mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 08:58:15 +01:00
feat(profile): remove rule moved in the base or nameservice abstraction.
This commit is contained in:
Alexandre Pujol
parent
57508bd7ea
commit
5c8dda1ced
71 changed files with 0 additions and 102 deletions
|
|
@ -100,7 +100,6 @@
|
|||
@{PROC}/pressure/io r,
|
||||
@{PROC}/pressure/memory r,
|
||||
@{PROC}/sys/fs/inotify/max_user_watches r,
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
@{PROC}/sys/kernel/osrelease r,
|
||||
@{PROC}/sys/kernel/pid_max r,
|
||||
@{PROC}/sys/kernel/sched_autogroup_enabled r,
|
||||
|
|
|
|||
|
|
@ -99,7 +99,6 @@ profile default @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
|||
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/session.slice/dbus.service/memory.* r,
|
||||
|
||||
@{PROC}/cmdline r,
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
@{PROC}/sys/kernel/seccomp/actions_avail r,
|
||||
@{PROC}/zoneinfo r,
|
||||
owner @{PROC}/@{pid}/cgroup r,
|
||||
|
|
|
|||
|
|
@ -36,8 +36,6 @@ profile akonadi_akonotes_resource @{exec_path} {
|
|||
owner @{user_config_dirs}/kdeglobals r,
|
||||
owner @{user_config_dirs}/kwinrc r,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/akonadi_akonotes_resource>
|
||||
|
|
|
|||
|
|
@ -42,8 +42,6 @@ profile akonadi_archivemail_agent @{exec_path} {
|
|||
|
||||
owner @{user_share_dirs}/akonadi/file_db_data/{,**} r,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/akonadi_archivemail_agent>
|
||||
|
|
|
|||
|
|
@ -35,8 +35,6 @@ profile akonadi_birthdays_resource @{exec_path} {
|
|||
owner @{user_config_dirs}/kdeglobals r,
|
||||
owner @{user_config_dirs}/kwinrc r,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/akonadi_birthdays_resource>
|
||||
|
|
|
|||
|
|
@ -39,8 +39,6 @@ profile akonadi_contacts_resource @{exec_path} {
|
|||
owner @{user_share_dirs}/contacts/ r,
|
||||
owner @{user_share_dirs}/contacts/*.vcf w,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/akonadi_contacts_resource>
|
||||
|
|
|
|||
|
|
@ -40,8 +40,6 @@ profile akonadi_control @{exec_path} {
|
|||
|
||||
owner @{user_share_dirs}/akonadi/{,**} rwl,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/akonadi_control>
|
||||
|
|
|
|||
|
|
@ -38,8 +38,6 @@ profile akonadi_followupreminder_agent @{exec_path} {
|
|||
owner @{user_config_dirs}/kdeglobals r,
|
||||
owner @{user_config_dirs}/kwinrc r,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/akonadi_followupreminder_agent>
|
||||
|
|
|
|||
|
|
@ -31,8 +31,6 @@ profile akonadi_ical_resource @{exec_path} {
|
|||
owner @{user_config_dirs}/kwinrc r,
|
||||
owner @{user_share_dirs}/apps/korganizer/{,**} rw,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/akonadi_ical_resource>
|
||||
|
|
|
|||
|
|
@ -45,8 +45,6 @@ profile akonadi_indexing_agent @{exec_path} {
|
|||
owner @{user_share_dirs}/akonadi/ rw,
|
||||
owner @{user_share_dirs}/akonadi/** rwlk -> @{user_share_dirs}/akonadi/**,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/akonadi_indexing_agent>
|
||||
|
|
|
|||
|
|
@ -39,8 +39,6 @@ profile akonadi_maildir_resource @{exec_path} {
|
|||
owner @{user_share_dirs}/akonadi/{,**} rwk,
|
||||
owner @{user_share_dirs}/local-mail*/{,**} rw,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern rw,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/akonadi_maildir_resource>
|
||||
|
|
|
|||
|
|
@ -50,8 +50,6 @@ profile akonadi_maildispatcher_agent @{exec_path} {
|
|||
|
||||
owner @{user_share_dirs}/akonadi/file_db_data/{,**} r,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/akonadi_maildispatcher_agent>
