mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 08:58:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(profile): cleanup mount dir access.

Browse source 
see #412
This commit is contained in:
Alexandre Pujol 2024-07-14 18:08:45 +01:00
parent 68da315ac2
commit 85ccc46e44
Failed to generate hash of commit
4 changed files with 14 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome
View file

@ -72,6 +72,7 @@ profile xdg-desktop-portal-gnome @{exec_path} flags=(attach_disconnected) {
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/*/{,**} rw, owner @{HOME}/*/{,**} rw,
owner @{MOUNTS}/ r,
owner @{tmp}/.goutputstream-@{rand6} rw, owner @{tmp}/.goutputstream-@{rand6} rw,
owner @{tmp}/@{rand6} rw, owner @{tmp}/@{rand6} rw,

4
apparmor.d/groups/freedesktop/xdg-document-portal
View file

@ -42,7 +42,9 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
/ r, / r,
owner /.flatpak-info r, owner /.flatpak-info r,
owner @{HOME}/** r, owner @{HOME}/ r,
owner @{HOME}/*/{,**} rw,
owner @{MOUNTS}/ r,
owner @{user_share_dirs}/flatpak/db/documents r, owner @{user_share_dirs}/flatpak/db/documents r,
owner @{user_share_dirs}/Trash/files/** r, owner @{user_share_dirs}/Trash/files/** r,

5
apparmor.d/profiles-s-z/totem
View file

@ -35,6 +35,9 @@ profile totem @{exec_path} flags=(attach_disconnected) {
/usr/share/grilo-plugins/{,**} r, /usr/share/grilo-plugins/{,**} r,
/usr/share/thumbnailers/{,**} r, /usr/share/thumbnailers/{,**} r,
owner @{HOME}/ r,
owner @{MOUNTS}/ r,
owner @{user_music_dirs}/{,**} rw, owner @{user_music_dirs}/{,**} rw,
owner @{user_pictures_dirs}/{,**} rw, owner @{user_pictures_dirs}/{,**} rw,
owner @{user_torrents_dirs}/{,**} rw, owner @{user_torrents_dirs}/{,**} rw,
@ -50,6 +53,8 @@ profile totem @{exec_path} flags=(attach_disconnected) {
owner @{run}/user/@{uid}/gvfs/smb-share:server=*,share=**/ r, owner @{run}/user/@{uid}/gvfs/smb-share:server=*,share=**/ r,
owner @{run}/user/@{uid}/gvfs/smb-share:server=*,share=** r, owner @{run}/user/@{uid}/gvfs/smb-share:server=*,share=** r,
@{run}/mount/utab r,
owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/task/@{tid}/comm w, owner @{PROC}/@{pid}/task/@{tid}/comm w,

3
apparmor.d/profiles-s-z/vlc
View file

@ -41,6 +41,7 @@ profile vlc @{exec_path} {
@{exec_path} mrix, @{exec_path} mrix,
@{open_path} rPx -> child-open-help,
@{bin}/xdg-screensaver rPx, @{bin}/xdg-screensaver rPx,
/usr/share/vlc/{,**} r, /usr/share/vlc/{,**} r,
@ -48,6 +49,8 @@ profile vlc @{exec_path} {
/etc/fstab r, /etc/fstab r,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{MOUNTS}/ r,
owner @{user_music_dirs}/{,**} rw, owner @{user_music_dirs}/{,**} rw,
owner @{user_pictures_dirs}/{,**} rw, owner @{user_pictures_dirs}/{,**} rw,
owner @{user_torrents_dirs}/{,**} rw, owner @{user_torrents_dirs}/{,**} rw,