mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-14 23:43:56 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

@{HOME}/.config -> @{user_config_dirs}

Browse Source
This commit is contained in:
Alexandre Pujol 2021-04-01 17:21:33 +01:00
parent 1c9fc00c13
commit 7f6ea8d44d
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
138 changed files with 378 additions and 378 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apparmor.d/abstractions/deny-dconf
View File

@ -11,11 +11,11 @@
# dconf will not work properly. # dconf will not work properly.
deny owner @{run}/user/[0-9]*/dconf/{,**} rw, deny owner @{run}/user/[0-9]*/dconf/{,**} rw,
deny owner @{HOME}/.config/dconf/{,**} rw, deny owner @{user_config_dirs}/dconf/{,**} rw,
deny owner @{user_cache_dirs}/dconf/{,**} rw, deny owner @{user_cache_dirs}/dconf/{,**} rw,
# When GSETTINGS_BACKEND=keyfile # When GSETTINGS_BACKEND=keyfile
deny owner @{HOME}/.config/glib-2.0/ rw, deny owner @{user_config_dirs}/glib-2.0/ rw,
deny owner @{HOME}/.config/glib-2.0/settings/ rw, deny owner @{user_config_dirs}/glib-2.0/settings/ rw,
deny owner @{HOME}/.config/glib-2.0/settings/keyfile rw, deny owner @{user_config_dirs}/glib-2.0/settings/keyfile rw,
deny owner @{HOME}/.config/glib-2.0/settings/.goutputstream-* rw, deny owner @{user_config_dirs}/glib-2.0/settings/.goutputstream-* rw,

8
apparmor.d/abstractions/evince
View File

@ -36,8 +36,8 @@
/etc/texmf/ r, /etc/texmf/ r,
/etc/texmf/** r, /etc/texmf/** r,
/etc/xpdf/* r, /etc/xpdf/* r,
owner @{HOME}/.config/evince/ rw, owner @{user_config_dirs}/evince/ rw,
owner @{HOME}/.config/evince/** rwkl, owner @{user_config_dirs}/evince/** rwkl,
/usr/bin/gs-esp ixr, /usr/bin/gs-esp ixr,
/usr/bin/mktexpk Cx -> sanitized_helper, /usr/bin/mktexpk Cx -> sanitized_helper,
@ -108,9 +108,9 @@
audit deny @{HOME}/.mozilla/**/extensions/** mrwkl, audit deny @{HOME}/.mozilla/**/extensions/** mrwkl,
audit deny @{HOME}/.mozilla/**/gm_scripts/** mrwkl, audit deny @{HOME}/.mozilla/**/gm_scripts/** mrwkl,
audit deny @{HOME}/.config/chromium/** mrwkl, audit deny @{user_config_dirs}/chromium/** mrwkl,
audit deny @{HOME}/.evolution/** mrwkl, audit deny @{HOME}/.evolution/** mrwkl,
audit deny @{HOME}/.config/evolution/** mrwkl, audit deny @{user_config_dirs}/evolution/** mrwkl,
audit deny @{HOME}/.kde/share/config/** mrwkl, audit deny @{HOME}/.kde/share/config/** mrwkl,
audit deny @{HOME}/.kde/share/apps/kmail/** mrwkl, audit deny @{HOME}/.kde/share/apps/kmail/** mrwkl,
audit deny @{HOME}/.{,mozilla-}thunderbird/*/* mrwkl, audit deny @{HOME}/.{,mozilla-}thunderbird/*/* mrwkl,

16
apparmor.d/abstractions/gtk
View File

@ -23,16 +23,16 @@
owner @{HOME}/.gtkrc r, owner @{HOME}/.gtkrc r,
owner @{HOME}/.gtkrc-2.0 r, owner @{HOME}/.gtkrc-2.0 r,
owner @{HOME}/.gtk-bookmarks r, owner @{HOME}/.gtk-bookmarks r,
owner @{HOME}/.config/gtkrc r, owner @{user_config_dirs}/gtkrc r,
owner @{HOME}/.config/gtkrc-2.0 r, owner @{user_config_dirs}/gtkrc-2.0 r,
owner @{HOME}/.config/gtk-3.0/ rw, owner @{user_config_dirs}/gtk-3.0/ rw,
owner @{HOME}/.config/gtk-3.0/settings.ini r, owner @{user_config_dirs}/gtk-3.0/settings.ini r,
owner @{HOME}/.config/gtk-3.0/bookmarks r, owner @{user_config_dirs}/gtk-3.0/bookmarks r,
owner @{HOME}/.config/gtk-3.0/gtk.css r, owner @{user_config_dirs}/gtk-3.0/gtk.css r,
# for gtk file dialog # for gtk file dialog
owner @{HOME}/.config/gtk-2.0/ rw, owner @{user_config_dirs}/gtk-2.0/ rw,
owner @{HOME}/.config/gtk-2.0/gtkfilechooser.ini* rw, owner @{user_config_dirs}/gtk-2.0/gtkfilechooser.ini* rw,
# .Xauthority file required for X connections # .Xauthority file required for X connections
owner @{HOME}/.Xauthority r, owner @{HOME}/.Xauthority r,

8
apparmor.d/abstractions/kde4
View File

@ -13,8 +13,8 @@
# Create home KDE directory structure # Create home KDE directory structure
owner @{HOME}/.kde{,4}/ rw, owner @{HOME}/.kde{,4}/ rw,
owner @{HOME}/.kde{,4}/**/ rw, owner @{HOME}/.kde{,4}/**/ rw,
owner @{HOME}/.config/kde.org/ rw, owner @{user_config_dirs}/kde.org/ rw,
owner @{HOME}/.config/kde.org/**/ rw, owner @{user_config_dirs}/kde.org/**/ rw,
# Common configs # Common configs
owner @{HOME}/.kde{,4}/share/config/kdeglobals r, owner @{HOME}/.kde{,4}/share/config/kdeglobals r,
@ -22,9 +22,9 @@
owner @{HOME}/.kde{,4}/share/config/servicetype_profilerc r, owner @{HOME}/.kde{,4}/share/config/servicetype_profilerc r,
# Phonon # Phonon
owner @{HOME}/.config/kde.org/libphonon.conf rk, owner @{user_config_dirs}/kde.org/libphonon.conf rk,
owner @{HOME}/.config/Trolltech.conf rk, owner @{user_config_dirs}/Trolltech.conf rk,
owner /var/tmp/kdecache-*/ r, owner /var/tmp/kdecache-*/ r,
owner /var/tmp/kdecache-*/** r, owner /var/tmp/kdecache-*/** r,

20
apparmor.d/abstractions/kde5-plasma5
View File

@ -19,18 +19,18 @@
# For app config (in order to work the KDE_APP_NAME variable has to be set in profile which # For app config (in order to work the KDE_APP_NAME variable has to be set in profile which
# includes this abstraction) # includes this abstraction)
#owner @{HOME}/.config/#[0-9]*[0-9] rwk, #owner @{user_config_dirs}/#[0-9]*[0-9] rwk,
#owner @{HOME}/.config/@{KDE_APP_NAME}rc* rwlk -> @{HOME}/.config/#[0-9]*[0-9], #owner @{user_config_dirs}/@{KDE_APP_NAME}rc* rwlk -> @{user_config_dirs}/#[0-9]*[0-9],
#owner @{run}/user/[0-9]*/#[0-9]*[0-9] rw, #owner @{run}/user/[0-9]*/#[0-9]*[0-9] rw,
#owner @{run}/user/[0-9]*/@{KDE_APP_NAME}*.slave-socket rwl -> @{run}/user/[0-9]*/#[0-9]*[0-9], #owner @{run}/user/[0-9]*/@{KDE_APP_NAME}*.slave-socket rwl -> @{run}/user/[0-9]*/#[0-9]*[0-9],
# Common KDE config files # Common KDE config files
#owner @{HOME}/.config/#[0-9]*[0-9] rw, #owner @{user_config_dirs}/#[0-9]*[0-9] rw,
#owner @{HOME}/.config/kdeglobals* rwkl -> @{HOME}/.config/#[0-9]*[0-9], #owner @{user_config_dirs}/kdeglobals* rwkl -> @{user_config_dirs}/#[0-9]*[0-9],
#owner @{HOME}/.config/baloofilerc r, #owner @{user_config_dirs}/baloofilerc r,
#owner @{HOME}/.config/dolphinrc r, #owner @{user_config_dirs}/dolphinrc r,
#owner @{HOME}/.config/trashrc r, #owner @{user_config_dirs}/trashrc r,
#owner @{HOME}/.config/knfsshare r, #owner @{user_config_dirs}/knfsshare r,
#owner /**/.directory r, #owner /**/.directory r,
# For bookmarks # For bookmarks
@ -56,5 +56,5 @@
#/etc/exports r, #/etc/exports r,
#/etc/xdg/menus/ r, #/etc/xdg/menus/ r,
#/usr/share/mime/ r, #/usr/share/mime/ r,
#owner @{HOME}/.config/menus/ r, #owner @{user_config_dirs}/menus/ r,
#owner @{HOME}/.config/menus/applications-merged/ r, #owner @{user_config_dirs}/menus/applications-merged/ r,

4
apparmor.d/abstractions/totem
View File

@ -36,8 +36,8 @@
owner @{user_cache_dirs}/tracker/db-locale.txt r, owner @{user_cache_dirs}/tracker/db-locale.txt r,
owner @{user_cache_dirs}/tracker/meta.db{,-shm,-journal,-wal} rwk, owner @{user_cache_dirs}/tracker/meta.db{,-shm,-journal,-wal} rwk,
owner @{user_cache_dirs}/tracker/ontologies.gvdb r, owner @{user_cache_dirs}/tracker/ontologies.gvdb r,
owner @{HOME}/.config/totem/ rwk, owner @{user_config_dirs}/totem/ rwk,
owner @{HOME}/.config/totem/** rwk, owner @{user_config_dirs}/totem/** rwk,
owner @{HOME}/.local/share/grilo-plugins/ rwk, owner @{HOME}/.local/share/grilo-plugins/ rwk,
owner @{HOME}/.local/share/grilo-plugins/*.db{,-shm,-journal,-wal} rwk, owner @{HOME}/.local/share/grilo-plugins/*.db{,-shm,-journal,-wal} rwk,
owner @{HOME}/.local/share/gvfs-metadata/** r, owner @{HOME}/.local/share/gvfs-metadata/** r,

8
apparmor.d/abstractions/trash
View File

@ -4,10 +4,10 @@
abi <abi/3.0>, abi <abi/3.0>,
owner @{HOME}/.config/trashrc rw, owner @{user_config_dirs}/trashrc rw,
owner @{HOME}/.config/trashrc.lock rwk, owner @{user_config_dirs}/trashrc.lock rwk,
owner @{HOME}/.config/#[0-9]*[0-9] rwk, owner @{user_config_dirs}/#[0-9]*[0-9] rwk,
owner @{HOME}/.config/trashrc.* rwl -> @{HOME}/.config/#[0-9]*[0-9], owner @{user_config_dirs}/trashrc.* rwl -> @{user_config_dirs}/#[0-9]*[0-9],
owner @{run}/user/[0-9]*/#[0-9]*[0-9] rw, owner @{run}/user/[0-9]*/#[0-9]*[0-9] rw,
owner @{run}/user/[0-9]*/trash.so*.[0-9].slave-socket rwl -> @{run}/user/[0-9]*/#[0-9]*[0-9], owner @{run}/user/[0-9]*/trash.so*.[0-9].slave-socket rwl -> @{run}/user/[0-9]*/#[0-9]*[0-9],

