mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-14 23:43:56 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

More XDG replacement.

Browse Source
This commit is contained in:
Alexandre Pujol 2021-04-01 21:44:23 +01:00
parent 54ac285b7d
commit 84f24133e9
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
37 changed files with 93 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apparmor.d/abstractions/evince
View File

@ -95,8 +95,8 @@
# from directly.
include <abstractions/private-files>
audit deny @{HOME}/.gnupg/** mrwkl,
audit deny @{HOME}/.ssh/** mrwkl,
audit deny @{HOME}/@{XDG_GPG_DIR}/** mrwkl,
audit deny @{HOME}/@{XDG_SSH_DIR}/** mrwkl,
audit deny @{HOME}/.gnome2_private/** mrwkl,
audit deny @{HOME}/.gnome2/keyrings/** mrwkl,
audit deny @{HOME}/.kde/share/apps/kwallet/** mrwkl,

12
apparmor.d/abstractions/user-download-strict
View File

@ -4,14 +4,14 @@
abi <abi/3.0>,
owner @{HOME}/[dD]ownload{,s}/ r,
owner @{HOME}/[dD]ownload{,s}/** rwl,
owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ r,
owner @{HOME}/@{XDG_DOWNLOAD_DIR}/** rwl,
owner /media/*/[dD]ownload/ r,
owner /media/*/[dD]ownload/** rwl,
owner /media/*/@{XDG_DOWNLOAD_DIR}/ r,
owner /media/*/@{XDG_DOWNLOAD_DIR}/** rwl,
owner @{HOME}/[dD]esktop/ r,
owner @{HOME}/[dD]esktop/** rwl,
owner @{HOME}/@{XDG_DESKTOP_DIR}/ r,
owner @{HOME}/@{XDG_DESKTOP_DIR}/** rwl,
# For SSHFS mounts (without owner as files in such mounts can be owned by different users)
@{HOME}/mount-sshfs/ r,

6
apparmor.d/groups/apps/android-studio
View File

@ -182,7 +182,7 @@ profile android-studio @{exec_path} {
owner @{HOME}/.emulator_console_auth_token rw,
deny owner @{HOME}/Desktop/* rw,
deny owner @{HOME}/@{XDG_DESKTOP_DIR}/* rw,
@{PROC}/ r,
owner @{PROC}/@{pid}/mountinfo r,
@ -232,8 +232,8 @@ profile android-studio @{exec_path} {
/{usr/,}bin/gpg mr,
owner @{HOME}/.gnupg/ rw,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
}

4
apparmor.d/groups/apps/atom
View File

@ -169,8 +169,8 @@ profile atom @{exec_path} {
/{usr/,}bin/gpg mr,
owner @{HOME}/.gnupg/ rw,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
# file_inherit
owner @{HOME}/.xsession-errors w,

9
apparmor.d/groups/apps/calibre
View File

@ -82,9 +82,12 @@ profile calibre @{exec_path} {
/usr/share/calibre/{,**} r,
owner /media/*/Calibre_Library/ r,
owner /media/*/Calibre_Library*/ rw,
owner /media/*/Calibre_Library*/** rwkl -> /media/*/Calibre_Library*/**,
owner @{HOME}/@{XDG_BOOKS_DIR} rw,
owner @{HOME}/@{XDG_BOOKS_DIR}/** rwkl,
owner /media/*/@{XDG_BOOKS_DIR}/ r,
owner /media/*/@{XDG_BOOKS_DIR}*/ rw,
owner /media/*/@{XDG_BOOKS_DIR}*/** rwkl -> /media/*/@{XDG_BOOKS_DIR}*/**,
owner @{user_config_dirs}/calibre/ rw,
owner @{user_config_dirs}/calibre/** rwk,

4
apparmor.d/groups/apps/thunderbird
View File

@ -204,8 +204,8 @@ profile thunderbird @{exec_path} {
/{usr/,}bin/gpgsm mr,
/{usr/,}bin/gpg-agent rix,
owner @{HOME}/.gnupg/ rw,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
owner /tmp/nscopy.tmp w,

4
apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin
View File

@ -221,8 +221,8 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
/usr/bin/gpg rm,
/usr/bin/gpgsm rm,
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
owner @{HOME}/@{XDG_GPG_DIR}/* r,
owner @{HOME}/@{XDG_GPG_DIR}/random_seed rk,
}
# probably should become a subprofile like gpg above, but then it doesn't

