mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 00:48:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Updating sddm, plasmashell, kwin_wayland, startplasma, kscreenlocker-greet and mesa and wayland abstractions (#200)

Browse source 
* Update sddm

* Update plasmashell

* Update kwin_wayland

* Update kscreenlocker-greet

* Update startplasma

* Update complete

Needed by various applications, e.g. kwin_wayland.

* Mesa rules for sddm
This commit is contained in:
curiosityseeker 2023-08-30 20:48:25 +02:00 committed by GitHub
parent 266db5d030
commit 86b1ee4df2
Failed to generate hash of commit
7 changed files with 56 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
apparmor.d/abstractions/mesa.d/complete
View file

@ -9,3 +9,11 @@
/var/lib/gdm/.cache/mesa_shader_cache/@{h}@{h}/ rw, /var/lib/gdm/.cache/mesa_shader_cache/@{h}@{h}/ rw,
/var/lib/gdm/.cache/mesa_shader_cache/@{h}@{h}/@{hex} rw, /var/lib/gdm/.cache/mesa_shader_cache/@{h}@{h}/@{hex} rw,
/var/lib/gdm/.cache/mesa_shader_cache/@{h}@{h}/@{hex}.tmp rwk, /var/lib/gdm/.cache/mesa_shader_cache/@{h}@{h}/@{hex}.tmp rwk,
# Extra Mesa rules for SDDM
/var/lib/sddm/.cache/ w,
/var/lib/sddm/.cache/mesa_shader_cache/ rw,
/var/lib/sddm/.cache/mesa_shader_cache/index rw,
/var/lib/sddm/.cache/mesa_shader_cache/@{h}@{h}/ rw,
/var/lib/sddm/.cache/mesa_shader_cache/@{h}@{h}/@{hex} rw,
/var/lib/sddm/.cache/mesa_shader_cache/@{h}@{h}/@{hex}.tmp rwk,

2
apparmor.d/abstractions/wayland.d/complete
View file

@ -4,3 +4,5 @@
owner /dev/shm/sway* rw, owner /dev/shm/sway* rw,
owner /dev/shm/dunst-@{rand6} rw, owner /dev/shm/dunst-@{rand6} rw,
owner @{run}/user/@{uid}/wayland-@{int}.lock rk,

1
apparmor.d/groups/kde/kscreenlocker-greet
View file

@ -27,6 +27,7 @@ profile kscreenlocker-greet @{exec_path} {
signal (send) peer=kcheckpass, signal (send) peer=kcheckpass,
signal (receive) set=(usr1, term) peer=ksmserver, signal (receive) set=(usr1, term) peer=ksmserver,
signal (receive) set=(term) peer=kwin_wayland,
@{exec_path} mr, @{exec_path} mr,