8
apparmor.d/groups/apps/android-studio
View File

@ -127,11 +127,11 @@ profile android-studio @{exec_path} {
owner @{HOME}/Android/ rw, owner @{HOME}/Android/ rw,
owner @{HOME}/Android/** mrwkix, owner @{HOME}/Android/** mrwkix,
owner "@{HOME}/.config/Android Open Source Project/" rw, owner "@{user_config_dirs}/Android Open Source Project/" rw,
owner "@{HOME}/.config/Android Open Source Project/**" rwk, owner "@{user_config_dirs}/Android Open Source Project/**" rwk,
owner @{HOME}/.config/Google/ rw, owner @{user_config_dirs}/Google/ rw,
owner @{HOME}/.config/Google/** rwk, owner @{user_config_dirs}/Google/** rwk,
owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/ rw,
owner "@{user_cache_dirs}/Android Open Source Project/" rw, owner "@{user_cache_dirs}/Android Open Source Project/" rw,

6
apparmor.d/groups/apps/atom
View File

@ -81,8 +81,8 @@ profile atom @{exec_path} {
#owner @{HOME}/ r, #owner @{HOME}/ r,
owner @{HOME}/.atom/ rw, owner @{HOME}/.atom/ rw,
owner @{HOME}/.atom/** rwkl -> @{HOME}/.atom/**, owner @{HOME}/.atom/** rwkl -> @{HOME}/.atom/**,
owner @{HOME}/.config/Atom/ rw, owner @{user_config_dirs}/Atom/ rw,
owner @{HOME}/.config/Atom/** rwkl -> @{HOME}/.config/Atom/**, owner @{user_config_dirs}/Atom/** rwkl -> @{user_config_dirs}/Atom/**,
# Git dirs # Git dirs
/ r, / r,
@ -91,7 +91,7 @@ profile atom @{exec_path} {
owner /media/*/atom/ r, owner /media/*/atom/ r,
owner /media/*/atom/** rwkl -> /media/*/atom/**, owner /media/*/atom/** rwkl -> /media/*/atom/**,
owner @{HOME}/.config/git/config r, owner @{user_config_dirs}/git/config r,
# To remove the following error: # To remove the following error:
# Error initializing NSS with a persistent database # Error initializing NSS with a persistent database

6
apparmor.d/groups/apps/calibre
View File

@ -86,8 +86,8 @@ profile calibre @{exec_path} {
owner /media/*/Calibre_Library*/ rw, owner /media/*/Calibre_Library*/ rw,
owner /media/*/Calibre_Library*/** rwkl -> /media/*/Calibre_Library*/**, owner /media/*/Calibre_Library*/** rwkl -> /media/*/Calibre_Library*/**,
owner @{HOME}/.config/calibre/ rw, owner @{user_config_dirs}/calibre/ rw,
owner @{HOME}/.config/calibre/** rwk, owner @{user_config_dirs}/calibre/** rwk,
owner @{HOME}/.local/share/calibre-ebook.com/ rw, owner @{HOME}/.local/share/calibre-ebook.com/ rw,
owner @{HOME}/.local/share/calibre-ebook.com/calibre/ rw, owner @{HOME}/.local/share/calibre-ebook.com/calibre/ rw,
@ -129,7 +129,7 @@ profile calibre @{exec_path} {
/etc/fstab r, /etc/fstab r,
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
# no new privs # no new privs

4
apparmor.d/groups/apps/code
View File

@ -58,8 +58,8 @@ profile code @{exec_path} {
# Reading of the user home dir is required or the following error will be printed: # Reading of the user home dir is required or the following error will be printed:
# Unexpected end of JSON input: # Unexpected end of JSON input:
#owner @{HOME}/ r, #owner @{HOME}/ r,
owner @{HOME}/.config/Code/ rw, owner @{user_config_dirs}/Code/ rw,
owner @{HOME}/.config/Code/** rwkl -> {HOME}/.config/Code/**, owner @{user_config_dirs}/Code/** rwkl -> {HOME}/.config/Code/**,
owner @{HOME}/.vscode/ rw, owner @{HOME}/.vscode/ rw,
owner @{HOME}/.vscode/** rwlk -> @{HOME}/.vscode/**, owner @{HOME}/.vscode/** rwlk -> @{HOME}/.vscode/**,

14
apparmor.d/groups/apps/discord
View File

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{DISCORD_LIBDIR} = /usr/share/discord @{DISCORD_LIBDIR} = /usr/share/discord
@{DISCORD_HOMEDIR} = @{HOME}/.config/discord @{DISCORD_HOMEDIR} = @{user_config_dirs}/discord
@{DISCORD_CACHEDIR} = @{user_cache_dirs}/discord @{DISCORD_CACHEDIR} = @{user_cache_dirs}/discord
@{exec_path} = @{DISCORD_LIBDIR}/Discord /{usr/,}bin/discord @{exec_path} = @{DISCORD_LIBDIR}/Discord /{usr/,}bin/discord
@ -152,9 +152,9 @@ profile discord @{exec_path} {
# file_inherit # file_inherit
/usr/share/discord/** r, /usr/share/discord/** r,
owner /dev/shm/.org.chromium.Chromium.* rw, owner /dev/shm/.org.chromium.Chromium.* rw,
owner @{HOME}/.config/discord/GPUCache/data_[0-9] rw, owner @{user_config_dirs}/discord/GPUCache/data_[0-9] rw,
owner @{HOME}/.config/discord/*/modules/discord_desktop_core/core.asar r, owner @{user_config_dirs}/discord/*/modules/discord_desktop_core/core.asar r,
owner @{HOME}/.config/discord/GPUCache/index rw, owner @{user_config_dirs}/discord/GPUCache/index rw,
} }
@ -180,9 +180,9 @@ profile discord @{exec_path} {
# file_inherit # file_inherit
deny /usr/share/discord/** r, deny /usr/share/discord/** r,
deny owner /dev/shm/.org.chromium.Chromium.* rw, deny owner /dev/shm/.org.chromium.Chromium.* rw,
deny owner @{HOME}/.config/discord/GPUCache/data_[0-9] rw, deny owner @{user_config_dirs}/discord/GPUCache/data_[0-9] rw,
deny owner @{HOME}/.config/discord/*/modules/discord_desktop_core/core.asar r, deny owner @{user_config_dirs}/discord/*/modules/discord_desktop_core/core.asar r,
deny owner @{HOME}/.config/discord/GPUCache/index rw, deny owner @{user_config_dirs}/discord/GPUCache/index rw,
} }

2
apparmor.d/groups/apps/discord-chrome-sandbox
View File

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{DISCORD_LIBDIR} = /usr/share/discord @{DISCORD_LIBDIR} = /usr/share/discord
@{DISCORD_HOMEDIR} = @{HOME}/.config/discord @{DISCORD_HOMEDIR} = @{user_config_dirs}/discord
@{DISCORD_CACHEDIR} = @{user_cache_dirs}/discord @{DISCORD_CACHEDIR} = @{user_cache_dirs}/discord
@{exec_path} = @{DISCORD_LIBDIR}/chrome-sandbox @{exec_path} = @{DISCORD_LIBDIR}/chrome-sandbox

2
apparmor.d/groups/apps/dropbox
View File

@ -69,7 +69,7 @@ profile dropbox @{exec_path} {
owner @{HOME}/.dropbox-dist-tmp-*/{,**} rw, owner @{HOME}/.dropbox-dist-tmp-*/{,**} rw,
# For autostart # For autostart
deny owner @{HOME}/.config/autostart/dropbox.desktop rw, deny owner @{user_config_dirs}/autostart/dropbox.desktop rw,
# What's this for? # What's this for?
/{usr/,}bin/mount mrix, /{usr/,}bin/mount mrix,

4
apparmor.d/groups/apps/filezilla
View File

@ -30,8 +30,8 @@ profile filezilla @{exec_path} {
/{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/lsb_release rPx -> child-lsb_release,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/.config/filezilla/ rw, owner @{user_config_dirs}/filezilla/ rw,
owner @{HOME}/.config/filezilla/* rwk, owner @{user_config_dirs}/filezilla/* rwk,
owner @{user_cache_dirs}/filezilla/ rw, owner @{user_cache_dirs}/filezilla/ rw,
owner @{user_cache_dirs}/filezilla/default_*.png rw, owner @{user_cache_dirs}/filezilla/default_*.png rw,

12
apparmor.d/groups/apps/flameshot
View File

@ -39,13 +39,13 @@ profile flameshot @{exec_path} {
/{usr/,}bin/xdg-open rCx -> open, /{usr/,}bin/xdg-open rCx -> open,
# Flameshot home files # Flameshot home files
owner @{HOME}/.config/flameshot/ rw, owner @{user_config_dirs}/flameshot/ rw,
owner @{HOME}/.config/flameshot/flameshot.ini rw, owner @{user_config_dirs}/flameshot/flameshot.ini rw,
owner @{HOME}/.config/flameshot/#[0-9]*[0-9] rw, owner @{user_config_dirs}/flameshot/#[0-9]*[0-9] rw,
owner @{HOME}/.config/flameshot/flameshot.ini* rwl -> @{HOME}/.config/flameshot/#[0-9]*[0-9], owner @{user_config_dirs}/flameshot/flameshot.ini* rwl -> @{user_config_dirs}/flameshot/#[0-9]*[0-9],
owner @{HOME}/.config/flameshot/flameshot.ini.lock rwk, owner @{user_config_dirs}/flameshot/flameshot.ini.lock rwk,
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,

4
apparmor.d/groups/apps/freetube
View File

@ -52,8 +52,8 @@ profile freetube @{exec_path} {
@{FT_LIBDIR}/chrome-sandbox rPx, @{FT_LIBDIR}/chrome-sandbox rPx,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/.config/FreeTube/ rw, owner @{user_config_dirs}/FreeTube/ rw,
owner @{HOME}/.config/FreeTube/** rwk, owner @{user_config_dirs}/FreeTube/** rwk,
/var/tmp/ r, /var/tmp/ r,
/tmp/ r, /tmp/ r,

2
apparmor.d/groups/apps/geany
View File

@ -49,7 +49,7 @@ profile geany @{exec_path} {
/usr/share/geany/{,**} r, /usr/share/geany/{,**} r,
owner @{HOME}/.config/geany/{,**} rw, owner @{user_config_dirs}/geany/{,**} rw,
owner /{run/,}user/[0-9]*/geany/geany_socket.[0-9a-f]* rw, owner /{run/,}user/[0-9]*/geany/geany_socket.[0-9a-f]* rw,

20
apparmor.d/groups/apps/okular
View File

@ -39,22 +39,22 @@ profile okular @{exec_path} {
/tmp/mozilla_*/ r, /tmp/mozilla_*/ r,
owner /{home,media,tmp/mozilla_*}/**.@{okular_ext} rw, owner /{home,media,tmp/mozilla_*}/**.@{okular_ext} rw,
owner @{HOME}/.config/#[0-9]*[0-9] rw, owner @{user_config_dirs}/#[0-9]*[0-9] rw,
owner @{HOME}/.config/okularrc rw, owner @{user_config_dirs}/okularrc rw,
owner @{HOME}/.config/okularrc.lock rwk, owner @{user_config_dirs}/okularrc.lock rwk,
owner @{HOME}/.config/okularrc.* rwl -> @{HOME}/.config/#[0-9]*[0-9], owner @{user_config_dirs}/okularrc.* rwl -> @{user_config_dirs}/#[0-9]*[0-9],
owner @{HOME}/.config/okularpartrc rw, owner @{user_config_dirs}/okularpartrc rw,
owner @{HOME}/.config/okularpartrc.lock rwk, owner @{user_config_dirs}/okularpartrc.lock rwk,
owner @{HOME}/.config/okularpartrc.* rwl -> @{HOME}/.config/#[0-9]*[0-9], owner @{user_config_dirs}/okularpartrc.* rwl -> @{user_config_dirs}/#[0-9]*[0-9],
owner @{HOME}/.config/kdeglobals r, owner @{user_config_dirs}/kdeglobals r,
owner @{HOME}/.config/kwalletrc r, owner @{user_config_dirs}/kwalletrc r,
owner @{HOME}/.local/share/okular/{,**} rw, owner @{HOME}/.local/share/okular/{,**} rw,
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/ rw,

