mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 08:58:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(profile): improve chromium tmp file restriction.

Browse source
This commit is contained in:
Alexandre Pujol 2024-06-23 11:17:01 +01:00
parent 2710fd3484
commit 856a9a467e
Failed to generate hash of commit
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
apparmor.d/abstractions/app/chromium
View file

@ -125,7 +125,7 @@
owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw, owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw,
owner @{user_config_dirs}/gtk-3.0/servers r, owner @{user_config_dirs}/gtk-3.0/servers r,
owner @{user_share_dirs}/.@{domain}.* rw, owner @{user_share_dirs}/.@{domain}.@{rand6} rw,
owner @{user_cache_dirs}/gtk-3.0/**/*.cache r, owner @{user_cache_dirs}/gtk-3.0/**/*.cache r,
owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_cache_dirs}/icon-cache.kcache rw,
@ -147,8 +147,8 @@
/tmp/ r, /tmp/ r,
/var/tmp/ r, /var/tmp/ r,
owner @{tmp}/.@{domain}.* rw, owner @{tmp}/.@{domain}.@{rand6} rw,
owner @{tmp}/.@{domain}*/{,**} rw, owner @{tmp}/.@{domain}.@{rand6}/{,**} rw,
owner @{tmp}/@{name}-crashlog-@{int}-@{int}.txt rw, owner @{tmp}/@{name}-crashlog-@{int}-@{int}.txt rw,
owner @{tmp}/scoped_dir@{rand6}/{,**} rw, owner @{tmp}/scoped_dir@{rand6}/{,**} rw,
owner @{tmp}/tmp.@{rand6} rw, owner @{tmp}/tmp.@{rand6} rw,
@ -159,7 +159,7 @@
owner @{run}/user/@{uid}/org.keepassxc.KeePassXC.BrowserServer rw, owner @{run}/user/@{uid}/org.keepassxc.KeePassXC.BrowserServer rw,
/dev/shm/ r, /dev/shm/ r,
owner /dev/shm/.@{domain}* rw, owner /dev/shm/.@{domain}.@{rand6} rw,
@{run}/udev/data/c13:@{int} r, # for /dev/input/* @{run}/udev/data/c13:@{int} r, # for /dev/input/*