path} = @{CHROME_INSTALLDIR}/chrome{,-beta,-unstable}
|
@{exec_path} = @{CHROME_INSTALLDIR}/chrome{,-beta,-unstable}
|
||||||
profile google-chrome-chrome @{exec_path} {
|
profile google-chrome-chrome @{exec_path} {
|
||||||
@ -87,7 +87,7 @@ profile google-chrome-chrome @{exec_path} {
|
|||||||
owner @{HOME}/.local/share/.com.google.Chrome.* rw,
|
owner @{HOME}/.local/share/.com.google.Chrome.* rw,
|
||||||
|
|
||||||
# Cache files
|
# Cache files
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{CHROME_CACHEDIR}/{,**/} rw,
|
owner @{CHROME_CACHEDIR}/{,**/} rw,
|
||||||
owner @{CHROME_CACHEDIR}/*/**/{*-,}index rw,
|
owner @{CHROME_CACHEDIR}/*/**/{*-,}index rw,
|
||||||
owner @{CHROME_CACHEDIR}/*/**/[a-f0-9]*_? rw,
|
owner @{CHROME_CACHEDIR}/*/**/[a-f0-9]*_? rw,
|
||||||
|
|||||||
@ -8,7 +8,7 @@ include <tunables/global>
|
|||||||
|
|
||||||
@{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable}
|
@{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable}
|
||||||
@{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable}
|
@{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable}
|
||||||
@{CHROME_CACHEDIR} = @{HOME}/.cache/google-chrome{,-beta,-unstable}
|
@{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable}
|
||||||
|
|
||||||
@{exec_path} = @{CHROME_INSTALLDIR}/chrome-sandbox
|
@{exec_path} = @{CHROME_INSTALLDIR}/chrome-sandbox
|
||||||
profile google-chrome-chrome-sandbox @{exec_path} {
|
profile google-chrome-chrome-sandbox @{exec_path} {
|
||||||
|
|||||||
@ -8,7 +8,7 @@ include <tunables/global>
|
|||||||
|
|
||||||
@{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable}
|
@{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable}
|
||||||
@{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable}
|
@{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable}
|
||||||
@{CHROME_CACHEDIR} = @{HOME}/.cache/google-chrome{,-beta,-unstable}
|
@{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable}
|
||||||
|
|
||||||
@{exec_path} = @{CHROME_INSTALLDIR}/google-chrome{,-beta,-unstable}
|
@{exec_path} = @{CHROME_INSTALLDIR}/google-chrome{,-beta,-unstable}
|
||||||
profile google-chrome-google-chrome @{exec_path} {
|
profile google-chrome-google-chrome @{exec_path} {
|
||||||
|
|||||||
@ -8,7 +8,7 @@ include <tunables/global>
|
|||||||
|
|
||||||
@{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer}
|
@{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer}
|
||||||
@{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer}
|
@{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer}
|
||||||
@{OPERA_CACHEDIR} = @{HOME}/.cache/opera{,-beta,-developer}
|
@{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer}
|
||||||
|
|
||||||
@{exec_path} = @{OPERA_INSTALLDIR}/opera{,-beta,-developer}
|
@{exec_path} = @{OPERA_INSTALLDIR}/opera{,-beta,-developer}
|
||||||
profile opera @{exec_path} {
|
profile opera @{exec_path} {
|
||||||
@ -78,7 +78,7 @@ profile opera @{exec_path} {
|
|||||||
owner @{HOME}/.local/share/.org.chromium.Chromium.* rw,
|
owner @{HOME}/.local/share/.org.chromium.Chromium.* rw,
|
||||||
|
|
||||||
# Cache files
|
# Cache files
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{OPERA_CACHEDIR}/{,**/} rw,
|
owner @{OPERA_CACHEDIR}/{,**/} rw,
|
||||||
owner @{OPERA_CACHEDIR}/**/{*-,}index rw,
|
owner @{OPERA_CACHEDIR}/**/{*-,}index rw,
|
||||||
owner @{OPERA_CACHEDIR}/**/[a-f0-9]*_? rw,
|
owner @{OPERA_CACHEDIR}/**/[a-f0-9]*_? rw,
|
||||||
|
|||||||
@ -8,7 +8,7 @@ include <tunables/global>
|
|||||||
|
|
||||||
@{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer}
|
@{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer}
|
||||||
@{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer}
|
@{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer}
|
||||||
@{OPERA_CACHEDIR} = @{HOME}/.cache/opera{,-beta,-developer}
|
@{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer}
|
||||||
|
|
||||||
@{exec_path} = @{OPERA_INSTALLDIR}/opera_crashreporter
|
@{exec_path} = @{OPERA_INSTALLDIR}/opera_crashreporter
|
||||||
profile opera-crashreporter @{exec_path} {
|
profile opera-crashreporter @{exec_path} {
|
||||||
|
|||||||
@ -8,7 +8,7 @@ include <tunables/global>
|
|||||||
|
|
||||||
@{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer}
|
@{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer}
|
||||||
@{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer}
|
@{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer}
|
||||||
@{OPERA_CACHEDIR} = @{HOME}/.cache/opera{,-beta,-developer}
|
@{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer}
|
||||||
|
|
||||||
@{exec_path} = @{OPERA_INSTALLDIR}/opera_sandbox
|
@{exec_path} = @{OPERA_INSTALLDIR}/opera_sandbox
|
||||||
profile opera-sandbox @{exec_path} {
|
profile opera-sandbox @{exec_path} {
|
||||||
|
|||||||
@ -117,8 +117,8 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
|
|||||||
|
|
||||||