2
apparmor.d/groups/apps/signal-desktop
View File

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{SIGNAL_INSTALLDIR} = "/opt/Signal{, Beta}" @{SIGNAL_INSTALLDIR} = "/opt/Signal{, Beta}"
@{SIGNAL_HOMEDIR} = "@{HOME}/.config/Signal{, Beta}" @{SIGNAL_HOMEDIR} = "@{user_config_dirs}/Signal{, Beta}"
@{exec_path} = @{SIGNAL_INSTALLDIR}/signal-desktop{,-beta} @{exec_path} = @{SIGNAL_INSTALLDIR}/signal-desktop{,-beta}
profile signal-desktop @{exec_path} { profile signal-desktop @{exec_path} {

2
apparmor.d/groups/apps/signal-desktop-chrome-sandbox
View File

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{SIGNAL_INSTALLDIR} = "/opt/Signal{, Beta}" @{SIGNAL_INSTALLDIR} = "/opt/Signal{, Beta}"
@{SIGNAL_HOMEDIR} = "@{HOME}/.config/Signal{, Beta}" @{SIGNAL_HOMEDIR} = "@{user_config_dirs}/Signal{, Beta}"
@{exec_path} = @{SIGNAL_INSTALLDIR}/signal-desktop{,-beta} @{exec_path} = @{SIGNAL_INSTALLDIR}/signal-desktop{,-beta}
profile signal-desktop-chrome-sandbox @{exec_path} { profile signal-desktop-chrome-sandbox @{exec_path} {

4
apparmor.d/groups/apps/spotify
View File

@ -30,8 +30,8 @@ profile spotify @{exec_path} {
/usr/share/spotify/swiftshader/libGLESv2.so mr, /usr/share/spotify/swiftshader/libGLESv2.so mr,
/usr/share/spotify/swiftshader/libEGL.so mr, /usr/share/spotify/swiftshader/libEGL.so mr,
owner @{HOME}/.config/spotify/ rw, owner @{user_config_dirs}/spotify/ rw,
owner @{HOME}/.config/spotify/** rw, owner @{user_config_dirs}/spotify/** rw,
owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/ rw,
owner @{user_cache_dirs}/spotify/ rw, owner @{user_cache_dirs}/spotify/ rw,

2
apparmor.d/groups/apps/telegram-desktop
View File

@ -57,7 +57,7 @@ profile telegram-desktop @{exec_path} {
#owner @{TELEGRAM_WORK_DIR}/{,**} rw, #owner @{TELEGRAM_WORK_DIR}/{,**} rw,
# Autostart # Autostart
owner @{HOME}/.config/autostart/telegramdesktop.desktop rw, owner @{user_config_dirs}/autostart/telegramdesktop.desktop rw,
/dev/shm/#[0-9]*[0-9] rw, /dev/shm/#[0-9]*[0-9] rw,

6
apparmor.d/groups/apps/thunderbird
View File

@ -101,16 +101,16 @@ profile thunderbird @{exec_path} {
# System integration # System integration
/etc/mime.types r, /etc/mime.types r,
owner @{HOME}/.config/mimeapps.list.* rw, owner @{user_config_dirs}/mimeapps.list.* rw,
# KDE system keyring # KDE system keyring
/{usr/,}lib/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemX11Plugin.so mr, /{usr/,}lib/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemX11Plugin.so mr,
/usr/share/xul-ext/kwallet5/* r, /usr/share/xul-ext/kwallet5/* r,
/etc/xul-ext/kwallet5.js r, /etc/xul-ext/kwallet5.js r,
owner @{HOME}/.config/kwalletrc r, owner @{user_config_dirs}/kwalletrc r,
# QT5 # QT5
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
deny @{sys}/devices/system/cpu/present r, deny @{sys}/devices/system/cpu/present r,

2
apparmor.d/groups/apps/usr.lib.libreoffice.program.oosplash
View File

@ -30,7 +30,7 @@ profile libreoffice-oopslash /usr/lib/libreoffice/program/oosplash flags=(compla
/usr/lib/libreoffice/program/soffice.bin rmpx, /usr/lib/libreoffice/program/soffice.bin rmpx,
/usr/lib/libreoffice/program/javaldx rmpux, /usr/lib/libreoffice/program/javaldx rmpux,
owner @{HOME}/.Xauthority r, owner @{HOME}/.Xauthority r,
owner @{HOME}/.config/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw, owner @{user_config_dirs}/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw,
unix peer=(addr=@/tmp/.ICE-unix/* label=unconfined), unix peer=(addr=@/tmp/.ICE-unix/* label=unconfined),
unix peer=(addr=@/tmp/.X11-unix/* label=unconfined), unix peer=(addr=@/tmp/.X11-unix/* label=unconfined),
} }

2
apparmor.d/groups/apps/usr.lib.libreoffice.program.senddoc
View File

@ -32,6 +32,6 @@ profile libreoffice-senddoc /usr/lib/libreoffice/program/senddoc flags=(complain
/dev/null rw, /dev/null rw,
/usr/lib/libreoffice/program/uri-encode rmpux, /usr/lib/libreoffice/program/uri-encode rmpux,
/usr/share/libreoffice/share/config/* r, /usr/share/libreoffice/share/config/* r,
owner @{HOME}/.config/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw, owner @{user_config_dirs}/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw,
} }

40
apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin
View File

@ -118,15 +118,15 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
/etc/xml/catalog r, #exporting to .xhtml, for libxml2 /etc/xml/catalog r, #exporting to .xhtml, for libxml2
/proc/*/status r, /proc/*/status r,
owner @{HOME}/.config/libreoffice{,dev}/** rwk, owner @{user_config_dirs}/libreoffice{,dev}/** rwk,
owner @{HOME}/.config/soffice.binrc rwl -> @{HOME}/.config/#[0-9]*, owner @{user_config_dirs}/soffice.binrc rwl -> @{user_config_dirs}/#[0-9]*,
owner @{HOME}/.config/soffice.binrc.* rwl -> @{HOME}/.config/#[0-9]*, owner @{user_config_dirs}/soffice.binrc.* rwl -> @{user_config_dirs}/#[0-9]*,
owner @{HOME}/.config/soffice.binrc.lock rwk, owner @{user_config_dirs}/soffice.binrc.lock rwk,
owner @{user_cache_dirs}/fontconfig/** rw, owner @{user_cache_dirs}/fontconfig/** rw,
owner @{HOME}/.config/gtk-???/bookmarks r, #Make bookmarks work owner @{user_config_dirs}/gtk-???/bookmarks r, #Make bookmarks work
owner /{,var/}run/user/*/dconf/user rw, owner /{,var/}run/user/*/dconf/user rw,
owner @{HOME}/.config/dconf/user r, owner @{user_config_dirs}/dconf/user r,
# allow schema to be read # allow schema to be read
/usr/share/glib-*/schemas/ r, /usr/share/glib-*/schemas/ r,
@ -227,7 +227,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
# probably should become a subprofile like gpg above, but then it doesn't # probably should become a subprofile like gpg above, but then it doesn't
# work either as it tries to access stuff only allowed above... # work either as it tries to access stuff only allowed above...
owner @{HOME}/.config/kdeglobals r, owner @{user_config_dirs}/kdeglobals r,
/usr/lib/libreoffice/program/lo_kde5filepicker rPUx, /usr/lib/libreoffice/program/lo_kde5filepicker rPUx,
/usr/share/qt5/translations/* r, /usr/share/qt5/translations/* r,
/usr/lib/*/qt5/plugins/** rm, /usr/lib/*/qt5/plugins/** rm,
@ -235,11 +235,11 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
# TODO: remove when rules are available in abstractions/kde # TODO: remove when rules are available in abstractions/kde
owner @{user_cache_dirs}/ksycoca5_??_* r, # KDE System Configuration Cache owner @{user_cache_dirs}/ksycoca5_??_* r, # KDE System Configuration Cache
owner @{HOME}/.config/baloofilerc r, # indexing options (excludes, etc), used by KFileWidget owner @{user_config_dirs}/baloofilerc r, # indexing options (excludes, etc), used by KFileWidget
owner @{HOME}/.config/dolphinrc r, # settings used by KFileWidget owner @{user_config_dirs}/dolphinrc r, # settings used by KFileWidget
owner @{HOME}/.config/kde.org/libphonon.conf r, # for KNotifications::sendEvent() owner @{user_config_dirs}/kde.org/libphonon.conf r, # for KNotifications::sendEvent()
owner @{HOME}/.config/klanguageoverridesrc r, # per-application languages, for KDEPrivate::initializeLanguages() from libKF5XmlGui.so owner @{user_config_dirs}/klanguageoverridesrc r, # per-application languages, for KDEPrivate::initializeLanguages() from libKF5XmlGui.so
owner @{HOME}/.config/trashrc r, # user by KFileWidget owner @{user_config_dirs}/trashrc r, # user by KFileWidget
/usr/share/knotifications5/*.notifyrc r, # KNotification::sendEvent /usr/share/knotifications5/*.notifyrc r, # KNotification::sendEvent
# TODO: remove when rules are available in abstractions/kde-write-icon-cache or similar # TODO: remove when rules are available in abstractions/kde-write-icon-cache or similar
@ -249,11 +249,11 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
/usr/share/kservices5/*.protocol r, /usr/share/kservices5/*.protocol r,
# TODO: use qt5-settings-write abstraction when it is available # TODO: use qt5-settings-write abstraction when it is available
owner @{HOME}/.config/#[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] rw, owner @{user_config_dirs}/#[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] rw,
owner @{HOME}/.config/QtProject.conf rw, owner @{user_config_dirs}/QtProject.conf rw,
owner @{HOME}/.config/QtProject.conf.?????? l -> @{HOME}/.config/#[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9], owner @{user_config_dirs}/QtProject.conf.?????? l -> @{user_config_dirs}/#[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],
owner @{HOME}/.config/QtProject.conf.?????? rw, # for temporary files like QtProject.conf.Aqrgeb owner @{user_config_dirs}/QtProject.conf.?????? rw, # for temporary files like QtProject.conf.Aqrgeb
owner @{HOME}/.config/QtProject.conf.lock rwk, owner @{user_config_dirs}/QtProject.conf.lock rwk,
# TODO: use qt5-compose-cache-write abstraction when it is available # TODO: use qt5-compose-cache-write abstraction when it is available
owner @{user_cache_dirs}/qt_compose_cache_{little,big}_endian_* r, owner @{user_cache_dirs}/qt_compose_cache_{little,big}_endian_* r,
@ -265,7 +265,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
owner @{HOME}/.local/share/RecentDocuments/*.lock rwk, owner @{HOME}/.local/share/RecentDocuments/*.lock rwk,
# TODO: use kde-globals-write abstraction when it is available # TODO: use kde-globals-write abstraction when it is available
owner @{HOME}/.config/kdeglobals rw, owner @{user_config_dirs}/kdeglobals rw,
owner @{HOME}/.config/kdeglobals.* rwl -> @{HOME}/.config/#[0-9]*, owner @{user_config_dirs}/kdeglobals.* rwl -> @{user_config_dirs}/#[0-9]*,
owner @{HOME}/.config/kdeglobals.lock rwk, owner @{user_config_dirs}/kdeglobals.lock rwk,
} }

