mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 08:58:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: steam support on flatpak.

Browse source 
fix #368
This commit is contained in:
Alexandre Pujol 2024-06-07 17:10:54 +01:00
parent b66274b2ca
commit 503e83a896
Failed to generate hash of commit
4 changed files with 25 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
apparmor.d/abstractions/common/app
View file

@ -31,7 +31,9 @@
dbus bus=session, dbus bus=session,
dbus bus=system, dbus bus=system,
/usr/** r, /usr/cache/** r,
/usr/local/** r,
/usr/share/** rk,
/etc/{,**} r, /etc/{,**} r,
@ -93,6 +95,7 @@
@{PROC}/@{pid}/task/@{tid}/status r, @{PROC}/@{pid}/task/@{tid}/status r,
@{PROC}/bus/pci/devices r, @{PROC}/bus/pci/devices r,
@{PROC}/driver/** r, @{PROC}/driver/** r,
@{PROC}/locks r,
@{PROC}/pressure/cpu r, @{PROC}/pressure/cpu r,
@{PROC}/pressure/io r, @{PROC}/pressure/io r,
@{PROC}/pressure/memory r, @{PROC}/pressure/memory r,
@ -106,9 +109,13 @@
@{PROC}/zoneinfo r, @{PROC}/zoneinfo r,
owner @{PROC}/@{pid}/clear_refs w, owner @{PROC}/@{pid}/clear_refs w,
owner @{PROC}/@{pid}/comm rw, owner @{PROC}/@{pid}/comm rw,
owner @{PROC}/@{pid}/environ r,
owner @{PROC}/@{pid}/fd/@{int} rw, owner @{PROC}/@{pid}/fd/@{int} rw,
owner @{PROC}/@{pid}/fdinfo/@{int} r,
owner @{PROC}/@{pid}/io r, owner @{PROC}/@{pid}/io r,
owner @{PROC}/@{pid}/loginuid r, owner @{PROC}/@{pid}/loginuid r,
owner @{PROC}/@{pid}/mem r,
owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/net/if_inet6 r, owner @{PROC}/@{pid}/net/if_inet6 r,
owner @{PROC}/@{pid}/oom_score_adj rw, owner @{PROC}/@{pid}/oom_score_adj rw,
owner @{PROC}/@{pid}/statm r, owner @{PROC}/@{pid}/statm r,

3
apparmor.d/groups/bus/dbus-session
View file

@ -48,6 +48,9 @@ profile dbus-session flags=(attach_disconnected) {
/etc/machine-id r, /etc/machine-id r,
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
owner @{HOME}/.var/app/*/**/.ref rw,
owner @{HOME}/.var/app/*/**/logs/* rw,
@{run}/systemd/users/@{uid} r, @{run}/systemd/users/@{uid} r,
owner @{run}/user/@{uid}/dbus-1/ rw, owner @{run}/user/@{uid}/dbus-1/ rw,
owner @{run}/user/@{uid}/dbus-1/services/ rw, owner @{run}/user/@{uid}/dbus-1/services/ rw,

5
apparmor.d/groups/freedesktop/xdg-dbus-proxy
View file

@ -25,13 +25,16 @@ profile xdg-dbus-proxy @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr, @{exec_path} mr,
owner @{HOME}/.var/app/*/.local/share/*/logs/* rw,
owner @{HOME}/.var/app/*/.local/share/*/**/usr/.ref rw,
owner @{run}/firejail/dbus/@{int}/@{int}-{system,user} rw, owner @{run}/firejail/dbus/@{int}/@{int}-{system,user} rw,
owner @{run}/user/@{uid}/.dbus-proxy/{system,session,a11y}-bus-proxy-@{rand6} rw, owner @{run}/user/@{uid}/.dbus-proxy/{system,session,a11y}-bus-proxy-@{rand6} rw,
owner @{run}/user/@{uid}/webkitgtk/a11y-proxy-@{rand6} rw, owner @{run}/user/@{uid}/webkitgtk/a11y-proxy-@{rand6} rw,
owner @{run}/user/@{uid}/webkitgtk/bus-proxy-@{rand6} rw, owner @{run}/user/@{uid}/webkitgtk/bus-proxy-@{rand6} rw,
owner @{run}/user/@{uid}/webkitgtk/dbus-proxy-@{rand6} rw, owner @{run}/user/@{uid}/webkitgtk/dbus-proxy-@{rand6} rw,
@{sys}/devices/virtual/thermal/thermal_zone[0-9]/hwmon[0-9]/temp* r, @{sys}/devices/virtual/thermal/thermal_zone@{int}/hwmon@{int}/temp* r,
/dev/dri/card@{int} rw, /dev/dri/card@{int} rw,

