mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-30 23:05:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Replace shells with new sh_path variable

Browse source 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
This commit is contained in:
Jeroen Rijken 2024-02-11 15:34:46 +01:00 committed by Alex
parent 3b1b187d13
commit 40b171ee94
315 changed files with 415 additions and 369 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/apps/calibre
View file

@ -53,7 +53,7 @@ profile calibre @{exec_path} {
@{bin}/python3.@{int} r, @{bin}/python3.@{int} r,
@{bin}/ldconfig{,.real} rix, @{bin}/ldconfig{,.real} rix,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/file rix, @{bin}/file rix,
@{bin}/uname rix, @{bin}/uname rix,
@{lib}/@{multiarch}/qt5/libexec/QtWebEngineProcess rix, @{lib}/@{multiarch}/qt5/libexec/QtWebEngineProcess rix,

6
apparmor.d/groups/apps/discord
View file

@ -43,7 +43,7 @@ profile discord @{exec_path} {
@{exec_path} mrix, @{exec_path} mrix,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/xdg-open rCx -> open, @{bin}/xdg-open rCx -> open,
#@{bin}/lsb_release rCx -> lsb_release, #@{bin}/lsb_release rCx -> lsb_release,
@ -120,7 +120,7 @@ profile discord @{exec_path} {
@{bin}/xdg-mime mr, @{bin}/xdg-mime mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{m,g,}awk rix, @{bin}/{m,g,}awk rix,
@{bin}/cut rix, @{bin}/cut rix,
@{bin}/{,e}grep rix, @{bin}/{,e}grep rix,
@ -170,7 +170,7 @@ profile discord @{exec_path} {
@{bin}/xdg-open mr, @{bin}/xdg-open mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{m,g,}awk rix, @{bin}/{m,g,}awk rix,
@{bin}/readlink rix, @{bin}/readlink rix,
@{bin}/basename rix, @{bin}/basename rix,

4
apparmor.d/groups/apps/dropbox
View file

@ -51,7 +51,7 @@ profile dropbox @{exec_path} {
owner @{DROPBOX_DEMON_DIR}/dropbox-lnx.*/*.so* mrw, owner @{DROPBOX_DEMON_DIR}/dropbox-lnx.*/*.so* mrw,
owner @{DROPBOX_DEMON_DIR}/dropbox-lnx.*/plugins/platforms/*.so mrw, owner @{DROPBOX_DEMON_DIR}/dropbox-lnx.*/plugins/platforms/*.so mrw,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/readlink rix, @{bin}/readlink rix,
@{bin}/dirname rix, @{bin}/dirname rix,
@{bin}/uname rix, @{bin}/uname rix,
@ -129,7 +129,7 @@ profile dropbox @{exec_path} {
@{bin}/xdg-open mr, @{bin}/xdg-open mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{m,g,}awk rix, @{bin}/{m,g,}awk rix,
@{bin}/readlink rix, @{bin}/readlink rix,
@{bin}/basename rix, @{bin}/basename rix,

2
apparmor.d/groups/apps/filezilla
View file

@ -21,7 +21,7 @@ profile filezilla @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/uname rix, @{bin}/uname rix,
# When using SFTP protocol # When using SFTP protocol

2
apparmor.d/groups/apps/flameshot
View file

@ -76,7 +76,7 @@ profile flameshot @{exec_path} {
@{bin}/xdg-open mr, @{bin}/xdg-open mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{m,g,}awk rix, @{bin}/{m,g,}awk rix,
@{bin}/readlink rix, @{bin}/readlink rix,
@{bin}/basename rix, @{bin}/basename rix,

2
apparmor.d/groups/apps/freetube
View file

@ -103,7 +103,7 @@ profile freetube @{exec_path} {
@{bin}/xdg-open mr, @{bin}/xdg-open mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{m,g,}awk rix, @{bin}/{m,g,}awk rix,
@{bin}/readlink rix, @{bin}/readlink rix,
@{bin}/basename rix, @{bin}/basename rix,

2
apparmor.d/groups/apps/okular
View file

@ -103,7 +103,7 @@ profile okular @{exec_path} {
@{bin}/xdg-open mr, @{bin}/xdg-open mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{m,g,}awk rix, @{bin}/{m,g,}awk rix,
@{bin}/readlink rix, @{bin}/readlink rix,
@{bin}/basename rix, @{bin}/basename rix,

4
apparmor.d/groups/apps/telegram-desktop
View file

@ -39,7 +39,7 @@ profile telegram-desktop @{exec_path} {
@{exec_path} mrix, @{exec_path} mrix,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
# Launch external apps # Launch external apps
@{bin}/xdg-open rCx -> open, @{bin}/xdg-open rCx -> open,
@ -98,7 +98,7 @@ profile telegram-desktop @{exec_path} {
@{bin}/xdg-open mr, @{bin}/xdg-open mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{m,g,}awk rix, @{bin}/{m,g,}awk rix,
@{bin}/readlink rix, @{bin}/readlink rix,
@{bin}/basename rix, @{bin}/basename rix,

