mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-14 23:43:56 +01:00
parent
a270b7c6d4
commit
68da315ac2
@ -44,9 +44,9 @@ profile gpg @{exec_path} {
|
||||
owner /etc/apt/keyrings/** rwkl -> /etc/apt/keyrings/**,
|
||||
|
||||
#aa:only pacman
|
||||
owner /etc/pacman.d/gnupg/gpg.conf r,
|
||||
owner /etc/pacman.d/gnupg/pubring.gpg r,
|
||||
owner /etc/pacman.d/gnupg/trustdb.gpg r,
|
||||
/etc/pacman.d/gnupg/gpg.conf r,
|
||||
/etc/pacman.d/gnupg/pubring.gpg r,
|
||||
/etc/pacman.d/gnupg/trustdb.gpg r,
|
||||
|
||||
owner /var/lib/*/gnupg/ rw,
|
||||
owner /var/lib/*/gnupg/** rwkl -> /var/lib/*/gnupg/**,
|
||||
|
@ -25,6 +25,7 @@ profile btrfs @{exec_path} flags=(attach_disconnected) {
|
||||
|
||||
/ r,
|
||||
/boot/ r,
|
||||
/home/ r,
|
||||
/.snapshots/ r,
|
||||
@{MOUNTS}/ r,
|
||||
@{MOUNTS}/ext2_saved/ rw,
|
||||
|
@ -13,6 +13,8 @@ profile dunstify @{exec_path} {
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{PROC}/@{pid}/cgroup r,
|
||||
|
||||
# file_inherit
|
||||
owner /dev/tty@{int} rw,
|
||||
|
||||
|
@ -45,7 +45,6 @@ profile run-parts @{exec_path} {
|
||||
/etc/cron.{hourly,daily,weekly,monthly}/aptitude rPx,
|
||||
/etc/cron.{hourly,daily,weekly,monthly}/bsdmainutils rPUx,
|
||||
/etc/cron.{hourly,daily,weekly,monthly}/checksecurity rPUx,
|
||||
/etc/cron.{hourly,daily,weekly,monthly}/cracklib-runtime rPx,
|
||||
/etc/cron.{hourly,daily,weekly,monthly}/debsums rPx,
|
||||
/etc/cron.{hourly,daily,weekly,monthly}/debtags rPx,
|
||||
/etc/cron.{hourly,daily,weekly,monthly}/dlocate rPx,
|
||||
@ -58,6 +57,7 @@ profile run-parts @{exec_path} {
|
||||
/etc/cron.{hourly,daily,weekly,monthly}/passwd rPUx,
|
||||
/etc/cron.{hourly,daily,weekly,monthly}/plocate rPx,
|
||||
/etc/cron.{hourly,daily,weekly,monthly}/popularity-contest rPx,
|
||||
/etc/cron.{hourly,daily,weekly,monthly}/snapper rPUx,
|
||||
/etc/cron.{hourly,daily,weekly,monthly}/spamassassin rPUx,
|
||||
/etc/cron.{hourly,daily,weekly,monthly}/sysstat rPx,
|
||||
/etc/cron.{hourly,daily,weekly,monthly}/tor rPUx,
|
||||
|
@ -10,6 +10,7 @@ include <tunables/global>
|
||||
@{exec_path} = @{bin}/wmctrl
|
||||
profile wmctrl @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/X-strict>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
@ -11,6 +11,7 @@ include <tunables/global>
|
||||
profile xsel @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/X-strict>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@ -18,9 +19,6 @@ profile xsel @{exec_path} {
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{user_cache_dirs}/xsel.log rw,
|
||||
|
||||
owner @{HOME}/.Xauthority r,
|
||||
owner @{tmp}/xauth-@{int}-_[0-9] r,
|
||||
|
||||
# file_inherit
|
||||
owner /dev/tty@{int} rw,
|
||||
owner @{HOME}/.xsession-errors w,
|
||||
|
@ -14,6 +14,7 @@ code-wrapper
|
||||
man
|
||||
|
||||
# Work in progress profiles
|
||||
dunst
|
||||
plasma-discover
|
||||
steam
|
||||
steam-fossilize
|
||||
|
Loading…
Reference in New Issue
Block a user