mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-06 10:15:08 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Small fixes.

Browse source
This commit is contained in:
Alexandre Pujol 2021-05-30 16:15:29 +01:00
parent 9b7ab9cbc3
commit 44dc86cd36
Failed to generate hash of commit
7 changed files with 12 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
apparmor.d/groups/bus/dbus-daemon
View file

@ -22,6 +22,9 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) {
network netlink raw, network netlink raw,
network bluetooth stream,
network bluetooth seqpacket,
ptrace (read) peer=unconfined, ptrace (read) peer=unconfined,
@{exec_path} mr, @{exec_path} mr,

2
apparmor.d/groups/desktop/blueman
View file

@ -59,7 +59,7 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/cmdline r, @{PROC}/@{pids}/cmdline r,
include <abstractions/dconf> include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw, owner @{run}/user/@{uid}/dconf/ rw,

2
apparmor.d/groups/gnome/gsd-power
View file

@ -22,11 +22,13 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
/usr/share/gdm/greeter-dconf-defaults r, /usr/share/gdm/greeter-dconf-defaults r,
/usr/share/glib-2.0/schemas/gschemas.compiled r, /usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/icons/{,**} r, /usr/share/icons/{,**} r,
/usr/share/sounds/freedesktop/index.theme r,
/usr/share/sounds/freedesktop/stereo/*.oga r, /usr/share/sounds/freedesktop/stereo/*.oga r,
/usr/share/X11/xkb/** r, /usr/share/X11/xkb/** r,
/etc/machine-id r, /etc/machine-id r,
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
/var/lib/gdm/.config/pulse/client.conf r,
/etc/pulse/client.conf r, /etc/pulse/client.conf r,
owner @{user_cache_dirs}/event-sound-cache.tdb.* rwk, owner @{user_cache_dirs}/event-sound-cache.tdb.* rwk,

1
apparmor.d/profiles-a-l/browserpass
View file

@ -22,6 +22,7 @@ profile browserpass @{exec_path} {
owner @{HOME}/.mozilla/firefox/[0-9a-z]*.default/extensions/* r, owner @{HOME}/.mozilla/firefox/[0-9a-z]*.default/extensions/* r,
owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.default/startupCache/scriptCache-*.bin r, owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.default/startupCache/scriptCache-*.bin r,
owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.default/startupCache/startupCache.*.little r, owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.default/startupCache/startupCache.*.little r,
owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.default/safebrowsing-updating/google[0-9]/goog-phish-proto-[0-9]*.vlpset rw,
@{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,

2
apparmor.d/profiles-a-l/gdk-pixbuf-query-loaders
View file

@ -12,7 +12,7 @@ profile gdk-pixbuf-query-loaders @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
/{usr/,}lib/gdk-pixbuf-[0-9].[0-9]*/*/loaders.cache.* rw, /{usr/,}lib/gdk-pixbuf-[0-9].[0-9]*/{,*}/loaders.cache.* rw,
include if exists <local/gdk-pixbuf-query-loaders> include if exists <local/gdk-pixbuf-query-loaders>
} }

2
apparmor.d/profiles-m-z/mission-control
View file

@ -14,7 +14,7 @@ profile mission-control @{exec_path} {
network netlink raw, network netlink raw,
@{exec_path} mr, @{exec_path} mr,
/usr/{lib,libexec}/* rUx, # FIXME: Needed ? /usr/{lib,libexec}/* rPUx, # FIXME: Needed ?
/usr/share/telepathy/{,**} r, /usr/share/telepathy/{,**} r,
/usr/share/glib-2.0/schemas/gschemas.compiled r, /usr/share/glib-2.0/schemas/gschemas.compiled r,

3
apparmor.d/profiles-m-z/polkitd
View file

@ -47,5 +47,8 @@ profile polkitd @{exec_path} {
@{run}/systemd/sessions/* r, @{run}/systemd/sessions/* r,
@{run}/systemd/users/@{uid} r, @{run}/systemd/users/@{uid} r,
# Silencer
deny /.cache/ rw,
include if exists <local/polkitd> include if exists <local/polkitd>
} }