10
apparmor.d/groups/gpg/dirmngr
View File

@ -19,11 +19,11 @@ profile dirmngr @{exec_path} {
@{exec_path} mr,
owner @{HOME}/.gnupg/ rw,
owner @{HOME}/.gnupg/dirmngr.conf r,
owner @{HOME}/.gnupg/dirmngr_ldapservers.conf r,
owner @{HOME}/.gnupg/crls.d/ rw,
owner @{HOME}/.gnupg/crls.d/DIR.txt rw,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/dirmngr.conf r,
owner @{HOME}/@{XDG_GPG_DIR}/dirmngr_ldapservers.conf r,
owner @{HOME}/@{XDG_GPG_DIR}/crls.d/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/crls.d/DIR.txt rw,
/usr/share/gnupg/sks-keyservers.netCA.pem r,

4
apparmor.d/groups/gpg/gpg
View File

@ -24,8 +24,8 @@ profile gpg @{exec_path} {
# GPG config files
owner @{HOME}/ r,
owner @{HOME}/.gnupg/ rw,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
owner /var/lib/*/gnupg/ rw,
owner /var/lib/*/gnupg/** rwkl -> /var/lib/*/gnupg/**,

8
apparmor.d/groups/gpg/gpg-agent
View File

@ -19,10 +19,10 @@ profile gpg-agent @{exec_path} {
/usr/share/gnupg/* r,
owner @{HOME}/.gnupg/ rw,
owner @{HOME}/.gnupg/gpg-agent.conf r,
owner @{HOME}/.gnupg/private-keys-v1.d/ rw,
owner @{HOME}/.gnupg/private-keys-v1.d/[0-9A-F]*.key rw,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/gpg-agent.conf r,
owner @{HOME}/@{XDG_GPG_DIR}/private-keys-v1.d/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/private-keys-v1.d/[0-9A-F]*.key rw,
owner /var/lib/*/.gnupg/ rw,
owner /var/lib/*/.gnupg/private-keys-v1.d/ rw,

2
apparmor.d/groups/gpg/gpgconf
View File

@ -23,7 +23,7 @@ profile gpgconf @{exec_path} {
/{usr/,}bin/pinentry-* rPx,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
owner @{PROC}/@{pid}/task/@{tid}/stat rw,
owner @{PROC}/@{pid}/task/@{tid}/comm rw,

2
apparmor.d/groups/gpg/gpgsm
View File

@ -15,7 +15,7 @@ profile gpgsm @{exec_path} {
deny /usr/bin/.gnupg/ w,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
owner /var/lib/*/.gnupg/** rwkl -> /var/lib/*/.gnupg/**,

2
apparmor.d/groups/gpg/scdaemon
View File

@ -15,7 +15,7 @@ profile scdaemon @{exec_path} {
@{exec_path} mr,
owner @{HOME}/.gnupg/scdaemon.conf r,
owner @{HOME}/@{XDG_GPG_DIR}/scdaemon.conf r,
owner @{run}/user/[0-9]*/gnupg/S.scdaemon rw,

10
apparmor.d/groups/ssh/ssh
View File

@ -20,11 +20,11 @@ profile ssh @{exec_path} {
owner @{PROC}/@{pid}/fd/ r,
owner @{HOME}/.ssh/ r,
owner @{HOME}/.ssh/config r,
owner @{HOME}/.ssh/known_hosts r,
owner @{HOME}/.ssh/*_rsa{,.pub} r,
owner @{HOME}/.ssh/*_ed25519{,.pub} r,
owner @{HOME}/@{XDG_SSH_DIR}/ r,
owner @{HOME}/@{XDG_SSH_DIR}/config r,
owner @{HOME}/@{XDG_SSH_DIR}/known_hosts r,
owner @{HOME}/@{XDG_SSH_DIR}/*_rsa{,.pub} r,
owner @{HOME}/@{XDG_SSH_DIR}/*_ed25519{,.pub} r,
/etc/ssh/ssh_config r,
/etc/ssh/ssh_config.d/ r,

4
apparmor.d/profiles-a-l/changestool
View File

@ -31,8 +31,8 @@ profile changestool @{exec_path} {
/{usr/,}bin/gpgconf mr,
/{usr/,}bin/gpgsm mr,
owner @{HOME}/.gnupg/ r,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
owner @{HOME}/@{XDG_GPG_DIR}/ r,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
}

4
apparmor.d/profiles-a-l/claws-mail
View File

@ -77,8 +77,8 @@ profile claws-mail @{exec_path} flags=(complain) {
/{usr/,}bin/gpgsm mr,
/{usr/,}bin/gpgconf mr,
owner @{HOME}/.gnupg/ rw,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
}

4
apparmor.d/profiles-a-l/debsign
View File

@ -52,8 +52,8 @@ profile debsign @{exec_path} {
/{usr/,}bin/gpg mr,
owner @{HOME}/.gnupg/ r,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
owner @{HOME}/@{XDG_GPG_DIR}/ r,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
owner /tmp/debsign.*/*.{dsc,changes,buildinfo} r,
owner /tmp/debsign.*/*.{dsc,changes,buildinfo}.asc rw,

