mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-14 23:43:56 +01:00
add profiles for waybar and some hypr utilities (#414)
This commit is contained in:
parent
85ccc46e44
commit
56f3332163
21
apparmor.d/groups/hypr/hyprctl
Normal file
21
apparmor.d/groups/hypr/hyprctl
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2024 odomingao
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/3.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
@{exec_path} = @{bin}/hyprctl
|
||||||
|
|
||||||
|
profile hyprctl @{exec_path} {
|
||||||
|
include <abstractions/base>
|
||||||
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
include if exists <local/hyprctl>
|
||||||
|
}
|
||||||
|
|
||||||
|
# vim:syntax=apparmor
|
||||||
|
|
37
apparmor.d/groups/hypr/hyprlock
Normal file
37
apparmor.d/groups/hypr/hyprlock
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2024 odomingao
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/3.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
@{exec_path} = @{bin}/hyprlock
|
||||||
|
|
||||||
|
profile hyprlock @{exec_path} {
|
||||||
|
include <abstractions/base>
|
||||||
|
include <abstractions/authentication>
|
||||||
|
include <abstractions/fonts>
|
||||||
|
include <abstractions/graphics>
|
||||||
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
|
network netlink raw,
|
||||||
|
|
||||||
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
/etc/security/faillock.conf r,
|
||||||
|
/etc/shells r,
|
||||||
|
|
||||||
|
owner @{HOME}/@{XDG_WALLPAPERS_DIR}/** r,
|
||||||
|
owner @{user_pictures_dirs}/** r,
|
||||||
|
|
||||||
|
owner @{user_config_dirs}/hypr/hyprlock.conf r,
|
||||||
|
|
||||||
|
owner @{run}/faillock/@{user} rwk,
|
||||||
|
|
||||||
|
owner /dev/tty@{int} rw,
|
||||||
|
|
||||||
|
include if exists <local/hyprlock>
|
||||||
|
}
|
||||||
|
|
||||||
|
# vim:syntax=apparmor
|
31
apparmor.d/groups/hypr/hyprpaper
Normal file
31
apparmor.d/groups/hypr/hyprpaper
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2024 odomingao
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/3.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
@{exec_path} = @{bin}/hyprpaper
|
||||||
|
|
||||||
|
profile hyprpaper @{exec_path} flags=(attach_disconnected) {
|
||||||
|
include <abstractions/base>
|
||||||
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
/usr/share/icons/** r,
|
||||||
|
|
||||||
|
owner @{HOME}/@{XDG_WALLPAPERS_DIR}/** r,
|
||||||
|
|
||||||
|
owner @{user_config_dirs}/hypr/hyprpaper.conf r,
|
||||||
|
|
||||||
|
owner @{run}/user/@{uid}/ r,
|
||||||
|
owner @{run}/user/@{uid}/.hyprpaper* rw,
|
||||||
|
owner @{run}/user/@{uid}/hypr/*/.hyprpaper.sock w,
|
||||||
|
owner @{run}/user/@{uid}/hyprpaper.lock rw,
|
||||||
|
|
||||||
|
include if exists <local/hyprpaper>
|
||||||
|
}
|
||||||
|
|
||||||
|
# vim:syntax=apparmor
|
25
apparmor.d/groups/hypr/hyprpicker
Normal file
25
apparmor.d/groups/hypr/hyprpicker
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2024 odomingao
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/3.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
@{exec_path} = @{bin}/hyprpicker
|
||||||
|
|
||||||
|
profile hyprpicker @{exec_path} {
|
||||||
|
include <abstractions/base>
|
||||||
|
|
||||||
|
@{exec_path} mr,
|
||||||
|
@{bin}/wl-copy Px,
|
||||||
|
|
||||||
|
/usr/share/icons/** r,
|
||||||
|
|
||||||
|
owner @{run}/user/@{uid}/.hyprpicker* rw,
|
||||||
|
|
||||||
|
include if exists <local/hyprpicker>
|
||||||
|
}
|
||||||
|
|
||||||
|
# vim:syntax=apparmor
|
||||||
|
|
41
apparmor.d/groups/hypr/hyprpm
Normal file
41
apparmor.d/groups/hypr/hyprpm
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2024 odomingao
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/3.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
@{exec_path} = @{bin}/hyprpm
|
||||||
|
|
||||||
|
profile hyprpm @{exec_path} {
|
||||||
|
include <abstractions/base>
|
||||||
|
include <abstractions/nameservice-strict>
|
||||||
|
include <abstractions/ssl_certs>
|
||||||
|
include <abstractions/user-tmp>
|
||||||
|
|
||||||
|
network inet dgram,
|
||||||
|
network inet stream,
|
||||||
|
network inet6 dgram,
|
||||||
|
network inet6 stream,
|
||||||
|
|
||||||
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
@{bin}/** rix,
|
||||||
|
@{lib}/gcc/** rix,
|
||||||
|
@{lib}/git-core/** rix,
|
||||||
|
|
||||||
|
/usr/include/** r,
|
||||||
|
/usr/share/git-core/** r,
|
||||||
|
/usr/share/pkgconfig/** r,
|
||||||
|
|
||||||
|
owner @{HOME}/.gitconfig r,
|
||||||
|
|
||||||
|
owner @{user_share_dirs}/hyprpm/{,**} rw,
|
||||||
|
|
||||||
|
/tmp/hyprpm/** rw,
|
||||||
|
|
||||||
|
include if exists <local/hyprpm>
|
||||||
|
}
|
||||||
|
|
||||||
|
# vim:syntax=apparmor
|
34
apparmor.d/profiles-s-z/waybar
Normal file
34
apparmor.d/profiles-s-z/waybar
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2024 odomingao
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/3.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
@{exec_path} = @{bin}/waybar
|
||||||
|
|
||||||
|
profile waybar @{exec_path} flags=(attach_disconnected) {
|
||||||
|
include <abstractions/base>
|
||||||
|
include <abstractions/audio>
|
||||||
|
include <abstractions/dconf-write>
|
||||||
|
include <abstractions/desktop>
|
||||||
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
|
network inet dgram,
|
||||||
|
network inet6 dgram,
|
||||||
|
network netlink raw,
|
||||||
|
|
||||||
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
@{bin}/** rPUx,
|
||||||
|
@{user_bin_dirs}/** rPUx,
|
||||||
|
|
||||||
|
owner @{user_config_dirs}/waybar/{,**} r,
|
||||||
|
|
||||||
|
owner /dev/tty@{int} rw,
|
||||||
|
|
||||||
|
include if exists <local/waybar>
|
||||||
|
}
|
||||||
|
|
||||||
|
# vim:syntax=apparmor
|
Loading…
Reference in New Issue
Block a user