6
apparmor.d/groups/apt/apt
View file

@ -54,7 +54,7 @@ profile apt @{exec_path} flags=(attach_disconnected) {
@{bin}/ r, @{bin}/ r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{,e}grep rix, @{bin}/{,e}grep rix,
@{bin}/echo rix, @{bin}/echo rix,
@{bin}/gdbus rix, @{bin}/gdbus rix,
@ -153,7 +153,7 @@ profile apt @{exec_path} flags=(attach_disconnected) {
include <abstractions/fzf> include <abstractions/fzf>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/sensible-editor mr, @{bin}/sensible-editor mr,
@{bin}/vim.* mrix, @{bin}/vim.* mrix,
@{bin}/which{,.debianutils} rix, @{bin}/which{,.debianutils} rix,
@ -176,7 +176,7 @@ profile apt @{exec_path} flags=(attach_disconnected) {
capability dac_read_search, capability dac_read_search,
@{bin}/ r, @{bin}/ r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/less rix, @{bin}/less rix,
@{bin}/sensible-pager mr, @{bin}/sensible-pager mr,
@{bin}/which{,.debianutils} rix, @{bin}/which{,.debianutils} rix,

2
apparmor.d/groups/apt/apt-key
View file

@ -14,7 +14,7 @@ profile apt-key @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{,e,f}grep rix, @{bin}/{,e,f}grep rix,
@{bin}/{,m,g}awk rix, @{bin}/{,m,g}awk rix,
@{bin}/base64 rix, @{bin}/base64 rix,

2
apparmor.d/groups/apt/apt-listbugs
View file

@ -26,7 +26,7 @@ profile apt-listbugs @{exec_path} {
@{exec_path} r, @{exec_path} r,
@{bin}/ruby[0-9].@{int} rix, @{bin}/ruby[0-9].@{int} rix,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/logname rix, @{bin}/logname rix,
@{bin}/apt-config rPx, @{bin}/apt-config rPx,

4
apparmor.d/groups/apt/apt-listchanges
View file

@ -20,7 +20,7 @@ profile apt-listchanges @{exec_path} {
@{bin}/python3.@{int} r, @{bin}/python3.@{int} r,
@{bin}/ r, @{bin}/ r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/tar rix, @{bin}/tar rix,
# Do not strip env to avoid errors like the following: # Do not strip env to avoid errors like the following:
@ -86,7 +86,7 @@ profile apt-listchanges @{exec_path} {
@{bin}/sensible-pager mr, @{bin}/sensible-pager mr,
@{bin}/ r, @{bin}/ r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/which{,.debianutils} rix, @{bin}/which{,.debianutils} rix,
@{bin}/less rix, @{bin}/less rix,

2
apparmor.d/groups/apt/apt-show-versions
View file

@ -16,7 +16,7 @@ profile apt-show-versions @{exec_path} {
@{exec_path} r, @{exec_path} r,
@{bin}/perl r, @{bin}/perl r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/dpkg rPx -> child-dpkg, @{bin}/dpkg rPx -> child-dpkg,
@{bin}/apt-get rPx, @{bin}/apt-get rPx,

2
apparmor.d/groups/apt/apt-systemd-daily
View file

@ -14,7 +14,7 @@ profile apt-systemd-daily @{exec_path} {
capability dac_read_search, capability dac_read_search,
@{exec_path} mrix, @{exec_path} mrix,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/basename rix, @{bin}/basename rix,
@{bin}/cmp rix, @{bin}/cmp rix,

4
apparmor.d/groups/apt/aptitude
View file

@ -66,7 +66,7 @@ profile aptitude @{exec_path} flags=(complain) {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/test rix, @{bin}/test rix,
@{bin}/{,e}grep rix, @{bin}/{,e}grep rix,
@ -173,7 +173,7 @@ profile aptitude @{exec_path} flags=(complain) {
@{bin}/ r, @{bin}/ r,
@{bin}/sensible-pager mr, @{bin}/sensible-pager mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/which{,.debianutils} rix, @{bin}/which{,.debianutils} rix,
@{bin}/less rix, @{bin}/less rix,

2
apparmor.d/groups/apt/aptitude-create-state-bundle
View file

@ -14,7 +14,7 @@ profile aptitude-create-state-bundle @{exec_path} {
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/which{,.debianutils} rix, @{bin}/which{,.debianutils} rix,
@{bin}/tar rix, @{bin}/tar rix,

2
apparmor.d/groups/apt/aptitude-run-state-bundle
View file

@ -15,7 +15,7 @@ profile aptitude-run-state-bundle @{exec_path} {
include <abstractions/user-download-strict> include <abstractions/user-download-strict>
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/tar rix, @{bin}/tar rix,
@{bin}/bzip2 rix, @{bin}/bzip2 rix,

2
apparmor.d/groups/apt/debconf-apt-progress
View file

@ -33,7 +33,7 @@ profile debconf-apt-progress @{exec_path} flags=(complain) {
@{bin}/debconf-apt-progress rPx, @{bin}/debconf-apt-progress rPx,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/stty rix, @{bin}/stty rix,
@{bin}/locale rix, @{bin}/locale rix,

2
apparmor.d/groups/apt/debsecan
View file

@ -25,7 +25,7 @@ profile debsecan @{exec_path} {
@{bin}/python3.@{int} r, @{bin}/python3.@{int} r,
@{bin}/ r, @{bin}/ r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
# Send results using email # Send results using email
@{bin}/exim4 rPx, @{bin}/exim4 rPx,

2
apparmor.d/groups/apt/debsign
View file

@ -13,7 +13,7 @@ profile debsign @{exec_path} {
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{,e}grep rix, @{bin}/{,e}grep rix,
@{bin}/basename rix, @{bin}/basename rix,
@{bin}/cat rix, @{bin}/cat rix,