|
||||
|
|
|
|||
|
|
@ -56,8 +56,6 @@ profile akonadi_mailfilter_agent @{exec_path} {
|
|||
|
||||
owner @{user_share_dirs}/akonadi/file_db_data/{,**} rw,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/akonadi_mailfilter_agent>
|
||||
|
|
|
|||
|
|
@ -39,8 +39,6 @@ profile akonadi_mailmerge_agent @{exec_path} {
|
|||
owner @{user_config_dirs}/kdeglobals r,
|
||||
owner @{user_config_dirs}/kwinrc r,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/akonadi_mailmerge_agent>
|
||||
|
|
|
|||
|
|
@ -36,8 +36,6 @@ profile akonadi_migration_agent @{exec_path} {
|
|||
|
||||
owner @{user_share_dirs}/akonadi_migration_agent/{,**} rw,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/akonadi_migration_agent>
|
||||
|
|
|
|||
|
|
@ -33,8 +33,6 @@ profile akonadi_newmailnotifier_agent @{exec_path} {
|
|||
owner @{user_config_dirs}/kmail2rc r,
|
||||
owner @{user_config_dirs}/specialmailcollectionsrc r,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/akonadi_newmailnotifier_agent>
|
||||
|
|
|
|||
|
|
@ -39,8 +39,6 @@ profile akonadi_notes_agent @{exec_path} {
|
|||
owner @{user_config_dirs}/kdeglobals r,
|
||||
owner @{user_config_dirs}/kwinrc r,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/akonadi_notes_agent>
|
||||
|
|
|
|||
|
|
@ -40,8 +40,6 @@ profile akonadi_sendlater_agent @{exec_path} {
|
|||
owner @{user_config_dirs}/kdeglobals r,
|
||||
owner @{user_config_dirs}/kwinrc r,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/akonadi_sendlater_agent>
|
||||
|
|
|
|||
|
|
@ -34,8 +34,6 @@ profile akonadi_unifiedmailbox_agent @{exec_path} {
|
|||
owner @{user_config_dirs}/kdeglobals r,
|
||||
owner @{user_config_dirs}/kwinrc r,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/akonadi_unifiedmailbox_agent>
|
||||
|
|
|
|||
|
|
@ -45,7 +45,6 @@ profile telegram-desktop @{exec_path} {
|
|||
owner @{run}/user/@{uid}/@{hex}-* rwk,
|
||||
owner /dev/shm/#@{int} rw,
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
|
|
|
|||
|
|
@ -55,7 +55,6 @@ profile firefox-kmozillahelper @{exec_path} {
|
|||
|
||||
@{run}/udev/data/c189:@{int} r, # for /dev/bus/usb/**
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
|
||||
/dev/tty r,
|
||||
|
|
|
|||
|
|
@ -53,7 +53,6 @@ profile polkit-kde-authentication-agent @{exec_path} flags=(attach_disconnected,
|
|||
@{PROC}/@{pid}/cgroup r,
|
||||
@{PROC}/@{pid}/cmdline r,
|
||||
@{PROC}/@{pid}/fd/ r,
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
include if exists <local/polkit-kde-authentication-agent>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -38,8 +38,6 @@ profile xdg-desktop-portal-kde @{exec_path} {
|
|||
|
||||
owner @{run}/user/@{uid}/xdg-desktop-portal-kde@{rand6}.*.socket rw,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/xdg-desktop-portal-kde>
|
||||
|
|
|
|||
|
|
@ -55,8 +55,6 @@ profile DiscoverNotifier @{exec_path} {
|
|||
|
||||
owner @{tmp}/ostree-gpg-*/ rw,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
profile gpg {
|
||||
|
|
|
|||
|
|
@ -42,7 +42,6 @@ profile baloo @{exec_path} {
|
|||
|
||||
owner @{user_share_dirs}/baloo/{,**} rwk,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
|
||||
|
|
|
|||
|
|
@ -61,8 +61,6 @@ profile baloorunner @{exec_path} {
|
|||
@{sys}/class/*/ r,
|
||||
@{sys}/devices/**/uevent r,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/baloorunner>
|
||||
|
|
|
|||
|
|
@ -86,7 +86,6 @@ profile dolphin @{exec_path} {
|
|||
owner @{run}/user/@{uid}/dolphin@{rand6}.@{int}.kioworker.socket rwl -> @{run}/user/@{uid}/#@{int},