4
apparmor.d/profiles-a-l/dino-im
View File

@ -48,8 +48,8 @@ profile dino-im @{exec_path} {
/{usr/,}bin/gpgconf mr,
/{usr/,}bin/gpgsm mr,
owner @{HOME}/.gnupg/ rw,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
}

4
apparmor.d/profiles-a-l/execute-dput
View File

@ -47,8 +47,8 @@ profile execute-dput @{exec_path} flags=(complain) {
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpgsm mr,
owner @{HOME}/.gnupg/ rw,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
}

4
apparmor.d/profiles-a-l/fritzing
View File

@ -31,8 +31,8 @@ profile fritzing @{exec_path} {
owner @{user_config_dirs}/Fritzing/ rw,
owner @{user_config_dirs}/Fritzing/** rwkl -> @{user_config_dirs}/Fritzing/**,
owner @{HOME}/Documents/Fritzing/ rw,
owner @{HOME}/Documents/Fritzing/** rw,
owner @{HOME}/@{XDG_DOCUMENTS_DIR}/Fritzing/ rw,
owner @{HOME}/@{XDG_DOCUMENTS_DIR}/Fritzing/** rw,
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
owner @{user_config_dirs}/qt5ct/{,**} r,

4
apparmor.d/profiles-a-l/gajim
View File

@ -98,8 +98,8 @@ profile gajim @{exec_path} {
/{usr/,}bin/gpg mr,
owner @{HOME}/.gnupg/ rw,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
}

8
apparmor.d/profiles-a-l/git
View File

@ -99,8 +99,8 @@ profile git @{exec_path} {
/{usr/,}bin/gpg mr,
owner @{HOME}/.gnupg/ rw,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
owner /tmp/.git_vtag_tmp* r,
@ -121,8 +121,8 @@ profile git @{exec_path} {
/etc/ssh/ssh_config.d/{,*} r,
/etc/ssh/ssh_config r,
owner @{HOME}/.ssh/* r,
owner @{HOME}/.ssh/known_hosts rw,
owner @{HOME}/@{XDG_SSH_DIR}/* r,
owner @{HOME}/@{XDG_SSH_DIR}/known_hosts rw,
owner @{PROC}/@{pid}/fd/ r,

4
apparmor.d/profiles-a-l/gnome-keyring-daemon
View File

@ -22,8 +22,8 @@ profile gnome-keyring-daemon @{exec_path} {
owner @{user_share_dirs}/keyrings/* rwl,
# Seahorse and SSH keys
owner @{HOME}/.ssh/ r,
owner @{HOME}/.ssh/** r,
owner @{HOME}/@{XDG_SSH_DIR}/ r,
owner @{HOME}/@{XDG_SSH_DIR}/** r,
owner @{run}/user/[0-9]*/keyring/ rw,
owner @{run}/user/[0-9]*/keyring/* rw,

4
apparmor.d/profiles-a-l/gpa
View File

@ -26,8 +26,8 @@ profile gpa @{exec_path} {
/usr/share/gpa/{,*} r,
owner @{HOME}/.gnupg/gpa.conf rw,
owner @{HOME}/.gnupg/S.uiserver rw,
owner @{HOME}/@{XDG_GPG_DIR}/gpa.conf rw,
owner @{HOME}/@{XDG_GPG_DIR}/S.uiserver rw,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r,

4
apparmor.d/profiles-a-l/jdownloader-install
View File

@ -7,8 +7,8 @@ abi <abi/3.0>,
include <tunables/global>
@{JD_INSTALLDIR} = /home/*/jd2
@{JD_SH_PATH} = /home/*/[dD]ownload{,s}
@{JD_SH_PATH} += /home/*/[dD]esktop
@{JD_SH_PATH} = /home/*/@{XDG_DOWNLOAD_DIR}{,s}
@{JD_SH_PATH} += /home/*/@{XDG_DESKTOP_DIR}
@{exec_path} = @{JD_SH_PATH}/JD2Setup_{x86,x64}.sh
profile jdownloader-install @{exec_path} {

8
apparmor.d/profiles-a-l/keepassxc
View File

@ -55,10 +55,10 @@ profile keepassxc @{exec_path} {
owner @{KP_DB}/*.csv rw,
# For SSH keys
owner @{HOME}/.ssh/ r,
owner @{HOME}/.ssh/*_rsa r,
owner @{HOME}/.ssh/*_ed25519 r,
owner @{HOME}/.ssh/*.pub r,
owner @{HOME}/@{XDG_SSH_DIR}/ r,
owner @{HOME}/@{XDG_SSH_DIR}/*_rsa r,
owner @{HOME}/@{XDG_SSH_DIR}/*_ed25519 r,
owner @{HOME}/@{XDG_SSH_DIR}/*.pub r,
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
owner @{user_config_dirs}/qt5ct/{,**} r,

