mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-05 01:35:04 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

xfce, fixes

Browse source
This commit is contained in:
nobody43 2025-01-24 21:48:31 +00:00
parent 39b38b9ee5
commit 45f5689d6a
18 changed files with 24 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/groups/display-manager/lightdm
View file

@ -37,9 +37,9 @@ profile lightdm @{exec_path} flags=(attach_disconnected) {
signal (send) set=(term) peer=xfce-session, signal (send) set=(term) peer=xfce-session,
signal (send) set=(term) peer=xorg, signal (send) set=(term) peer=xorg,
unix (bind) type=stream addr="@@{hex}/bus/lightdm/system", unix (bind) type=stream addr="@@{udbus}/bus/lightdm/system",
dbus (bind) bus=system name=org.freedesktop.DisplayManager, #aa:dbus own bus=system name=org.freedesktop.DisplayManager
@{exec_path} mrix, @{exec_path} mrix,

2
apparmor.d/groups/gvfs/gvfsd-computer
View file

@ -12,7 +12,7 @@ profile gvfsd-computer @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/bus-session> include <abstractions/bus-session>
dbus (bind) bus=session name=org.gtk.vfs.mountpoint_@{int}, #aa:dbus own bus=session name=org.gtk.vfs.mountpoint_@{int}
@{exec_path} mr, @{exec_path} mr,

2
apparmor.d/groups/gvfs/gvfsd-wsdd
View file

@ -13,7 +13,7 @@ profile gvfsd-wsdd @{exec_path} {
network netlink raw, network netlink raw,
dbus (bind) bus=session name=org.gtk.vfs.mountpoint_wsdd, #aa:dbus own bus=session name=org.gtk.vfs.mountpoint_wsdd
@{exec_path} mr, @{exec_path} mr,

6
apparmor.d/groups/xfce/thunar
View file

@ -19,9 +19,9 @@ profile thunar @{exec_path} {
network netlink raw, network netlink raw,
dbus (bind) bus=session name=org.xfce.Thunar, #aa:dbus own bus=session name=org.xfce.Thunar
dbus (bind) bus=session name=org.xfce.FileManager, #aa:dbus own bus=session name=org.xfce.FileManager
dbus (bind) bus=session name=org.freedesktop.FileManager1, #aa:dbus own bus=session name=org.freedesktop.FileManager1
@{exec_path} mr, @{exec_path} mr,

9
apparmor.d/groups/xfce/tumblerd
View file

@ -12,16 +12,13 @@ profile tumblerd @{exec_path} {
include <abstractions/fontconfig-cache-read> include <abstractions/fontconfig-cache-read>
include <abstractions/desktop> include <abstractions/desktop>
include <abstractions/bus-session> include <abstractions/bus-session>
include <abstractions/fontconfig-cache-read>
include <abstractions/desktop>
include <abstractions/bus-session>
include <abstractions/gstreamer> include <abstractions/gstreamer>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/thumbnails-cache-write> include <abstractions/thumbnails-cache-write>
dbus (bind) bus=session name=org.freedesktop.thumbnails.Cache1, #aa:dbus own bus=session name=org.freedesktop.thumbnails.Cache1
dbus (bind) bus=session name=org.freedesktop.thumbnails.Manager1, #aa:dbus own bus=session name=org.freedesktop.thumbnails.Manager1
dbus (bind) bus=session name=org.freedesktop.thumbnails.Thumbnailer1, #aa:dbus own bus=session name=org.freedesktop.thumbnails.Thumbnailer1
@{exec_path} mr, @{exec_path} mr,

2
apparmor.d/groups/xfce/xfce-clipman-settings
View file

@ -13,7 +13,7 @@ profile xfce-clipman-settings @{exec_path} {
include <abstractions/bus-session> include <abstractions/bus-session>
include <abstractions/xfce> include <abstractions/xfce>
dbus (bind) bus=session name=org.xfce.clipman.settings, #aa:dbus own bus=session name=org.xfce.clipman.settings
@{exec_path} mr, @{exec_path} mr,

4
apparmor.d/groups/xfce/xfce-notifyd
View file

@ -24,8 +24,8 @@ profile xfce-notifyd @{exec_path} {
network inet6 stream, network inet6 stream,
network netlink raw, network netlink raw,
dbus (bind) bus=session name=org.xfce.Notifyd, #aa:dbus own bus=session name=org.xfce.Notifyd
dbus (bind) bus=session name=org.freedesktop.Notifications, #aa:dbus own bus=session name=org.freedesktop.Notifications
@{exec_path} mr, @{exec_path} mr,

4
apparmor.d/groups/xfce/xfce-panel
View file

@ -22,8 +22,8 @@ profile xfce-panel @{exec_path} {
ptrace (read) peer=xfce-terminal, ptrace (read) peer=xfce-terminal,
dbus (bind) bus=session name=org.xfce.Panel, #aa:dbus own bus=session name=org.xfce.Panel
dbus (bind) bus=session name=org.kde.StatusNotifierWatcher, #aa:dbus own bus=session name=org.kde.StatusNotifierWatcher
@{exec_path} mr, @{exec_path} mr,

