mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-14 23:43:56 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(tunable): add the new @{user} variable

Browse Source
This commit is contained in:
Alexandre Pujol 2024-05-07 17:41:34 +01:00
parent 1842f8a4d5
commit 66c8f42d94
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
4 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apparmor.d/profiles-a-f/arduino
View File

@ -68,8 +68,8 @@ profile arduino @{exec_path} {
/tmp/ r,
owner @{tmp}/cc*.{s,res,c,o,ld,le} rw,
owner @{tmp}/hsperfdata_*/ rw,
owner @{tmp}/hsperfdata_*/@{pid} rw,
owner @{tmp}/hsperfdata_@{user}/ rw,
owner @{tmp}/hsperfdata_@{user}/@{pid} rw,
owner @{tmp}/untitled[0-9]*.tmp rw,
owner @{tmp}/untitled[0-9]*.tmp/{,**} rw,
owner @{tmp}/console[0-9]*.tmp rw,

4
apparmor.d/profiles-g-l/hardinfo
View File

@ -154,8 +154,8 @@ profile hardinfo @{exec_path} {
@{sys}/fs/cgroup/{,**} r,
owner @{tmp}/hsperfdata_*/ rw,
owner @{tmp}/hsperfdata_*/@{pid} rw,
owner @{tmp}/hsperfdata_@{user}/ rw,
owner @{tmp}/hsperfdata_@{user}/@{pid} rw,
}

4
apparmor.d/profiles-g-l/jdownloader
View File

@ -61,8 +61,8 @@ profile jdownloader @{exec_path} {
owner @{HOME}/.install4j rw,
owner @{tmp}/hsperfdata_*/ rw,
owner @{tmp}/hsperfdata_*/@{pid} rw,
owner @{tmp}/hsperfdata_@{user}/ rw,
owner @{tmp}/hsperfdata_@{user}/@{pid} rw,
# If the @{JD_INSTALLDIR}/tmp/ dir can't be accessed, the /tmp/ dir will be used instead
owner @{tmp}/SevenZipJBinding-*/ rw,
owner @{tmp}/SevenZipJBinding-*/lib7-Zip-JBinding.so mrw,

7
apparmor.d/tunables/multiarch.d/system
View File

@ -33,6 +33,11 @@
# Universally unique identifier
@{uuid}=@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}[-_]@{h}@{h}@{h}@{h}[-_]@{h}@{h}@{h}@{h}[-_]@{h}@{h}@{h}@{h}[-_]@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}@{h}
# Username & group valid characters
@{u}=[a-z0-9_]
@{user}=[a-z_]{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}{@{u},}
@{group}=@{user}
# Shortcut for PCI device
@{pci_id}=@{h}@{h}@{h}@{h}:@{h}@{h}:@{h}@{h}.@{h}
@{pci_bus}=pci@{h}@{h}@{h}@{h}:@{h}@{h}
@ -48,7 +53,7 @@
# @{MOUNTDIRS} is a space-separated list of where user mount directories
# are stored, for programs that must enumerate all mount directories on a
# system.
@{MOUNTDIRS}=/media/ @{run}/media/*/ /mnt/
@{MOUNTDIRS}=/media/ @{run}/media/@{user}/ /mnt/
# @{MOUNTS} is a space-separated list of all user mounted directories.
@{MOUNTS}=@{MOUNTDIRS}/*/ @{run}/user/@{uid}/gvfs/