4
apparmor.d/profiles-a-l/kwalletd5
View File

@ -69,8 +69,8 @@ profile kwalletd5 @{exec_path} {
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpgsm mr,
owner @{HOME}/.gnupg/ rw,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
}

2
apparmor.d/profiles-m-z/minitube
View File

@ -42,7 +42,7 @@ profile minitube @{exec_path} {
owner "@{user_share_dirs}/Flavio Tordini/Minitube/*" rwk,
# Snapshot
owner @{HOME}/Pictures/*.png rw,
owner @{HOME}/@{XDG_PICTURES_DIR}/*.png rw,
owner @{HOME}/vlcsnap-.png rw,
/usr/share/minitube/{,**} r,

8
apparmor.d/profiles-m-z/ntfscp
View File

@ -17,10 +17,10 @@ profile ntfscp @{exec_path} {
# For writing files owned by users other than root, since ntfscp has to be started as root.
capability dac_read_search,
@{HOME}/[dD]ownload{,s}/ r,
@{HOME}/[dD]ownload{,s}/** rwl -> @{HOME}/[dD]ownload{,s}/**,
@{HOME}/[dD]esktop/ r,
@{HOME}/[dD]esktop/** rwl -> @{HOME}/[dD]esktop/**,
@{HOME}/@{XDG_DOWNLOAD_DIR}/ r,
@{HOME}/@{XDG_DOWNLOAD_DIR}/** rwl -> @{HOME}/@{XDG_DOWNLOAD_DIR}/**,
@{HOME}/@{XDG_DESKTOP_DIR}/ r,
@{HOME}/@{XDG_DESKTOP_DIR}/** rwl -> @{HOME}/@{XDG_DESKTOP_DIR}/**,
owner @{PROC}/@{pid}/mounts r,

4
apparmor.d/profiles-m-z/psi-plus
View File

@ -126,8 +126,8 @@ profile psi-plus @{exec_path} {
/{usr/,}bin/gpg mr,
owner @{HOME}/.gnupg/ rw,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
# file_inherit
/dev/dri/card[0-9]* rw,

4
apparmor.d/profiles-m-z/reportbug
View File

@ -111,8 +111,8 @@ profile reportbug @{exec_path} {
/{usr/,}bin/gpg mr,
owner @{HOME}/.gnupg/ rw,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
owner /tmp/reportbug-*-{signed,unsigned}-[0-9]*-[0-9]*-* rw,

4
apparmor.d/profiles-m-z/reprepro
View File

@ -62,8 +62,8 @@ profile reprepro @{exec_path} {
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpgsm mr,
owner @{HOME}/.gnupg/ rw,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
}

4
apparmor.d/profiles-m-z/sddm-xsession
View File

@ -101,8 +101,8 @@ profile sddm-xsession @{exec_path} {
/{usr/,}bin/gpg-agent rix,
owner @{HOME}/.gnupg/ rw,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
@{PROC}/@{pid}/fd/ r,

4
apparmor.d/profiles-m-z/uscan
View File

@ -62,8 +62,8 @@ profile uscan @{exec_path} {
/{usr/,}bin/gpg mr,
/{usr/,}bin/gpgv mr,
owner @{HOME}/.gnupg/gpg.conf r,
owner @{HOME}/.gnupg/pubring.{gpg,kbx} r,
owner @{HOME}/@{XDG_GPG_DIR}/gpg.conf r,
owner @{HOME}/@{XDG_GPG_DIR}/pubring.{gpg,kbx} r,
owner /tmp/*/trustedkeys.gpg rw,

5
apparmor.d/profiles-m-z/virt-manager
View File

@ -66,9 +66,8 @@ profile virt-manager @{exec_path} {
#owner /var/lib/libvirt/images/ r,
# User VM images
#owner @{user_share_dirs}/libvirt/ rw,
#owner @{user_share_dirs}/libvirt/images/ rw,
#owner @{user_share_dirs}/libvirt/images/* rw,
owner @{user_share_dirs}/libvirt/{,**} rw,
owner @{HOME}/@{XDG_VM_DIR}/{,**} rw,
#owner /media/*/VM/ r,

4
apparmor.d/profiles-m-z/x11-xsession
View File

@ -90,8 +90,8 @@ profile x11-xsession @{exec_path} {
/{usr/,}bin/gpg-agent rix,
owner @{HOME}/.gnupg/ rw,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
@{PROC}/@{pid}/fd/ r,

4
apparmor.d/profiles-m-z/xinit
View File

@ -92,8 +92,8 @@ profile xinit @{exec_path} {
/{usr/,}bin/gpg-agent rix,
owner @{HOME}/.gnupg/ rw,
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
@{PROC}/@{pid}/fd/ r,