2
apparmor.d/groups/apps/usr.lib.libreoffice.program.xpdfimport
View File

@ -21,7 +21,7 @@ profile libreoffice-xpdfimport /usr/lib/libreoffice/program/xpdfimport flags=(co
/usr/share/poppler/** r, /usr/share/poppler/** r,
/usr/share/libreoffice/share/config/* r, /usr/share/libreoffice/share/config/* r,
owner @{HOME}/.config/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw, owner @{user_config_dirs}/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw,
/usr/lib/libreoffice/program/xpdfimport pxm, /usr/lib/libreoffice/program/xpdfimport pxm,

6
apparmor.d/groups/apps/vlc
View File

@ -98,8 +98,8 @@ profile vlc @{exec_path} {
# VLC config files # VLC config files
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/.config/vlc/ rw, owner @{user_config_dirs}/vlc/ rw,
owner @{HOME}/.config/vlc/* rwkl -> @{HOME}/.config/vlc/#[0-9]*[0-9], owner @{user_config_dirs}/vlc/* rwkl -> @{user_config_dirs}/vlc/#[0-9]*[0-9],
owner @{HOME}/.local/share/vlc/{,*} rw, owner @{HOME}/.local/share/vlc/{,*} rw,
owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/ rw,
@ -107,7 +107,7 @@ profile vlc @{exec_path} {
owner @{user_cache_dirs}/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/#[0-9]*[0-9] rw,
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
/dev/shm/#[0-9]*[0-9] rw, /dev/shm/#[0-9]*[0-9] rw,

2
apparmor.d/groups/apt/dpkg-buildflags
View File

@ -19,7 +19,7 @@ profile dpkg-buildflags @{exec_path} flags=(complain) {
/usr/share/dpkg/cputable r, /usr/share/dpkg/cputable r,
/usr/share/dpkg/tupletable r, /usr/share/dpkg/tupletable r,
owner @{HOME}/.config/dpkg/buildflags.conf r, owner @{user_config_dirs}/dpkg/buildflags.conf r,
include if exists <local/dpkg-buildflags> include if exists <local/dpkg-buildflags>
} }

2
apparmor.d/groups/apt/dpkg-genbuildinfo
View File

@ -26,7 +26,7 @@ profile dpkg-genbuildinfo @{exec_path} flags=(complain) {
/usr/share/dpkg/cputable r, /usr/share/dpkg/cputable r,
/usr/share/dpkg/tupletable r, /usr/share/dpkg/tupletable r,
owner @{HOME}/.config/dpkg/buildflags.conf r, owner @{user_config_dirs}/dpkg/buildflags.conf r,
/usr/local/bin/ r, /usr/local/bin/ r,
/usr/local/sbin/ r, /usr/local/sbin/ r,

18
apparmor.d/groups/browsers/brave
View File

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev} @{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev}
@{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev} @{BRAVE_HOMEDIR} = @{user_config_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
@{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev} @{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
@{exec_path} = @{BRAVE_INSTALLDIR}/brave{,-beta,-dev} @{exec_path} = @{BRAVE_INSTALLDIR}/brave{,-beta,-dev}
@ -87,7 +87,7 @@ profile brave @{exec_path} {
owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw, owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/.config/BraveSoftware/ w, owner @{user_config_dirs}/BraveSoftware/ w,
owner @{BRAVE_HOMEDIR}/ rw, owner @{BRAVE_HOMEDIR}/ rw,
owner @{BRAVE_HOMEDIR}/** rwk, owner @{BRAVE_HOMEDIR}/** rwk,
# For Widevine plugin # For Widevine plugin
@ -111,14 +111,14 @@ profile brave @{exec_path} {
owner @{HOME}/.mozilla/firefox/*/{cert9,key4}.db rwk, owner @{HOME}/.mozilla/firefox/*/{cert9,key4}.db rwk,
owner @{HOME}/.mozilla/firefox/*/logins.json r, owner @{HOME}/.mozilla/firefox/*/logins.json r,
# For importing data from Chromium # For importing data from Chromium
owner "@{HOME}/.config/chromium/Local State" r, owner "@{user_config_dirs}/chromium/Local State" r,
owner @{HOME}/.config/chromium/Singleton{Lock,Socket,Cookie} w, owner @{user_config_dirs}/chromium/Singleton{Lock,Socket,Cookie} w,
owner "@{HOME}/.config/chromium/*/Login Data{,-journal}" rwk, owner "@{user_config_dirs}/chromium/*/Login Data{,-journal}" rwk,
owner @{HOME}/.config/chromium/*/ r, owner @{user_config_dirs}/chromium/*/ r,
owner @{HOME}/.config/chromium/*/{History,Cookies,Favicons,Bookmarks} rwk, owner @{user_config_dirs}/chromium/*/{History,Cookies,Favicons,Bookmarks} rwk,
owner @{HOME}/.config/menus/applications-merged/ r, owner @{user_config_dirs}/menus/applications-merged/ r,
owner @{HOME}/.config/menus/applications-merged/xdg-desktop-menu-dummy.menu r, owner @{user_config_dirs}/menus/applications-merged/xdg-desktop-menu-dummy.menu r,
/etc/fstab r, /etc/fstab r,

2
apparmor.d/groups/browsers/brave-browser
View File

@ -3,7 +3,7 @@
# SPDX-License-Identifier: GPL-2.0-only # SPDX-License-Identifier: GPL-2.0-only
@{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev} @{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev}
@{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev} @{BRAVE_HOMEDIR} = @{user_config_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
@{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev} @{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
abi <abi/3.0>, abi <abi/3.0>,

2
apparmor.d/groups/browsers/brave-sandbox
View File

@ -3,7 +3,7 @@
# SPDX-License-Identifier: GPL-2.0-only # SPDX-License-Identifier: GPL-2.0-only
@{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev} @{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev}
@{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev} @{BRAVE_HOMEDIR} = @{user_config_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
@{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev} @{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
abi <abi/3.0>, abi <abi/3.0>,

2
apparmor.d/groups/browsers/chromium
View File

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium @{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium
@{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium @{CHROMIUM_HOMEDIR} = @{user_config_dirs}/chromium
@{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium @{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium
@{exec_path} = /{usr/,}bin/chromium @{exec_path} = /{usr/,}bin/chromium

2
apparmor.d/groups/browsers/chromium-chrome-sandbox
View File

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium @{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium
@{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium @{CHROMIUM_HOMEDIR} = @{user_config_dirs}/chromium
@{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium @{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium
@{exec_path} = @{CHROMIUM_INSTALLDIR}/chrome-sandbox @{exec_path} = @{CHROMIUM_INSTALLDIR}/chrome-sandbox

4
apparmor.d/groups/browsers/chromium-chromium
View File

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium @{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium
@{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium @{CHROMIUM_HOMEDIR} = @{user_config_dirs}/chromium
@{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium @{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium
@{exec_path} = @{CHROMIUM_INSTALLDIR}/chromium @{exec_path} = @{CHROMIUM_INSTALLDIR}/chromium
@ -83,7 +83,7 @@ profile chromium-chromium @{exec_path} {
# Chromium home files # Chromium home files
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/.config/ r, owner @{user_config_dirs}/ r,
owner @{CHROMIUM_HOMEDIR}/ rw, owner @{CHROMIUM_HOMEDIR}/ rw,
owner @{CHROMIUM_HOMEDIR}/** rwk, owner @{CHROMIUM_HOMEDIR}/** rwk,
owner @{CHROMIUM_HOMEDIR}/WidevineCdm/*/_platform_specific/linux_*/libwidevinecdm.so mrw, owner @{CHROMIUM_HOMEDIR}/WidevineCdm/*/_platform_specific/linux_*/libwidevinecdm.so mrw,

2
apparmor.d/groups/browsers/firefox
View File

@ -121,7 +121,7 @@ profile firefox @{exec_path} {
# Set default browser # Set default browser
/{usr/,}bin/update-mime-database rPUx, /{usr/,}bin/update-mime-database rPUx,
owner @{HOME}/.config/mimeapps.list{,.*} rw, owner @{user_config_dirs}/mimeapps.list{,.*} rw,
owner @{HOME}/.local/share/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml rw, owner @{HOME}/.local/share/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml rw,
owner @{HOME}/.local/share/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml.* rw, owner @{HOME}/.local/share/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml.* rw,

12
apparmor.d/groups/browsers/google-chrome-chrome
View File

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable} @{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable}
@{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable} @{CHROME_HOMEDIR} = @{user_config_dirs}/google-chrome{,-beta,-unstable}
@{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable} @{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable}
@{exec_path} = @{CHROME_INSTALLDIR}/chrome{,-beta,-unstable} @{exec_path} = @{CHROME_INSTALLDIR}/chrome{,-beta,-unstable}
@ -107,11 +107,11 @@ profile google-chrome-chrome @{exec_path} {
owner @{HOME}/.mozilla/firefox/*/{cert9,key4}.db rwk, owner @{HOME}/.mozilla/firefox/*/{cert9,key4}.db rwk,
owner @{HOME}/.mozilla/firefox/*/logins.json r, owner @{HOME}/.mozilla/firefox/*/logins.json r,
# For importing data from Chromium # For importing data from Chromium
owner "@{HOME}/.config/chromium/Local State" r, owner "@{user_config_dirs}/chromium/Local State" r,
owner @{HOME}/.config/chromium/Singleton{Lock,Socket,Cookie} w, owner @{user_config_dirs}/chromium/Singleton{Lock,Socket,Cookie} w,
owner "@{HOME}/.config/chromium/*/Login Data{,-journal}" rwk, owner "@{user_config_dirs}/chromium/*/Login Data{,-journal}" rwk,
owner @{HOME}/.config/chromium/*/ r, owner @{user_config_dirs}/chromium/*/ r,
owner @{HOME}/.config/chromium/*/{History,Cookies,Favicons,Bookmarks} rwk, owner @{user_config_dirs}/chromium/*/{History,Cookies,Favicons,Bookmarks} rwk,
/etc/fstab r, /etc/fstab r,

2
apparmor.d/groups/browsers/google-chrome-chrome-sandbox
View File

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable} @{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable}
@{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable} @{CHROME_HOMEDIR} = @{user_config_dirs}/google-chrome{,-beta,-unstable}
@{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable} @{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable}
@{exec_path} = @{CHROME_INSTALLDIR}/chrome-sandbox @{exec_path} = @{CHROME_INSTALLDIR}/chrome-sandbox

2
apparmor.d/groups/browsers/google-chrome-google-chrome
View File

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable} @{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable}
@{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable} @{CHROME_HOMEDIR} = @{user_config_dirs}/google-chrome{,-beta,-unstable}
@{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable} @{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable}
@{exec_path} = @{CHROME_INSTALLDIR}/google-chrome{,-beta,-unstable} @{exec_path} = @{CHROME_INSTALLDIR}/google-chrome{,-beta,-unstable}

