mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 08:58:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(browserpass): gpg give access to password repo.

Browse source
This commit is contained in:
Alexandre Pujol 2023-03-27 21:43:38 +01:00
parent b793968690
commit 4ca3ced1a5
Failed to generate hash of commit
1 changed files with 22 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
apparmor.d/profiles-a-f/browserpass
View file

@ -15,7 +15,7 @@ profile browserpass @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
/{usr/,}bin/gpg{,2} rPx,
/{usr/,}bin/gpg{2,} rCx -> gpg,
owner @{HOME}/.password-store/{,**} r,
owner @{HOME}/.mozilla/firefox/[0-9a-z]*.*/.parentlock rw,
@ -39,5 +39,26 @@ profile browserpass @{exec_path} flags=(attach_disconnected) {
deny owner @{user_share_dirs}/gvfs-metadata/{,**} r,
deny /dev/dri/* rw,
profile gpg flags=(complain) {
include <abstractions/base>
include <abstractions/nameservice-strict>
capability dac_read_search,
/{usr/,}bin/gpg{,2} mr,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
owner @{user_password_store_dirs}/ rw,
owner @{user_password_store_dirs}/** rwkl -> @{HOME}/.password-store/**,
owner @{user_projects_dirs}/**/*-store/ rw,
owner @{user_projects_dirs}/**/*-store/** rwkl -> @{user_projects_dirs}/**/*-store/**,
owner @{user_config_dirs}/*-store/ rw,
owner @{user_config_dirs}/*-store/** rwkl -> @{user_config_dirs}/*-store/**,
include if exists <local/browserpass_gpg>
}
include if exists <local/browserpass>
}