# Silence denial logs about permissions we don't need
|
# Silence denial logs about permissions we don't need
|
||||||
deny /dev/dri/ rwklx,
|
deny /dev/dri/ rwklx,
|
||||||
deny @{HOME}/.cache/fontconfig/ rw,
|
deny @{user_cache_dirs}/fontconfig/ rw,
|
||||||
deny @{HOME}/.cache/fontconfig/** rw,
|
deny @{user_cache_dirs}/fontconfig/** rw,
|
||||||
deny @{HOME}/.config/gtk-2.0/ rw,
|
deny @{HOME}/.config/gtk-2.0/ rw,
|
||||||
deny @{HOME}/.config/gtk-2.0/** rw,
|
deny @{HOME}/.config/gtk-2.0/** rw,
|
||||||
deny @{PROC}/@{pid}/net/route r,
|
deny @{PROC}/@{pid}/net/route r,
|
||||||
|
|||||||
@ -33,14 +33,14 @@ profile blueman @{exec_path} {
|
|||||||
|
|
||||||
/usr/share/blueman/{,**} r,
|
/usr/share/blueman/{,**} r,
|
||||||
|
|
||||||
owner @{HOME}/.cache/blueman-tray-[0-9]* rw,
|
owner @{user_cache_dirs}/blueman-tray-[0-9]* rw,
|
||||||
owner @{HOME}/.cache/blueman-services-[0-9]* rw,
|
owner @{user_cache_dirs}/blueman-services-[0-9]* rw,
|
||||||
owner @{HOME}/.cache/blueman-adapters-[0-9]* rw,
|
owner @{user_cache_dirs}/blueman-adapters-[0-9]* rw,
|
||||||
owner @{HOME}/.cache/blueman-manager-[0-9]* rw,
|
owner @{user_cache_dirs}/blueman-manager-[0-9]* rw,
|
||||||
owner @{HOME}/.cache/blueman-applet-[0-9]* rw,
|
owner @{user_cache_dirs}/blueman-applet-[0-9]* rw,
|
||||||
|
|
||||||
owner @{HOME}/.cache/obexd/ rw,
|
owner @{user_cache_dirs}/obexd/ rw,
|
||||||
owner @{HOME}/.cache/obexd/* rw,
|
owner @{user_cache_dirs}/obexd/* rw,
|
||||||
|
|
||||||
owner @{HOME}/ r,
|
owner @{HOME}/ r,
|
||||||
owner @{HOME}/bluetooth*/ r,
|
owner @{HOME}/bluetooth*/ r,
|
||||||
|
|||||||
@ -14,9 +14,9 @@ profile bluetoothctl @{exec_path} {
|
|||||||
|
|
||||||
/etc/inputrc r,
|
/etc/inputrc r,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/.bluetoothctl_history rw,
|
owner @{user_cache_dirs}/.bluetoothctl_history rw,
|
||||||
owner @{HOME}/.cache/.bluetoothctl_history-@{pid}.tmp rw,
|
owner @{user_cache_dirs}/.bluetoothctl_history-@{pid}.tmp rw,
|
||||||
|
|
||||||
include if exists <local/bluetoothctl>
|
include if exists <local/bluetoothctl>
|
||||||
}
|
}
|
||||||
|
|||||||
@ -21,9 +21,9 @@ profile dconf-service @{exec_path} {
|
|||||||
owner @{HOME}/.config/dconf/ rw,
|
owner @{HOME}/.config/dconf/ rw,
|
||||||
owner @{HOME}/.config/dconf/user{,.*} rw,
|
owner @{HOME}/.config/dconf/user{,.*} rw,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/dconf/ rw,
|
owner @{user_cache_dirs}/dconf/ rw,
|
||||||
owner @{HOME}/.cache/dconf/user rw,
|
owner @{user_cache_dirs}/dconf/user rw,
|
||||||
|
|
||||||
@{PROC}/cmdline r,
|
@{PROC}/cmdline r,
|
||||||
|
|
||||||
|
|||||||
@ -46,12 +46,12 @@ profile anki @{exec_path} {
|
|||||||
/usr/share/qt5ct/** r,
|
/usr/share/qt5ct/** r,
|
||||||
|
|
||||||
owner @{HOME}/ r,
|
owner @{HOME}/ r,
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/qtshadercache/ rw,
|
owner @{user_cache_dirs}/qtshadercache/ rw,
|
||||||
owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw,
|
||||||
owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9],
|
owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9],
|
||||||
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
|
||||||
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
|
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
|
||||||
|
|
||||||
/usr/share/anki/{,**} r,
|
/usr/share/anki/{,**} r,
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ profile appstreamcli @{exec_path} flags=(complain) {
|
|||||||
|
|
||||||
owner @{PROC}/@{pid}/fd/ r,
|
owner @{PROC}/@{pid}/fd/ r,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/appstream-cache-*.mdb rw,
|
owner @{user_cache_dirs}/appstream-cache-*.mdb rw,
|
||||||
|
|
||||||
/usr/share/appdata/ r,
|
/usr/share/appdata/ r,
|
||||||
/var/lib/app-info/yaml/ r,
|
/var/lib/app-info/yaml/ r,
|
||||||
|
|||||||
@ -43,9 +43,9 @@ profile borg @{exec_path} {
|
|||||||
|
|
||||||
owner @{PROC}/@{pid}/fd/ r,
|
owner @{PROC}/@{pid}/fd/ r,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/borg/ rw,
|
owner @{user_cache_dirs}/borg/ rw,
|
||||||
owner @{HOME}/.cache/borg/** rw,
|
owner @{user_cache_dirs}/borg/** rw,
|
||||||
|
|
||||||
owner @{HOME}/.config/borg/ rw,
|
owner @{HOME}/.config/borg/ rw,
|
||||||
owner @{HOME}/.config/borg/** rw,
|
owner @{HOME}/.config/borg/** rw,
|
||||||
|
|||||||
@ -31,11 +31,11 @@ profile cawbird @{exec_path} {
|
|||||||
owner @{HOME}/.config/cawbird/ rw,
|
owner @{HOME}/.config/cawbird/ rw,
|
||||||
owner @{HOME}/.config/cawbird/** rwk,
|
owner @{HOME}/.config/cawbird/** rwk,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/cawbird-* rw,
|
owner @{user_cache_dirs}/cawbird-* rw,
|
||||||
|
|
||||||
owner @{HOME}/.cache/gstreamer-[0-9]*/ rw,
|
owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
|
||||||
owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||||
|
|
||||||
|
|||||||
@ -59,8 +59,8 @@ profile engrampa @{exec_path} {
|
|||||||
/tmp/ r,
|
/tmp/ r,
|
||||||
owner /tmp/** rw,