18
apparmor.d/groups/browsers/opera
View File

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer} @{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer}
@{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer} @{OPERA_HOMEDIR} = @{user_config_dirs}/opera{,-beta,-developer}
@{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer} @{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer}
@{exec_path} = @{OPERA_INSTALLDIR}/opera{,-beta,-developer} @{exec_path} = @{OPERA_INSTALLDIR}/opera{,-beta,-developer}
@ -94,16 +94,16 @@ profile opera @{exec_path} {
owner @{HOME}/.mozilla/firefox/*/{cert9,key4}.db rwk, owner @{HOME}/.mozilla/firefox/*/{cert9,key4}.db rwk,
owner @{HOME}/.mozilla/firefox/*/logins.json r, owner @{HOME}/.mozilla/firefox/*/logins.json r,
# For importing data from Chromium # For importing data from Chromium
owner "@{HOME}/.config/chromium/Local State" r, owner "@{user_config_dirs}/chromium/Local State" r,
owner @{HOME}/.config/chromium/Singleton{Lock,Socket,Cookie} w, owner @{user_config_dirs}/chromium/Singleton{Lock,Socket,Cookie} w,
owner "@{HOME}/.config/chromium/*/Login Data{,-journal}" rwk, owner "@{user_config_dirs}/chromium/*/Login Data{,-journal}" rwk,
owner @{HOME}/.config/chromium/*/ r, owner @{user_config_dirs}/chromium/*/ r,
owner @{HOME}/.config/chromium/*/{History,Cookies,Favicons,Bookmarks} rwk, owner @{user_config_dirs}/chromium/*/{History,Cookies,Favicons,Bookmarks} rwk,
# Flashplayer # Flashplayer
owner @{HOME}/.config/google-chrome{,-beta,-unstable}/PepperFlash/**/manifest.json r, owner @{user_config_dirs}/google-chrome{,-beta,-unstable}/PepperFlash/**/manifest.json r,
owner @{HOME}/.config/google-chrome{,-beta,-unstable}/PepperFlash/latest-component-updated-flash r, owner @{user_config_dirs}/google-chrome{,-beta,-unstable}/PepperFlash/latest-component-updated-flash r,
owner @{HOME}/.config/google-chrome{,-beta,-unstable}/PepperFlash/**/libpepflashplayer.so mr, owner @{user_config_dirs}/google-chrome{,-beta,-unstable}/PepperFlash/**/libpepflashplayer.so mr,
/etc/fstab r, /etc/fstab r,

2
apparmor.d/groups/browsers/opera-crashreporter
View File

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer} @{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer}
@{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer} @{OPERA_HOMEDIR} = @{user_config_dirs}/opera{,-beta,-developer}
@{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer} @{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer}
@{exec_path} = @{OPERA_INSTALLDIR}/opera_crashreporter @{exec_path} = @{OPERA_INSTALLDIR}/opera_crashreporter

2
apparmor.d/groups/browsers/opera-sandbox
View File

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer} @{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer}
@{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer} @{OPERA_HOMEDIR} = @{user_config_dirs}/opera{,-beta,-developer}
@{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer} @{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer}
@{exec_path} = @{OPERA_INSTALLDIR}/opera_sandbox @{exec_path} = @{OPERA_INSTALLDIR}/opera_sandbox

4
apparmor.d/groups/browsers/torbrowser.Browser.firefox
View File

@ -119,8 +119,8 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
deny /dev/dri/ rwklx, deny /dev/dri/ rwklx,
deny @{user_cache_dirs}/fontconfig/ rw, deny @{user_cache_dirs}/fontconfig/ rw,
deny @{user_cache_dirs}/fontconfig/** rw, deny @{user_cache_dirs}/fontconfig/** rw,
deny @{HOME}/.config/gtk-2.0/ rw, deny @{user_config_dirs}/gtk-2.0/ rw,
deny @{HOME}/.config/gtk-2.0/** rw, deny @{user_config_dirs}/gtk-2.0/** rw,
deny @{PROC}/@{pid}/net/route r, deny @{PROC}/@{pid}/net/route r,
deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r, deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r, deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,

8
apparmor.d/groups/desktop/dconf-editor
View File

@ -22,10 +22,10 @@ profile dconf-editor @{exec_path} {
owner @{run}/user/[0-9]*/dconf/user rw, owner @{run}/user/[0-9]*/dconf/user rw,
# When GSETTINGS_BACKEND=keyfile # When GSETTINGS_BACKEND=keyfile
owner @{HOME}/.config/glib-2.0/ rw, owner @{user_config_dirs}/glib-2.0/ rw,
owner @{HOME}/.config/glib-2.0/settings/ rw, owner @{user_config_dirs}/glib-2.0/settings/ rw,
owner @{HOME}/.config/glib-2.0/settings/keyfile rw, owner @{user_config_dirs}/glib-2.0/settings/keyfile rw,
owner @{HOME}/.config/glib-2.0/settings/.goutputstream-* rw, owner @{user_config_dirs}/glib-2.0/settings/.goutputstream-* rw,
/usr/share/glib-2.0/schemas/{,*} r, /usr/share/glib-2.0/schemas/{,*} r,

4
apparmor.d/groups/desktop/dconf-service
View File

@ -18,8 +18,8 @@ profile dconf-service @{exec_path} {
owner @{run}/user/[0-9]*/dconf/ rw, owner @{run}/user/[0-9]*/dconf/ rw,
owner @{run}/user/[0-9]*/dconf/user rw, owner @{run}/user/[0-9]*/dconf/user rw,
owner @{HOME}/.config/dconf/ rw, owner @{user_config_dirs}/dconf/ rw,
owner @{HOME}/.config/dconf/user{,.*} rw, owner @{user_config_dirs}/dconf/user{,.*} rw,
owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/ rw,
owner @{user_cache_dirs}/dconf/ rw, owner @{user_cache_dirs}/dconf/ rw,

2
apparmor.d/groups/gnome/gio-launch-desktop
View File

@ -23,7 +23,7 @@ profile gio-launch-desktop @{exec_path} {
/var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r, /var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r,
# User files # User files
owner @{HOME}/.config/mimeapps.list r, owner @{user_config_dirs}/mimeapps.list r,
owner @{HOME}/.local/share/applications/{,*.desktop} r, owner @{HOME}/.local/share/applications/{,*.desktop} r,
owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/ r,

2
apparmor.d/profiles-a-l/amarok
View File

@ -114,7 +114,7 @@ profile amarok @{exec_path} {
owner @{HOME}/.local/share/user-places.xbel rw, owner @{HOME}/.local/share/user-places.xbel rw,
owner @{HOME}/.config/Trolltech.conf rwk, owner @{user_config_dirs}/Trolltech.conf rwk,
deny /etc/rpc r, deny /etc/rpc r,

2
apparmor.d/profiles-a-l/amixer
View File

@ -18,7 +18,7 @@ profile amixer @{exec_path} {
owner @{HOME}/.Xauthority r, owner @{HOME}/.Xauthority r,
owner @{HOME}/.config/pulse/ r, owner @{user_config_dirs}/pulse/ r,
include if exists <local/amixer> include if exists <local/amixer>
} }

2
apparmor.d/profiles-a-l/anki
View File

@ -42,7 +42,7 @@ profile anki @{exec_path} {
/{usr/,}lib/@{multiarch}/qt5/libexec/QtWebEngineProcess rix, /{usr/,}lib/@{multiarch}/qt5/libexec/QtWebEngineProcess rix,
/usr/share/qt5/**/*.pak r, /usr/share/qt5/**/*.pak r,
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
owner @{HOME}/ r, owner @{HOME}/ r,

2
apparmor.d/profiles-a-l/aplay
View File

@ -18,7 +18,7 @@ profile aplay @{exec_path} flags=(complain) {
owner @{HOME}/.Xauthority r, owner @{HOME}/.Xauthority r,
owner @{HOME}/.config/pulse/ r, owner @{user_config_dirs}/pulse/ r,
include if exists <local/aplay> include if exists <local/aplay>
} }

4
apparmor.d/profiles-a-l/appimage-beyond-all-reason
View File

@ -66,8 +66,8 @@ profile appimage-beyond-all-reason @{exec_path} {
owner /tmp/.org.chromium.Chromium.*/*.png rw, owner /tmp/.org.chromium.Chromium.*/*.png rw,
owner /tmp/.org.chromium.Chromium.* rw, owner /tmp/.org.chromium.Chromium.* rw,
owner @{HOME}/.config/Beyond-All-Reason/ rw, owner @{user_config_dirs}/Beyond-All-Reason/ rw,
owner @{HOME}/.config/Beyond-All-Reason/** rwk, owner @{user_config_dirs}/Beyond-All-Reason/** rwk,
owner "@{HOME}/Beyond All Reason/" rw, owner "@{HOME}/Beyond All Reason/" rw,
owner "@{HOME}/Beyond All Reason/**" rwkm, owner "@{HOME}/Beyond All Reason/**" rwkm,

10
apparmor.d/profiles-a-l/birdtray
View File

@ -35,11 +35,11 @@ profile birdtray @{exec_path} {
/usr/share/ulduzsoft/birdtray/{,**} r, /usr/share/ulduzsoft/birdtray/{,**} r,
owner @{HOME}/.config/ulduzsoft/ rw, owner @{user_config_dirs}/ulduzsoft/ rw,
owner @{HOME}/.config/ulduzsoft/* rwkl -> /home/morfik/.config/ulduzsoft/*, owner @{user_config_dirs}/ulduzsoft/* rwkl -> /home/morfik/.config/ulduzsoft/*,
owner @{HOME}/.config/birdtray-config.json rwl -> @{HOME}/.config/#[0-9]*[0-9], owner @{user_config_dirs}/birdtray-config.json rwl -> @{user_config_dirs}/#[0-9]*[0-9],
owner @{HOME}/.config/birdtray-config.json.* rwl -> @{HOME}/.config/#[0-9]*[0-9], owner @{user_config_dirs}/birdtray-config.json.* rwl -> @{user_config_dirs}/#[0-9]*[0-9],
owner /tmp/birdtray.ulduzsoft.single.instance.server.socket w, owner /tmp/birdtray.ulduzsoft.single.instance.server.socket w,
@ -52,7 +52,7 @@ profile birdtray @{exec_path} {
owner @{HOME}/.thunderbird/*.*/{Imap,}Mail/**/*.msf r, owner @{HOME}/.thunderbird/*.*/{Imap,}Mail/**/*.msf r,
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
/usr/share/hwdata/pnp.ids r, /usr/share/hwdata/pnp.ids r,

4
apparmor.d/profiles-a-l/borg
View File

@ -47,8 +47,8 @@ profile borg @{exec_path} {
owner @{user_cache_dirs}/borg/ rw, owner @{user_cache_dirs}/borg/ rw,
owner @{user_cache_dirs}/borg/** rw, owner @{user_cache_dirs}/borg/** rw,
owner @{HOME}/.config/borg/ rw, owner @{user_config_dirs}/borg/ rw,
owner @{HOME}/.config/borg/** rw, owner @{user_config_dirs}/borg/** rw,
# If /tmp/ isn't accessible, then /var/tmp/ is used. # If /tmp/ isn't accessible, then /var/tmp/ is used.
owner /tmp/* rw, owner /tmp/* rw,

4
apparmor.d/profiles-a-l/cawbird
View File

@ -28,8 +28,8 @@ profile cawbird @{exec_path} {
/{usr/,}lib/@{multiarch}/gstreamer[0-9]*.[0-9]*/gstreamer-[0-9]*.[0-9]*/gst-plugin-scanner rPx, /{usr/,}lib/@{multiarch}/gstreamer[0-9]*.[0-9]*/gstreamer-[0-9]*.[0-9]*/gst-plugin-scanner rPx,
owner @{HOME}/.config/cawbird/ rw, owner @{user_config_dirs}/cawbird/ rw,
owner @{HOME}/.config/cawbird/** rwk, owner @{user_config_dirs}/cawbird/** rwk,
owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/ rw,
owner @{user_cache_dirs}/cawbird-* rw, owner @{user_cache_dirs}/cawbird-* rw,