2
apparmor.d/groups/apt/debsums
View file

@ -17,7 +17,7 @@ profile debsums @{exec_path} {
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{m,g,}awk rix, @{bin}/{m,g,}awk rix,
/etc/dpkg/dpkg.cfg.d/{,*} r, /etc/dpkg/dpkg.cfg.d/{,*} r,

2
apparmor.d/groups/apt/dpkg
View file

@ -21,7 +21,7 @@ profile dpkg @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/cat rix, @{bin}/cat rix,
@{bin}/rm rix, @{bin}/rm rix,

2
apparmor.d/groups/apt/dpkg-preconfigure
View file

@ -19,7 +19,7 @@ profile dpkg-preconfigure @{exec_path} {
@{exec_path} r, @{exec_path} r,
@{bin}/perl r, @{bin}/perl r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/locale rix, @{bin}/locale rix,
@{bin}/stty rix, @{bin}/stty rix,

2
apparmor.d/groups/apt/dpkg-query
View file

@ -14,7 +14,7 @@ profile dpkg-query @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/pager rPx -> child-pager, @{bin}/pager rPx -> child-pager,
@{bin}/less rPx -> child-pager, @{bin}/less rPx -> child-pager,

4
apparmor.d/groups/apt/querybts
View file

@ -30,7 +30,7 @@ profile querybts @{exec_path} {
@{bin}/python3.@{int} r, @{bin}/python3.@{int} r,
@{bin}/ r, @{bin}/ r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/stty rix, @{bin}/stty rix,
@{bin}/ldconfig rix, @{bin}/ldconfig rix,
@ -66,7 +66,7 @@ profile querybts @{exec_path} {
@{bin}/xdg-open mr, @{bin}/xdg-open mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{m,g,}awk rix, @{bin}/{m,g,}awk rix,
@{bin}/readlink rix, @{bin}/readlink rix,
@{bin}/basename rix, @{bin}/basename rix,

4
apparmor.d/groups/apt/reportbug
View file

@ -35,7 +35,7 @@ profile reportbug @{exec_path} {
@{bin}/ldconfig rix, @{bin}/ldconfig rix,
@{bin}/selinuxenabled rix, @{bin}/selinuxenabled rix,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/aa-enabled rix, @{bin}/aa-enabled rix,
@{bin}/locale rix, @{bin}/locale rix,
@{bin}/md5sum rix, @{bin}/md5sum rix,
@ -115,7 +115,7 @@ profile reportbug @{exec_path} {
@{bin}/xdg-open mr, @{bin}/xdg-open mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{m,g,}awk rix, @{bin}/{m,g,}awk rix,
@{bin}/readlink rix, @{bin}/readlink rix,
@{bin}/basename rix, @{bin}/basename rix,

2
apparmor.d/groups/apt/synaptic
View file

@ -64,7 +64,7 @@ profile synaptic @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{,e,f}grep rix, @{bin}/{,e,f}grep rix,
@{bin}/test rix, @{bin}/test rix,
@{bin}/echo rix, @{bin}/echo rix,

2
apparmor.d/groups/apt/unattended-upgrade
View file

@ -38,7 +38,7 @@ profile unattended-upgrade @{exec_path} flags=(attach_disconnected) {
@{bin}/ r, @{bin}/ r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/echo rix, @{bin}/echo rix,
@{bin}/gdbus rix, @{bin}/gdbus rix,
@{bin}/ischroot rix, @{bin}/ischroot rix,

2
apparmor.d/groups/browsers/brave-wrapper
View file

@ -17,7 +17,7 @@ profile brave-wrapper @{exec_path} {
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/cat rix, @{bin}/cat rix,
@{bin}/dirname rix, @{bin}/dirname rix,
@{bin}/mkdir rix, @{bin}/mkdir rix,

2
apparmor.d/groups/browsers/chrome-wrapper
View file

@ -16,7 +16,7 @@ profile chrome-wrapper @{exec_path} {
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/cat rix, @{bin}/cat rix,
@{bin}/dirname rix, @{bin}/dirname rix,
@{bin}/mkdir rix, @{bin}/mkdir rix,

2
apparmor.d/groups/browsers/chromium-wrapper
View file

@ -16,7 +16,7 @@ profile chromium-wrapper @{exec_path} {
@{lib}/chromium/chromium rPx, @{lib}/chromium/chromium rPx,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{,e}grep rix, @{bin}/{,e}grep rix,
@{bin}/cat rix, @{bin}/cat rix,
@{bin}/cut rix, @{bin}/cut rix,

2
apparmor.d/groups/browsers/firefox
View file

@ -83,7 +83,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
@{exec_path} mrix, @{exec_path} mrix,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/basename rix, @{bin}/basename rix,
@{bin}/expr rix, @{bin}/expr rix,

2
apparmor.d/groups/bus/ibus-daemon
View file

@ -35,7 +35,7 @@ profile ibus-daemon @{exec_path} flags=(attach_disconnected) {
@{exec_path} mrix, @{exec_path} mrix,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{lib}/{,ibus/}ibus-* rPUx, @{lib}/{,ibus/}ibus-* rPUx,
/usr/share/ibus/{,**} r, /usr/share/ibus/{,**} r,

2
apparmor.d/groups/bus/ibus-engine-table
View file

@ -13,7 +13,7 @@ profile ibus-engine-table @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/python3.@{int} rix, @{bin}/python3.@{int} rix,
/usr/share/ibus-table/engine/{,**} r, /usr/share/ibus-table/engine/{,**} r,