|
owner /tmp/** rw,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/.fr-*/{,**} rw,
|
owner @{user_cache_dirs}/.fr-*/{,**} rw,
|
||||||
|
|
||||||
owner @{HOME}/.config/ r,
|
owner @{HOME}/.config/ r,
|
||||||
owner @{HOME}/.config/mimeapps.list{,.*} rw,
|
owner @{HOME}/.config/mimeapps.list{,.*} rw,
|
||||||
|
|||||||
@ -29,12 +29,12 @@ profile font-manager @{exec_path} {
|
|||||||
|
|
||||||
/{usr/,}lib/@{multiarch}/gstreamer[0-9]*.[0-9]*/gstreamer-[0-9]*.[0-9]*/gst-plugin-scanner rPUx,
|
/{usr/,}lib/@{multiarch}/gstreamer[0-9]*.[0-9]*/gstreamer-[0-9]*.[0-9]*/gst-plugin-scanner rPUx,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/font-manager/ rw,
|
owner @{user_cache_dirs}/font-manager/ rw,
|
||||||
owner @{HOME}/.cache/font-manager/* rwk,
|
owner @{user_cache_dirs}/font-manager/* rwk,
|
||||||
|
|
||||||
owner @{HOME}/.cache/gstreamer-[0-9]*/ rw,
|
owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
|
||||||
owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
||||||
|
|
||||||
owner @{HOME}/.config/font-manager/ rw,
|
owner @{HOME}/.config/font-manager/ rw,
|
||||||
owner @{HOME}/.config/font-manager/* rw,
|
owner @{HOME}/.config/font-manager/* rw,
|
||||||
|
|||||||
@ -27,12 +27,12 @@ profile fusermount @{exec_path} {
|
|||||||
# Where to mount ISO files
|
# Where to mount ISO files
|
||||||
owner @{HOME}/*/ rw,
|
owner @{HOME}/*/ rw,
|
||||||
owner @{HOME}/*/*/ rw,
|
owner @{HOME}/*/*/ rw,
|
||||||
owner @{HOME}/.cache/**/ rw,
|
owner @{user_cache_dirs}/**/ rw,
|
||||||
|
|
||||||
# Be able to mount ISO images
|
# Be able to mount ISO images
|
||||||
mount fstype={fuse,fuse.*} -> @{HOME}/*/,
|
mount fstype={fuse,fuse.*} -> @{HOME}/*/,
|
||||||
mount fstype={fuse,fuse.*} -> @{HOME}/*/*/,
|
mount fstype={fuse,fuse.*} -> @{HOME}/*/*/,
|
||||||
mount fstype={fuse,fuse.*} -> @{HOME}/.cache/**/,
|
mount fstype={fuse,fuse.*} -> @{user_cache_dirs}/**/,
|
||||||
mount fstype={fuse,fuse.*} -> /media/*/,
|
mount fstype={fuse,fuse.*} -> /media/*/,
|
||||||
mount fstype={fuse,fuse.*} -> /media/*/*/,
|
mount fstype={fuse,fuse.*} -> /media/*/*/,
|
||||||
# For MTP
|
# For MTP
|
||||||
@ -47,7 +47,7 @@ profile fusermount @{exec_path} {
|
|||||||
# Be able to unmount the ISO images
|
# Be able to unmount the ISO images
|
||||||
umount @{HOME}/*/,
|
umount @{HOME}/*/,
|
||||||
umount @{HOME}/*/*/,
|
umount @{HOME}/*/*/,
|
||||||
umount @{HOME}/.cache/**/,
|
umount @{user_cache_dirs}/**/,
|
||||||
umount /media/*/,
|
umount /media/*/,
|
||||||
umount /tmp/.mount_*/,
|
umount /tmp/.mount_*/,
|
||||||
umount @{run}/user/[0-9]*/**/,
|
umount @{run}/user/[0-9]*/**/,
|
||||||
|
|||||||
@ -31,7 +31,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
|
|||||||
/etc/fwupd/** r,
|
/etc/fwupd/** r,
|
||||||
|
|
||||||
# In order to get to this file, the attach_disconnected flag has to be set
|
# In order to get to this file, the attach_disconnected flag has to be set
|
||||||
owner @{HOME}/.cache/fwupd/lvfs-metadata.xml.gz r,
|
owner @{user_cache_dirs}/fwupd/lvfs-metadata.xml.gz r,
|
||||||
|
|
||||||
/usr/share/mime/mime.cache r,
|
/usr/share/mime/mime.cache r,
|
||||||
|
|
||||||
|
|||||||
@ -17,9 +17,9 @@ profile fwupdmgr @{exec_path} flags=(complain) {
|
|||||||
|
|
||||||
/{usr/,}bin/dbus-launch rCx -> dbus,
|
/{usr/,}bin/dbus-launch rCx -> dbus,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/fwupd/ rw,
|
owner @{user_cache_dirs}/fwupd/ rw,
|
||||||
owner @{HOME}/.cache/fwupd/lvfs-metadata.xml.gz{,.*} rw,
|
owner @{user_cache_dirs}/fwupd/lvfs-metadata.xml.gz{,.*} rw,
|
||||||
|
|
||||||
owner /var/cache/private/fwupdmgr/fwupd/lvfs-metadata.xml.gz{,.asc}.* rw,
|
owner /var/cache/private/fwupdmgr/fwupd/lvfs-metadata.xml.gz{,.asc}.* rw,
|
||||||
owner /var/cache/private/fwupdmgr/fwupd/lvfs-metadata.xml.gz{,.asc} rw,
|
owner /var/cache/private/fwupdmgr/fwupd/lvfs-metadata.xml.gz{,.asc} rw,
|
||||||
|
|||||||
@ -36,7 +36,7 @@ profile fzsftp @{exec_path} {
|
|||||||
owner @{HOME}/.putty/randomseed rw,
|
owner @{HOME}/.putty/randomseed rw,
|
||||||
|
|
||||||
# file_inherit
|
# file_inherit
|
||||||
#deny @{HOME}/.cache/filezilla/** rw,
|
#deny @{user_cache_dirs}/filezilla/** rw,
|
||||||
|
|
||||||
include if exists <local/fzsftp>
|
include if exists <local/fzsftp>
|
||||||
}
|
}
|
||||||
|
|||||||
@ -58,9 +58,9 @@ profile gajim @{exec_path} {
|
|||||||
owner @{HOME}/.local/share/gajim/** rwk,
|
owner @{HOME}/.local/share/gajim/** rwk,
|
||||||
|
|
||||||
# Cache
|
# Cache
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/gajim/ rw,
|
owner @{user_cache_dirs}/gajim/ rw,
|
||||||
owner @{HOME}/.cache/gajim/** rwk,
|
owner @{user_cache_dirs}/gajim/** rwk,
|
||||||
|
|
||||||
owner @{PROC}/@{pid}/fd/ r,
|
owner @{PROC}/@{pid}/fd/ r,
|
||||||
owner @{PROC}/@{pid}/mounts r,
|
owner @{PROC}/@{pid}/mounts r,
|
||||||
|
|||||||
@ -46,8 +46,8 @@ profile gtk-youtube-viewer @{exec_path} {
|
|||||||
|
|
||||||
owner @{HOME}/.config/youtube-viewer/{,*} rw,