23
apparmor.d/groups/kde/kwin_wayland
View file

@ -23,6 +23,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
ptrace (read), ptrace (read),
signal (receive) set=term peer=sddm,
signal (receive) set=(kill, term) peer=kwin_wayland_wrapper, signal (receive) set=(kill, term) peer=kwin_wayland_wrapper,
signal (send) set=(kill, term) peer=xwayland, signal (send) set=(kill, term) peer=xwayland,
@ -38,6 +39,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
/usr/share/kglobalaccel/{,**} r, /usr/share/kglobalaccel/{,**} r,
/usr/share/knotifications5/ksmserver.notifyrc r, /usr/share/knotifications5/ksmserver.notifyrc r,
/usr/share/kservices5/{,**} r, /usr/share/kservices5/{,**} r,
/usr/share/kservicetypes5/{,*.desktop} r,
/usr/share/kwin/{,**} r, /usr/share/kwin/{,**} r,
/usr/share/libinput/{,**} r, /usr/share/libinput/{,**} r,
/usr/share/mime/ r, /usr/share/mime/ r,
@ -46,21 +48,27 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
/usr/share/X11/xkb/{,**} r, /usr/share/X11/xkb/{,**} r,
/etc/machine-id r, /etc/machine-id r,
/etc/xdg/menus/ r, /etc/xdg/menus/{,applications.menu} r,
/etc/pipewire/client.conf.d/ r, /etc/pipewire/client.conf.d/ r,
/usr/share/pipewire/client.conf r, /usr/share/pipewire/client.conf r,
owner /var/lib/sddm/.cache/#@{int} rw,
owner /var/lib/sddm/.cache/fontconfig/* r,
owner /var/lib/sddm/.cache/mesa_shader_cache/** r, owner /var/lib/sddm/.cache/mesa_shader_cache/** r,
owner /var/lib/sddm/.cache/mesa_shader_cache/index rw, owner /var/lib/sddm/.cache/mesa_shader_cache/index rw,
owner /var/lib/sddm/.cache/ksycoca5_* r, owner /var/lib/sddm/.cache/ksycoca5_* rwkl -> /var/lib/sddm/.cache/#@{int},
owner /var/lib/sddm/.config/#@{int} rw,
owner /var/lib/sddm/.config/kdeglobals r, owner /var/lib/sddm/.config/kdeglobals r,
owner /var/lib/sddm/.config/kglobalshortcutsrc r, owner /var/lib/sddm/.config/kglobalshortcutsrc rw,
owner /var/lib/sddm/.config/kglobalshortcutsrc.lock rw, owner /var/lib/sddm/.config/kglobalshortcutsrc.lock rwk,
owner /var/lib/sddm/.config/kwinrc r, owner /var/lib/sddm/.config/kglobalshortcutsrc.@{rand6} rwl -> /var/lib/sddm/.config/#@{int},
owner /var/lib/sddm/.config/kwinrc.lock rw, owner /var/lib/sddm/.config/kwinrc rw,
owner /var/lib/sddm/.config/kwinrc.lock rwk,
owner /var/lib/sddm/.config/kwinrc.@{rand6} rwl -> /var/lib/sddm/.config/#@{int}, owner /var/lib/sddm/.config/kwinrc.@{rand6} rwl -> /var/lib/sddm/.config/#@{int},
owner @{user_cache_dirs}/{,plasma-svgelements} r,
owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_cache_dirs}/icon-cache.kcache rw,
owner @{user_share_dirs}/kscreen/* r, owner @{user_share_dirs}/kscreen/* r,
owner @{user_cache_dirs}/ksycoca5_* r, owner @{user_cache_dirs}/ksycoca5_* r,
@ -96,6 +104,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
@{run}/udev/data/c13:@{int} r, # for /dev/input/* @{run}/udev/data/c13:@{int} r, # for /dev/input/*
@{run}/udev/data/c226:@{int} r, # for /dev/dri/card* @{run}/udev/data/c226:@{int} r, # for /dev/dri/card*
@{run}/udev/data/+hid:* r, # for HID subsystem
@{run}/udev/data/+pci:* r, @{run}/udev/data/+pci:* r,
@{run}/udev/data/+sound:card@{int} r, @{run}/udev/data/+sound:card@{int} r,
@{run}/udev/data/+usb:* r, @{run}/udev/data/+usb:* r,

