From 325068b705493c62fb4860e5cf739bc06664bb25 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Fri, 22 Mar 2024 11:49:00 +0000 Subject: [PATCH] feat(profile): all electron based software need userns. --- apparmor.d/abstractions/chromium-common | 2 ++ apparmor.d/groups/apps/discord | 2 -- apparmor.d/profiles-a-f/element-desktop | 2 -- apparmor.d/profiles-s-z/steam | 2 -- 4 files changed, 2 insertions(+), 6 deletions(-) diff --git a/apparmor.d/abstractions/chromium-common b/apparmor.d/abstractions/chromium-common index 00a830bb..30c54ee0 100644 --- a/apparmor.d/abstractions/chromium-common +++ b/apparmor.d/abstractions/chromium-common @@ -6,6 +6,8 @@ # This abstraction is for chromium based application. Chromium based browsers # need to use abstractions/chromium instead. + # userns, + # Only needed when kernel.unprivileged_userns_clone is set to "1" capability sys_admin, capability sys_chroot, diff --git a/apparmor.d/groups/apps/discord b/apparmor.d/groups/apps/discord index 488e0aad..65b1d4d8 100644 --- a/apparmor.d/groups/apps/discord +++ b/apparmor.d/groups/apps/discord @@ -29,8 +29,6 @@ profile discord @{exec_path} { include include - # userns, - signal (send) set=(kill, term) peer=@{profile_name}//lsb_release, # Needed for Game Activity diff --git a/apparmor.d/profiles-a-f/element-desktop b/apparmor.d/profiles-a-f/element-desktop index ecee0b29..7a3d3ccf 100644 --- a/apparmor.d/profiles-a-f/element-desktop +++ b/apparmor.d/profiles-a-f/element-desktop @@ -19,8 +19,6 @@ profile element-desktop @{exec_path} { include include - # userns, - capability sys_ptrace, network inet dgram, diff --git a/apparmor.d/profiles-s-z/steam b/apparmor.d/profiles-s-z/steam index edfad82a..9e9333f0 100644 --- a/apparmor.d/profiles-s-z/steam +++ b/apparmor.d/profiles-s-z/steam @@ -20,8 +20,6 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain) include include - # userns, - capability sys_ptrace, network inet dgram,