|
owner @{HOME}/.config/youtube-viewer/{,*} rw,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/youtube-viewer/ rw,
|
owner @{user_cache_dirs}/youtube-viewer/ rw,
|
||||||
|
|
||||||
owner @{PROC}/@{pid}/fd/ r,
|
owner @{PROC}/@{pid}/fd/ r,
|
||||||
owner @{PROC}/@{pid}/mounts r,
|
owner @{PROC}/@{pid}/mounts r,
|
||||||
|
|||||||
@ -37,9 +37,9 @@ profile jgmenu @{exec_path} {
|
|||||||
owner @{HOME}/.config/jgmenu/ rw,
|
owner @{HOME}/.config/jgmenu/ rw,
|
||||||
owner @{HOME}/.config/jgmenu/** rw,
|
owner @{HOME}/.config/jgmenu/** rw,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/jgmenu/ rw,
|
owner @{user_cache_dirs}/jgmenu/ rw,
|
||||||
owner @{HOME}/.cache/jgmenu/** rw,
|
owner @{user_cache_dirs}/jgmenu/** rw,
|
||||||
|
|
||||||
owner @{HOME}/.Xauthority r,
|
owner @{HOME}/.Xauthority r,
|
||||||
|
|
||||||
|
|||||||
@ -41,8 +41,8 @@ profile keepassxc @{exec_path} {
|
|||||||
owner @{HOME}/.config/keepassxc/ rw,
|
owner @{HOME}/.config/keepassxc/ rw,
|
||||||
owner @{HOME}/.config/keepassxc/* rwkl -> @{HOME}/.config/keepassxc/#[0-9]*[0-9],
|
owner @{HOME}/.config/keepassxc/* rwkl -> @{HOME}/.config/keepassxc/#[0-9]*[0-9],
|
||||||
|
|
||||||
owner @{HOME}/.cache/keepassxc/ rw,
|
owner @{user_cache_dirs}/keepassxc/ rw,
|
||||||
owner @{HOME}/.cache/keepassxc/* rwkl -> @{HOME}/.cache/keepassxc/#[0-9]*[0-9],
|
owner @{user_cache_dirs}/keepassxc/* rwkl -> @{user_cache_dirs}/keepassxc/#[0-9]*[0-9],
|
||||||
|
|
||||||
# Database location
|
# Database location
|
||||||
/ r,
|
/ r,
|
||||||
|
|||||||
@ -29,7 +29,7 @@ profile keepassxc-proxy @{exec_path} {
|
|||||||
deny owner /dev/shm/org.mozilla.ipc.[0-9]*.[0-9]* rw,
|
deny owner /dev/shm/org.mozilla.ipc.[0-9]*.[0-9]* rw,
|
||||||
#
|
#
|
||||||
deny owner @{HOME}/.mozilla/** rw,
|
deny owner @{HOME}/.mozilla/** rw,
|
||||||
deny owner @{HOME}/.cache/mozilla/** rw,
|
deny owner @{user_cache_dirs}/mozilla/** rw,
|
||||||
deny owner /media/*/.mozilla/** rw,
|
deny owner /media/*/.mozilla/** rw,
|
||||||
deny owner /tmp/firefox*/.parentlock rw,
|
deny owner /tmp/firefox*/.parentlock rw,
|
||||||
deny owner /tmp/tmp-*.xpi rw,
|
deny owner /tmp/tmp-*.xpi rw,
|
||||||
|
|||||||
@ -40,14 +40,14 @@ profile kscreenlocker-greet @{exec_path} {
|
|||||||
owner @{HOME}/.config/qt5ct/{,**} r,
|
owner @{HOME}/.config/qt5ct/{,**} r,
|
||||||
/usr/share/qt5ct/** r,
|
/usr/share/qt5ct/** r,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/qtshadercache/ rw,
|
owner @{user_cache_dirs}/qtshadercache/ rw,
|
||||||
owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw,
|
||||||
owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9],
|
owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9],
|
||||||
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
|
||||||
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
|
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
|
||||||
|
|
||||||
owner @{HOME}/.cache/plasma-svgelements-default_v* r,
|
owner @{user_cache_dirs}/plasma-svgelements-default_v* r,
|
||||||
|
|
||||||
# If one is blocked, the others are probed.
|
# If one is blocked, the others are probed.
|
||||||
deny owner @{HOME}/#[0-9]*[0-9] mrw,
|
deny owner @{HOME}/#[0-9]*[0-9] mrw,
|
||||||
|
|||||||
@ -30,7 +30,7 @@ profile kwalletd5 @{exec_path} {
|
|||||||
owner @{HOME}/.config/kwalletrc r,
|
owner @{HOME}/.config/kwalletrc r,
|
||||||
|
|
||||||
owner @{HOME}/.config/kdeglobals r,
|
owner @{HOME}/.config/kdeglobals r,
|
||||||
owner @{HOME}/.cache/icon-cache.kcache rw,
|
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||||
|
|
||||||
owner @{HOME}/.local/share/kwalletd/ rw,
|
owner @{HOME}/.local/share/kwalletd/ rw,
|
||||||
owner @{HOME}/.local/share/kwalletd/#[0-9]*[0-9] rw,
|
owner @{HOME}/.local/share/kwalletd/#[0-9]*[0-9] rw,
|
||||||
|
|||||||
@ -45,7 +45,7 @@ profile kwalletmanager5 @{exec_path} {
|
|||||||
owner @{HOME}/.config/session/kwalletmanager5_*.lock rwk,
|
owner @{HOME}/.config/session/kwalletmanager5_*.lock rwk,
|
||||||
|
|
||||||
owner @{HOME}/.config/kdeglobals r,
|
owner @{HOME}/.config/kdeglobals r,
|
||||||
owner @{HOME}/.cache/icon-cache.kcache rw,
|
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||||
|
|
||||||
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
|
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
|
||||||
owner @{HOME}/.config/qt5ct/{,**} r,
|
owner @{HOME}/.config/qt5ct/{,**} r,
|
||||||
|
|||||||
@ -54,16 +54,16 @@ profile minitube @{exec_path} {
|
|||||||
# owner /tmp/.glvnd* mrw,
|
# owner /tmp/.glvnd* mrw,
|
||||||
|
|
||||||
# Cache
|
# Cache
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner "@{HOME}/.cache/Flavio Tordini/" rw,
|
owner "@{user_cache_dirs}/Flavio Tordini/" rw,
|
||||||
owner "@{HOME}/.cache/Flavio Tordini/Minitube/" rw,
|
owner "@{user_cache_dirs}/Flavio Tordini/Minitube/" rw,
|
||||||
owner "@{HOME}/.cache/Flavio Tordini/Minitube/**" rwl -> "@{HOME}/.cache/Flavio Tordini/Minitube/**",