2
apparmor.d/profiles-a-l/compton
View File

@ -14,7 +14,7 @@ profile compton @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
# Compton config file # Compton config file
owner @{HOME}/.config/compton.conf rw, owner @{user_config_dirs}/compton.conf rw,
/usr/share/X11/XErrorDB r, /usr/share/X11/XErrorDB r,
owner @{HOME}/.Xauthority r, owner @{HOME}/.Xauthority r,

2
apparmor.d/profiles-a-l/convertall
View File

@ -31,7 +31,7 @@ profile convertall @{exec_path} {
deny owner @{PROC}/@{pid}/cmdline r, deny owner @{PROC}/@{pid}/cmdline r,
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
/usr/share/convertall/{,**} r, /usr/share/convertall/{,**} r,

2
apparmor.d/profiles-a-l/dfc
View File

@ -14,7 +14,7 @@ profile dfc @{exec_path} {
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
owner @{HOME}/.config/dfc/dfcrc r, owner @{user_config_dirs}/dfc/dfcrc r,
owner @{HOME}/.dfcrc r, owner @{HOME}/.dfcrc r,
include if exists <local/dfc> include if exists <local/dfc>

6
apparmor.d/profiles-a-l/engrampa
View File

@ -48,7 +48,7 @@ profile engrampa @{exec_path} {
owner @{run}/user/[0-9]*/dconf/ rw, owner @{run}/user/[0-9]*/dconf/ rw,
owner @{run}/user/[0-9]*/dconf/user rw, owner @{run}/user/[0-9]*/dconf/user rw,
owner @{HOME}/.config/engrampa/ rw, owner @{user_config_dirs}/engrampa/ rw,
/ r, / r,
/home/ r, /home/ r,
@ -62,8 +62,8 @@ profile engrampa @{exec_path} {
owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/ rw,
owner @{user_cache_dirs}/.fr-*/{,**} rw, owner @{user_cache_dirs}/.fr-*/{,**} rw,
owner @{HOME}/.config/ r, owner @{user_config_dirs}/ r,
owner @{HOME}/.config/mimeapps.list{,.*} rw, owner @{user_config_dirs}/mimeapps.list{,.*} rw,
owner @{HOME}/.local/share/ r, owner @{HOME}/.local/share/ r,
owner @{HOME}/.local/share/gvfs-metadata/** r, owner @{HOME}/.local/share/gvfs-metadata/** r,

6
apparmor.d/profiles-a-l/exo-helper
View File

@ -31,12 +31,12 @@ profile exo-helper @{exec_path} {
/etc/xdg/{,xdg-*/}xfce4/helpers.rc r, /etc/xdg/{,xdg-*/}xfce4/helpers.rc r,
owner @{HOME}/.config/xfce4/helpers.rc rw, owner @{user_config_dirs}/xfce4/helpers.rc rw,
owner @{HOME}/.config/xfce4/helpers.rc.@{pid}.tmp rw, owner @{user_config_dirs}/xfce4/helpers.rc.@{pid}.tmp rw,
owner @{HOME}/.local/share/xfce4/helpers/*.desktop rw, owner @{HOME}/.local/share/xfce4/helpers/*.desktop rw,
owner @{HOME}/.local/share/xfce4/helpers/*.desktop.@{pid}.tmp rw, owner @{HOME}/.local/share/xfce4/helpers/*.desktop.@{pid}.tmp rw,
owner @{HOME}/.config/mimeapps.list{,.*} rw, owner @{user_config_dirs}/mimeapps.list{,.*} rw,
# Some missing icons # Some missing icons
/usr/share/**.png r, /usr/share/**.png r,

10
apparmor.d/profiles-a-l/font-manager
View File

@ -36,12 +36,12 @@ profile font-manager @{exec_path} {
owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
owner @{HOME}/.config/font-manager/ rw, owner @{user_config_dirs}/font-manager/ rw,
owner @{HOME}/.config/font-manager/* rw, owner @{user_config_dirs}/font-manager/* rw,
owner @{HOME}/.config/fontconfig/ rw, owner @{user_config_dirs}/fontconfig/ rw,
owner @{HOME}/.config/fontconfig/conf.d/ rw, owner @{user_config_dirs}/fontconfig/conf.d/ rw,
owner @{HOME}/.config/fontconfig/conf.d/* rw, owner @{user_config_dirs}/fontconfig/conf.d/* rw,
owner @{HOME}/.local/share/fonts/ rw, owner @{HOME}/.local/share/fonts/ rw,
owner "@{HOME}/.local/share/fonts/Google Fonts/" rw, owner "@{HOME}/.local/share/fonts/Google Fonts/" rw,

6
apparmor.d/profiles-a-l/fritzing
View File

@ -28,14 +28,14 @@ profile fritzing @{exec_path} {
@{exec_path} mrix, @{exec_path} mrix,
owner @{HOME}/.config/Fritzing/ rw, owner @{user_config_dirs}/Fritzing/ rw,
owner @{HOME}/.config/Fritzing/** rwkl -> @{HOME}/.config/Fritzing/**, owner @{user_config_dirs}/Fritzing/** rwkl -> @{user_config_dirs}/Fritzing/**,
owner @{HOME}/Documents/Fritzing/ rw, owner @{HOME}/Documents/Fritzing/ rw,
owner @{HOME}/Documents/Fritzing/** rw, owner @{HOME}/Documents/Fritzing/** rw,
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
/usr/share/fritzing/{,**} r, /usr/share/fritzing/{,**} r,

2
apparmor.d/profiles-a-l/gajim
View File

@ -53,7 +53,7 @@ profile gajim @{exec_path} {
# Gajim home files # Gajim home files
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/.config/gajim/{,**} rw, owner @{user_config_dirs}/gajim/{,**} rw,
owner @{HOME}/.local/share/gajim/ rw, owner @{HOME}/.local/share/gajim/ rw,
owner @{HOME}/.local/share/gajim/** rwk, owner @{HOME}/.local/share/gajim/** rwk,

2
apparmor.d/profiles-a-l/games-wesnoth
View File

@ -22,7 +22,7 @@ profile games-wesnoth @{exec_path} {
/usr/share/games/wesnoth/[0-9]*/{,**} r, /usr/share/games/wesnoth/[0-9]*/{,**} r,
owner @{HOME}/.config/wesnoth-[0-9]*/{,**} rw, owner @{user_config_dirs}/wesnoth-[0-9]*/{,**} rw,
owner @{HOME}/.Xauthority r, owner @{HOME}/.Xauthority r,

4
apparmor.d/profiles-a-l/git
View File

@ -67,8 +67,8 @@ profile git @{exec_path} {
/{usr/,}bin/sensible-editor rCx -> editor, /{usr/,}bin/sensible-editor rCx -> editor,
/{usr/,}bin/vim.* rCx -> editor, /{usr/,}bin/vim.* rCx -> editor,
owner @{HOME}/.config/git/ rw, owner @{user_config_dirs}/git/ rw,
owner @{HOME}/.config/git/config rw, owner @{user_config_dirs}/git/config rw,
/usr/share/git-core/{,**} r, /usr/share/git-core/{,**} r,

4
apparmor.d/profiles-a-l/globaltime
View File

@ -17,8 +17,8 @@ profile globaltime @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
owner @{HOME}/.config/globaltime/ rw, owner @{user_config_dirs}/globaltime/ rw,
owner @{HOME}/.config/globaltime/globaltimerc{,.*} rw, owner @{user_config_dirs}/globaltime/globaltimerc{,.*} rw,
# file_inherit # file_inherit
owner /dev/tty[0-9]* rw, owner /dev/tty[0-9]* rw,

4
apparmor.d/profiles-a-l/gsmartcontrol
View File

@ -37,8 +37,8 @@ profile gsmartcontrol @{exec_path} {
deny /{usr/,}bin/dbus-launch rx, deny /{usr/,}bin/dbus-launch rx,
deny /{usr/,}bin/dbus-send rx, deny /{usr/,}bin/dbus-send rx,
owner @{HOME}/.config/gsmartcontrol/ rw, owner @{user_config_dirs}/gsmartcontrol/ rw,
owner @{HOME}/.config/gsmartcontrol/gsmartcontrol.conf rw, owner @{user_config_dirs}/gsmartcontrol/gsmartcontrol.conf rw,
# As it's started as root # As it's started as root
@{HOME}/.Xauthority r, @{HOME}/.Xauthority r,

2
apparmor.d/profiles-a-l/gtk-youtube-viewer
View File

@ -44,7 +44,7 @@ profile gtk-youtube-viewer @{exec_path} {
/{usr/,}bin/xdg-open rCx -> open, /{usr/,}bin/xdg-open rCx -> open,
/{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rCx -> open, /{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rCx -> open,
owner @{HOME}/.config/youtube-viewer/{,*} rw, owner @{user_config_dirs}/youtube-viewer/{,*} rw,
owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/ rw,
owner @{user_cache_dirs}/youtube-viewer/ rw, owner @{user_cache_dirs}/youtube-viewer/ rw,

8
apparmor.d/profiles-a-l/gzdoom
View File

@ -56,11 +56,11 @@ profile gzdoom @{exec_path} {
@{sys}/devices/pci[0-9]*/**/usb[0-9]/**/uevent r, @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/uevent r,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/.config/gzdoom/ rw, owner @{user_config_dirs}/gzdoom/ rw,
owner @{HOME}/.config/gzdoom/** rw, owner @{user_config_dirs}/gzdoom/** rw,
owner @{HOME}/.config/zdoom/ rw, owner @{user_config_dirs}/zdoom/ rw,
owner @{HOME}/.config/zdoom/** rwk, owner @{user_config_dirs}/zdoom/** rwk,
owner @{HOME}/gzdoom-crash.log rw, owner @{HOME}/gzdoom-crash.log rw,

4
apparmor.d/profiles-a-l/hexchat
View File

@ -37,8 +37,8 @@ profile hexchat @{exec_path} {
# Hexchat home files # Hexchat home files
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/.config/hexchat/ rw, owner @{user_config_dirs}/hexchat/ rw,
owner @{HOME}/.config/hexchat/** rw, owner @{user_config_dirs}/hexchat/** rw,
owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mountinfo r,

4
apparmor.d/profiles-a-l/htop
View File

@ -86,8 +86,8 @@ profile htop @{exec_path} {
@{sys}/devices/**/hwmon[0-9]*/**/ r, @{sys}/devices/**/hwmon[0-9]*/**/ r,
@{sys}/devices/**/hwmon[0-9]*/**/{name,temp*} r, @{sys}/devices/**/hwmon[0-9]*/**/{name,temp*} r,
owner @{HOME}/.config/htop/ rw, owner @{user_config_dirs}/htop/ rw,
owner @{HOME}/.config/htop/htoprc rw, owner @{user_config_dirs}/htop/htoprc rw,
# When started in TTY, to remove the following error: # When started in TTY, to remove the following error:
# htop[]: *** err # htop[]: *** err

6
apparmor.d/profiles-a-l/jgmenu
View File

@ -32,10 +32,10 @@ profile jgmenu @{exec_path} {
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/.jgmenu-lockfile rwk, owner @{HOME}/.jgmenu-lockfile rwk,
owner @{HOME}/.config/tint2/* r, owner @{user_config_dirs}/tint2/* r,
owner @{HOME}/.config/jgmenu/ rw, owner @{user_config_dirs}/jgmenu/ rw,
owner @{HOME}/.config/jgmenu/** rw, owner @{user_config_dirs}/jgmenu/** rw,
owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/ rw,
owner @{user_cache_dirs}/jgmenu/ rw, owner @{user_cache_dirs}/jgmenu/ rw,

2
apparmor.d/profiles-a-l/kanyremote
View File

@ -60,7 +60,7 @@ profile kanyremote @{exec_path} {
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/.anyRemote/{,*} rw, owner @{HOME}/.anyRemote/{,*} rw,
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
/usr/share/anyremote/{,**} r, /usr/share/anyremote/{,**} r,