|
||||
owner @{run}/user/@{uid}/#@{int} rw,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
||||
|
|
|
|||
|
|
@ -26,8 +26,6 @@ profile kaccess @{exec_path} {
|
|||
|
||||
owner @{user_share_dirs}/mime/generic-icons r,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/kaccess>
|
||||
|
|
|
|||
|
|
@ -49,7 +49,6 @@ profile kactivitymanagerd @{exec_path} {
|
|||
owner @{run}/user/@{uid}/#@{int} rw,
|
||||
owner @{run}/user/@{uid}/*@{rand6}.*.socket rwl -> @{run}/user/@{uid}/#@{int},
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
||||
|
|
|
|||
|
|
@ -36,8 +36,6 @@ profile kalendarac @{exec_path} {
|
|||
owner @{user_config_dirs}/kalendaracrc.lock rwk,
|
||||
owner @{user_config_dirs}/kmail2rc r,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/kalendarac>
|
||||
|
|
|
|||
|
|
@ -40,7 +40,6 @@ profile kcminit @{exec_path} {
|
|||
|
||||
@{run}/user/@{uid}/xauth_@{rand6} rl,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
|
||||
/dev/tty r,
|
||||
|
|
|
|||
|
|
@ -71,7 +71,6 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted)
|
|||
|
||||
@{PROC}/@{pid}/fd/ r,
|
||||
@{PROC}/@{pid}/mounts r,
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/i2c-@{int} rwk,
|
||||
/dev/rfkill r,
|
||||
|
|
|
|||
|
|
@ -157,7 +157,6 @@ profile kded @{exec_path} {
|
|||
@{PROC}/@{pids}/fdinfo/@{int} r,
|
||||
@{PROC}/@{pids}/fd/info/@{int} r,
|
||||
@{PROC}/sys/fs/inotify/max_user_{instances,watches} r,
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
||||
|
|
|
|||
|
|
@ -23,8 +23,6 @@ profile kglobalacceld @{exec_path} {
|
|||
owner @{user_config_dirs}/kglobalshortcutsrc* rwl,
|
||||
owner @{user_config_dirs}/kglobalshortcutsrc.lock rwk,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/kglobalacceld>
|
||||
|
|
|
|||
|
|
@ -21,7 +21,5 @@ profile kio_http_cache_cleaner @{exec_path} {
|
|||
|
||||
owner @{run}/user/@{uid}/kio_http_cache_cleaner rw,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
include if exists <local/kio_http_cache_cleaner>
|
||||
}
|
||||
|
|
@ -92,7 +92,6 @@ profile kioworker @{exec_path} {
|
|||
owner @{run}/user/@{uid}/#@{int} rw,
|
||||
owner @{run}/user/@{uid}/kio_*.socket rwl -> @{run}/user/@{uid}/#@{int},
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
||||
|
|
|
|||
|
|
@ -62,7 +62,6 @@ profile konsole @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
|||
owner @{tmp}/#@{int} rw,
|
||||
owner @{tmp}/konsole.@{rand6} rw,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
@{PROC}/@{pid}/cmdline r,
|
||||
@{PROC}/@{pid}/stat r,
|
||||
|
||||
|
|
|
|||
|
|
@ -101,7 +101,6 @@ profile kscreenlocker_greet @{exec_path} {
|
|||
@{PROC}/@{pid}/fd/ r,
|
||||
@{PROC}/@{pid}/loginuid r,
|
||||
@{PROC}/@{pid}/mounts r,
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
owner @{PROC}/@{pid}/loginuid r,
|
||||
|
||||
/dev/tty r,
|
||||
|
|
|
|||
|
|
@ -67,8 +67,6 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
|||
@{run}/systemd/inhibit/[0-9]*.ref rw,
|
||||
owner @{run}/user/@{uid}/KSMserver__[0-9] rw,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/ksmserver>
|
||||
|
|
|
|||
|
|
@ -53,7 +53,6 @@ profile ksmserver-logout-greeter @{exec_path} flags=(attach_disconnected) {
|
|||
owner @{run}/user/@{uid}/ r,
|
||||
|
||||
@{PROC}/sys/dev/i915/perf_stream_paranoid r,
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
owner @{PROC}/@{pid}/exe r,
|
||||
owner @{PROC}/@{pid}/status r,
|
||||
|
||||
|
|
|
|||
|
|
@ -32,7 +32,5 @@ profile ksplashqml @{exec_path} {
|
|||
owner @{user_config_dirs}/ksplashrc r,
