mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-14 23:43:56 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(profile): update kde profiles.

Browse Source
This commit is contained in:
Alexandre Pujol 2024-10-14 19:20:02 +01:00
parent 04e39a4789
commit 48751f75b2
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
10 changed files with 39 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apparmor.d/abstractions/kde-strict
View File

@ -27,7 +27,7 @@
owner @{user_cache_dirs}/#@{int} rw, owner @{user_cache_dirs}/#@{int} rw,
owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_cache_dirs}/icon-cache.kcache rw,
owner @{user_cache_dirs}/ksycoca{5,6}_??_* rwlk, owner @{user_cache_dirs}/ksycoca{5,6}_??[_-]*.@{rand6} rwlk,
owner @{user_config_dirs}/baloofilerc r, owner @{user_config_dirs}/baloofilerc r,
owner @{user_config_dirs}/dolphinrc r, owner @{user_config_dirs}/dolphinrc r,

3
apparmor.d/groups/kde/baloo
View File

@ -34,6 +34,8 @@ profile baloo @{exec_path} {
owner @{MOUNTS}/{,**} r, owner @{MOUNTS}/{,**} r,
owner @{tmp}/*/{,**} r, owner @{tmp}/*/{,**} r,
owner @{user_cache_dirs}/kcrash-metadata/ w,
owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/#@{int} rw,
owner @{user_config_dirs}/baloofilerc rwl, owner @{user_config_dirs}/baloofilerc rwl,
owner @{user_config_dirs}/baloofilerc.lock rwkl, owner @{user_config_dirs}/baloofilerc.lock rwkl,
@ -60,6 +62,7 @@ profile baloo @{exec_path} {
@{run}/udev/data/c29:@{int} r, # For /dev/fb[0-9]* @{run}/udev/data/c29:@{int} r, # For /dev/fb[0-9]*
@{run}/udev/data/c89:@{int} r, # For I2C bus interface @{run}/udev/data/c89:@{int} r, # For I2C bus interface
@{run}/udev/data/c116:@{int} r, # For ALSA @{run}/udev/data/c116:@{int} r, # For ALSA
@{run}/udev/data/c202:@{int} r, # CPU model-specific registers
@{run}/udev/data/c226:@{int} r, # For /dev/dri/card[0-9]* @{run}/udev/data/c226:@{int} r, # For /dev/dri/card[0-9]*
@{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511 @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511

1
apparmor.d/groups/kde/gmenudbusmenuproxy
View File

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{bin}/gmenudbusmenuproxy @{exec_path} = @{bin}/gmenudbusmenuproxy
profile gmenudbusmenuproxy @{exec_path} { profile gmenudbusmenuproxy @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/graphics>
include <abstractions/gtk> include <abstractions/gtk>
include <abstractions/kde-strict> include <abstractions/kde-strict>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>

3
apparmor.d/groups/kde/kconf_update
View File

@ -44,12 +44,15 @@ profile kconf_update @{exec_path} {
/etc/machine-id r, /etc/machine-id r,
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
owner @{HOME}/.gtkrc-@{version} w,
owner @{user_config_dirs}/*rc rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/*rc rwl -> @{user_config_dirs}/#@{int},
owner @{user_config_dirs}/*rc.@{rand6} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/*rc.@{rand6} rwl -> @{user_config_dirs}/#@{int},
owner @{user_config_dirs}/*rc.lock rwk, owner @{user_config_dirs}/*rc.lock rwk,
owner @{user_config_dirs}/gtk-{3,4}.0/* rwlk -> @{user_config_dirs}/gtk-{3,4}.0/**, owner @{user_config_dirs}/gtk-{3,4}.0/* rwlk -> @{user_config_dirs}/gtk-{3,4}.0/**,
owner @{user_config_dirs}/sed@{rand6} rw, owner @{user_config_dirs}/sed@{rand6} rw,
owner @{user_config_dirs}/xsettingsd/xsettingsd.conf rw, owner @{user_config_dirs}/xsettingsd/xsettingsd.conf rw,
owner @{user_config_dirs}/kcmfonts.lock rwk,
owner @{user_share_dirs}/#@{int} rw, owner @{user_share_dirs}/#@{int} rw,
owner @{user_share_dirs}/krunnerstaterc.lock rwk, owner @{user_share_dirs}/krunnerstaterc.lock rwk,

