From 3f8d559dcc62fed64f9c63a02519d920f9b36c1c Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Thu, 17 Aug 2023 18:45:10 +0100 Subject: [PATCH] feat(profiles): add some thunderbird related profiles. --- apparmor.d/profiles-s-z/thunderbird | 4 +-- apparmor.d/profiles-s-z/thunderbird-glxtest | 36 +++++++++++++++++++ apparmor.d/profiles-s-z/thunderbird-vaapitest | 34 ++++++++++++++++++ dists/flags/main.flags | 6 +++- 4 files changed, 77 insertions(+), 3 deletions(-) create mode 100644 apparmor.d/profiles-s-z/thunderbird-glxtest create mode 100644 apparmor.d/profiles-s-z/thunderbird-vaapitest diff --git a/apparmor.d/profiles-s-z/thunderbird b/apparmor.d/profiles-s-z/thunderbird index ab7da3cf..be3e75b0 100644 --- a/apparmor.d/profiles-s-z/thunderbird +++ b/apparmor.d/profiles-s-z/thunderbird @@ -89,9 +89,9 @@ profile thunderbird @{exec_path} { @{thunderbird_lib_dirs}/{,**} r, @{thunderbird_lib_dirs}/*.so mr, - @{thunderbird_lib_dirs}/glxtest rPUx, + @{thunderbird_lib_dirs}/glxtest rPx, @{thunderbird_lib_dirs}/thunderbird-wrapper-helper.sh rix, - @{thunderbird_lib_dirs}/vaapitest rPUx, + @{thunderbird_lib_dirs}/vaapitest rPx, @{lib}/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemX11Plugin.so mr, diff --git a/apparmor.d/profiles-s-z/thunderbird-glxtest b/apparmor.d/profiles-s-z/thunderbird-glxtest new file mode 100644 index 00000000..80c764b3 --- /dev/null +++ b/apparmor.d/profiles-s-z/thunderbird-glxtest @@ -0,0 +1,36 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{thunderbird_name} = thunderbird{,-bin} +@{thunderbird_lib_dirs} = @{lib}/@{thunderbird_name} +@{thunderbird_config_dirs} = @{HOME}/.@{thunderbird_name}/ + +@{exec_path} = @{thunderbird_lib_dirs}/glxtest +profile thunderbird-glxtest @{exec_path} { + include + include + include + include + include + include + include + + @{exec_path} mr, + + owner @{thunderbird_config_dirs}/*/.parentlock rw, + + owner /tmp/thunderbird/.parentlock rw, + + owner @{run}/user/@{uid}/xauth_?????? r, + + @{sys}/bus/pci/devices/ r, + @{sys}/devices/pci[0-9]*/**/class r, + + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/profiles-s-z/thunderbird-vaapitest b/apparmor.d/profiles-s-z/thunderbird-vaapitest new file mode 100644 index 00000000..a4d340ff --- /dev/null +++ b/apparmor.d/profiles-s-z/thunderbird-vaapitest @@ -0,0 +1,34 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{thunderbird_name} = thunderbird{,-bin} +@{thunderbird_lib_dirs} = @{lib}/@{thunderbird_name} +@{thunderbird_config_dirs} = @{HOME}/.@{thunderbird_name}/ + +@{exec_path} = @{thunderbird_lib_dirs}/vaapitest +profile thunderbird-vaapitest @{exec_path} { + include + include + include + include + include + + network netlink raw, + + @{exec_path} mr, + + /etc/igfx_user_feature{,_next}.txt w, + /etc/libva.conf r, + + owner @{thunderbird_config_dirs}/*/.parentlock rw, + owner @{thunderbird_config_dirs}/*/startupCache/*Cache* r, + + owner /tmp/thunderbird/.parentlock rw, + + include if exists +} \ No newline at end of file diff --git a/dists/flags/main.flags b/dists/flags/main.flags index 17e46cde..2425265f 100644 --- a/dists/flags/main.flags +++ b/dists/flags/main.flags @@ -268,7 +268,7 @@ ss complain ssh complain sshd attach_disconnected,complain ssservice complain -startplasma-x11 complain +startplasma complain startx attach_disconnected,complain steam attach_disconnected,mediate_deleted,complain steam-fossilize attach_disconnected,complain @@ -324,6 +324,10 @@ systemd-userdbd attach_disconnected,complain systemd-userwork complain systemd-vconsole-setup complain systemd-xdg-autostart-generator complain +systemsettings complain +thunderbird complain +thunderbird-glxtest complain +thunderbird-vaapitest complain udisksctl complain udisksd attach_disconnected,complain umount complain