2
apparmor.d/groups/children/child-open
View file

@ -31,7 +31,7 @@ profile child-open {
@{exec_path} mrix, @{exec_path} mrix,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{,m,g}awk rix, @{bin}/{,m,g}awk rix,
@{bin}/basename rix, @{bin}/basename rix,
@{bin}/readlink rix, @{bin}/readlink rix,

2
apparmor.d/groups/cron/cron
View file

@ -28,7 +28,7 @@ profile cron @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/nice rix, @{bin}/nice rix,
@{bin}/ionice rix, @{bin}/ionice rix,
@{bin}/exim4 rPx, @{bin}/exim4 rPx,

2
apparmor.d/groups/cron/cron-anacron
View file

@ -13,7 +13,7 @@ profile cron-anacron @{exec_path} {
@{exec_path} r, @{exec_path} r,
@{bin}/anacron rPx, @{bin}/anacron rPx,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/cat rix, @{bin}/cat rix,
@{bin}/date rix, @{bin}/date rix,

2
apparmor.d/groups/cron/cron-apport
View file

@ -12,7 +12,7 @@ profile cron-apport @{exec_path} {
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/find rix, @{bin}/find rix,
@{bin}/rm rix, @{bin}/rm rix,

2
apparmor.d/groups/cron/cron-apt
View file

@ -17,7 +17,7 @@ profile cron-apt @{exec_path} {
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/dotlockfile rix, @{bin}/dotlockfile rix,
@{bin}/sed rix, @{bin}/sed rix,
@{bin}/mktemp rix, @{bin}/mktemp rix,

2
apparmor.d/groups/cron/cron-apt-compat
View file

@ -12,7 +12,7 @@ profile cron-apt-compat @{exec_path} {
include <abstractions/base> include <abstractions/base>
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/on_ac_power rPx, @{bin}/on_ac_power rPx,

4
apparmor.d/groups/cron/cron-apt-listbugs
View file

@ -12,7 +12,7 @@ profile cron-apt-listbugs @{exec_path} {
include <abstractions/base> include <abstractions/base>
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{lib}/ruby/vendor_ruby/aptlistbugs/prefclean rCx -> prefclean, @{lib}/ruby/vendor_ruby/aptlistbugs/prefclean rCx -> prefclean,
@ -24,7 +24,7 @@ profile cron-apt-listbugs @{exec_path} {
@{lib}/ruby/vendor_ruby/aptlistbugs/prefclean mr, @{lib}/ruby/vendor_ruby/aptlistbugs/prefclean mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/mktemp rix, @{bin}/mktemp rix,
@{bin}/rm rix, @{bin}/rm rix,
@{bin}/cp rix, @{bin}/cp rix,

2
apparmor.d/groups/cron/cron-apt-show-versions
View file

@ -12,7 +12,7 @@ profile cron-apt-show-versions @{exec_path} {
include <abstractions/base> include <abstractions/base>
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/apt-show-versions rPx, @{bin}/apt-show-versions rPx,

2
apparmor.d/groups/cron/cron-apt-xapian-index
View file

@ -12,7 +12,7 @@ profile cron-apt-xapian-index @{exec_path} {
include <abstractions/base> include <abstractions/base>
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/which{,.debianutils} rix, @{bin}/which{,.debianutils} rix,
@{bin}/{,e}grep rix, @{bin}/{,e}grep rix,

2
apparmor.d/groups/cron/cron-aptitude
View file

@ -12,7 +12,7 @@ profile cron-aptitude @{exec_path} {
include <abstractions/base> include <abstractions/base>
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/cp rix, @{bin}/cp rix,
@{bin}/date rix, @{bin}/date rix,

2
apparmor.d/groups/cron/cron-cracklib
View file

@ -13,7 +13,7 @@ profile cron-cracklib @{exec_path} {
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/logger rix, @{bin}/logger rix,
@{bin}/update-cracklib rPx, @{bin}/update-cracklib rPx,

2
apparmor.d/groups/cron/cron-debsums
View file

@ -13,7 +13,7 @@ profile cron-debsums @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/true rix, @{bin}/true rix,
@{bin}/logger rix, @{bin}/logger rix,
@{bin}/sed rix, @{bin}/sed rix,

2
apparmor.d/groups/cron/cron-debtags
View file

@ -12,7 +12,7 @@ profile cron-debtags @{exec_path} {
include <abstractions/base> include <abstractions/base>
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
/usr/bin/debtags rPx, /usr/bin/debtags rPx,

2
apparmor.d/groups/cron/cron-dlocate
View file

@ -12,7 +12,7 @@ profile cron-dlocate @{exec_path} {
include <abstractions/base> include <abstractions/base>
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/update-dlocatedb rPx, @{bin}/update-dlocatedb rPx,

2
apparmor.d/groups/cron/cron-etckeeper
View file

@ -13,7 +13,7 @@ profile cron-etckeeper @{exec_path} {
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/rm rix, @{bin}/rm rix,
@{bin}/find rix, @{bin}/find rix,
@{bin}/etckeeper rPx, @{bin}/etckeeper rPx,

2
apparmor.d/groups/cron/cron-exim4-base
View file

@ -25,7 +25,7 @@ profile cron-exim4-base @{exec_path} {
network netlink raw, network netlink raw,
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/sed rix, @{bin}/sed rix,
@{bin}/{,e}grep rix, @{bin}/{,e}grep rix,

