mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-14 23:43:56 +01:00
refractor(profiles): change variable stryle in thunderbird.
This commit is contained in:
Alexandre Pujol
parent
0713599eb4
commit
2d76c6fc31
@ -7,12 +7,12 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{thunderbird_name} = thunderbird{,-bin}
|
||||
@{thunderbird_lib_dirs} = @{lib}/@{thunderbird_name}
|
||||
@{thunderbird_config_dirs} = @{HOME}/.@{thunderbird_name}/
|
||||
@{thunderbird_cache_dirs} = @{user_cache_dirs}/@{thunderbird_name}/
|
||||
@{name} = thunderbird{,-bin}
|
||||
@{lib_dirs} = @{lib}/@{name}
|
||||
@{config_dirs} = @{HOME}/.@{name}/
|
||||
@{cache_dirs} = @{user_cache_dirs}/@{name}/
|
||||
|
||||
@{exec_path} = @{bin}/@{thunderbird_name} @{thunderbird_lib_dirs}/@{thunderbird_name}
|
||||
@{exec_path} = @{bin}/@{name} @{lib_dirs}/@{name}
|
||||
profile thunderbird @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/audio>
|
||||
@ -87,11 +87,11 @@ profile thunderbird @{exec_path} {
|
||||
|
||||
@{bin}/{,ba,da}sh rix,
|
||||
|
||||
@{thunderbird_lib_dirs}/{,**} r,
|
||||
@{thunderbird_lib_dirs}/*.so mr,
|
||||
@{thunderbird_lib_dirs}/glxtest rPx,
|
||||
@{thunderbird_lib_dirs}/thunderbird-wrapper-helper.sh rix,
|
||||
@{thunderbird_lib_dirs}/vaapitest rPx,
|
||||
@{lib_dirs}/{,**} r,
|
||||
@{lib_dirs}/*.so mr,
|
||||
@{lib_dirs}/glxtest rPx,
|
||||
@{lib_dirs}/thunderbird-wrapper-helper.sh rix,
|
||||
@{lib_dirs}/vaapitest rPx,
|
||||
|
||||
@{lib}/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemX11Plugin.so mr,
|
||||
|
||||
@ -146,17 +146,17 @@ profile thunderbird @{exec_path} {
|
||||
owner @{user_mail_dirs}/ rw,
|
||||
owner @{user_mail_dirs}/** rwl -> @{user_mail_dirs}/**,
|
||||
|
||||
owner @{thunderbird_config_dirs}/*/ rw,
|
||||
owner @{thunderbird_config_dirs}/*/** rwk,
|
||||
owner @{thunderbird_config_dirs}/installs.ini rw,
|
||||
owner @{thunderbird_config_dirs}/profiles.ini rw,
|
||||
owner @{config_dirs}/*/ rw,
|
||||
owner @{config_dirs}/*/** rwk,
|
||||
owner @{config_dirs}/installs.ini rw,
|
||||
owner @{config_dirs}/profiles.ini rw,
|
||||
|
||||
owner @{thunderbird_cache_dirs}/{,**} rw,
|
||||
owner @{cache_dirs}/{,**} rw,
|
||||
|
||||
/tmp/ r,
|
||||
/var/tmp/ r,
|
||||
owner /tmp/@{thunderbird_name}{,_*}/ rw,
|
||||
owner /tmp/@{thunderbird_name}{,_*}/* rwk,
|
||||
owner /tmp/@{name}{,_*}/ rw,
|
||||
owner /tmp/@{name}{,_*}/* rwk,
|
||||
owner /tmp/* rw,
|
||||
owner /tmp/mozilla_*/ rw,
|
||||
owner /tmp/mozilla_*/* rw,
|
||||
@ -204,9 +204,9 @@ profile thunderbird @{exec_path} {
|
||||
|
||||
# Silencer
|
||||
deny @{HOME}/.mozilla/** mrwkl,
|
||||
deny @{thunderbird_config_dirs}/*.*/pepmda/ rw,
|
||||
deny @{thunderbird_config_dirs}/*.*/pepmda/** rwklmx,
|
||||
deny @{thunderbird_lib_dirs}/** w,
|
||||
deny @{config_dirs}/*.*/pepmda/ rw,
|
||||
deny @{config_dirs}/*.*/pepmda/** rwklmx,
|
||||
deny @{lib_dirs}/** w,
|
||||
deny /dev/ r,
|
||||
deny /dev/urandom w,
|
||||
deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,
|
||||
|
||||
@ -6,11 +6,11 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{thunderbird_name} = thunderbird{,-bin}
|
||||
@{thunderbird_lib_dirs} = @{lib}/@{thunderbird_name}
|
||||
@{thunderbird_config_dirs} = @{HOME}/.@{thunderbird_name}/
|
||||
@{name} = thunderbird{,-bin}
|
||||
@{lib_dirs} = @{lib}/@{name}
|
||||
@{config_dirs} = @{HOME}/.@{name}/
|
||||
|
||||
@{exec_path} = @{thunderbird_lib_dirs}/glxtest
|
||||
@{exec_path} = @{lib_dirs}/glxtest
|
||||
profile thunderbird-glxtest @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dri-common>
|
||||
@ -23,7 +23,7 @@ profile thunderbird-glxtest @{exec_path} {
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{thunderbird_config_dirs}/*/.parentlock rw,
|
||||
owner @{config_dirs}/*/.parentlock rw,
|
||||
|
||||
owner /tmp/thunderbird/.parentlock rw,
|
||||
|
||||
|
||||
@ -6,11 +6,11 @@ abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{thunderbird_name} = thunderbird{,-bin}
|
||||
@{thunderbird_lib_dirs} = @{lib}/@{thunderbird_name}
|
||||
@{thunderbird_config_dirs} = @{HOME}/.@{thunderbird_name}/
|
||||
@{name} = thunderbird{,-bin}
|
||||
@{lib_dirs} = @{lib}/@{name}
|
||||
@{config_dirs} = @{HOME}/.@{name}/
|
||||
|
||||
@{exec_path} = @{thunderbird_lib_dirs}/vaapitest
|
||||
@{exec_path} = @{lib_dirs}/vaapitest
|
||||
profile thunderbird-vaapitest @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dri-enumerate>
|
||||
@ -25,12 +25,12 @@ profile thunderbird-vaapitest @{exec_path} {
|
||||
/etc/igfx_user_feature{,_next}.txt w,
|
||||
/etc/libva.conf r,
|
||||
|
||||
deny owner @{thunderbird_config_dirs}/*/.parentlock rw,
|
||||
deny owner @{thunderbird_config_dirs}/*/startupCache/** r,
|
||||
|
||||
owner /tmp/thunderbird/.parentlock rw,
|
||||
|
||||
@{sys}/devices/@{pci}/{irq,resource,revision} r,
|
||||
|
||||
deny @{config_dirs}/*/.parentlock rw,
|
||||
deny @{config_dirs}/*/startupCache/** r,
|
||||
|
||||
include if exists <local/thunderbird-vaapitest>
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user