mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-14 23:43:56 +01:00
feat(tunable): add the user defined private directories
- Add @{XDG_PRIVATE_DIR} & @{user_private_dirs} - This directories are denied in file browser and search engine.
This commit is contained in:
parent
8224ac2b3f
commit
3b41ee93dc
@ -39,12 +39,13 @@
|
||||
deny @{user_password_store_dirs}/{,**} mrwkl,
|
||||
deny @{user_share_dirs}/kwalletd/{,**} mrwkl,
|
||||
|
||||
# User defined private directories
|
||||
deny @{user_private_dirs}/** mrxwlk,
|
||||
deny @{HOMEDIRS}/**/@{XDG_PRIVATE_DIR}/** mrxwlk,
|
||||
deny @{MOUNTS}/**/@{XDG_PRIVATE_DIR}/** mrxwlk,
|
||||
|
||||
# Deny executable mapping in writable space as allowed in abstractions/fonts
|
||||
deny @{HOME}/.{,cache/}fontconfig/ rw,
|
||||
deny @{HOME}/.{,cache/}fontconfig/** mrwl,
|
||||
|
||||
# Deny executable mapping in writable space as allowed in abstractions/base for ecryptfs
|
||||
deny @{HOME}/.Private/** mrxwlk,
|
||||
deny @{HOMEDIRS}/.ecryptfs/*/.Private/** mrxwlk,
|
||||
|
||||
include if exists <abstractions/deny-sensitive-home.d>
|
||||
|
@ -30,6 +30,9 @@
|
||||
@{XDG_GPG_DIR}=".gnupg"
|
||||
@{XDG_PASSWORD_STORE_DIR}=".password-store"
|
||||
|
||||
# User personal private directories
|
||||
@{XDG_PRIVATE_DIR}=".{p,P}rivate" "{p,P}rivate"
|
||||
|
||||
# Definition of local user configuration directories
|
||||
@{XDG_CACHE_DIR}=".cache"
|
||||
@{XDG_CONFIG_DIR}=".config"
|
||||
@ -61,3 +64,4 @@
|
||||
@{user_vm_dirs}=@{HOME}/@{XDG_VM_DIR} @{MOUNTS}/@{XDG_VM_DIR}
|
||||
@{user_work_dirs}=@{HOME}/@{XDG_WORK_DIR} @{MOUNTS}/@{XDG_WORK_DIR}
|
||||
@{user_password_store_dirs}=@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}
|
||||
@{user_private_dirs}=@{HOME}/@{XDG_PRIVATE_DIR} @{MOUNTS}/@{XDG_PRIVATE_DIR}
|
||||
|
Loading…
Reference in New Issue
Block a user