mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 00:48:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(abs): add some files into the base abstaction.

Browse source
This commit is contained in:
Alexandre Pujol 2023-11-29 17:50:26 +00:00
parent 66efedfb01
commit 60e4a01a76
Failed to generate hash of commit
19 changed files with 7 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
apparmor.d/abstractions/base.d/complete
View file

@ -1,12 +1,8 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2020-2022 Mikhail Morfikov
# Copyright (C) 2021-2022 Alexandre Pujol <alexandre@pujol.io>
# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
/usr/share/locale/ r,
@{etc_rw}/localtime r,
# Allow to receive some signals
signal (receive) peer=htop,
signal (receive) peer=sudo,
@ -21,4 +17,10 @@
ptrace (readby) peer=systemd-coredump,
/usr/share/locale/ r,
@{etc_rw}/localtime r,
/etc/gnutls/config r,
/etc/locale.conf r,
@{sys}/devices/system/cpu/possible r,

1
apparmor.d/abstractions/chromium
View file

@ -104,7 +104,6 @@
/etc/@{name}/{,**} r,
/etc/fstab r,
/etc/gnutls/config r,
/etc/igfx_user_feature{,_next}.txt w,
/etc/libva.conf r,
/etc/opensc.conf r,

1
apparmor.d/groups/_full/default
View file

@ -69,7 +69,6 @@ profile default @{exec_path} flags=(attach_disconnected,mediate_deleted) {
/usr/share/** r,
/etc/xdg/** r,
/etc/gnutls/config r,
# Full access to user's data
/ r,

2
apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome
View file

@ -134,8 +134,6 @@ profile xdg-desktop-portal-gnome @{exec_path} {
/usr/share/X11/xkb/{,**} r,
/etc/gnutls/config r,
/var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r,
/var/lib/snapd/desktop/icons/{,**} r,

2
apparmor.d/groups/gnome/evolution-calendar-factory
View file

@ -47,8 +47,6 @@ profile evolution-calendar-factory @{exec_path} {
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/etc/gnutls/config r,
owner @{user_cache_dirs}/evolution/calendar/{,**} rwk,
owner @{user_cache_dirs}/evolution/tasks/{,**} rwk,

2
apparmor.d/groups/gnome/evolution-source-registry
View file

@ -50,8 +50,6 @@ profile evolution-source-registry @{exec_path} {
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/etc/gnutls/config r,
owner @{user_cache_dirs}/evolution/{,**} rwk,
owner @{user_config_dirs}/evolution/sources/{,*} rw,
owner @{user_share_dirs}/evolution/{,**} r,

1
apparmor.d/groups/gnome/gnome-shell
View file

@ -500,7 +500,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
/.flatpak-info r,
/etc/fstab r,
/etc/gnutls/config r,
/etc/pipewire/client.conf.d/{,**} r,
/etc/timezone r,
/etc/udev/hwdb.bin r,

1
apparmor.d/groups/gnome/gnome-software
View file

@ -53,7 +53,6 @@ profile gnome-software @{exec_path} {
/etc/appstream.conf r,
/etc/flatpak/remotes.d/{,**} r,
/etc/gnutls/config r,
/etc/PackageKit/Vendor.conf r,
/etc/pulse/client.conf r,

2
apparmor.d/groups/gnome/goa-daemon
View file

@ -65,8 +65,6 @@ profile goa-daemon @{exec_path} {
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/etc/gnutls/config r,
/var/lib/gdm{3,}/.config/dconf/user r,
owner @{user_config_dirs}/goa-1.0/ rw,

1
apparmor.d/groups/gnome/gsd-print-notifications
View file

@ -80,7 +80,6 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) {
@{lib}/gsd-printer rPx,
/etc/cups/client.conf r,
/etc/gnutls/config r,
/etc/machine-id r,
@{run}/cups/cups.sock rw,

2
apparmor.d/groups/gnome/mutter-x11-frames
View file

@ -27,8 +27,6 @@ profile mutter-x11-frames @{exec_path} {
/usr/share/dconf/profile/gdm r,
/usr/share/gdm/greeter-dconf-defaults r,
/etc/gnutls/config r,
/var/lib/gdm{3,}/.config/dconf/user r,
/var/lib/gdm{3,}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,

2
apparmor.d/groups/gvfs/gvfsd-http
View file

@ -24,8 +24,6 @@ profile gvfsd-http @{exec_path} {
@{exec_path} mr,
/etc/gnutls/config r,
owner @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw,
@{PROC}/sys/net/ipv{4,6}/conf/all/disable_ipv{4,6} r,

1
apparmor.d/groups/kde/plasma-discover
View file

@ -48,7 +48,6 @@ profile plasma-discover @{exec_path} {
/etc/appstream.conf r,
/etc/flatpak/remotes.d/{,**} r,
/etc/gnutls/config r,
/etc/machine-id r,
/etc/xdg/ r,
/etc/xdg/accept-languages.codes r,

1
apparmor.d/groups/network/NetworkManager
View file

@ -118,7 +118,6 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
/ r,
/etc/ r,
/etc/gnutls/config r,
/etc/iproute2/* r,
/etc/machine-id r,
/etc/network/interfaces r,

1
apparmor.d/groups/virt/libvirtd
View file

@ -137,7 +137,6 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
@{etc_rw}/apparmor.d/libvirt/libvirt-@{uuid} r,
@{etc_rw}/libvirt/{,**} rw,
/etc/gnutls/config r,
/etc/mdevctl.d/{,**} r,
/etc/sasl2/qemu.conf r,
/etc/xml/catalog r,

1
apparmor.d/profiles-a-f/fwupd
View file

@ -87,7 +87,6 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
/usr/share/mime/mime.cache r,
/etc/fwupd/{,**} rw,
/etc/gnutls/config r,
/etc/lsb-release r,
/etc/pki/fwupd-metadata/{,**} r,
/etc/pki/fwupd/{,**} r,

1
apparmor.d/profiles-m-r/passimd
View file

@ -24,7 +24,6 @@ profile passimd @{exec_path} flags=(attach_disconnected) {
/usr/share/dbus-1/interfaces/org.freedesktop.Passim.xml r,
/etc/gnutls/config r,
/etc/passim.conf r,
/var/lib/passim/{,**} r,

1
apparmor.d/profiles-s-z/spotify
View file

@ -42,7 +42,6 @@ profile spotify @{exec_path} {
@{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,
@{lib}/gio-launch-desktop rPx -> child-open,
/etc/gnutls/config r,
/etc/libva.conf r,
/etc/machine-id r,
/etc/spotify-adblock/* r,

1
apparmor.d/profiles-s-z/wireplumber
View file

@ -37,7 +37,6 @@ profile wireplumber @{exec_path} {
/usr/share/spa-*/bluez[0-9]*/{,*} r,
/usr/share/wireplumber/{,**} r,
/etc/gnutls/config r,
/etc/machine-id r,
/var/lib/gdm{3,}/.local/state/wireplumber/{,**} rw,