|
||||
owner @{user_config_dirs}/plasmarc r,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
include if exists <local/ksplashqml>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -43,7 +43,6 @@ profile kwalletd @{exec_path} {
|
|||
|
||||
owner @{tmp}/kwalletd5.* rw,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
|
||||
|
|
|
|||
|
|
@ -43,7 +43,6 @@ profile kwalletmanager @{exec_path} {
|
|||
|
||||
@{PROC}/@{pid}/mountinfo r,
|
||||
@{PROC}/@{pid}/mounts r,
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
|
||||
/dev/shm/ r,
|
||||
|
|
|
|||
|
|
@ -126,7 +126,6 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
|
|||
@{run}/udev/data/c226:@{int} r, # for /dev/dri/card*
|
||||
|
||||
@{PROC}/@{pid}/task/@{tid}/comm rw,
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/input/event@{int} rw,
|
||||
/dev/tty r,
|
||||
|
|
|
|||
|
|
@ -64,8 +64,6 @@ profile kwin_x11 @{exec_path} {
|
|||
@{sys}/devices/system/node/ r,
|
||||
@{sys}/devices/system/node/node@{int}/meminfo r,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/kwin_x11>
|
||||
|
|
|
|||
|
|
@ -48,8 +48,6 @@ profile okular @{exec_path} {
|
|||
owner @{tmp}/#@{int} rw,
|
||||
owner @{tmp}/okular_@{rand6}.ps rwl -> /tmp/#@{int},
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
profile gpg {
|
||||
include <abstractions/base>
|
||||
|
||||
|
|
|
|||
|
|
@ -37,7 +37,6 @@ profile plasma-browser-integration-host @{exec_path} {
|
|||
owner @{user_share_dirs}/kservices{5,6}/ r,
|
||||
owner @{user_share_dirs}/kservices{5,6}/ServiceMenus/ r,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
owner @{PROC}/@{pid}/stat r,
|
||||
|
||||
|
|
|
|||
|
|
@ -95,7 +95,6 @@ profile plasma-discover @{exec_path} {
|
|||
owner @{run}/user/@{uid}/#@{int} rw,
|
||||
owner @{run}/user/@{uid}/discover@{rand6}.* rwl -> @{run}/user/@{uid}/#@{int},
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
|
||||
/dev/tty r,
|
||||
|
|
|
|||
|
|
@ -45,7 +45,5 @@ profile plasma_session @{exec_path} {
|
|||
owner @{user_config_dirs}/kdedefaults/ksplashrc r,
|
||||
owner @{user_config_dirs}/plasma-welcomerc r,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
include if exists <local/plasma_session>
|
||||
}
|
||||
|
|
@ -192,7 +192,6 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
|
|||
@{PROC}/cmdline r,
|
||||
@{PROC}/diskstats r,
|
||||
@{PROC}/loadavg r,
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
@{PROC}/uptime r,
|
||||
@{PROC}/vmstat r,
|
||||
owner @{PROC}/@{pid}/{cgroup,cmdline,stat,statm} r,
|
||||
|
|
|
|||
|
|
@ -188,7 +188,6 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
|||
@{PROC}/uptime r,
|
||||
@{PROC}/@{pids}/cmdline r,
|
||||
@{PROC}/@{pids}/stat r,
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
owner @{PROC}/@{pid}/loginuid rw,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
owner @{PROC}/@{pid}/uid_map r,
|
||||
|
|
|
|||
|
|
@ -68,7 +68,6 @@ profile sddm-greeter @{exec_path} {
|
|||
|
||||
owner @{run}/sddm/{,*} rw,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
||||
|
|
|
|||
|
|
@ -77,7 +77,6 @@ profile startplasma @{exec_path} {
|
|||
|
||||
owner @{run}/user/@{uid}/ r,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
owner @{PROC}/@{pid}/maps r,
|
||||
|
||||
|
|
|
|||
|
|
@ -74,7 +74,6 @@ profile systemsettings @{exec_path} {
|
|||
@{sys}/bus/cpu/devices/ r,
|
||||
@{sys}/class/ r,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
||||
/dev/tty r,
|
||||
|
|
|
|||
|
|
@ -46,7 +46,6 @@ profile apport @{exec_path} flags=(attach_disconnected) {
