mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 17:08:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(abs): improve some gnome profiles.

Browse source
This commit is contained in:
Alexandre Pujol 2024-09-23 15:11:50 +01:00
parent 62cb546afa
commit 31cadd634f
Failed to generate hash of commit
2 changed files with 15 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
apparmor.d/groups/gnome/gnome-control-center
View file

@ -72,7 +72,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
/usr/share/language-tools/language2locale rix, /usr/share/language-tools/language2locale rix,
/usr/share/language-tools/language-options rPUx, /usr/share/language-tools/language-options rPUx,
@{open_path} rPx -> child-open-browsers, @{open_path} rPx -> child-open-any,
/opt/**/share/icons/{,**} r, /opt/**/share/icons/{,**} r,
/snap/*/@{int}/**.png r, /snap/*/@{int}/**.png r,
@ -124,6 +124,8 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
owner @{user_share_dirs}/gnome-remote-desktop/rdp-tls.{crt,key}{,.@{rand6}} rw, owner @{user_share_dirs}/gnome-remote-desktop/rdp-tls.{crt,key}{,.@{rand6}} rw,
owner @{user_share_dirs}/icc/{,edid-*} r, owner @{user_share_dirs}/icc/{,edid-*} r,
owner @{tmp}/@{hex12}@{h} rw,
owner @{tmp}/@{rand8} rw,
owner @{tmp}/gdkpixbuf-xpm-tmp.@{rand6} rw, owner @{tmp}/gdkpixbuf-xpm-tmp.@{rand6} rw,
@{run}/samba/ rw, @{run}/samba/ rw,
@ -160,6 +162,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
@{PROC}/cmdline r, @{PROC}/cmdline r,
@{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r, @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
@{PROC}/zoneinfo r, @{PROC}/zoneinfo r,
@{PROC}/1/cgroup r,
owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/cgroup r,
owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/ r,
@ -187,9 +190,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
profile pkexec { profile pkexec {
include <abstractions/base> include <abstractions/base>
include <abstractions/app/pkexec>
@{bin}/pkexec mr,
include if exists <local/gnome-control-center_pkexec> include if exists <local/gnome-control-center_pkexec>
} }

11
apparmor.d/groups/gnome/gsd-datetime
View file

@ -12,8 +12,15 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) {
include <abstractions/bus-session> include <abstractions/bus-session>
include <abstractions/bus/org.gnome.SessionManager> include <abstractions/bus/org.gnome.SessionManager>
include <abstractions/dconf-write> include <abstractions/dconf-write>
include <abstractions/nameservice-strict>
signal (receive) set=(term, hup) peer=gdm*, network inet dgram,
network inet6 dgram,
network inet stream,
network inet6 stream,
network netlink raw,
signal receive set=(term, hup) peer=gdm*,
#aa:dbus own bus=session name=org.gnome.SettingsDaemon.Datetime #aa:dbus own bus=session name=org.gnome.SettingsDaemon.Datetime
@ -34,6 +41,8 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) {
owner @{user_cache_dirs}/geocode-glib/* r, owner @{user_cache_dirs}/geocode-glib/* r,
@{run}/systemd/sessions/@{int} r,
@{run}/systemd/users/@{uid} r,
owner @{PROC}/@{pid}/fdinfo/@{int} r, owner @{PROC}/@{pid}/fdinfo/@{int} r,
owner @{PROC}/@{pid}/stat r, owner @{PROC}/@{pid}/stat r,