2
apparmor.d/groups/cron/cron-ipset-autoban-save
View file

@ -13,7 +13,7 @@ profile cron-ipset-autoban-save @{exec_path} {
include <abstractions/consoles> include <abstractions/consoles>
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/ipset rix, @{bin}/ipset rix,

2
apparmor.d/groups/cron/cron-logrotate
View file

@ -12,7 +12,7 @@ profile cron-logrotate @{exec_path} {
include <abstractions/base> include <abstractions/base>
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/logrotate rPx, @{bin}/logrotate rPx,

2
apparmor.d/groups/cron/cron-man-db
View file

@ -17,7 +17,7 @@ profile cron-man-db @{exec_path} {
capability setuid, capability setuid,
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{,e}grep rix, @{bin}/{,e}grep rix,
@{bin}/start-stop-daemon rix, @{bin}/start-stop-daemon rix,

2
apparmor.d/groups/cron/cron-mlocate
View file

@ -13,7 +13,7 @@ profile cron-mlocate @{exec_path} {
include <abstractions/consoles> include <abstractions/consoles>
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/which{,.debianutils} rix, @{bin}/which{,.debianutils} rix,
@{bin}/true rix, @{bin}/true rix,

2
apparmor.d/groups/cron/cron-plocate
View file

@ -13,7 +13,7 @@ profile cron-plocate @{exec_path} {
include <abstractions/consoles> include <abstractions/consoles>
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/which{,.debianutils} rix, @{bin}/which{,.debianutils} rix,
@{bin}/true rix, @{bin}/true rix,

21
apparmor.d/groups/cron/cron-popularity-contest
View file

@ -12,23 +12,24 @@ profile cron-popularity-contest @{exec_path} {
include <abstractions/base> include <abstractions/base>
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/popularity-contest rPx, @{bin}/popularity-contest rPx,
@{bin}/logger rix,
@{bin}/date rix,
@{bin}/mktemp rix,
@{bin}/mkdir rix,
@{bin}/rm rix,
@{bin}/mv rix,
@{bin}/cat rix, @{bin}/cat rix,
@{bin}/date rix,
@{bin}/grep rix,
@{bin}/logger rix,
@{bin}/mkdir rix,
@{bin}/mktemp rix,
@{bin}/mv rix,
@{bin}/rm rix,
@{bin}/setsid rix, @{bin}/setsid rix,
# To send reports via TOR # To send reports via TOR
@{bin}/torify rix, @{bin}/torify rix,
@{bin}/torsocks rix, @{bin}/torsocks rix,
@{bin}/getcap rix, @{bin}/getcap rix,
/usr/share/popularity-contest/popcon-upload rCx -> popcon-upload, /usr/share/popularity-contest/popcon-upload rCx -> popcon-upload,
@{bin}/gpg{,2} rCx -> gpg, @{bin}/gpg{,2} rCx -> gpg,
@ -74,7 +75,7 @@ profile cron-popularity-contest @{exec_path} {
@{bin}/touch rix, @{bin}/touch rix,
@{bin}/gzip rix, @{bin}/gzip rix,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
/var/log/ r, /var/log/ r,
/var/log/popularity-contest.[0-9]*.gz rw, /var/log/popularity-contest.[0-9]*.gz rw,
@ -94,7 +95,7 @@ profile cron-popularity-contest @{exec_path} {
@{bin}/runuser mr, @{bin}/runuser mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/popularity-contest rPx, @{bin}/popularity-contest rPx,

2
apparmor.d/groups/cron/cron-sysstat
View file

@ -13,7 +13,7 @@ profile cron-sysstat @{exec_path} {
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{lib}/sysstat/sa2 rPx, @{lib}/sysstat/sa2 rPx,
/etc/default/sysstat r, /etc/default/sysstat r,

4
apparmor.d/groups/cron/crontab
View file

@ -18,7 +18,7 @@ profile crontab @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
# When editing the crontab file # When editing the crontab file
@{bin}/sensible-editor rCx -> editor, @{bin}/sensible-editor rCx -> editor,
@ -42,7 +42,7 @@ profile crontab @{exec_path} {
@{bin}/sensible-editor mr, @{bin}/sensible-editor mr,
@{bin}/vim.* mrix, @{bin}/vim.* mrix,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/which{,.debianutils} rix, @{bin}/which{,.debianutils} rix,
owner @{HOME}/.selected_editor r, owner @{HOME}/.selected_editor r,

2
apparmor.d/groups/freedesktop/cpupower
View file

@ -20,7 +20,7 @@ profile cpupower @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/kmod rCx -> kmod, @{bin}/kmod rCx -> kmod,
@{bin}/man rPx, @{bin}/man rPx,

2
apparmor.d/groups/freedesktop/plymouth-set-default-theme
View file

@ -13,7 +13,7 @@ profile plymouth-set-default-theme @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{m,g,}awk rix, @{bin}/{m,g,}awk rix,
@{bin}/grep rix, @{bin}/grep rix,
@{bin}/plymouth rPx, @{bin}/plymouth rPx,

2
apparmor.d/groups/freedesktop/xdg-desktop-menu
View file

@ -15,7 +15,7 @@ profile xdg-desktop-menu @{exec_path} flags=(complain) {
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/mkdir rix, @{bin}/mkdir rix,
@{bin}/sed rix, @{bin}/sed rix,
@{bin}/cut rix, @{bin}/cut rix,

2
apparmor.d/groups/freedesktop/xdg-desktop-portal
View file

@ -54,7 +54,7 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/nautilus rPx, @{bin}/nautilus rPx,
@{bin}/snap rPUx, @{bin}/snap rPUx,