27
apparmor.d/groups/kde/kded
View File

@ -93,34 +93,16 @@ profile kded @{exec_path} {
@{user_config_dirs}/kcookiejarrc.lock rwk, @{user_config_dirs}/kcookiejarrc.lock rwk,
@{user_config_dirs}/kcookiejarrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, @{user_config_dirs}/kcookiejarrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
owner @{user_config_dirs}/bluedevilglobalrc.lock rwk, owner @{user_config_dirs}/*rc rwl -> @{user_config_dirs}/#@{int},
owner @{user_config_dirs}/bluedevilglobalrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/*rc.@{rand6} rwl -> @{user_config_dirs}/#@{int},
owner @{user_config_dirs}/breezerc r, owner @{user_config_dirs}/*rc.lock rwk,
owner @{user_config_dirs}/gtk-{3,4}.0/{,**} rwl, owner @{user_config_dirs}/gtk-{3,4}.0/{,**} rwl,
owner @{user_config_dirs}/gtk-{3,4}.0/settings.ini.lock rk, owner @{user_config_dirs}/gtk-{3,4}.0/settings.ini.lock rk,
owner @{user_config_dirs}/gtkrc{,*} rwlk,
owner @{user_config_dirs}/kconf_updaterc rw,
owner @{user_config_dirs}/kconf_updaterc.lock rwk,
owner @{user_config_dirs}/kdebugrc r,
owner @{user_config_dirs}/kded{5,6}rc.lock rwk,
owner @{user_config_dirs}/kded{5,6}rc{,.@{rand6}} rwl,
owner @{user_config_dirs}/kdedefaults/{,**} r, owner @{user_config_dirs}/kdedefaults/{,**} r,
owner @{user_config_dirs}/khotkeysrc.lock rwk,
owner @{user_config_dirs}/khotkeysrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
owner @{user_config_dirs}/kioslaverc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
owner @{user_config_dirs}/ksmserverrc r,
owner @{user_config_dirs}/ktimezonedrc.lock rwk,
owner @{user_config_dirs}/ktimezonedrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
owner @{user_config_dirs}/kwalletrc r,
owner @{user_config_dirs}/kwinrc.lock rwk,
owner @{user_config_dirs}/kwinrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
owner @{user_config_dirs}/kxkbrc r,
owner @{user_config_dirs}/libaccounts-glib/ rw, owner @{user_config_dirs}/libaccounts-glib/ rw,
owner @{user_config_dirs}/libaccounts-glib/accounts.db{,-shm,-wal,-journal} rwk, owner @{user_config_dirs}/libaccounts-glib/accounts.db{,-shm,-wal,-journal} rwk,
owner @{user_config_dirs}/menus/{,**} r, owner @{user_config_dirs}/menus/{,**} r,
owner @{user_config_dirs}/networkmanagement.notifyrc r,
owner @{user_config_dirs}/plasma* r, owner @{user_config_dirs}/plasma* r,
owner @{user_config_dirs}/touchpadrc r,
owner @{user_config_dirs}/Trolltech.conf.lock rwk, owner @{user_config_dirs}/Trolltech.conf.lock rwk,
owner @{user_config_dirs}/Trolltech.conf{,.@{rand6}} rwl, owner @{user_config_dirs}/Trolltech.conf{,.@{rand6}} rwl,
owner @{user_config_dirs}/xsettingsd/{,**} rw, owner @{user_config_dirs}/xsettingsd/{,**} rw,
@ -137,6 +119,9 @@ profile kded @{exec_path} {
owner @{user_share_dirs}/services5/{,**} r, owner @{user_share_dirs}/services5/{,**} r,
owner @{user_share_dirs}/user-places.xbel r, owner @{user_share_dirs}/user-places.xbel r,
owner @{user_state_dirs}/#@{int} rw,
owner @{user_state_dirs}/plasmashellstaterc{,*} rwlk,
@{run}/mount/utab r, @{run}/mount/utab r,
@{run}/udev/data/c189:@{int} r, # for /dev/bus/usb/** @{run}/udev/data/c189:@{int} r, # for /dev/bus/usb/**
@{run}/user/@{uid}/gvfs/ r, @{run}/user/@{uid}/gvfs/ r,

