diff --git a/apparmor.d/groups/pacman/pacman b/apparmor.d/groups/pacman/pacman index a6f7a35c..c29ec7b7 100644 --- a/apparmor.d/groups/pacman/pacman +++ b/apparmor.d/groups/pacman/pacman @@ -43,7 +43,7 @@ profile pacman @{exec_path} { ptrace (read), - @{exec_path} mr, + @{exec_path} mrix, @{bin}/gpg{,2} rCx -> gpg, @{bin}/gpgconf rCx -> gpg, @@ -58,11 +58,13 @@ profile pacman @{exec_path} { @{bin}/archlinux-java rPx, @{bin}/bootctl rPx, @{bin}/cat rix, + @{bin}/checkrebuild rPUx, @{bin}/chgrp rix, @{bin}/chmod rix, @{bin}/cp rix, @{bin}/dconf rPx, @{bin}/dot rix, + @{bin}/echo rix, @{bin}/env rix, @{bin}/fc-cache{,-32} rPx, @{bin}/filecap rix, @@ -87,12 +89,15 @@ profile pacman @{exec_path} { @{bin}/ln rix, @{bin}/locale-gen rPx, @{bin}/mkinitcpio rPx, + @{bin}/needrestart rPx, @{bin}/pacdiff rPx, @{bin}/pacman-key rPx, @{bin}/perl rix, + @{bin}/pkgfile rPUx, @{bin}/pkill rix, @{bin}/pwd rix, @{bin}/rm rix, + @{bin}/rsync rix, @{bin}/sbctl rPx, @{bin}/sed rix, @{bin}/setcap rix, @@ -102,8 +107,10 @@ profile pacman @{exec_path} { @{bin}/touch rix, @{bin}/tput rix, @{bin}/update-ca-trust rPx, + @{bin}/uname rPx, @{bin}/update-desktop-database rPx, @{bin}/update-mime-database rPx, + @{bin}/update-grub rPx, @{bin}/vercmp rix, @{bin}/xmlcatalog rix, @{lib}/ghc-*/bin/ghc-pkg rix, @@ -174,6 +181,8 @@ profile pacman @{exec_path} { /etc/pacman.d/gnupg/** rwkl, @{HOME}/@{XDG_GPG_DIR}/*.conf r, + + deny @{user_share_dirs}/sddm/* rw, /dev/tty[0-9]* rw, owner /dev/pts/[0-9]* rw,