|
|||
@{PROC}/@{pid}/environ r,
|
||||
@{PROC}/@{pid}/stat r,
|
||||
@{PROC}/sys/fs/suid_dumpable w,
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
@{PROC}/sys/kernel/core_pattern w,
|
||||
@{PROC}/sys/kernel/core_pipe_limit w,
|
||||
owner @{PROC}/@{pid}/attr/current r,
|
||||
|
|
|
|||
|
|
@ -49,7 +49,6 @@ profile birdtray @{exec_path} {
|
|||
|
||||
/dev/shm/#@{int} rw,
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
|
|
|||
|
|
@ -51,7 +51,6 @@ profile flameshot @{exec_path} {
|
|||
owner @{tmp}/.@{rand8}/** rw,
|
||||
owner /dev/shm/#@{int} rw,
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
|
|
|
|||
|
|
@ -15,8 +15,6 @@ profile groups @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
|
||||
/dev/tty@{int} rw,
|
||||
|
||||
include if exists <local/groups>
|
||||
|
|
|
|||
|
|
@ -65,7 +65,6 @@ profile kanyremote @{exec_path} {
|
|||
|
||||
owner /dev/shm/#@{int} rw,
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
|
||||
profile killall {
|
||||
|
|
|
|||
|
|
@ -61,7 +61,6 @@ profile kodi @{exec_path} {
|
|||
|
||||
@{PROC}/@{pid}/net/dev r,
|
||||
@{PROC}/@{pid}/net/route r,
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
|
||||
|
|
|
|||
|
|
@ -51,7 +51,6 @@ profile megasync @{exec_path} {
|
|||
owner @{user_sync_dirs}/ r,
|
||||
owner @{user_sync_dirs}/** rwl -> @{user_sync_dirs}/**,
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
|
|
|||
|
|
@ -64,8 +64,6 @@ profile minitube @{exec_path} {
|
|||
# owner @{tmp}/#@{int} mrw,
|
||||
# owner @{tmp}/.glvnd* mrw,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
|
||||
/dev/shm/#@{int} rw,
|
||||
|
|
|
|||
|
|
@ -61,7 +61,6 @@ profile psi @{exec_path} {
|
|||
|
||||
@{run}/systemd/inhibit/[0-9]*.ref rw,
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
|
|
|||
|
|
@ -61,7 +61,6 @@ profile psi-plus @{exec_path} {
|
|||
|
||||
@{run}/systemd/inhibit/[0-9]*.ref rw,
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
|
|
|||
|
|
@ -46,7 +46,6 @@ profile qbittorrent-nox @{exec_path} {
|
|||
owner @{tmp}/qtsingleapp-qBitto-* rw,
|
||||
owner @{tmp}/qtsingleapp-qBitto-*-lockfile rwk,
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
||||
|
|
|
|||
|
|
@ -64,7 +64,6 @@ profile qnapi @{exec_path} {
|
|||
owner @{tmp}/QNapi.@{int}.tmp.* rwl -> /tmp/#@{int},
|
||||
owner @{tmp}/QNapi.@{int} rw,
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
|
|
|||
|
|
@ -54,7 +54,6 @@ profile qpdfview @{exec_path} {
|
|||
owner @{tmp}/#@{int} rw,
|
||||
owner @{tmp}/qpdfview.*.pdf rwl -> /tmp/#@{int},
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
|
|
|||
|
|
@ -33,7 +33,6 @@ profile qt5ct @{exec_path} {
|
|||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
|
||||
/dev/shm/#@{int} rw,
|
||||
|
|
|
|||
|
|
@ -50,7 +50,6 @@ profile qtox @{exec_path} {
|
|||
owner @{user_share_dirs}/qTox/** rw,
|
||||
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
@{PROC}/sys/kernel/core_pattern r, # for KCrash::initialize()
|
||||
|
||||
owner @{tmp}/qipc_{systemsem,sharedmemory}_*@{hex} rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -72,7 +72,6 @@ profile strawberry @{exec_path} {
|
|||
|
||||
@{run}/mount/utab r,
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
|
|
|
|||
|
|
@ -36,7 +36,6 @@ profile usbguard-applet-qt @{exec_path} {
|
|||
owner @{run}/user/@{uid}/sni-qt_usbguard-applet-qt_@{int}-[a-zA-Z0-9]*/{,**} rw,
|
||||
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/usr/share/hwdata/pnp.ids r,
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue