mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-14 23:43:56 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update profiles.

Browse Source
This commit is contained in:
Alexandre Pujol 2021-07-11 17:20:09 +01:00
parent cb6344c64f
commit 2372188d8e
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
11 changed files with 29 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
apparmor.d/abstractions/user-read
View File

@ -8,5 +8,14 @@
owner @{HOME}/@{XDG_VIDEOS_DIR}/{,**} r,
owner @{HOME}/@{XDG_PROJECTS_DIR}/{,**} r,
owner @{HOME}/@{XDG_BOOKS_DIR}/{,**} r,
owner @{HOME}/@{XDG_WALLPAPERS_DIR}/{,**} r,
owner @{MOUNTS}/*/@{XDG_DOCUMENTS_DIR}/{,**} r,
owner @{MOUNTS}/*/@{XDG_MUSIC_DIR}/{,**} r,
owner @{MOUNTS}/*/@{XDG_PICTURES_DIR}/{,**} r,
owner @{MOUNTS}/*/@{XDG_VIDEOS_DIR}/{,**} r,
owner @{MOUNTS}/*/@{XDG_PROJECTS_DIR}/{,**} r,
owner @{MOUNTS}/*/@{XDG_BOOKS_DIR}/{,**} r,
owner @{MOUNTS}/*/@{XDG_WALLPAPERS_DIR}/{,**} r,
include if exists <abstractions/user-read.d>

7
apparmor.d/groups/gnome/gdm-xsession
View File

@ -35,11 +35,18 @@ profile gdm-xsession @{exec_path} {
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
# file_inherit
/dev/tty rw,
/dev/tty[0-9]* rw,
profile dbus {
include <abstractions/base>
/{usr/,}bin/dbus-update-activation-environment mr,
# file_inherit
/dev/tty rw,
/dev/tty[0-9]* rw,
owner @{HOME}/.xsession-errors w,
}

2
apparmor.d/groups/gnome/gnome-calculator-search-provider
View File

@ -26,5 +26,7 @@ profile gnome-calculator-search-provider @{exec_path} {
owner @{PROC}/@{pid}/fd/ r,
owner @{run}/user/@{uid}/gdm/Xauthority r,
include if exists <local/gnome-calculator-search-provider>
}

2
apparmor.d/groups/gnome/gnome-control-center-search-provider
View File

@ -21,5 +21,7 @@ profile gnome-control-center-search-provider @{exec_path} {
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
include if exists <local/gnome-control-center-search-provider>
}

3
apparmor.d/groups/gnome/gnome-shell
View File

@ -31,9 +31,10 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
ptrace (read),
signal (receive) set=(term, hup) peer=gdm*,
signal (send) set=(usr1) peer=ibus-daemon,
signal (send) set=(kill) peer=unconfined,
signal (send) set=(term) peer=polkit*,
signal (send) set=(term) peer=xwayland,
signal (send) set=(usr1) peer=ibus-daemon,
@{exec_path} mr,

2
apparmor.d/groups/gnome/tracker-miner
View File

@ -40,5 +40,7 @@ profile tracker-miner @{exec_path} {
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
@{run}/mount/utab r,
include if exists <local/tracker-miner>
}

2
apparmor.d/groups/pacman/reflector
View File

@ -9,9 +9,9 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/reflector
profile reflector @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/python>
include <abstractions/nameservice-strict>
include <abstractions/openssl>
include <abstractions/python>
include <abstractions/ssl_certs>
network inet dgram,

1
apparmor.d/groups/systemd/systemd-logind
View File

@ -42,6 +42,7 @@ profile systemd-logind @{exec_path} flags=(complain) {
@{run}/udev/data/c13:[0-9]* r, # for /dev/input/*
@{run}/udev/data/c116:[0-9]* r, # for ALSA
@{run}/udev/data/c226:[0-9]* r, # for /dev/dri/card*
@{run}/udev/data/c237:[0-9]* r,
@{run}/udev/data/c238:[0-9]* r,
@{run}/udev/data/+input* r, # for mouse, keyboard, touchpad

1
apparmor.d/profiles-a-l/gtk-query-immodules
View File

@ -12,6 +12,7 @@ profile gtk-query-immodules @{exec_path} {
@{exec_path} mr,
/{usr/,}lib/gtk-{3,4}.0/**/immodules.cache w,
/{usr/,}lib/gtk-{3,4}.0/**/immodules.cache.[0-9A-Z]* w,
# Silencer

1
apparmor.d/profiles-m-z/start-pulseaudio-x11
View File

@ -13,6 +13,7 @@ profile start-pulseaudio-x11 @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/pactl rPx,
/dev/tty rw,

2
apparmor.d/profiles-m-z/xhost
View File

@ -18,7 +18,7 @@ profile xhost @{exec_path} {
owner @{run}/user/@{uid}/gdm/Xauthority r,
# file_inherit
owner /dev/tty[0-9]* rw,
/dev/tty[0-9]* rw,
owner @{HOME}/.xsession-errors w,
include if exists <local/xhost>