feat(profile): various small improvement.

This commit is contained in:
Alexandre Pujol 2024-11-10 19:46:33 +00:00
parent 0ec65c5653
commit 3e0583fd8e
Failed to generate hash of commit
7 changed files with 31 additions and 28 deletions

View file

@ -8,7 +8,7 @@ abi <abi/4.0>,
include <tunables/global>
@{exec_path} = @{lib}/chromium/chrome-sandbox
profile chromium-sandbox @{exec_path} {
profile chromium-sandbox @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
capability dac_override,

View file

@ -10,6 +10,7 @@ include <tunables/global>
@{exec_path} = @{lib}/{,dconf/}dconf-service
profile dconf-service @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/attached/consoles>
include <abstractions/bus-session>
include <abstractions/dconf-write>
@ -38,8 +39,6 @@ profile dconf-service @{exec_path} flags=(attach_disconnected) {
@{PROC}/cmdline r,
/dev/tty@{int} rw,
include if exists <local/dconf-service>
}

View file

@ -37,7 +37,6 @@ profile startplasma @{exec_path} {
/usr/share/kservicetypes5/{,**} r,
/usr/share/plasma/{,**} r,
/etc/locale.alias r,
/etc/machine-id r,
/etc/xdg/menus/{,**} r,
/etc/xdg/plasma-workspace/env/{,*} r,

View file

@ -13,6 +13,10 @@ profile mullvad-setup @{exec_path} {
@{exec_path} mr,
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/session-@{int}.scope/cpu.max r,
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/cpu.max r,
@{sys}/fs/cgroup/user.slice/cpu.max r,
@{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/cgroup r,

View file

@ -54,7 +54,7 @@ profile thunderbird @{exec_path} {
owner @{tmp}/MozillaMailnews/*.msf rw,
owner @{tmp}/nscopy.tmp rw,
owner @{tmp}/nsemail{,-@{int}}.eml rw,
owner @{tmp}/nsma rw,
owner @{tmp}/nsma{,-@{int}} rw,
owner @{tmp}/pid-@{pid}/{,**} w,
/dev/urandom w,

View file

@ -29,27 +29,27 @@ profile tlp @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
@{bin}/systemctl rCx -> systemctl,
@{bin}/logger rix,
@{sh_path} rix,
@{bin}/cp rix,
@{bin}/chmod rix,
@{bin}/flock rix,
@{bin}/sort rix,
@{bin}/head rix,
@{bin}/mktemp rix,
@{bin}/readlink rix,
@{bin}/tr rix,
@{bin}/ethtool rix,
@{bin}/grep rix,
@{bin}/touch rix,
@{bin}/cat rix,
@{bin}/rm rix,
@{bin}/chmod rix,
@{bin}/cp rix,
@{bin}/ethtool rix,
@{bin}/flock rix,
@{bin}/grep rix,
@{bin}/hdparm rPx,
@{bin}/head rix,
@{bin}/id rPx,
@{bin}/iw rPx,
@{bin}/hdparm rPx,
@{bin}/logger rix,
@{bin}/mktemp rix,
@{bin}/readlink rix,
@{bin}/rm rix,
@{bin}/sort rix,
@{bin}/systemctl rCx -> systemctl,
@{bin}/touch rix,
@{bin}/tr rix,
@{bin}/udevadm rCx -> udevadm,
@{bin}/uname rpx,
@{bin}/udevadm rCx -> udevadm,
/usr/share/tlp/tlp-readconfs rix,
/ r,
@ -58,14 +58,16 @@ profile tlp @{exec_path} flags=(attach_disconnected) {
/etc/tlp.d/** rw,
/etc/tlp.conf rw,
/usr/share/tlp/** r,
/usr/share/tlp/{,**} r,
/var/lib/tlp/{,**} rw,
/var/lib/power-profiles-daemon/state.ini rw,
@{run}/udev/data/+platform:* r,
owner @{run}/tlp/* rw,
owner @{run}/tlp/{,**} rw,
owner @{run}/tlp/lock_tlp rwk,
@{run}/udev/data/+platform:* r,
@{sys}/devices/system/cpu/cpufreq/policy@{int}/energy_performance_preference rw,
@{sys}/module/pcie_aspm/parameters/policy rw,
@{sys}/module/snd_hda_intel/parameters/power_save rw,
@ -73,11 +75,10 @@ profile tlp @{exec_path} flags=(attach_disconnected) {
@{sys}/firmware/acpi/platform_profile* rw,
@{sys}/firmware/acpi/pm_profile* rw,
owner @{PROC}/sys/vm/laptop_mode rw,
owner @{PROC}/sys/vm/dirty_writeback_centisecs rw,
owner @{PROC}/sys/vm/dirty_expire_centisecs rw,
owner @{PROC}/sys/fs/xfs/xfssyncd_centisecs rw,
owner @{PROC}/sys/kernel/nmi_watchdog rw,
owner @{PROC}/sys/vm/dirty_*_centisecs rw,
owner @{PROC}/sys/vm/laptop_mode rw,
/dev/disk/by-id/ r,
/dev/tty rw,

View file

@ -7,7 +7,7 @@ abi <abi/4.0>,
include <tunables/global>
@{exec_path} = @{bin}/transmission-{gtk,qt}
profile transmission @{exec_path} {
profile transmission @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/bus-accessibility>
include <abstractions/bus-session>