15
apparmor.d/profiles-a-f/flatpak-app
View file

@ -41,6 +41,7 @@ profile flatpak-app flags=(attach_disconnected,mediate_deleted) {
network netlink raw, network netlink raw,
ptrace (read), ptrace (read),
ptrace trace peer=flatpak-app,
signal (receive) set=(int) peer=flatpak-portal, signal (receive) set=(int) peer=flatpak-portal,
signal (receive) set=(int) peer=flatpak-session-helper, signal (receive) set=(int) peer=flatpak-session-helper,
@ -54,6 +55,10 @@ profile flatpak-app flags=(attach_disconnected,mediate_deleted) {
/var/lib/flatpak/app/*/**/@{bin}/** rmix, /var/lib/flatpak/app/*/**/@{bin}/** rmix,
/var/lib/flatpak/app/*/**/@{lib}/** rmix, /var/lib/flatpak/app/*/**/@{lib}/** rmix,
@{run}/parent/@{bin}/** rmix,
@{run}/parent/@{lib}/** rmix,
@{run}/parent/app/** rmix,
@{bin}/gtk{,4}-update-icon-cache rPx -> flatpak-app//&gtk-update-icon-cache, @{bin}/gtk{,4}-update-icon-cache rPx -> flatpak-app//&gtk-update-icon-cache,
@{bin}/update-desktop-database rPx -> flatpak-app//&update-desktop-database, @{bin}/update-desktop-database rPx -> flatpak-app//&update-desktop-database,
@{bin}/update-mime-database rPx -> flatpak-app//&update-mime-database, @{bin}/update-mime-database rPx -> flatpak-app//&update-mime-database,
@ -62,23 +67,23 @@ profile flatpak-app flags=(attach_disconnected,mediate_deleted) {
@{lib}/kf5/kioslave5 rPx, @{lib}/kf5/kioslave5 rPx,
@{lib}/kf6/kioworker rPx, @{lib}/kf6/kioworker rPx,
/var/lib/flatpak/app/{,**} r,
/usr/.ref rk,
/etc/**/ rw, /etc/**/ rw,
/etc/shells rw, /etc/shells rw,
/app/.ref k, /app/.ref rk,
/app/extra/** rw, /app/extra/** rw,
/app/lib/** rk, /app/lib/** rk,
/bindfile@{rand6} rw, /bindfile@{rand6} rw,
/usr/.ref rk,
/var/lib/flatpak/app/{,**} r, /var/lib/flatpak/app/{,**} r,
/var/lib/flatpak/exports/** rw, /var/lib/flatpak/exports/** rw,
/var/tmp/etilqs_@{hex} rw, /var/tmp/etilqs_@{hex} rw,
@{run}/.userns r, @{run}/.userns r,
@{run}/parent/** r,
@{run}/parent/app/.ref rk,
@{run}/parent/usr/.ref rk,
owner @{run}/flatpak/{,**} rk, owner @{run}/flatpak/{,**} rk,
owner @{run}/flatpak/app/** rw, owner @{run}/flatpak/app/** rw,
owner @{run}/flatpak/doc/** rw, owner @{run}/flatpak/doc/** rw,