|
owner "@{user_cache_dirs}/Flavio Tordini/Minitube/**" rwl -> "@{user_cache_dirs}/Flavio Tordini/Minitube/**",
|
||||||
|
|
||||||
owner @{HOME}/.cache/qtshadercache/ rw,
|
owner @{user_cache_dirs}/qtshadercache/ rw,
|
||||||
owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw,
|
||||||
owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9],
|
owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9],
|
||||||
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
|
||||||
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
|
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
|
||||||
|
|
||||||
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
|
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
|
||||||
owner @{HOME}/.config/qt5ct/{,**} r,
|
owner @{HOME}/.config/qt5ct/{,**} r,
|
||||||
|
|||||||
@ -74,11 +74,11 @@ profile mkvtoolnix-gui @{exec_path} {
|
|||||||
owner @{HOME}/.config/bunkus.org/mkvtoolnix-gui/ rw,
|
owner @{HOME}/.config/bunkus.org/mkvtoolnix-gui/ rw,
|
||||||
owner @{HOME}/.config/bunkus.org/mkvtoolnix-gui/** rwkl -> @{HOME}/.config/bunkus.org/mkvtoolnix-gui/#[0-9]*[0-9],
|
owner @{HOME}/.config/bunkus.org/mkvtoolnix-gui/** rwkl -> @{HOME}/.config/bunkus.org/mkvtoolnix-gui/#[0-9]*[0-9],
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/bunkus.org/ rw,
|
owner @{user_cache_dirs}/bunkus.org/ rw,
|
||||||
owner @{HOME}/.cache/bunkus.org/mkvtoolnix-gui/ rw,
|
owner @{user_cache_dirs}/bunkus.org/mkvtoolnix-gui/ rw,
|
||||||
owner @{HOME}/.cache/bunkus.org/mkvtoolnix-gui/**/ rw,
|
owner @{user_cache_dirs}/bunkus.org/mkvtoolnix-gui/**/ rw,
|
||||||
owner @{HOME}/.cache/bunkus.org/mkvtoolnix-gui/**/[0-9a-f]* rw,
|
owner @{user_cache_dirs}/bunkus.org/mkvtoolnix-gui/**/[0-9a-f]* rw,
|
||||||
|
|
||||||
owner @{HOME}/.config/qt5ct/{,**} r,
|
owner @{HOME}/.config/qt5ct/{,**} r,
|
||||||
/usr/share/qt5ct/** r,
|
/usr/share/qt5ct/** r,
|
||||||
|
|||||||
@ -44,7 +44,7 @@ profile mpsyt @{exec_path} {
|
|||||||
owner @{HOME}/.config/mps-youtube/{,**} rw,
|
owner @{HOME}/.config/mps-youtube/{,**} rw,
|
||||||
|
|
||||||
# Cache files
|
# Cache files
|
||||||
owner @{HOME}/.cache/youtube-dl/youtube-sigfuncs/js_*.json{,.*.tmp} rw,
|
owner @{user_cache_dirs}/youtube-dl/youtube-sigfuncs/js_*.json{,.*.tmp} rw,
|
||||||
|
|
||||||
/etc/inputrc r,
|
/etc/inputrc r,
|
||||||
/etc/mime.types r,
|
/etc/mime.types r,
|
||||||
|
|||||||
@ -14,8 +14,8 @@ profile obexctl @{exec_path} {
|
|||||||
|
|
||||||
/etc/inputrc r,
|
/etc/inputrc r,
|
||||||
|
|
||||||
owner @{HOME}/.cache/.obexctl_history rw,
|
owner @{user_cache_dirs}/.obexctl_history rw,
|
||||||
owner @{HOME}/.cache/.obexctl_history-@{pid}.tmp rw,
|
owner @{user_cache_dirs}/.obexctl_history-@{pid}.tmp rw,
|
||||||
|
|
||||||
include if exists <local/obexctl>
|
include if exists <local/obexctl>
|
||||||
}
|
}
|
||||||
|
|||||||
@ -16,9 +16,9 @@ profile obexd @{exec_path} {
|
|||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/obexd/ rw,
|
owner @{user_cache_dirs}/obexd/ rw,
|
||||||
owner @{HOME}/.cache/obexd/* rw,
|
owner @{user_cache_dirs}/obexd/* rw,
|
||||||
|
|
||||||
owner @{HOME}/bluetooth/* rw,
|
owner @{HOME}/bluetooth/* rw,
|
||||||
|
|
||||||
|
|||||||
@ -36,10 +36,10 @@ profile openbox @{exec_path} {
|
|||||||
|
|
||||||
owner @{HOME}/.config/obmenu-generator/icons/[0-9a-f]*.png r,
|
owner @{HOME}/.config/obmenu-generator/icons/[0-9a-f]*.png r,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/openbox/ rw,
|
owner @{user_cache_dirs}/openbox/ rw,
|
||||||
owner @{HOME}/.cache/openbox/openbox.log rw,
|
owner @{user_cache_dirs}/openbox/openbox.log rw,
|
||||||
owner @{HOME}/.cache/openbox/sessions/ rw,
|
owner @{user_cache_dirs}/openbox/sessions/ rw,
|
||||||
|
|
||||||
owner @{HOME}/.Xauthority r,
|
owner @{HOME}/.Xauthority r,
|
||||||
|
|
||||||
|
|||||||
@ -28,7 +28,7 @@ profile pinentry-qt @{exec_path} {
|
|||||||
owner @{HOME}/.config/qt5ct/{,**} r,
|
owner @{HOME}/.config/qt5ct/{,**} r,
|
||||||
/usr/share/qt5ct/** r,
|
/usr/share/qt5ct/** r,
|
||||||
|
|
||||||
owner @{HOME}/.cache/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/#[0-9]*[0-9] rw,
|
||||||
|
|
||||||
/var/lib/dbus/machine-id r,
|
/var/lib/dbus/machine-id r,
|
||||||
/etc/machine-id r,
|
/etc/machine-id r,
|
||||||
|
|||||||
@ -44,7 +44,7 @@ profile polkit-kde-authentication-agent @{exec_path} {
|
|||||||
/usr/share/hwdata/pnp.ids r,
|
/usr/share/hwdata/pnp.ids r,
|
||||||
|
|
||||||
owner @{HOME}/.config/kdeglobals r,
|
owner @{HOME}/.config/kdeglobals r,
|
||||||
owner @{HOME}/.cache/icon-cache.kcache rw,
|
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||||
|
|
||||||
/dev/shm/#[0-9]*[0-9] rw,
|
/dev/shm/#[0-9]*[0-9] rw,
|
||||||
|
|
||||||
|
|||||||
@ -62,9 +62,9 @@ profile psi-plus @{exec_path} {
|
|||||||
/usr/share/qt5ct/** r,
|
/usr/share/qt5ct/** r,
|
||||||
|
|
||||||
# Cache files
|
# Cache files
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/psi+/{,**} rw,
