mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 07:54:17 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(profiles): general update.

Browse Source
This commit is contained in:
Alexandre Pujol 2023-07-09 12:30:09 +01:00
parent 1a82f00d2f
commit 59469b57b4
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
7 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apparmor.d/groups/browsers/firefox-crashreporter
View File

@ -7,8 +7,8 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{firefox_name} = firefox{,-esr} @{firefox_name} = firefox{,.sh,-esr,-bin}
@{firefox_lib_dirs} = /{usr/,}lib{,32,64}/@{firefox_name}/ /opt/@{firefox_name}/ @{firefox_lib_dirs} = /{usr/,}lib{,32,64}/@{firefox_name} /opt/@{firefox_name}
@{firefox_config_dirs} = @{HOME}/.mozilla/ @{firefox_config_dirs} = @{HOME}/.mozilla/
@{firefox_cache_dirs} = @{user_cache_dirs}/mozilla/ @{firefox_cache_dirs} = @{user_cache_dirs}/mozilla/

4
apparmor.d/groups/browsers/firefox-minidump-analyzer
View File

@ -9,8 +9,8 @@ include <tunables/global>
@{MOZ_HOMEDIR} = @{HOME}/.mozilla @{MOZ_HOMEDIR} = @{HOME}/.mozilla
@{firefox_name} = firefox{,-esr} @{firefox_name} = firefox{,.sh,-esr,-bin}
@{firefox_lib_dirs} = /{usr/,}lib{,32,64}/@{firefox_name}/ /opt/@{firefox_name}/ @{firefox_lib_dirs} = /{usr/,}lib{,32,64}/@{firefox_name} /opt/@{firefox_name}
@{firefox_config_dirs} = @{HOME}/.mozilla/ @{firefox_config_dirs} = @{HOME}/.mozilla/
@{firefox_cache_dirs} = @{user_cache_dirs}/mozilla/ @{firefox_cache_dirs} = @{user_cache_dirs}/mozilla/

4
apparmor.d/groups/browsers/firefox-plugin-container
View File

@ -7,8 +7,8 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{firefox_name} = firefox{,-esr} @{firefox_name} = firefox{,.sh,-esr,-bin}
@{firefox_lib_dirs} = /{usr/,}lib{,32,64}/@{firefox_name}/ /opt/@{firefox_name}/ @{firefox_lib_dirs} = /{usr/,}lib{,32,64}/@{firefox_name} /opt/@{firefox_name}
@{exec_path} = @{firefox_lib_dirs}/plugin-container @{exec_path} = @{firefox_lib_dirs}/plugin-container
profile firefox-plugin-container @{exec_path} { profile firefox-plugin-container @{exec_path} {

1
apparmor.d/groups/freedesktop/xdg-user-dir
View File

@ -20,6 +20,7 @@ profile xdg-user-dir @{exec_path} {
# Silencer # Silencer
deny network inet stream, deny network inet stream,
deny network inet6 stream, deny network inet6 stream,
deny @{user_share_dirs}/gvfs-metadata/* r,
include if exists <local/xdg-user-dir> include if exists <local/xdg-user-dir>
} }

4
apparmor.d/profiles-s-z/which
View File

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}bin/which{.debianutils,} @{exec_path} = /{usr/,}bin/which{.debianutils,}
profile which @{exec_path} flags=(complain) { profile which @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/consoles> include <abstractions/consoles>
@ -28,5 +28,7 @@ profile which @{exec_path} flags=(complain) {
owner @{HOME}/.krew/bin/ r, owner @{HOME}/.krew/bin/ r,
owner @{HOME}/go/bin/ r, owner @{HOME}/go/bin/ r,
deny @{user_share_dirs}/gvfs-metadata/* r,
include if exists <local/which> include if exists <local/which>
} }

3
apparmor.d/profiles-s-z/wireplumber
View File

@ -21,6 +21,9 @@ profile wireplumber @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
/opt/intel/oneapi/{compiler,lib,mkl}/**/ r,
/opt/intel/oneapi/{compiler,lib,mkl}/**.so* mr,
/etc/machine-id r, /etc/machine-id r,
/usr/share/alsa-card-profile/{,**} r, /usr/share/alsa-card-profile/{,**} r,

2
dists/flags/main.flags
View File

@ -177,7 +177,7 @@ kauth-kded-smart-helper complain
kauth-kinfocenter-dmidecode-helper complain kauth-kinfocenter-dmidecode-helper complain
kcminit complain kcminit complain
kconf_update complain kconf_update complain
kde-powerdevil complain kde-powerdevil attach_disconnected,complain
kded5 complain kded5 complain
kernel-install complain kernel-install complain
kglobalaccel5 complain kglobalaccel5 complain