12
apparmor.d/profiles-a-l/keepassxc
View File

@ -38,8 +38,8 @@ profile keepassxc @{exec_path} {
/usr/share/keepassxc/{,**} r, /usr/share/keepassxc/{,**} r,
owner @{HOME}/.config/keepassxc/ rw, owner @{user_config_dirs}/keepassxc/ rw,
owner @{HOME}/.config/keepassxc/* rwkl -> @{HOME}/.config/keepassxc/#[0-9]*[0-9], owner @{user_config_dirs}/keepassxc/* rwkl -> @{user_config_dirs}/keepassxc/#[0-9]*[0-9],
owner @{user_cache_dirs}/keepassxc/ rw, owner @{user_cache_dirs}/keepassxc/ rw,
owner @{user_cache_dirs}/keepassxc/* rwkl -> @{user_cache_dirs}/keepassxc/#[0-9]*[0-9], owner @{user_cache_dirs}/keepassxc/* rwkl -> @{user_cache_dirs}/keepassxc/#[0-9]*[0-9],
@ -61,7 +61,7 @@ profile keepassxc @{exec_path} {
owner @{HOME}/.ssh/*.pub r, owner @{HOME}/.ssh/*.pub r,
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
owner /tmp/keepassxc-*.lock{,.rmlock} rwk, owner /tmp/keepassxc-*.lock{,.rmlock} rwk,
@ -87,9 +87,9 @@ profile keepassxc @{exec_path} {
/dev/shm/#[0-9]*[0-9] rw, /dev/shm/#[0-9]*[0-9] rw,
# For browser integration # For browser integration
owner @{HOME}/.config/google-chrome{,-beta,-unstable}/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json rw, owner @{user_config_dirs}/google-chrome{,-beta,-unstable}/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json rw,
owner @{HOME}/.config/chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json rw, owner @{user_config_dirs}/chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json rw,
owner @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev}/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json rw, owner @{user_config_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json rw,
owner @{HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json rw, owner @{HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json rw,
owner @{run}/user/[0-9]*/.[a-zA-Z]*/{,s} rw, owner @{run}/user/[0-9]*/.[a-zA-Z]*/{,s} rw,
owner @{run}/user/[0-9]*/kpxc_server rw, owner @{run}/user/[0-9]*/kpxc_server rw,

4
apparmor.d/profiles-a-l/keepassxc-proxy
View File

@ -34,8 +34,8 @@ profile keepassxc-proxy @{exec_path} {
deny owner /tmp/firefox*/.parentlock rw, deny owner /tmp/firefox*/.parentlock rw,
deny owner /tmp/tmp-*.xpi rw, deny owner /tmp/tmp-*.xpi rw,
deny owner /tmp/tmpaddon r, deny owner /tmp/tmpaddon r,
deny owner @{HOME}/.config/google-chrome/** rw, deny owner @{user_config_dirs}/google-chrome/** rw,
deny owner @{HOME}/.config/chromium/** rw, deny owner @{user_config_dirs}/chromium/** rw,
# #
/usr/share/icons/*/index.theme r, /usr/share/icons/*/index.theme r,
# #

6
apparmor.d/profiles-a-l/kscreenlocker-greet
View File

@ -34,10 +34,10 @@ profile kscreenlocker-greet @{exec_path} {
owner @{HOME}/.Xauthority r, owner @{HOME}/.Xauthority r,
owner @{HOME}/.config/kdeglobals r, owner @{user_config_dirs}/kdeglobals r,
owner @{HOME}/.config/kscreenlockerrc r, owner @{user_config_dirs}/kscreenlockerrc r,
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/ rw,

6
apparmor.d/profiles-a-l/kwalletd5
View File

@ -27,9 +27,9 @@ profile kwalletd5 @{exec_path} {
/{usr/,}lib/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemX11Plugin.so mr, /{usr/,}lib/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemX11Plugin.so mr,
owner @{HOME}/.config/kwalletrc r, owner @{user_config_dirs}/kwalletrc r,
owner @{HOME}/.config/kdeglobals r, owner @{user_config_dirs}/kdeglobals r,
owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_cache_dirs}/icon-cache.kcache rw,
owner @{HOME}/.local/share/kwalletd/ rw, owner @{HOME}/.local/share/kwalletd/ rw,
@ -39,7 +39,7 @@ profile kwalletd5 @{exec_path} {
owner @{HOME}/.local/share/kwalletd/*.kwl.* rwl -> @{HOME}/.local/share/kwalletd/#[0-9]*[0-9], owner @{HOME}/.local/share/kwalletd/*.kwl.* rwl -> @{HOME}/.local/share/kwalletd/#[0-9]*[0-9],
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,

24
apparmor.d/profiles-a-l/kwalletmanager5
View File

@ -33,22 +33,22 @@ profile kwalletmanager5 @{exec_path} {
/usr/share/kxmlgui5/kwalletmanager5/kwalletmanager.rc r, /usr/share/kxmlgui5/kwalletmanager5/kwalletmanager.rc r,
owner @{HOME}/.config/#[0-9]*[0-9] rw, owner @{user_config_dirs}/#[0-9]*[0-9] rw,
owner @{HOME}/.config/kwalletrc rw, owner @{user_config_dirs}/kwalletrc rw,
owner @{HOME}/.config/kwalletrc.lock rwk, owner @{user_config_dirs}/kwalletrc.lock rwk,
owner @{HOME}/.config/kwalletrc.* rwl -> @{HOME}/.config/#[0-9]*[0-9], owner @{user_config_dirs}/kwalletrc.* rwl -> @{user_config_dirs}/#[0-9]*[0-9],
owner @{HOME}/.config/kwalletmanager5rc rw, owner @{user_config_dirs}/kwalletmanager5rc rw,
owner @{HOME}/.config/kwalletmanager5rc.lock rwk, owner @{user_config_dirs}/kwalletmanager5rc.lock rwk,
owner @{HOME}/.config/kwalletmanager5rc.* rwl -> @{HOME}/.config/#[0-9]*[0-9], owner @{user_config_dirs}/kwalletmanager5rc.* rwl -> @{user_config_dirs}/#[0-9]*[0-9],
owner @{HOME}/.config/session/#[0-9]*[0-9] rw, owner @{user_config_dirs}/session/#[0-9]*[0-9] rw,
owner @{HOME}/.config/session/kwalletmanager5_* rwl -> @{HOME}/.config/session/#[0-9]*[0-9], owner @{user_config_dirs}/session/kwalletmanager5_* rwl -> @{user_config_dirs}/session/#[0-9]*[0-9],
owner @{HOME}/.config/session/kwalletmanager5_*.lock rwk, owner @{user_config_dirs}/session/kwalletmanager5_*.lock rwk,
owner @{HOME}/.config/kdeglobals r, owner @{user_config_dirs}/kdeglobals r,
owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_cache_dirs}/icon-cache.kcache rw,
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
deny owner @{PROC}/@{pid}/cmdline r, deny owner @{PROC}/@{pid}/cmdline r,

4
apparmor.d/profiles-a-l/labwc
View File

@ -31,8 +31,8 @@ profile labwc @{exec_path} flags=(attach_disconnected) {
/{usr/,}bin/* rPUx, /{usr/,}bin/* rPUx,
/usr/libexec/* rPUx, /usr/libexec/* rPUx,
owner @{HOME}/.config/labwc/ r, owner @{user_config_dirs}/labwc/ r,
owner @{HOME}/.config/labwc/* r, owner @{user_config_dirs}/labwc/* r,
/usr/share/libinput/ r, /usr/share/libinput/ r,
/usr/share/libinput/*.quirks r, /usr/share/libinput/*.quirks r,

4
apparmor.d/profiles-a-l/light
View File

@ -18,8 +18,8 @@ profile light @{exec_path} {
/etc/light/**/ rw, /etc/light/**/ rw,
/etc/light/targets/sysfs/backlight/auto/save rw, /etc/light/targets/sysfs/backlight/auto/save rw,
owner @{HOME}/.config/light/ rw, owner @{user_config_dirs}/light/ rw,
owner @{HOME}/.config/light/** rw, owner @{user_config_dirs}/light/** rw,
@{sys}/class/backlight/ r, @{sys}/class/backlight/ r,
@{sys}/class/leds/ r, @{sys}/class/leds/ r,

2
apparmor.d/profiles-a-l/linssid
View File

@ -56,7 +56,7 @@ profile linssid @{exec_path} {
/usr/share/hwdata/pnp.ids r, /usr/share/hwdata/pnp.ids r,
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/ r,

2
apparmor.d/profiles-a-l/lxappearance
View File

@ -33,7 +33,7 @@ profile lxappearance @{exec_path} {
owner @{HOME}/.icons/{,**} rw, owner @{HOME}/.icons/{,**} rw,
owner @{HOME}/.gtkrc-2.0{,.*} rw, owner @{HOME}/.gtkrc-2.0{,.*} rw,
owner @{HOME}/.config/gtk-3.0/settings.ini{,.*} rw, owner @{user_config_dirs}/gtk-3.0/settings.ini{,.*} rw,
/etc/X11/cursors/*.theme r, /etc/X11/cursors/*.theme r,

8
apparmor.d/profiles-m-z/megasync
View File

@ -50,10 +50,10 @@ profile megasync @{exec_path} {
owner "@{HOME}/.local/share/data/Mega Limited/**" rwkl -> "@{HOME}/.local/share/data/Mega Limited/MEGAsync/#[0-9]*[0-9]", owner "@{HOME}/.local/share/data/Mega Limited/**" rwkl -> "@{HOME}/.local/share/data/Mega Limited/MEGAsync/#[0-9]*[0-9]",
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
owner @{HOME}/.config/QtProject.conf r, owner @{user_config_dirs}/QtProject.conf r,
# Sync folder # Sync folder
#/ r, #/ r,
@ -71,8 +71,8 @@ profile megasync @{exec_path} {
/etc/fstab r, /etc/fstab r,
# Autostart # Autostart
owner @{HOME}/.config/autostart/#[0-9]*[0-9] rw, owner @{user_config_dirs}/autostart/#[0-9]*[0-9] rw,
owner @{HOME}/.config/autostart/megasync.desktop rwl -> @{HOME}/.config/autostart/#[0-9]*[0-9], owner @{user_config_dirs}/autostart/megasync.desktop rwl -> @{user_config_dirs}/autostart/#[0-9]*[0-9],
/dev/shm/#[0-9]*[0-9] rw, /dev/shm/#[0-9]*[0-9] rw,

6
apparmor.d/profiles-m-z/minitube
View File

@ -35,8 +35,8 @@ profile minitube @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
# Minitube home files # Minitube home files
owner "@{HOME}/.config/Flavio Tordini/" rw, owner "@{user_config_dirs}/Flavio Tordini/" rw,
owner "@{HOME}/.config/Flavio Tordini/*" rwkl -> "@{HOME}/.config/Flavio Tordini/#[0-9]*[0-9]", owner "@{user_config_dirs}/Flavio Tordini/*" rwkl -> "@{user_config_dirs}/Flavio Tordini/#[0-9]*[0-9]",
owner "@{HOME}/.local/share/Flavio Tordini/" rw, owner "@{HOME}/.local/share/Flavio Tordini/" rw,
owner "@{HOME}/.local/share/Flavio Tordini/Minitube/" rw, owner "@{HOME}/.local/share/Flavio Tordini/Minitube/" rw,
owner "@{HOME}/.local/share/Flavio Tordini/Minitube/*" rwk, owner "@{HOME}/.local/share/Flavio Tordini/Minitube/*" rwk,
@ -66,7 +66,7 @@ profile minitube @{exec_path} {
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9], owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
deny /dev/ r, deny /dev/ r,