23
apparmor.d/groups/freedesktop/xdg-email
View file

@ -13,16 +13,19 @@ profile xdg-email @{exec_path} flags=(complain) {
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{,e}grep rix, @{bin}/{,e}grep rix,
@{bin}/basename rix, @{bin}/{m,g,}awk rix,
@{bin}/cut rix, @{bin}/basename rix,
@{bin}/gio rPx, @{bin}/cut rix,
@{bin}/readlink rix, @{bin}/echo rix,
@{bin}/sed rix, @{bin}/gio rPx,
@{bin}/which rix, @{bin}/kreadconfig5 rPx,
@{bin}/xdg-mime rPx, @{bin}/readlink rix,
@{bin}/sed rix,
@{bin}/tail rix,
@{bin}/which{,.debianutils} rix,
@{bin}/xdg-mime rPx,
@{thunderbird_path} rPx, @{thunderbird_path} rPx,
owner /dev/tty@{int} rw, owner /dev/tty@{int} rw,

2
apparmor.d/groups/freedesktop/xdg-icon-resource
View file

@ -15,7 +15,7 @@ profile xdg-icon-resource @{exec_path} flags=(attach_disconnected) {
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{,e}grep rix, @{bin}/{,e}grep rix,
@{bin}/whoami rix, @{bin}/whoami rix,
@{bin}/sed rix, @{bin}/sed rix,

2
apparmor.d/groups/freedesktop/xdg-mime
View file

@ -14,7 +14,7 @@ profile xdg-mime @{exec_path} flags=(attach_disconnected) {
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{,e}grep rix, @{bin}/{,e}grep rix,
@{bin}/{m,g,}awk rix, @{bin}/{m,g,}awk rix,
@{bin}/basename rix, @{bin}/basename rix,

2
apparmor.d/groups/freedesktop/xdg-open
View file

@ -15,7 +15,7 @@ profile xdg-open @{exec_path} flags=(attach_disconnected) {
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{,e}grep rix, @{bin}/{,e}grep rix,
@{bin}/sed rix, @{bin}/sed rix,
@{bin}/cut rix, @{bin}/cut rix,

2
apparmor.d/groups/freedesktop/xdg-screensaver
View file

@ -16,7 +16,7 @@ profile xdg-screensaver @{exec_path} {
@{bin}/ r, @{bin}/ r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/mv rix, @{bin}/mv rix,
@{bin}/{,e}grep rix, @{bin}/{,e}grep rix,
@{bin}/sed rix, @{bin}/sed rix,

2
apparmor.d/groups/freedesktop/xdg-settings
View file

@ -14,7 +14,7 @@ profile xdg-settings @{exec_path} {
@{exec_path} r, @{exec_path} r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{,e}grep rix, @{bin}/{,e}grep rix,
@{bin}/basename rix, @{bin}/basename rix,
@{bin}/cat rix, @{bin}/cat rix,

2
apparmor.d/groups/freedesktop/xdg-user-dir
View file

@ -12,7 +12,7 @@ profile xdg-user-dir @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/env rix, @{bin}/env rix,
owner @{user_config_dirs}/user-dirs.dirs r, owner @{user_config_dirs}/user-dirs.dirs r,

2
apparmor.d/groups/freedesktop/xorg
View file

@ -45,7 +45,7 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
@{exec_path} mrix, @{exec_path} mrix,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/xkbcomp rPx, @{bin}/xkbcomp rPx,
@{bin}/pkexec rPx, @{bin}/pkexec rPx,

2
apparmor.d/groups/freedesktop/xrdb
View file

@ -17,7 +17,7 @@ profile xrdb @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,*-}cpp-[0-9]* rix, @{bin}/{,*-}cpp-[0-9]* rix,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/cpp rix, @{bin}/cpp rix,
@{lib}/gcc/@{multiarch}/@{int}*/cc1 rix, @{lib}/gcc/@{multiarch}/@{int}*/cc1 rix,
@{lib}/llvm-[0-9]*/bin/clang rix, @{lib}/llvm-[0-9]*/bin/clang rix,

2
apparmor.d/groups/freedesktop/xwayland
View file

@ -23,7 +23,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
@{exec_path} mrix, @{exec_path} mrix,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/xkbcomp rPx, @{bin}/xkbcomp rPx,
/usr/share/fonts/{,**} r, /usr/share/fonts/{,**} r,

2
apparmor.d/groups/gnome/gdm
View file

@ -47,7 +47,7 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/pidof rPx, @{bin}/pidof rPx,
@{bin}/plymouth rPx, @{bin}/plymouth rPx,
@{bin}/prime-switch rPUx, @{bin}/prime-switch rPUx,

2
apparmor.d/groups/gnome/gdm-generate-config
View file

@ -20,7 +20,7 @@ profile gdm-generate-config @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/dconf rix, @{bin}/dconf rix,
@{bin}/install rix, @{bin}/install rix,
@{bin}/pgrep rix, @{bin}/pgrep rix,

2
apparmor.d/groups/gnome/gdm-wayland-session
View file

@ -32,7 +32,7 @@ profile gdm-wayland-session @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/cat rix, @{bin}/cat rix,
@{bin}/env rix, @{bin}/env rix,
@{bin}/gettext rix, @{bin}/gettext rix,

