mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-19 01:18:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(profile): various fixes

Browse source 
fix #528 #527 #518 #517
This commit is contained in:
Alexandre Pujol 2024-10-01 19:19:16 +01:00
parent e6b1763bbc
commit 30999904e7
Failed to generate hash of commit
4 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
apparmor.d/groups/freedesktop/upowerd
View file

@ -34,6 +34,7 @@ profile upowerd @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
@{run}/udev/data/+platform:* r, @{run}/udev/data/+platform:* r,
@{run}/udev/data/+serio:* r, # for serial mice
@{run}/udev/data/+power_supply* r, @{run}/udev/data/+power_supply* r,
@{run}/udev/data/+sound:card@{int} r, # for sound card @{run}/udev/data/+sound:card@{int} r, # for sound card
@{run}/udev/data/c10:@{int} r, # for non-serial mice, misc features @{run}/udev/data/c10:@{int} r, # for non-serial mice, misc features

1
apparmor.d/groups/freedesktop/xwayland
View file

@ -11,6 +11,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/graphics> include <abstractions/graphics>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/wayland>
include <abstractions/X-strict> include <abstractions/X-strict>
signal (receive) set=(term hup) peer=gdm*, signal (receive) set=(term hup) peer=gdm*,

5
apparmor.d/profiles-g-l/libreoffice
View file

@ -97,8 +97,9 @@ profile libreoffice @{exec_path} {
@{sys}/kernel/mm/hugepages/ r, @{sys}/kernel/mm/hugepages/ r,
@{sys}/kernel/mm/transparent_hugepage/enabled r, @{sys}/kernel/mm/transparent_hugepage/enabled r,
@{sys}/kernel/mm/transparent_hugepage/shmem_enabled r, @{sys}/kernel/mm/transparent_hugepage/shmem_enabled r,
owner @{sys}/fs/cgroup/user.slice/user-@{int}.slice/user@@{int}.service/app.slice/**/memory.max r, @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/session-@{int}.scope/{cpu,memory}.max r,
owner @{sys}/fs/cgroup/user.slice/user-@{int}.slice/user@@{int}.service/session.slice/org.gnome.Shell@wayland.service/memory.max r, owner @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/**/memory.max r,
owner @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/session.slice/org.gnome.Shell@wayland.service/memory.max r,
@{PROC}/cgroups r, @{PROC}/cgroups r,
owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/cgroup r,

4
apparmor.d/profiles-m-r/mpv
View file

@ -76,6 +76,10 @@ profile mpv @{exec_path} {
@{sys}/devices/**/input/**/uevent r, @{sys}/devices/**/input/**/uevent r,
@{sys}/devices/**/sound/**/capabilities/* r, @{sys}/devices/**/sound/**/capabilities/* r,
@{sys}/devices/**/sound/**/uevent r, @{sys}/devices/**/sound/**/uevent r,
@{sys}/devices/virtual/dmi/id/bios_vendor r,
@{sys}/devices/virtual/dmi/id/board_vendor r,
@{sys}/devices/virtual/dmi/id/product_name r,
@{sys}/devices/virtual/dmi/id/sys_vendor r,
/dev/input/event@{int} r, /dev/input/event@{int} r,
owner /dev/tty@{int} rw, owner /dev/tty@{int} rw,