4
apparmor.d/groups/xfce/xfce-power-manager
View file

@ -16,8 +16,8 @@ profile xfce-power-manager @{exec_path} flags=(attach_disconnected) {
include <abstractions/xfce> include <abstractions/xfce>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
dbus (bind) bus=session name=org.xfce.PowerManager, #aa:dbus own bus=session name=org.xfce.PowerManager
dbus (bind) bus=session name=org.freedesktop.PowerManagement, #aa:dbus own bus=session name=org.freedesktop.PowerManagement
@{exec_path} mr, @{exec_path} mr,

2
apparmor.d/groups/xfce/xfce-screensaver
View file

@ -16,7 +16,7 @@ profile xfce-screensaver @{exec_path} flags=(attach_disconnected) {
include <abstractions/xfce> include <abstractions/xfce>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
dbus (bind) bus=session name=org.xfce.ScreenSaver, #aa:dbus own bus=session name=org.xfce.ScreenSaver
@{exec_path} mr, @{exec_path} mr,

2
apparmor.d/groups/xfce/xfce-session
View file

@ -20,7 +20,7 @@ profile xfce-session @{exec_path} flags=(attach_disconnected) {
signal (receive) set=(term) peer=lightdm, signal (receive) set=(term) peer=lightdm,
dbus (bind) bus=session name=org.xfce.SessionManager, #aa:dbus own bus=session name=org.xfce.SessionManager
@{exec_path} mr, @{exec_path} mr,

4
apparmor.d/groups/xfce/xfce-terminal
View file

@ -21,7 +21,7 @@ profile xfce-terminal @{exec_path} {
signal (send), signal (send),
dbus (bind) bus=session name=org.xfce.Terminal5, #aa:dbus own bus=session name=org.xfce.Terminal5
@{exec_path} mr, @{exec_path} mr,
@ -35,7 +35,7 @@ profile xfce-terminal @{exec_path} {
@{bin}/micro rPUx, @{bin}/micro rPUx,
@{bin}/nvtop rPx, @{bin}/nvtop rPx,
@{bin}/vim{,.basic} rPUx, @{editor_path} rPUx,
/usr/share/ r, /usr/share/ r,
/usr/share/desktop-base/profiles/xdg-config/ r, /usr/share/desktop-base/profiles/xdg-config/ r,

2
apparmor.d/groups/xfce/xfconfd
View file

@ -13,7 +13,7 @@ profile xfconfd @{exec_path} {
include <abstractions/bus-session> include <abstractions/bus-session>
include <abstractions/xfce> include <abstractions/xfce>
dbus (bind) bus=session name=org.xfce.Xfconf, #aa:dbus own bus=session name=org.xfce.Xfconf
@{exec_path} mr, @{exec_path} mr,

3
apparmor.d/groups/xfce/xfdesktop
View file

@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = @{bin}/xfdesktop @{exec_path} = @{bin}/xfdesktop
profile xfdesktop @{exec_path} { profile xfdesktop @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/desktop>
include <abstractions/fontconfig-cache-read> include <abstractions/fontconfig-cache-read>
include <abstractions/bus-accessibility> include <abstractions/bus-accessibility>
include <abstractions/bus-session> include <abstractions/bus-session>
@ -18,7 +17,7 @@ profile xfdesktop @{exec_path} {
include <abstractions/thumbnails-cache-read> include <abstractions/thumbnails-cache-read>
include <abstractions/xfce> include <abstractions/xfce>
dbus (bind) bus=session name=org.xfce.xfdesktop, #aa:dbus own bus=session name=org.xfce.xfdesktop
@{exec_path} mr, @{exec_path} mr,

2
apparmor.d/groups/xfce/xfsettingsd
View file

@ -16,7 +16,7 @@ profile xfsettingsd @{exec_path} {
include <abstractions/fontconfig-cache-read> include <abstractions/fontconfig-cache-read>
include <abstractions/xfce> include <abstractions/xfce>
dbus (bind) bus=session name=org.xfce.SettingsDaemon, #aa:dbus own bus=session name=org.xfce.SettingsDaemon
@{exec_path} mr, @{exec_path} mr,

1
apparmor.d/profiles-a-f/blueman
View file

@ -62,7 +62,6 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
/dev/shm/ r, /dev/shm/ r,
/dev/tty rw, /dev/tty rw,
deny @{lib}/python3/dist-packages/blueman/__pycache__/** w,
deny owner @{user_share_dirs}/gvfs-metadata/{,*} r, deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,
include if exists <local/blueman> include if exists <local/blueman>

2
apparmor.d/profiles-s-z/system-config-printer-applet
View file

@ -30,8 +30,6 @@ profile system-config-printer-applet @{exec_path} {
/dev/tty rw, /dev/tty rw,
deny @{lib}/python3/dist-packages/cupshelpers/__pycache__/** w,
include if exists <local/system-config-printer-applet> include if exists <local/system-config-printer-applet>
} }

1
apparmor.d/profiles-s-z/xarchiver
View file

@ -55,7 +55,6 @@ profile xarchiver @{exec_path} {
/home/ r, /home/ r,
#owner @{HOME}/ r, #owner @{HOME}/ r,
#owner @{HOME}/** rw, #owner @{HOME}/** rw,
owner @{HOME}/@{XDG_DOWNLOAD_DIR}/{,**} rwl,
@{MOUNTS}/ r, @{MOUNTS}/ r,
@{MOUNTS}/** rw, @{MOUNTS}/** rw,
/tmp/ r, /tmp/ r,