|
owner @{user_cache_dirs}/psi+/{,**} rw,
|
||||||
owner @{HOME}/.cache/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/#[0-9]*[0-9] rw,
|
||||||
|
|
||||||
/var/lib/dbus/machine-id r,
|
/var/lib/dbus/machine-id r,
|
||||||
/etc/machine-id r,
|
/etc/machine-id r,
|
||||||
|
|||||||
@ -49,9 +49,9 @@ profile qbittorrent @{exec_path} {
|
|||||||
owner @{HOME}/.local/share/data/qBittorrent/** rwl -> @{HOME}/.local/share/data/qBittorrent/**/#[0-9]*[0-9],
|
owner @{HOME}/.local/share/data/qBittorrent/** rwl -> @{HOME}/.local/share/data/qBittorrent/**/#[0-9]*[0-9],
|
||||||
|
|
||||||
# Cache dir
|
# Cache dir
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/#[0-9]*[0-9] rw,
|
||||||
owner @{HOME}/.cache/qBittorrent/{,**} rw,
|
owner @{user_cache_dirs}/qBittorrent/{,**} rw,
|
||||||
|
|
||||||
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
|
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
|
||||||
owner @{HOME}/.config/qt5ct/{,**} r,
|
owner @{HOME}/.config/qt5ct/{,**} r,
|
||||||
|
|||||||
@ -32,9 +32,9 @@ profile qbittorrent-nox @{exec_path} {
|
|||||||
owner @{HOME}/.local/share/data/qBittorrent/** rwl -> @{HOME}/.local/share/data/qBittorrent/**/#[0-9]*[0-9],
|
owner @{HOME}/.local/share/data/qBittorrent/** rwl -> @{HOME}/.local/share/data/qBittorrent/**/#[0-9]*[0-9],
|
||||||
|
|
||||||
# Cache dir
|
# Cache dir
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/#[0-9]*[0-9] rw,
|
||||||
owner @{HOME}/.cache/qBittorrent/{,**} rw,
|
owner @{user_cache_dirs}/qBittorrent/{,**} rw,
|
||||||
|
|
||||||
# Torrent files
|
# Torrent files
|
||||||
/media/ r,
|
/media/ r,
|
||||||
|
|||||||
@ -89,7 +89,7 @@ profile qnapi @{exec_path} {
|
|||||||
owner @{HOME}/.config/qt5ct/{,**} r,
|
owner @{HOME}/.config/qt5ct/{,**} r,
|
||||||
/usr/share/qt5ct/** r,
|
/usr/share/qt5ct/** r,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
|
|
||||||
/usr/share/hwdata/pnp.ids r,
|
/usr/share/hwdata/pnp.ids r,
|
||||||
|
|
||||||
|
|||||||
@ -31,8 +31,8 @@ profile qt5ct @{exec_path} {
|
|||||||
|
|
||||||
owner @{HOME}/.config/kdeglobals r,
|
owner @{HOME}/.config/kdeglobals r,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/icon-cache.kcache rw,
|
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||||
|
|
||||||
/usr/share/qt5ct/** r,
|
/usr/share/qt5ct/** r,
|
||||||
|
|
||||||
|
|||||||
@ -50,11 +50,11 @@ profile quiterss @{exec_path} {
|
|||||||
owner @{HOME}/.config/QuiteRss/** rwkl -> @{HOME}/.config/QuiteRss/**,
|
owner @{HOME}/.config/QuiteRss/** rwkl -> @{HOME}/.config/QuiteRss/**,
|
||||||
owner @{HOME}/.local/share/QuiteRss/ rw,
|
owner @{HOME}/.local/share/QuiteRss/ rw,
|
||||||
owner @{HOME}/.local/share/QuiteRss/** rwkl -> @{HOME}/.local/share/QuiteRss/QuiteRss/**,
|
owner @{HOME}/.local/share/QuiteRss/** rwkl -> @{HOME}/.local/share/QuiteRss/QuiteRss/**,
|
||||||
owner @{HOME}/.cache/QuiteRss/ rw,
|
owner @{user_cache_dirs}/QuiteRss/ rw,
|
||||||
owner @{HOME}/.cache/QuiteRss/** rwl -> @{HOME}/.cache/QuiteRss/**,
|
owner @{user_cache_dirs}/QuiteRss/** rwl -> @{user_cache_dirs}/QuiteRss/**,
|
||||||
|
|
||||||
owner @{HOME}/.cache/gstreamer-[0-9]*/ rw,
|
owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
|
||||||
owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
||||||
|
|
||||||
owner @{PROC}/@{pid}/fd/ r,
|
owner @{PROC}/@{pid}/fd/ r,
|
||||||
deny @{PROC}/sys/kernel/random/boot_id r,
|
deny @{PROC}/sys/kernel/random/boot_id r,
|
||||||
|
|||||||
@ -51,15 +51,15 @@ profile rpi-imager @{exec_path} {
|
|||||||
owner "@{HOME}/.config/Raspberry Pi/Imager.conf" rw,
|
owner "@{HOME}/.config/Raspberry Pi/Imager.conf" rw,
|
||||||
owner "@{HOME}/.config/Raspberry Pi/Imager.conf.lock" rwk,
|
owner "@{HOME}/.config/Raspberry Pi/Imager.conf.lock" rwk,
|
||||||
|
|
||||||
owner "@{HOME}/.cache/Raspberry Pi/" rw,
|
owner "@{user_cache_dirs}/Raspberry Pi/" rw,
|
||||||
owner "@{HOME}/.cache/Raspberry Pi/**" rwl -> "@{HOME}/.cache/Raspberry Pi/**",
|
owner "@{user_cache_dirs}/Raspberry Pi/**" rwl -> "@{user_cache_dirs}/Raspberry Pi/**",
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/qtshadercache/ rw,
|
owner @{user_cache_dirs}/qtshadercache/ rw,
|
||||||
owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw,
|
||||||
owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9],
|
owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9],
|
||||||
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
|
||||||
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
|
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
|
||||||
|
|
||||||
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
|
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
|
||||||
owner @{HOME}/.config/qt5ct/{,**} r,
|
owner @{HOME}/.config/qt5ct/{,**} r,
|
||||||
|
|||||||
@ -48,18 +48,18 @@ profile sddm-greeter @{exec_path} {
|
|||||||
|
|
||||||
# All the following is for the test mode
|
