mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 08:58:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix access to thumbnail cache dirs in abstractions

Browse source 
gsd-housekeepin in GNOME have access to @{user_cache_dirs} for
searching thumbnail files and executing one task
for cleaning these files every day.

The actual abstractions/thumbnails-cache-write fail in granted
this access, specially to various folders in
the thumbnail cache (ex: fail folder).

These changes fix this access. For convenience
abstractions/thumbnails-cache-read, have the same access
structure also for files/folders, but only read permissions.
This commit is contained in:
Jose Maldonado aka Yukiteru 2024-05-06 17:56:16 -04:00 committed by Alex
parent 18d1ee66a2
commit 2f3c4574ec
2 changed files with 14 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
apparmor.d/abstractions/thumbnails-cache-read
View file

@ -4,7 +4,11 @@
# SPDX-License-Identifier: GPL-2.0-only
owner @{user_cache_dirs}/thumbnails/ r,
owner @{user_cache_dirs}/thumbnails/{*large,normal}/ r,
owner @{user_cache_dirs}/thumbnails/{*large,normal}/*.png r,
owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/ r,
owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/gnome-thumbnail-factory/ r,
owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/gnome-thumbnail-factory/*.png r,
owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/*.png r -> @{user_cache_dirs}/thumbnails/{fail,*large,normal}/#@{int},
owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/*.png.@{rand6} r,
owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/#@{int} r,
include if exists <abstractions/thumbnails-cache-read.d>
include if exists <abstractions/thumbnails-cache-read.d>

12
apparmor.d/abstractions/thumbnails-cache-write
View file

@ -4,9 +4,11 @@
# SPDX-License-Identifier: GPL-2.0-only
owner @{user_cache_dirs}/thumbnails/ rw,
owner @{user_cache_dirs}/thumbnails/{large,normal}/ rw,
owner @{user_cache_dirs}/thumbnails/{large,normal}/*.png rwl -> @{user_cache_dirs}/thumbnails/{large,normal}/#@{int},
owner @{user_cache_dirs}/thumbnails/{large,normal}/*.png.@{rand6} rw,
owner @{user_cache_dirs}/thumbnails/{large,normal}/#@{int} rw,
owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/ rw,
owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/gnome-thumbnail-factory/ rw,
owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/gnome-thumbnail-factory/*.png rw,
owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/*.png rwl -> @{user_cache_dirs}/thumbnails/{fail,*large,normal}/#@{int},
owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/*.png.@{rand6} rw,
owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/#@{int} rw,
include if exists <abstractions/thumbnails-cache-write.d>
include if exists <abstractions/thumbnails-cache-write.d>