8
apparmor.d/profiles-m-z/mkvtoolnix-gui
View File

@ -70,9 +70,9 @@ profile mkvtoolnix-gui @{exec_path} {
owner /media/**/ r, owner /media/**/ r,
owner /{home,media}/**.@{mkvtoolnix_ext} rw, owner /{home,media}/**.@{mkvtoolnix_ext} rw,
owner @{HOME}/.config/bunkus.org/ rw, owner @{user_config_dirs}/bunkus.org/ rw,
owner @{HOME}/.config/bunkus.org/mkvtoolnix-gui/ rw, owner @{user_config_dirs}/bunkus.org/mkvtoolnix-gui/ rw,
owner @{HOME}/.config/bunkus.org/mkvtoolnix-gui/** rwkl -> @{HOME}/.config/bunkus.org/mkvtoolnix-gui/#[0-9]*[0-9], owner @{user_config_dirs}/bunkus.org/mkvtoolnix-gui/** rwkl -> @{user_config_dirs}/bunkus.org/mkvtoolnix-gui/#[0-9]*[0-9],
owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/ rw,
owner @{user_cache_dirs}/bunkus.org/ rw, owner @{user_cache_dirs}/bunkus.org/ rw,
@ -80,7 +80,7 @@ profile mkvtoolnix-gui @{exec_path} {
owner @{user_cache_dirs}/bunkus.org/mkvtoolnix-gui/**/ rw, owner @{user_cache_dirs}/bunkus.org/mkvtoolnix-gui/**/ rw,
owner @{user_cache_dirs}/bunkus.org/mkvtoolnix-gui/**/[0-9a-f]* rw, owner @{user_cache_dirs}/bunkus.org/mkvtoolnix-gui/**/[0-9a-f]* rw,
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
owner /tmp/#[0-9]*[0-9] rw, owner /tmp/#[0-9]*[0-9] rw,

4
apparmor.d/profiles-m-z/mpsyt
View File

@ -38,10 +38,10 @@ profile mpsyt @{exec_path} {
# MPV config files # MPV config files
/etc/mpv/* r, /etc/mpv/* r,
owner @{HOME}/.config/mpv/* r, owner @{user_config_dirs}/mpv/* r,
# mps-yt config files # mps-yt config files
owner @{HOME}/.config/mps-youtube/{,**} rw, owner @{user_config_dirs}/mps-youtube/{,**} rw,
# Cache files # Cache files
owner @{user_cache_dirs}/youtube-dl/youtube-sigfuncs/js_*.json{,.*.tmp} rw, owner @{user_cache_dirs}/youtube-dl/youtube-sigfuncs/js_*.json{,.*.tmp} rw,

4
apparmor.d/profiles-m-z/mpv
View File

@ -84,8 +84,8 @@ profile mpv @{exec_path} {
# MPV config files # MPV config files
/etc/mpv/* r, /etc/mpv/* r,
owner @{HOME}/.config/mpv/ rw, owner @{user_config_dirs}/mpv/ rw,
owner @{HOME}/.config/mpv/* rw, owner @{user_config_dirs}/mpv/* rw,
# Which files MPV should be able to open # Which files MPV should be able to open
/ r, / r,

6
apparmor.d/profiles-m-z/mumble
View File

@ -40,8 +40,8 @@ profile mumble @{exec_path} {
# Mumble home files # Mumble home files
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/.config/Mumble/ rw, owner @{user_config_dirs}/Mumble/ rw,
owner @{HOME}/.config/Mumble/** rwkl -> @{HOME}/.config/Mumble/#[0-9]*[0-9], owner @{user_config_dirs}/Mumble/** rwkl -> @{user_config_dirs}/Mumble/#[0-9]*[0-9],
owner @{HOME}/.local/share/Mumble/ rw, owner @{HOME}/.local/share/Mumble/ rw,
owner @{HOME}/.local/share/Mumble/** rwk, owner @{HOME}/.local/share/Mumble/** rwk,
owner @{HOME}/.MumbleOverlayPipe rw, owner @{HOME}/.MumbleOverlayPipe rw,
@ -66,7 +66,7 @@ profile mumble @{exec_path} {
/etc/fstab r, /etc/fstab r,
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
/usr/share/hwdata/pnp.ids r, /usr/share/hwdata/pnp.ids r,

2
apparmor.d/profiles-m-z/obconf
View File

@ -24,7 +24,7 @@ profile obconf @{exec_path} {
/etc/xdg/openbox/rc.xml r, /etc/xdg/openbox/rc.xml r,
owner @{HOME}/.config/openbox/rc.xml rw, owner @{user_config_dirs}/openbox/rc.xml rw,
owner @{HOME}/.themes/{,**} r, owner @{HOME}/.themes/{,**} r,

10
apparmor.d/profiles-m-z/openbox
View File

@ -31,10 +31,10 @@ profile openbox @{exec_path} {
/etc/xdg/openbox/* r, /etc/xdg/openbox/* r,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/.config/openbox/ r, owner @{user_config_dirs}/openbox/ r,
owner @{HOME}/.config/openbox/* r, owner @{user_config_dirs}/openbox/* r,
owner @{HOME}/.config/obmenu-generator/icons/[0-9a-f]*.png r, owner @{user_config_dirs}/obmenu-generator/icons/[0-9a-f]*.png r,
owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/ rw,
owner @{user_cache_dirs}/openbox/ rw, owner @{user_cache_dirs}/openbox/ rw,
@ -67,8 +67,8 @@ profile openbox @{exec_path} {
/usr/local/lib/python*/dist-packages/ r, /usr/local/lib/python*/dist-packages/ r,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/.config/openbox/autostart r, owner @{user_config_dirs}/openbox/autostart r,
owner @{HOME}/.config/autostart/{,*} r, owner @{user_config_dirs}/autostart/{,*} r,
/etc/xdg/openbox/autostart r, /etc/xdg/openbox/autostart r,
/etc/xdg/autostart/{,*} r, /etc/xdg/autostart/{,*} r,

2
apparmor.d/profiles-m-z/openbox-session
View File

@ -18,7 +18,7 @@ profile openbox-session @{exec_path} {
/{usr/,}bin/openbox rPx, /{usr/,}bin/openbox rPx,
/etc/xdg/openbox/environment r, /etc/xdg/openbox/environment r,
owner @{HOME}/.config/openbox/environment r, owner @{user_config_dirs}/openbox/environment r,
# file_inherit # file_inherit
owner @{HOME}/.xsession-errors w, owner @{HOME}/.xsession-errors w,

4
apparmor.d/profiles-m-z/orage
View File

@ -25,8 +25,8 @@ profile orage @{exec_path} {
/{usr/,}bin/exo-open rCx -> open, /{usr/,}bin/exo-open rCx -> open,
/{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rCx -> open, /{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rCx -> open,
owner @{HOME}/.config/orage/ rw, owner @{user_config_dirs}/orage/ rw,
owner @{HOME}/.config/orage/* rw, owner @{user_config_dirs}/orage/* rw,
owner @{HOME}/.local/share/orage/ rw, owner @{HOME}/.local/share/orage/ rw,
owner @{HOME}/.local/share/orage/* rwk, owner @{HOME}/.local/share/orage/* rwk,

2
apparmor.d/profiles-m-z/pactl
View File

@ -20,7 +20,7 @@ profile pactl @{exec_path} {
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
/etc/machine-id r, /etc/machine-id r,
owner @{HOME}/.config/pulse/ rw, owner @{user_config_dirs}/pulse/ rw,
# file_inherit # file_inherit
owner @{HOME}/.xsession-errors w, owner @{HOME}/.xsession-errors w,

4
apparmor.d/profiles-m-z/pavucontrol
View File

@ -22,8 +22,8 @@ profile pavucontrol @{exec_path} {
/usr/share/pavucontrol/pavucontrol.glade r, /usr/share/pavucontrol/pavucontrol.glade r,
# Pavucontrol config files # Pavucontrol config files
owner @{HOME}/.config/ r, owner @{user_config_dirs}/ r,
owner @{HOME}/.config/pavucontrol.ini* rw, owner @{user_config_dirs}/pavucontrol.ini* rw,
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
/etc/machine-id r, /etc/machine-id r,

4
apparmor.d/profiles-m-z/picom
View File

@ -22,9 +22,9 @@ profile picom @{exec_path} {
/{usr/,}bin/echo rix, /{usr/,}bin/echo rix,
# For migrating from compton. # For migrating from compton.
owner @{HOME}/.config/compton.conf r, owner @{user_config_dirs}/compton.conf r,
owner @{HOME}/.config/picom.conf r, owner @{user_config_dirs}/picom.conf r,
owner @{HOME}/.Xauthority r, owner @{HOME}/.Xauthority r,

4
apparmor.d/profiles-m-z/pinentry-kwallet
View File

@ -38,8 +38,8 @@ profile pinentry-kwallet @{exec_path} {
/{usr/,}bin/kwalletcli mr, /{usr/,}bin/kwalletcli mr,
owner @{HOME}/.config/kdeglobals r, owner @{user_config_dirs}/kdeglobals r,
owner @{HOME}/.config/kwalletrc r, owner @{user_config_dirs}/kwalletrc r,
/{usr/,}lib/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemKWaylandPlugin.so mr, /{usr/,}lib/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemKWaylandPlugin.so mr,
/{usr/,}lib/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemX11Plugin.so mr, /{usr/,}lib/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemX11Plugin.so mr,

2
apparmor.d/profiles-m-z/pinentry-qt
View File

@ -25,7 +25,7 @@ profile pinentry-qt @{exec_path} {
owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/cmdline r,
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
owner @{user_cache_dirs}/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/#[0-9]*[0-9] rw,

4
apparmor.d/profiles-m-z/polkit-kde-authentication-agent
View File

@ -38,12 +38,12 @@ profile polkit-kde-authentication-agent @{exec_path} {
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
/etc/machine-id r, /etc/machine-id r,
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
/usr/share/hwdata/pnp.ids r, /usr/share/hwdata/pnp.ids r,
owner @{HOME}/.config/kdeglobals r, owner @{user_config_dirs}/kdeglobals r,
owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_cache_dirs}/icon-cache.kcache rw,
/dev/shm/#[0-9]*[0-9] rw, /dev/shm/#[0-9]*[0-9] rw,

8
apparmor.d/profiles-m-z/psi-plus
View File

@ -51,14 +51,14 @@ profile psi-plus @{exec_path} {
# PSI config files # PSI config files
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/.config/psi+/ rw, owner @{user_config_dirs}/psi+/ rw,
owner @{HOME}/.config/psi+/** rwkl -> @{HOME}/.config/psi+/#[0-9]*[0-9], owner @{user_config_dirs}/psi+/** rwkl -> @{user_config_dirs}/psi+/#[0-9]*[0-9],
owner @{HOME}/.local/share/psi+/ rw, owner @{HOME}/.local/share/psi+/ rw,
owner @{HOME}/.local/share/psi+/** rwk, owner @{HOME}/.local/share/psi+/** rwk,
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
owner @{HOME}/.config/qt5ct/{,**} r, owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
# Cache files # Cache files
@ -70,7 +70,7 @@ profile psi-plus @{exec_path} {
/etc/machine-id r, /etc/machine-id r,
# Autostart # Autostart
owner @{HOME}/.config/autostart/psi-plus.desktop rw, owner @{user_config_dirs}/autostart/psi-plus.desktop rw,
/etc/debian_version r, /etc/debian_version r,

Some files were not shown because too many files have changed in this diff Show More