# All the following is for the test mode
|
||||||
#------------------------------------------------------------------
|
#------------------------------------------------------------------
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/sddm-greeter/ rw,
|
owner @{user_cache_dirs}/sddm-greeter/ rw,
|
||||||
owner @{HOME}/.cache/sddm-greeter/qmlcache/ rw,
|
owner @{user_cache_dirs}/sddm-greeter/qmlcache/ rw,
|
||||||
owner @{HOME}/.cache/sddm-greeter/qmlcache/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/sddm-greeter/qmlcache/#[0-9]*[0-9] rw,
|
||||||
owner @{HOME}/.cache/sddm-greeter/qmlcache/[a-f0-9]*.jsc* rwl -> @{HOME}/.cache/sddm-greeter/qmlcache/#[0-9]*[0-9],
|
owner @{user_cache_dirs}/sddm-greeter/qmlcache/[a-f0-9]*.jsc* rwl -> @{user_cache_dirs}/sddm-greeter/qmlcache/#[0-9]*[0-9],
|
||||||
owner @{HOME}/.cache/sddm-greeter/qmlcache/[a-f0-9]*.qmlc* rwl -> @{HOME}/.cache/sddm-greeter/qmlcache/#[0-9]*[0-9],
|
owner @{user_cache_dirs}/sddm-greeter/qmlcache/[a-f0-9]*.qmlc* rwl -> @{user_cache_dirs}/sddm-greeter/qmlcache/#[0-9]*[0-9],
|
||||||
|
|
||||||
owner @{HOME}/.cache/qtshadercache/ rw,
|
owner @{user_cache_dirs}/qtshadercache/ rw,
|
||||||
owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw,
|
||||||
owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9],
|
owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9],
|
||||||
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
|
||||||
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
|
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
|
||||||
|
|
||||||
owner @{HOME}/.config/qt5ct/{,**} r,
|
owner @{HOME}/.config/qt5ct/{,**} r,
|
||||||
/usr/share/qt5ct/** r,
|
/usr/share/qt5ct/** r,
|
||||||
@ -72,9 +72,9 @@ profile sddm-greeter @{exec_path} {
|
|||||||
|
|
||||||
owner @{HOME}/.config/kdeglobals r,
|
owner @{HOME}/.config/kdeglobals r,
|
||||||
owner @{HOME}/.config/plasmarc r,
|
owner @{HOME}/.config/plasmarc r,
|
||||||
owner @{HOME}/.cache/icon-cache.kcache rw,
|
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||||
owner @{HOME}/.cache/plasma_theme_*.kcache rw,
|
owner @{user_cache_dirs}/plasma_theme_*.kcache rw,
|
||||||
owner @{HOME}/.cache/plasma-svgelements-* rw,
|
owner @{user_cache_dirs}/plasma-svgelements-* rw,
|
||||||
|
|
||||||
include <abstractions/qt5-compose-cache-write>
|
include <abstractions/qt5-compose-cache-write>
|
||||||
|
|
||||||
|
|||||||
@ -105,7 +105,7 @@ profile smplayer @{exec_path} {
|
|||||||
owner @{HOME}/.config/qt5ct/{,**} r,
|
owner @{HOME}/.config/qt5ct/{,**} r,
|
||||||
/usr/share/qt5ct/** r,
|
/usr/share/qt5ct/** r,
|
||||||
|
|
||||||
owner @{HOME}/.cache/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/#[0-9]*[0-9] rw,
|
||||||
|
|
||||||
/var/lib/dbus/machine-id r,
|
/var/lib/dbus/machine-id r,
|
||||||
/etc/machine-id r,
|
/etc/machine-id r,
|
||||||
|
|||||||
@ -50,12 +50,12 @@ profile smtube @{exec_path} {
|
|||||||
/usr/share/qt5ct/** r,
|
/usr/share/qt5ct/** r,
|
||||||
|
|
||||||
# Cache
|
# Cache
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/smtube/ rw,
|
owner @{user_cache_dirs}/smtube/ rw,
|
||||||
owner @{HOME}/.cache/smtube/* rwk,
|
owner @{user_cache_dirs}/smtube/* rwk,
|
||||||
|
|
||||||
owner @{HOME}/.cache/gstreamer-[0-9]*/ rw,
|
owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
|
||||||
owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
||||||
|
|
||||||
/var/lib/dbus/machine-id r,
|
/var/lib/dbus/machine-id r,
|
||||||
/etc/machine-id r,
|
/etc/machine-id r,
|
||||||
|
|||||||
@ -64,15 +64,15 @@ profile strawberry @{exec_path} {
|
|||||||
owner @{HOME}/.local/share/strawberry/ rw,
|
owner @{HOME}/.local/share/strawberry/ rw,
|
||||||
owner @{HOME}/.local/share/strawberry/** rwk,
|
owner @{HOME}/.local/share/strawberry/** rwk,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/strawberry/ rw,
|
owner @{user_cache_dirs}/strawberry/ rw,
|
||||||
owner @{HOME}/.cache/strawberry/** rwl -> @{HOME}/.cache/strawberry/networkcache/prepared/#[0-9]*[0-9],
|
owner @{user_cache_dirs}/strawberry/** rwl -> @{user_cache_dirs}/strawberry/networkcache/prepared/#[0-9]*[0-9],
|
||||||
|
|
||||||
owner @{HOME}/.cache/gstreamer-[0-9]*/ rw,
|
owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
|
||||||
owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
||||||
|
|
||||||
owner @{HOME}/.cache/xine-lib/ rw,
|
owner @{user_cache_dirs}/xine-lib/ rw,
|
||||||
owner @{HOME}/.cache/xine-lib/plugins.cache{,.new} rw,
|
owner @{user_cache_dirs}/xine-lib/plugins.cache{,.new} rw,
|
||||||
|
|
||||||
owner @{HOME}/.config/qt5ct/{,**} r,
|
owner @{HOME}/.config/qt5ct/{,**} r,
|
||||||
/usr/share/qt5ct/** r,
|
/usr/share/qt5ct/** r,
|
||||||
|
|||||||
@ -28,7 +28,7 @@ profile strawberry-tagreader @{exec_path} {
|
|||||||
# file_inherit
|
# file_inherit
|
||||||
owner @{HOME}/.xsession-errors w,
|
owner @{HOME}/.xsession-errors w,
|
||||||
owner @{HOME}/.anyRemote/anyremote.stdout w,
|
