mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-19 01:18:16 +01:00
feat(profile): improve the use of org.chromium.Chromium.@{rand6}.
This commit is contained in:
parent
50b0e09a9a
commit
49b8967bb2
3 changed files with 3 additions and 8 deletions
|
@ -8,7 +8,7 @@ abi <abi/3.0>,
|
|||
include <tunables/global>
|
||||
|
||||
@{name} = brave{,-beta,-dev,-bin}
|
||||
@{domain} = com.brave.Brave
|
||||
@{domain} = com.brave.Brave org.chromium.Chromium
|
||||
@{lib_dirs} = /opt/brave{-bin,.com}{,/@{name}}
|
||||
@{config_dirs} = @{user_config_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||
@{cache_dirs} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||
|
@ -43,11 +43,6 @@ profile brave @{exec_path} {
|
|||
|
||||
owner @{tmp}/net-export/ rw, # For brave://net-export/
|
||||
|
||||
owner @{tmp}/.org.chromium.Chromium.* rwk,
|
||||
owner @{tmp}/.org.chromium.Chromium*/{,**} rw,
|
||||
|
||||
owner /dev/shm/.org.chromium.Chromium.* rw,
|
||||
|
||||
# Silencer
|
||||
deny /etc/opt/chrome/ w,
|
||||
deny /dev/disk/by-uuid/ r,
|
||||
|
|
|
@ -294,7 +294,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
|||
owner @{run}/user/@{uid}/snap.snap*/wayland-cursor-shared-* rw,
|
||||
owner @{run}/user/@{uid}/systemd/notify rw,
|
||||
|
||||
owner /dev/shm/.org.chromium.Chromium.* rw,
|
||||
owner /dev/shm/.org.chromium.Chromium.@{rand6} rw,
|
||||
owner /dev/shm/wayland.mozilla.ipc.@{int} rw,
|
||||
|
||||
/tmp/.X@{int}-lock rw,
|
||||
|
|
|
@ -105,7 +105,7 @@ profile git @{exec_path} flags=(attach_disconnected) {
|
|||
deny owner @{user_share_dirs}/gvfs-metadata/* r,
|
||||
deny owner @{user_share_dirs}/zed/**/data.mdb rw,
|
||||
deny /usr/share/nvidia/nvidia-application-profiles-* r,
|
||||
deny /dev/shm/.org.chromium.Chromium* rw,
|
||||
deny /dev/shm/.org.chromium.Chromium.@{rand6} rw,
|
||||
|
||||
profile gpg flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
|
|
Loading…
Reference in a new issue