mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-12-26 06:58:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

feat(profile): various small improvement.

Browse source
This commit is contained in:
Alexandre Pujol 2024-11-10 19:46:33 +00:00
parent 0ec65c5653
commit 3e0583fd8e
Failed to generate hash of commit
7 changed files with 31 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/browsers/chromium-sandbox
View file

@ -8,7 +8,7 @@ abi <abi/4.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = @{lib}/chromium/chrome-sandbox @{exec_path} = @{lib}/chromium/chrome-sandbox
profile chromium-sandbox @{exec_path} { profile chromium-sandbox @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
capability dac_override, capability dac_override,

3
apparmor.d/groups/freedesktop/dconf-service
View file

@ -10,6 +10,7 @@ include <tunables/global>
@{exec_path} = @{lib}/{,dconf/}dconf-service @{exec_path} = @{lib}/{,dconf/}dconf-service
profile dconf-service @{exec_path} flags=(attach_disconnected) { profile dconf-service @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/attached/consoles>
include <abstractions/bus-session> include <abstractions/bus-session>
include <abstractions/dconf-write> include <abstractions/dconf-write>
@ -38,8 +39,6 @@ profile dconf-service @{exec_path} flags=(attach_disconnected) {
@{PROC}/cmdline r, @{PROC}/cmdline r,
/dev/tty@{int} rw,
include if exists <local/dconf-service> include if exists <local/dconf-service>
} }

1
apparmor.d/groups/kde/startplasma
View file

@ -37,7 +37,6 @@ profile startplasma @{exec_path} {
/usr/share/kservicetypes5/{,**} r, /usr/share/kservicetypes5/{,**} r,
/usr/share/plasma/{,**} r, /usr/share/plasma/{,**} r,
/etc/locale.alias r,
/etc/machine-id r, /etc/machine-id r,
/etc/xdg/menus/{,**} r, /etc/xdg/menus/{,**} r,
/etc/xdg/plasma-workspace/env/{,*} r, /etc/xdg/plasma-workspace/env/{,*} r,

4
apparmor.d/profiles-m-r/mullvad-setup
View file

@ -13,6 +13,10 @@ profile mullvad-setup @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/session-@{int}.scope/cpu.max r,
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/cpu.max r,
@{sys}/fs/cgroup/user.slice/cpu.max r,
@{PROC}/@{pid}/mountinfo r, @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/cgroup r,

2
apparmor.d/profiles-s-z/thunderbird
View file

@ -54,7 +54,7 @@ profile thunderbird @{exec_path} {
owner @{tmp}/MozillaMailnews/*.msf rw, owner @{tmp}/MozillaMailnews/*.msf rw,
owner @{tmp}/nscopy.tmp rw, owner @{tmp}/nscopy.tmp rw,
owner @{tmp}/nsemail{,-@{int}}.eml rw, owner @{tmp}/nsemail{,-@{int}}.eml rw,
owner @{tmp}/nsma rw, owner @{tmp}/nsma{,-@{int}} rw,
owner @{tmp}/pid-@{pid}/{,**} w, owner @{tmp}/pid-@{pid}/{,**} w,
/dev/urandom w, /dev/urandom w,

45
apparmor.d/profiles-s-z/tlp
View file

@ -29,27 +29,27 @@ profile tlp @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
@{bin}/systemctl rCx -> systemctl,
@{bin}/logger rix,
@{sh_path} rix, @{sh_path} rix,
@{bin}/cp rix,
@{bin}/chmod rix,
@{bin}/flock rix,
@{bin}/sort rix,
@{bin}/head rix,
@{bin}/mktemp rix,
@{bin}/readlink rix,
@{bin}/tr rix,
@{bin}/ethtool rix,
@{bin}/grep rix,
@{bin}/touch rix,
@{bin}/cat rix, @{bin}/cat rix,
@{bin}/rm rix, @{bin}/chmod rix,
@{bin}/cp rix,
@{bin}/ethtool rix,
@{bin}/flock rix,
@{bin}/grep rix,
@{bin}/hdparm rPx,
@{bin}/head rix,
@{bin}/id rPx, @{bin}/id rPx,
@{bin}/iw rPx, @{bin}/iw rPx,
@{bin}/hdparm rPx, @{bin}/logger rix,
@{bin}/uname rpx, @{bin}/mktemp rix,
@{bin}/readlink rix,
@{bin}/rm rix,
@{bin}/sort rix,
@{bin}/systemctl rCx -> systemctl,
@{bin}/touch rix,
@{bin}/tr rix,
@{bin}/udevadm rCx -> udevadm, @{bin}/udevadm rCx -> udevadm,
@{bin}/uname rpx,
/usr/share/tlp/tlp-readconfs rix, /usr/share/tlp/tlp-readconfs rix,
/ r, / r,
@ -58,14 +58,16 @@ profile tlp @{exec_path} flags=(attach_disconnected) {
/etc/tlp.d/** rw, /etc/tlp.d/** rw,
/etc/tlp.conf rw, /etc/tlp.conf rw,
/usr/share/tlp/** r, /usr/share/tlp/{,**} r,
/var/lib/tlp/{,**} rw,
/var/lib/power-profiles-daemon/state.ini rw, /var/lib/power-profiles-daemon/state.ini rw,
@{run}/udev/data/+platform:* r, owner @{run}/tlp/{,**} rw,
owner @{run}/tlp/* rw,
owner @{run}/tlp/lock_tlp rwk, owner @{run}/tlp/lock_tlp rwk,
@{run}/udev/data/+platform:* r,
@{sys}/devices/system/cpu/cpufreq/policy@{int}/energy_performance_preference rw, @{sys}/devices/system/cpu/cpufreq/policy@{int}/energy_performance_preference rw,
@{sys}/module/pcie_aspm/parameters/policy rw, @{sys}/module/pcie_aspm/parameters/policy rw,
@{sys}/module/snd_hda_intel/parameters/power_save rw, @{sys}/module/snd_hda_intel/parameters/power_save rw,
@ -73,11 +75,10 @@ profile tlp @{exec_path} flags=(attach_disconnected) {
@{sys}/firmware/acpi/platform_profile* rw, @{sys}/firmware/acpi/platform_profile* rw,
@{sys}/firmware/acpi/pm_profile* rw, @{sys}/firmware/acpi/pm_profile* rw,
owner @{PROC}/sys/vm/laptop_mode rw,
owner @{PROC}/sys/vm/dirty_writeback_centisecs rw,
owner @{PROC}/sys/vm/dirty_expire_centisecs rw,
owner @{PROC}/sys/fs/xfs/xfssyncd_centisecs rw, owner @{PROC}/sys/fs/xfs/xfssyncd_centisecs rw,
owner @{PROC}/sys/kernel/nmi_watchdog rw, owner @{PROC}/sys/kernel/nmi_watchdog rw,
owner @{PROC}/sys/vm/dirty_*_centisecs rw,
owner @{PROC}/sys/vm/laptop_mode rw,
/dev/disk/by-id/ r, /dev/disk/by-id/ r,
/dev/tty rw, /dev/tty rw,

2
apparmor.d/profiles-s-z/transmission
View file

@ -7,7 +7,7 @@ abi <abi/4.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = @{bin}/transmission-{gtk,qt} @{exec_path} = @{bin}/transmission-{gtk,qt}
profile transmission @{exec_path} { profile transmission @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/bus-accessibility> include <abstractions/bus-accessibility>
include <abstractions/bus-session> include <abstractions/bus-session>