2
apparmor.d/groups/gnome/gdm-xsession
View file

@ -17,7 +17,7 @@ profile gdm-xsession @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{,e}grep rix, @{bin}/{,e}grep rix,
@{bin}/{m,g,}awk rix, @{bin}/{m,g,}awk rix,
@{bin}/cat rix, @{bin}/cat rix,

2
apparmor.d/groups/gnome/gnome-extension-ding
View file

@ -50,7 +50,7 @@ profile gnome-extension-ding @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/env rix, @{bin}/env rix,
@{bin}/gjs-console rix, @{bin}/gjs-console rix,
@{bin}/gnome-control-center rPx, @{bin}/gnome-control-center rPx,

2
apparmor.d/groups/gnome/gnome-extension-gsconnect
View file

@ -35,7 +35,7 @@ profile gnome-extension-gsconnect @{exec_path} {
@{bin}/env rix, @{bin}/env rix,
@{bin}/gjs-console rix, @{bin}/gjs-console rix,
@{bin}/openssl rix, @{bin}/openssl rix,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/ssh-add rix, @{bin}/ssh-add rix,
@{bin}/ssh-keygen rPx, @{bin}/ssh-keygen rPx,

2
apparmor.d/groups/gnome/gnome-extensions-app
View file

@ -16,7 +16,7 @@ profile gnome-extensions-app @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/gjs-console rix, @{bin}/gjs-console rix,
@{open_path} rPx -> child-open, @{open_path} rPx -> child-open,

2
apparmor.d/groups/gnome/nautilus
View file

@ -75,7 +75,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/bwrap rPUx, @{bin}/bwrap rPUx,
@{bin}/file-roller rPx, @{bin}/file-roller rPx,
@{bin}/firejail rPUx, @{bin}/firejail rPUx,

2
apparmor.d/groups/grub/grub-check-signatures
View file

@ -13,7 +13,7 @@ profile grub-check-signatures @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{m,g,}awk rix, @{bin}/{m,g,}awk rix,
@{bin}//mktemp rix, @{bin}//mktemp rix,
@{bin}//od rix, @{bin}//od rix,

2
apparmor.d/groups/grub/grub-install
View file

@ -18,7 +18,7 @@ profile grub-install @{exec_path} flags=(complain) {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/efibootmgr rix, @{bin}/efibootmgr rix,
@{bin}/kmod rPx, @{bin}/kmod rPx,
@{bin}/lsb_release rPx -> lsb_release, @{bin}/lsb_release rPx -> lsb_release,

2
apparmor.d/groups/grub/grub-mkconfig
View file

@ -21,7 +21,7 @@ profile grub-mkconfig @{exec_path} flags=(attach_disconnected) {
/{usr/,}{local/,}{s,}bin/zpool rPx, /{usr/,}{local/,}{s,}bin/zpool rPx,
@{bin}/dmsetup rPUx, @{bin}/dmsetup rPUx,
@{bin}/grub-probe rPx, @{bin}/grub-probe rPx,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{e,f,}grep rix, @{bin}/{e,f,}grep rix,
@{bin}/{m,g,}awk rix, @{bin}/{m,g,}awk rix,
@{bin}/basename rix, @{bin}/basename rix,

2
apparmor.d/groups/grub/grub-multi-install
View file

@ -14,7 +14,7 @@ profile grub-multi-install @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/grub-install rPx, @{bin}/grub-install rPx,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{,e}grep rix, @{bin}/{,e}grep rix,
@{bin}/cat rix, @{bin}/cat rix,
@{bin}/cut rix, @{bin}/cut rix,

2
apparmor.d/groups/grub/update-grub
View file

@ -14,7 +14,7 @@ profile update-grub @{exec_path} {
capability dac_read_search, capability dac_read_search,
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/grub-mkconfig rPx, @{bin}/grub-mkconfig rPx,
/dev/tty@{int} rw, /dev/tty@{int} rw,

2
apparmor.d/groups/gvfs/gvfsd
View file

@ -46,7 +46,7 @@ profile gvfsd @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{lib}/{,gvfs/}gvfsd-* rpx, @{lib}/{,gvfs/}gvfsd-* rpx,
/usr/share/gvfs/{,**} r, /usr/share/gvfs/{,**} r,

2
apparmor.d/groups/kde/kconf_update
View file

@ -20,7 +20,7 @@ profile kconf_update @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{,p}grep rix, @{bin}/{,p}grep rix,
@{bin}/python3.@{int} rix, @{bin}/python3.@{int} rix,
@{bin}/qtpaths rix, @{bin}/qtpaths rix,

2
apparmor.d/groups/kde/kde-powerdevil
View file

@ -19,7 +19,7 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted)
@{exec_path} mrix, @{exec_path} mrix,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/find rix, @{bin}/find rix,
@{bin}/grep rix, @{bin}/grep rix,
@{bin}/kcminit rPx, @{bin}/kcminit rPx,

2
apparmor.d/groups/kde/kwin_x11
View file

@ -23,7 +23,7 @@ profile kwin_x11 @{exec_path} {
@{exec_path} mrix, @{exec_path} mrix,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{lib}/kwin_killer_helper rix, @{lib}/kwin_killer_helper rix,
@{lib}/drkonqi rPx, @{lib}/drkonqi rPx,

2
apparmor.d/groups/kde/pam_kwallet_init
View file

@ -12,7 +12,7 @@ profile pam_kwallet_init @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/env rix, @{bin}/env rix,
@{bin}/socat rix, @{bin}/socat rix,

