From 59469b57b456980fa67c97b9e84826fa93b605ff Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 9 Jul 2023 12:30:09 +0100 Subject: [PATCH] feat(profiles): general update. --- apparmor.d/groups/browsers/firefox-crashreporter | 4 ++-- apparmor.d/groups/browsers/firefox-minidump-analyzer | 4 ++-- apparmor.d/groups/browsers/firefox-plugin-container | 4 ++-- apparmor.d/groups/freedesktop/xdg-user-dir | 1 + apparmor.d/profiles-s-z/which | 4 +++- apparmor.d/profiles-s-z/wireplumber | 3 +++ dists/flags/main.flags | 2 +- 7 files changed, 14 insertions(+), 8 deletions(-) diff --git a/apparmor.d/groups/browsers/firefox-crashreporter b/apparmor.d/groups/browsers/firefox-crashreporter index 1ad1d44e..88a59fb0 100644 --- a/apparmor.d/groups/browsers/firefox-crashreporter +++ b/apparmor.d/groups/browsers/firefox-crashreporter @@ -7,8 +7,8 @@ abi , include -@{firefox_name} = firefox{,-esr} -@{firefox_lib_dirs} = /{usr/,}lib{,32,64}/@{firefox_name}/ /opt/@{firefox_name}/ +@{firefox_name} = firefox{,.sh,-esr,-bin} +@{firefox_lib_dirs} = /{usr/,}lib{,32,64}/@{firefox_name} /opt/@{firefox_name} @{firefox_config_dirs} = @{HOME}/.mozilla/ @{firefox_cache_dirs} = @{user_cache_dirs}/mozilla/ diff --git a/apparmor.d/groups/browsers/firefox-minidump-analyzer b/apparmor.d/groups/browsers/firefox-minidump-analyzer index 9628ac38..89edc408 100644 --- a/apparmor.d/groups/browsers/firefox-minidump-analyzer +++ b/apparmor.d/groups/browsers/firefox-minidump-analyzer @@ -9,8 +9,8 @@ include @{MOZ_HOMEDIR} = @{HOME}/.mozilla -@{firefox_name} = firefox{,-esr} -@{firefox_lib_dirs} = /{usr/,}lib{,32,64}/@{firefox_name}/ /opt/@{firefox_name}/ +@{firefox_name} = firefox{,.sh,-esr,-bin} +@{firefox_lib_dirs} = /{usr/,}lib{,32,64}/@{firefox_name} /opt/@{firefox_name} @{firefox_config_dirs} = @{HOME}/.mozilla/ @{firefox_cache_dirs} = @{user_cache_dirs}/mozilla/ diff --git a/apparmor.d/groups/browsers/firefox-plugin-container b/apparmor.d/groups/browsers/firefox-plugin-container index 6cde3e60..806e3b95 100644 --- a/apparmor.d/groups/browsers/firefox-plugin-container +++ b/apparmor.d/groups/browsers/firefox-plugin-container @@ -7,8 +7,8 @@ abi , include -@{firefox_name} = firefox{,-esr} -@{firefox_lib_dirs} = /{usr/,}lib{,32,64}/@{firefox_name}/ /opt/@{firefox_name}/ +@{firefox_name} = firefox{,.sh,-esr,-bin} +@{firefox_lib_dirs} = /{usr/,}lib{,32,64}/@{firefox_name} /opt/@{firefox_name} @{exec_path} = @{firefox_lib_dirs}/plugin-container profile firefox-plugin-container @{exec_path} { diff --git a/apparmor.d/groups/freedesktop/xdg-user-dir b/apparmor.d/groups/freedesktop/xdg-user-dir index 8c22068e..d13a5c23 100644 --- a/apparmor.d/groups/freedesktop/xdg-user-dir +++ b/apparmor.d/groups/freedesktop/xdg-user-dir @@ -20,6 +20,7 @@ profile xdg-user-dir @{exec_path} { # Silencer deny network inet stream, deny network inet6 stream, + deny @{user_share_dirs}/gvfs-metadata/* r, include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-s-z/which b/apparmor.d/profiles-s-z/which index 6144503a..4450e35b 100644 --- a/apparmor.d/profiles-s-z/which +++ b/apparmor.d/profiles-s-z/which @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}bin/which{.debianutils,} -profile which @{exec_path} flags=(complain) { +profile which @{exec_path} { include include @@ -28,5 +28,7 @@ profile which @{exec_path} flags=(complain) { owner @{HOME}/.krew/bin/ r, owner @{HOME}/go/bin/ r, + deny @{user_share_dirs}/gvfs-metadata/* r, + include if exists } diff --git a/apparmor.d/profiles-s-z/wireplumber b/apparmor.d/profiles-s-z/wireplumber index dd2af885..9ae982d5 100644 --- a/apparmor.d/profiles-s-z/wireplumber +++ b/apparmor.d/profiles-s-z/wireplumber @@ -21,6 +21,9 @@ profile wireplumber @{exec_path} { @{exec_path} mr, + /opt/intel/oneapi/{compiler,lib,mkl}/**/ r, + /opt/intel/oneapi/{compiler,lib,mkl}/**.so* mr, + /etc/machine-id r, /usr/share/alsa-card-profile/{,**} r, diff --git a/dists/flags/main.flags b/dists/flags/main.flags index 7ebf502f..e1a435ba 100644 --- a/dists/flags/main.flags +++ b/dists/flags/main.flags @@ -177,7 +177,7 @@ kauth-kded-smart-helper complain kauth-kinfocenter-dmidecode-helper complain kcminit complain kconf_update complain -kde-powerdevil complain +kde-powerdevil attach_disconnected,complain kded5 complain kernel-install complain kglobalaccel5 complain