owner @{HOME}/.anyRemote/anyremote.stdout w,
|
||||||
owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
||||||
|
|
||||||
include if exists <local/strawberry-tagreader>
|
include if exists <local/strawberry-tagreader>
|
||||||
}
|
}
|
||||||
|
|||||||
@ -27,10 +27,10 @@ profile tint2 @{exec_path} {
|
|||||||
owner @{HOME}/.config/tint2/{,*} rw,
|
owner @{HOME}/.config/tint2/{,*} rw,
|
||||||
|
|
||||||
# Tint2 cache files
|
# Tint2 cache files
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/tint2/ rw,
|
owner @{user_cache_dirs}/tint2/ rw,
|
||||||
owner @{HOME}/.cache/tint2/[0-9a-f]*.png w,
|
owner @{user_cache_dirs}/tint2/[0-9a-f]*.png w,
|
||||||
owner @{HOME}/.cache/tint2/icon.cache rwk,
|
owner @{user_cache_dirs}/tint2/icon.cache rwk,
|
||||||
|
|
||||||
# Launcher config files
|
# Launcher config files
|
||||||
owner @{HOME}/.config/launchers/{,*.desktop} r,
|
owner @{HOME}/.config/launchers/{,*.desktop} r,
|
||||||
|
|||||||
@ -29,7 +29,7 @@ profile tint2conf @{exec_path} {
|
|||||||
owner @{HOME}/.config/tint2/ r,
|
owner @{HOME}/.config/tint2/ r,
|
||||||
owner @{HOME}/.config/tint2/* rw,
|
owner @{HOME}/.config/tint2/* rw,
|
||||||
|
|
||||||
owner @{HOME}/.cache/tint2/[0-9a-f]*.png r,
|
owner @{user_cache_dirs}/tint2/[0-9a-f]*.png r,
|
||||||
|
|
||||||
owner @{PROC}/@{pid}/mountinfo r,
|
owner @{PROC}/@{pid}/mountinfo r,
|
||||||
owner @{PROC}/@{pid}/mounts r,
|
owner @{PROC}/@{pid}/mounts r,
|
||||||
|
|||||||
@ -84,12 +84,12 @@ profile vidcutter @{exec_path} {
|
|||||||
# owner /tmp/#[0-9]*[0-9] mrw,
|
# owner /tmp/#[0-9]*[0-9] mrw,
|
||||||
# owner /tmp/.glvnd* mrw,
|
# owner /tmp/.glvnd* mrw,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/qtshadercache/ rw,
|
owner @{user_cache_dirs}/qtshadercache/ rw,
|
||||||
owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw,
|
||||||
owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9],
|
owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9],
|
||||||
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
|
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
|
||||||
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
|
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
|
||||||
|
|
||||||
owner @{HOME}/.config/qt5ct/{,**} r,
|
owner @{HOME}/.config/qt5ct/{,**} r,
|
||||||
/usr/share/qt5ct/** r,
|
/usr/share/qt5ct/** r,
|
||||||
|
|||||||
@ -47,12 +47,12 @@ profile virt-manager @{exec_path} {
|
|||||||
/usr/share/virt-manager/{,**} r,
|
/usr/share/virt-manager/{,**} r,
|
||||||
|
|
||||||
owner @{HOME}/ r,
|
owner @{HOME}/ r,
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/virt-manager/ rw,
|
owner @{user_cache_dirs}/virt-manager/ rw,
|
||||||
owner @{HOME}/.cache/virt-manager/** rw,
|
owner @{user_cache_dirs}/virt-manager/** rw,
|
||||||
|
|
||||||
owner @{HOME}/.cache/gstreamer-[0-9]*/ rw,
|
owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
|
||||||
owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
||||||
|
|
||||||
# For disk images
|
# For disk images
|
||||||
/media/ r,
|
/media/ r,
|
||||||
|
|||||||
@ -15,8 +15,8 @@ profile xsel @{exec_path} {
|
|||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
owner @{HOME}/.xsel.log rw,
|
owner @{HOME}/.xsel.log rw,
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/xsel.log rw,
|
owner @{user_cache_dirs}/xsel.log rw,
|
||||||
|
|
||||||
owner @{HOME}/.Xauthority r,
|
owner @{HOME}/.Xauthority r,
|
||||||
owner /tmp/xauth-[0-9]*-_[0-9] r,
|
owner /tmp/xauth-[0-9]*-_[0-9] r,
|
||||||
|
|||||||
@ -82,8 +82,8 @@ profile youtube-dl @{exec_path} {
|
|||||||
|
|
||||||
/etc/mime.types r,
|
/etc/mime.types r,
|
||||||
|
|
||||||
owner @{HOME}/.cache/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{HOME}/.cache/youtube-dl/{,**} rw,
|
owner @{user_cache_dirs}/youtube-dl/{,**} rw,
|
||||||
|
|
||||||
owner @{HOME}/.config/git/config r,
|
owner @{HOME}/.config/git/config r,
|
||||||
|
|
||||||
|
|||||||
@ -34,7 +34,7 @@ profile youtube-viewer @{exec_path} {
|
|||||||
/{usr/,}bin/wget rCx -> wget,
|
/{usr/,}bin/wget rCx -> wget,
|
||||||
|
|
||||||
owner @{HOME}/.config/youtube-viewer/{,*} rw,
|
owner @{HOME}/.config/youtube-viewer/{,*} rw,
|
||||||
owner @{HOME}/.cache/youtube-viewer/{,*} rw,
|
owner @{user_cache_dirs}/youtube-viewer/{,*} rw,
|
||||||
owner @{HOME}/Downloads/youtube-viewer/{,*} rw,
|
owner @{HOME}/Downloads/youtube-viewer/{,*} rw,
|
||||||
|
|
||||||
/etc/inputrc r,
|
/etc/inputrc r,
|
||||||
|
|||||||
@ -74,7 +74,7 @@ profile ytdl @{exec_path} {
|
|||||||
/etc/mime.types r,
|
/etc/mime.types r,
|
||||||
|
|
||||||
# Needed when displaying info on available formats
|
# Needed when displaying info on available formats
|
||||||
owner @{HOME}/.cache/youtube-dl/youtube-sigfuncs/js*.json r,
|
owner @{user_cache_dirs}/youtube-dl/youtube-sigfuncs/js*.json r,
|
||||||
|
|
||||||
include if exists <local/ytdl>
|
include if exists <local/ytdl>
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user