mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 00:48:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(profile): improve sqlite temp file definition.

Browse source
This commit is contained in:
Alexandre Pujol 2024-06-15 16:42:32 +01:00
parent 035e1da7b2
commit 79eed4b93d
Failed to generate hash of commit
10 changed files with 16 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/apps/dropbox
View file

@ -58,7 +58,7 @@ profile dropbox @{exec_path} {
# Dropbox first tries the /tmp/ dir, and if it's denied it uses the /var/tmp/ dir instead # Dropbox first tries the /tmp/ dir, and if it's denied it uses the /var/tmp/ dir instead
owner @{tmp}/dropbox-antifreeze-* rw, owner @{tmp}/dropbox-antifreeze-* rw,
owner @{tmp}/#@{int} rw, owner @{tmp}/#@{int} rw,
owner /var/tmp/etilqs_@{hex} rw, owner /var/tmp/etilqs_@{hex16} rw,
@{run}/systemd/users/@{uid} r, @{run}/systemd/users/@{uid} r,

4
apparmor.d/groups/gnome/tracker-miner
View file

@ -65,8 +65,8 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) {
owner @{gdm_config_dirs}/dconf/user r, owner @{gdm_config_dirs}/dconf/user r,
owner @{gdm_share_dirs}/applications/ r, owner @{gdm_share_dirs}/applications/ r,
owner /var/tmp/etilqs_@{hex} rw, owner /var/tmp/etilqs_@{hex16} rw,
owner @{tmp}/etilqs_@{hex} rw, owner @{tmp}/etilqs_@{hex16} rw,
# Allow to search user files # Allow to search user files
owner @{HOME}/{,**} r, owner @{HOME}/{,**} r,

2
apparmor.d/profiles-a-f/flatpak-app
View file

@ -78,7 +78,7 @@ profile flatpak-app flags=(attach_disconnected,mediate_deleted) {
/var/lib/flatpak/app/{,**} r, /var/lib/flatpak/app/{,**} r,
/var/lib/flatpak/exports/** rw, /var/lib/flatpak/exports/** rw,
/var/tmp/etilqs_@{hex} rw, /var/tmp/etilqs_@{hex16} rw,
@{run}/.userns r, @{run}/.userns r,
@{run}/parent/** r, @{run}/parent/** r,

2
apparmor.d/profiles-a-f/fwupd
View file

@ -65,7 +65,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
/var/lib/flatpak/exports/share/mime/mime.cache r, /var/lib/flatpak/exports/share/mime/mime.cache r,
/var/lib/fwupd/{,**} rw, /var/lib/fwupd/{,**} rw,
/var/lib/fwupd/pending.db rwk, /var/lib/fwupd/pending.db rwk,
/var/tmp/etilqs_@{hex} rw, /var/tmp/etilqs_@{hex16} rw,
/boot/{,**} r, /boot/{,**} r,
/boot/EFI/*/.goutputstream-@{rand6} rw, /boot/EFI/*/.goutputstream-@{rand6} rw,

10
apparmor.d/profiles-g-l/gpo
View file

@ -31,16 +31,16 @@ profile gpo @{exec_path} {
@{bin}/less rPx -> child-pager, @{bin}/less rPx -> child-pager,
@{bin}/more rPx -> child-pager, @{bin}/more rPx -> child-pager,
owner @{PROC}/@{pid}/fd/ r, /etc/inputrc r,
/usr/share/gpodder/extensions/{,*.py} r,
owner @{HOME}/gPodder/ rw, owner @{HOME}/gPodder/ rw,
owner @{HOME}/gPodder/** rwk, owner @{HOME}/gPodder/** rwk,
/usr/share/gpodder/extensions/{,*.py} r, owner /var/tmp/etilqs_@{hex16} rw,
/etc/inputrc r, owner @{PROC}/@{pid}/fd/ r,
owner /var/tmp/etilqs_@{hex} rw,
include if exists <local/gpo> include if exists <local/gpo>
} }