2
apparmor.d/groups/kde/plasma-discover
View file

@ -28,7 +28,7 @@ profile plasma-discover @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/kreadconfig5 rPx, @{bin}/kreadconfig5 rPx,
@{bin}/gpg rCx -> gpg, @{bin}/gpg rCx -> gpg,

2
apparmor.d/groups/kde/sddm
View file

@ -50,7 +50,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
@{lib}/sddm/sddm-helper-start-wayland rix, @{lib}/sddm/sddm-helper-start-wayland rix,
@{lib}/sddm/sddm-helper-start-x11user rix, @{lib}/sddm/sddm-helper-start-x11user rix,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/cat rix, @{bin}/cat rix,
@{bin}/checkproc rix, @{bin}/checkproc rix,
@{bin}/disable-paste rix, @{bin}/disable-paste rix,

36
apparmor.d/groups/kde/sddm-xsession
View file

@ -18,7 +18,7 @@ profile sddm-xsession @{exec_path} {
@{exec_path} r, @{exec_path} r,
/{usr/,}{local,}bin/ r, /{usr/,}{local,}bin/ r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{,e}grep rix, @{bin}/{,e}grep rix,
@{bin}/{m,g,}awk rix, @{bin}/{m,g,}awk rix,
@{bin}/cat rix, @{bin}/cat rix,
@ -85,5 +85,39 @@ profile sddm-xsession @{exec_path} {
include if exists <local/sddm-xsession_dbus> include if exists <local/sddm-xsession_dbus>
} }
profile gpg {
include <abstractions/base>
include <abstractions/nameservice-strict>
include <abstractions/openssl>
include <abstractions/ssl_certs>
capability dac_read_search,
network inet stream,
network inet6 stream,
network inet dgram,
network inet6 dgram,
@{bin}/gpg{,2} mr,
@{bin}/gpgconf mr,
@{bin}/gpgsm mr,
@{bin}/dirmngr rix,
@{bin}/gpg-agent rPx,
@{bin}/gpg-connect-agent rix,
@{HOME}/@{XDG_GPG_DIR}/*.conf r,
@{PROC}/@{pid}/fd/ r,
@{PROC}/@{pid}/task/@{tid}/comm rw,
/dev/tty@{int} rw,
owner /dev/pts/@{int} rw,
deny @{user_share_dirs}/sddm/* rw,
include if exists <local/sddm-xsession_gpg>
}
include if exists <local/sddm-xsession> include if exists <local/sddm-xsession>
} }

2
apparmor.d/groups/kde/xdm-xsession
View file

@ -18,7 +18,7 @@ profile xdm-xsession @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/checkproc rix, @{bin}/checkproc rix,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/basename rix, @{bin}/basename rix,
@{bin}/cat rix, @{bin}/cat rix,
@{bin}/dirname rix, @{bin}/dirname rix,

2
apparmor.d/groups/network/NetworkManager
View file

@ -67,7 +67,7 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/nft rix, @{bin}/nft rix,
@{bin}/dnsmasq rPx, @{bin}/dnsmasq rPx,

2
apparmor.d/groups/network/dhcpcd
View file

@ -30,7 +30,7 @@ profile dhcpcd @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/cat rix, @{bin}/cat rix,
@{bin}/chmod rix, @{bin}/chmod rix,
@{bin}/cmp rix, @{bin}/cmp rix,

2
apparmor.d/groups/network/mullvad-gui
View file

@ -36,7 +36,7 @@ profile mullvad-gui @{exec_path} flags=(attach_disconnected) {
"/opt/Mullvad VPN/*.so*" mr, "/opt/Mullvad VPN/*.so*" mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/gsettings rix, @{bin}/gsettings rix,
@{bin}/xdg-open rPx, @{bin}/xdg-open rPx,

2
apparmor.d/groups/network/nm-dispatcher
View file

@ -24,7 +24,7 @@ profile nm-dispatcher @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/basename rix, @{bin}/basename rix,
@{bin}/chronyc rPUx, @{bin}/chronyc rPUx,
@{bin}/date rix, @{bin}/date rix,

2
apparmor.d/groups/network/nm-openvpn-service
View file

@ -18,7 +18,7 @@ profile nm-openvpn-service @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/kmod rPx, @{bin}/kmod rPx,
@{bin}/openvpn rPx, @{bin}/openvpn rPx,
@{lib}/{,NetworkManager/}nm-openvpn-auth-dialog rPx, @{lib}/{,NetworkManager/}nm-openvpn-auth-dialog rPx,

4
apparmor.d/groups/network/openvpn
View file

@ -82,7 +82,7 @@ profile openvpn @{exec_path} flags=(attach_disconnected) {
/etc/openvpn/update-resolv-conf.sh r, /etc/openvpn/update-resolv-conf.sh r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/cut rix, @{bin}/cut rix,
@{bin}/ip rix, @{bin}/ip rix,
@{bin}/which{,.debianutils} rix, @{bin}/which{,.debianutils} rix,
@ -106,7 +106,7 @@ profile openvpn @{exec_path} flags=(attach_disconnected) {
/etc/openvpn/ r, /etc/openvpn/ r,
/etc/openvpn/force-user-traffic-via-vpn.sh r, /etc/openvpn/force-user-traffic-via-vpn.sh r,
@{bin}/{,ba,da}sh rix, @{sh_path} rix,
@{bin}/{,e}grep rix, @{bin}/{,e}grep rix,
@{bin}/cut rix, @{bin}/cut rix,
@{bin}/env rix, @{bin}/env rix,

Some files were not shown because too many files have changed in this diff Show more