27
apparmor.d/groups/kde/plasmashell
View file

@ -56,13 +56,16 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
@{lib}/kf5/kioslave5 rPx, @{lib}/kf5/kioslave5 rPx,
@{lib}/kf5/kdesu{,d} rix, @{lib}/kf5/kdesu{,d} rix,
@{bin}/dolphin rPUx, # TODO: rPx, @{bin}/dolphin rPUx, # TODO: rPx,
@{bin}/ksysguardd rix,
@{bin}/plasma-discover rPUx, @{bin}/plasma-discover rPUx,
@{bin}/xrdb rPx,
/usr/share/akonadi/firstrun/{,*} r, /usr/share/akonadi/firstrun/{,*} r,
/usr/share/akonadi/plugins/serializer/{,*.desktop} r, /usr/share/akonadi/plugins/serializer/{,*.desktop} r,
/usr/share/desktop-directories/kf5-*.directory r, /usr/share/desktop-directories/kf5-*.directory r,
/usr/share/hwdata/*.ids r, /usr/share/hwdata/*.ids r,
/usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/icu/@{int}.@{int}/*.dat r,
/usr/share/kio/servicemenus/{,*.desktop} r,
/usr/share/knotifications5/*.notifyrc r, /usr/share/knotifications5/*.notifyrc r,
/usr/share/konsole/ r, /usr/share/konsole/ r,
/usr/share/krunner/{,**} r, /usr/share/krunner/{,**} r,
@ -72,15 +75,19 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
/usr/share/mime/{,**} r, /usr/share/mime/{,**} r,
/usr/share/plasma/{,**} r, /usr/share/plasma/{,**} r,
/usr/share/solid/actions/{,**} r, /usr/share/solid/actions/{,**} r,
/usr/share/templates/{,*.desktop} r,
/usr/share/wallpapers/{,**} r, /usr/share/wallpapers/{,**} r,
/etc/appstream.conf r, /etc/appstream.conf r,
/etc/cups/client.conf r, /etc/cups/client.conf r,
/etc/fstab r, /etc/fstab r,
/etc/ksysguarddrc r,
/etc/machine-id r, /etc/machine-id r,
/etc/pipewire/client.conf.d/ r, /etc/pipewire/client.conf.d/ r,
/etc/pulse/client.conf r, /etc/pulse/client.conf r,
/etc/pulse/client.conf.d/ r, /etc/pulse/client.conf.d/ r,
/etc/sensors3.conf r,
/etc/sensors.d/ r,
/etc/xdg/** r, /etc/xdg/** r,
owner @{HOME}/@{XDG_DESKTOP_DIR}/*.desktop r, owner @{HOME}/@{XDG_DESKTOP_DIR}/*.desktop r,
@ -107,14 +114,20 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
owner @{user_config_dirs}/akonadi* r, owner @{user_config_dirs}/akonadi* r,
owner @{user_config_dirs}/akonadi/akonadi*rc r, owner @{user_config_dirs}/akonadi/akonadi*rc r,
owner @{user_config_dirs}/baloofilerc r, owner @{user_config_dirs}/baloofilerc r,
owner @{user_config_dirs}/baloofileinformationrc r,
owner @{user_config_dirs}/dolphinrc r, owner @{user_config_dirs}/dolphinrc r,
owner @{user_config_dirs}/eventviewsrc r, owner @{user_config_dirs}/eventviewsrc r,
owner @{user_config_dirs}/kactivitymanagerd-statsrc r, owner @{user_config_dirs}/kactivitymanagerd-statsrc r,
owner @{user_config_dirs}/kactivitymanagerd-switcher rw,
owner @{user_config_dirs}/kactivitymanagerd-switcher.lock rwk,
owner @{user_config_dirs}/kactivitymanagerd-switcher.* rwl,
owner @{user_config_dirs}/kdedefaults/* r, owner @{user_config_dirs}/kdedefaults/* r,
owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kdeglobals r,
owner @{user_config_dirs}/kdiff3fileitemactionrc r,
owner @{user_config_dirs}/kioslaverc r, owner @{user_config_dirs}/kioslaverc r,
owner @{user_config_dirs}/klipperrc r, owner @{user_config_dirs}/klipperrc r,
owner @{user_config_dirs}/kmail2.notifyrc r, owner @{user_config_dirs}/kmail2.notifyrc r,
owner @{user_config_dirs}/kcookiejarrc r,
owner @{user_config_dirs}/korganizerrc r, owner @{user_config_dirs}/korganizerrc r,
owner @{user_config_dirs}/krunnerrc r, owner @{user_config_dirs}/krunnerrc r,
owner @{user_config_dirs}/ksmserverrc r, owner @{user_config_dirs}/ksmserverrc r,
@ -148,19 +161,27 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
@{run}/mount/utab r, @{run}/mount/utab r,
@{run}/user/@{uid}/gvfs/ r, @{run}/user/@{uid}/gvfs/ r,
owner @{run}/user/@{uid}/#@{int} rw, owner @{run}/user/@{uid}/#@{int} rw,
owner @{run}/user/@{uid}/kdesud_:1 w, owner @{run}/user/@{uid}/kdesud_:@{int} w,
owner @{run}/user/@{uid}/plasmashell@{rand6}.[0-9].kioworker.socket rwl, owner @{run}/user/@{uid}/plasmashell@{rand6}.@{int}.kioworker.socket rwl -> @{run}/user/@{uid}/#@{int},
owner @{run}/user/@{uid}/pulse/ rw, owner @{run}/user/@{uid}/pulse/ rw,
@{sys}/bus/ r, @{sys}/bus/ r,
@{sys}/bus/usb/devices/ r, @{sys}/bus/usb/devices/ r,
@{sys}/class/ r, @{sys}/class/{,*} r,
@{sys}/devices/pci[0-9]*/**/name r,
@{sys}/devices/virtual/thermal/thermal_zone@{int}/hwmon@{int}/ r,
@{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r,
@{sys}/devices/system/node/ r, @{sys}/devices/system/node/ r,
@{sys}/devices/system/node/node@{int}/meminfo r, @{sys}/devices/system/node/node@{int}/meminfo r,
@{sys}/devices/virtual/thermal/**/{name,type} r,
@{PROC}/ r, @{PROC}/ r,
@{PROC}/cmdline r, @{PROC}/cmdline r,
@{PROC}/diskstats r,
@{PROC}/loadavg r,
@{PROC}/uptime r,
@{PROC}/vmstat r,
@{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/core_pattern r,
@{PROC}/sys/kernel/random/boot_id r, @{PROC}/sys/kernel/random/boot_id r,
owner @{PROC}/@{pid}/{cgroup,cmdline,stat,statm} r, owner @{PROC}/@{pid}/{cgroup,cmdline,stat,statm} r,