4
apparmor.d/profiles-m-r/protonmail-bridge-core
View file

@ -39,8 +39,8 @@ profile protonmail-bridge-core @{exec_path} {
owner "@{user_config_dirs}/autostart/Proton Mail Bridge.desktop" rw, owner "@{user_config_dirs}/autostart/Proton Mail Bridge.desktop" rw,
owner @{tmp}/bridge@{int} rw, owner @{tmp}/bridge@{int} rw,
owner @{tmp}/user/@{uid}/etilqs_@{hex} rw, owner @{tmp}/etilqs_@{hex16} rw,
owner /var/tmp/etilqs_@{hex} rw, owner /var/tmp/etilqs_@{hex16} rw,
@{PROC}/ r, @{PROC}/ r,
@{PROC}/sys/net/core/somaxconn r, @{PROC}/sys/net/core/somaxconn r,

2
apparmor.d/profiles-m-r/psi
View file

@ -56,7 +56,7 @@ profile psi @{exec_path} {
owner @{user_share_dirs}/psi/** rwk, owner @{user_share_dirs}/psi/** rwk,
owner @{tmp}/#@{int} rw, owner @{tmp}/#@{int} rw,
owner @{tmp}/etilqs_@{hex} rw, owner @{tmp}/etilqs_@{hex16} rw,
owner @{tmp}/Psi.* rwl -> /tmp/#@{int}, owner @{tmp}/Psi.* rwl -> /tmp/#@{int},
@{run}/systemd/inhibit/[0-9]*.ref rw, @{run}/systemd/inhibit/[0-9]*.ref rw,

2
apparmor.d/profiles-m-r/psi-plus
View file

@ -56,7 +56,7 @@ profile psi-plus @{exec_path} {
owner @{user_share_dirs}/psi+/** rwk, owner @{user_share_dirs}/psi+/** rwk,
owner @{tmp}/#@{int} rw, owner @{tmp}/#@{int} rw,
owner @{tmp}/etilqs_@{hex} rw, owner @{tmp}/etilqs_@{hex16} rw,
owner @{tmp}/Psi+.* rwl -> /tmp/#@{int}, owner @{tmp}/Psi+.* rwl -> /tmp/#@{int},
@{run}/systemd/inhibit/[0-9]*.ref rw, @{run}/systemd/inhibit/[0-9]*.ref rw,

2
apparmor.d/profiles-m-r/quiterss
View file

@ -63,7 +63,7 @@ profile quiterss @{exec_path} {
owner @{tmp}/qtsingleapp-quiter-@{int}-@{int} rw, owner @{tmp}/qtsingleapp-quiter-@{int}-@{int} rw,
owner @{tmp}/qtsingleapp-quiter-@{int}-@{int}-lockfile rwk, owner @{tmp}/qtsingleapp-quiter-@{int}-@{int}-lockfile rwk,
owner /var/tmp/etilqs_@{hex} rw, owner /var/tmp/etilqs_@{hex16} rw,
# Allowed apps to open # Allowed apps to open
@{lib}/firefox/firefox rPUx, @{lib}/firefox/firefox rPUx,

2
apparmor.d/profiles-s-z/strawberry
View file

@ -64,7 +64,7 @@ profile strawberry @{exec_path} {
owner @{tmp}/.*/s rw, owner @{tmp}/.*/s rw,
owner @{tmp}/*= w, owner @{tmp}/*= w,
owner @{tmp}/#@{int} rw, owner @{tmp}/#@{int} rw,
owner @{tmp}/etilqs_@{hex} rw, owner @{tmp}/etilqs_@{hex16} rw,
owner @{tmp}/qipc_{systemsem,sharedmemory}_*[a-f0-9]* rw, owner @{tmp}/qipc_{systemsem,sharedmemory}_*[a-f0-9]* rw,
owner @{tmp}/strawberry-cover-@{rand6}.jpg rwl -> @{tmp}/#@{int}, owner @{tmp}/strawberry-cover-@{rand6}.jpg rwl -> @{tmp}/#@{int},
owner @{tmp}/strawberry*[0-9] w, owner @{tmp}/strawberry*[0-9] w,