22
apparmor.d/groups/kde/kwin_wayland
View File

@ -29,6 +29,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
@{exec_path} mr, @{exec_path} mr,
/etc/xdg/Xwayland-session.d/00-at-spi Cx -> at-spi,
#aa:exec kscreenlocker_greet #aa:exec kscreenlocker_greet
/usr/share/color-schemes/*.colors r, /usr/share/color-schemes/*.colors r,
@ -47,6 +48,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
/etc/xdg/menus/{,applications.menu} r, /etc/xdg/menus/{,applications.menu} r,
/etc/xdg/menus/applications-merged/ r, /etc/xdg/menus/applications-merged/ r,
/etc/xdg/plasmarc r, /etc/xdg/plasmarc r,
/etc/xdg/Xwayland-session.d/{,*} r,
/etc/machine-id r, /etc/machine-id r,
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
@ -127,10 +129,28 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
@{PROC}/@{pid}/task/@{tid}/comm rw, @{PROC}/@{pid}/task/@{tid}/comm rw,
/dev/input/event@{int} rw, @{att}/dev/input/event@{int} rw,
@{att}/dev/dri/card@{int} rw,
/dev/tty r, /dev/tty r,
/dev/tty@{int} rw, /dev/tty@{int} rw,
profile at-spi {
include <abstractions/base>
@{sh_path} r,
@{bin}/busctl rix,
@{bin}/sed rix,
@{bin}/xprop rPx,
/etc/xdg/Xwayland-session.d/00-at-spi r,
/home/ r,
owner @{HOME}/ r,
include if exists <local/kwin_wayland_at-spi>
}
include if exists <local/kwin_wayland> include if exists <local/kwin_wayland>
} }

1
apparmor.d/groups/kde/plasmashell
View File

@ -76,6 +76,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
/usr/share/solid/actions/{,**} r, /usr/share/solid/actions/{,**} r,
/usr/share/swcatalog/{,**} r, /usr/share/swcatalog/{,**} r,
/usr/share/templates/{,*.desktop} r, /usr/share/templates/{,*.desktop} r,
/usr/share/thumbnailers/{,*} r,
/usr/share/wallpapers/{,**} r, /usr/share/wallpapers/{,**} r,
/etc/appstream.conf r, /etc/appstream.conf r,

2
apparmor.d/groups/kde/sddm-greeter
View File

@ -14,7 +14,7 @@ profile sddm-greeter @{exec_path} {
include <abstractions/bus-system> include <abstractions/bus-system>
include <abstractions/bus/org.freedesktop.login1> include <abstractions/bus/org.freedesktop.login1>
include <abstractions/bus/org.freedesktop.UPower> include <abstractions/bus/org.freedesktop.UPower>
include <abstractions/fontconfig-cache-read> include <abstractions/fontconfig-cache-write>
include <abstractions/graphics> include <abstractions/graphics>
include <abstractions/kde-strict> include <abstractions/kde-strict>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>

1
apparmor.d/groups/kde/startplasma
View File

@ -62,6 +62,7 @@ profile startplasma @{exec_path} {
owner @{user_config_dirs}/startkderc r, owner @{user_config_dirs}/startkderc r,
owner @{user_config_dirs}/Trolltech.conf.lock rwk, owner @{user_config_dirs}/Trolltech.conf.lock rwk,
owner @{user_config_dirs}/Trolltech.conf{,.@{rand6}} rwl, owner @{user_config_dirs}/Trolltech.conf{,.@{rand6}} rwl,
owner link @{user_config_dirs}/kdeglobals -> @{user_config_dirs}/#@{int},
owner @{user_share_dirs}/color-schemes/{,**} r, owner @{user_share_dirs}/color-schemes/{,**} r,
owner @{user_share_dirs}/kservices{5,6}/{,**} r, owner @{user_share_dirs}/kservices{5,6}/{,**} r,

1
apparmor.d/groups/kde/xembedsniproxy
View File

@ -10,6 +10,7 @@ include <tunables/global>
profile xembedsniproxy @{exec_path} { profile xembedsniproxy @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/fonts> include <abstractions/fonts>
include <abstractions/graphics>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/qt5> include <abstractions/qt5>