5
apparmor.d/groups/kde/sddm
View file

@ -38,8 +38,8 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
ptrace (trace) peer=@{profile_name}, ptrace (trace) peer=@{profile_name},
ptrace (read) peer=unconfined, ptrace (read) peer=unconfined,
ptrace (read) peer=kwalletd5,
signal (send) set=term peer=kwin_wayland,
signal (send) set=(kill, term) peer=startplasma, signal (send) set=(kill, term) peer=startplasma,
signal (send) set=term peer=startplasma-wayland, signal (send) set=term peer=startplasma-wayland,
signal (send) set=term peer=sddm-greeter, signal (send) set=term peer=sddm-greeter,
@ -151,6 +151,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
@{run}/systemd/sessions/*.ref rw, @{run}/systemd/sessions/*.ref rw,
@{run}/user/@{uid}/xauth_@{rand6} rwl, @{run}/user/@{uid}/xauth_@{rand6} rwl,
owner @{run}/sddm/ rw, owner @{run}/sddm/ rw,
owner @{run}/user/@{uid}/ r,
owner @{run}/user/@{uid}/#@{int} rw, owner @{run}/user/@{uid}/#@{int} rw,
owner @{run}/user/@{uid}/kwallet5.socket rw, owner @{run}/user/@{uid}/kwallet5.socket rw,

4
apparmor.d/groups/kde/startplasma
View file

@ -53,8 +53,7 @@ profile startplasma @{exec_path} {
owner @{user_config_dirs}/kdeglobals* rwl, owner @{user_config_dirs}/kdeglobals* rwl,
owner @{user_config_dirs}/ksplashrc r, owner @{user_config_dirs}/ksplashrc r,
owner @{user_config_dirs}/kwinkdeglobalsrc.lock rwk, owner @{user_config_dirs}/kwinkdeglobalsrc.lock rwk,
owner @{user_config_dirs}/menus/ r, owner @{user_config_dirs}/menus/{,**.menu} r,
owner @{user_config_dirs}/menus/applications-merged/{,*.menu} r,
owner @{user_config_dirs}/plasma-localerc rwl, owner @{user_config_dirs}/plasma-localerc rwl,
owner @{user_config_dirs}/plasma-localerc.lock rwk, owner @{user_config_dirs}/plasma-localerc.lock rwk,
owner @{user_config_dirs}/plasma-workspace/env/ r, owner @{user_config_dirs}/plasma-workspace/env/ r,
@ -69,6 +68,7 @@ profile startplasma @{exec_path} {
owner /tmp/#@{int} rw, owner /tmp/#@{int} rw,
owner /tmp/startplasma-x11.@{rand6} rwl, owner /tmp/startplasma-x11.@{rand6} rwl,
owner @{run}/user/@{uid}/ r,
@{run}/user/@{uid}/xauth_@{rand6} rl, @{run}/user/@{uid}/xauth_@{rand6} rl,
@{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/core_pattern r,