mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 08:58:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(profile): cleanup flatpak share access.

Browse source
This commit is contained in:
Alexandre Pujol 2024-05-05 18:17:52 +01:00
parent 0ffd70319b
commit 89f896a0fd
Failed to generate hash of commit
11 changed files with 7 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
apparmor.d/abstractions/freedesktop.org.d/complete
View file

@ -10,6 +10,9 @@
@{system_share_dirs}/glib-2.0/schemas/ r,
@{system_share_dirs}/glib-2.0/schemas/gschemas.compiled r,
@{system_share_dirs}/ r,
@{system_share_dirs}/mime/ r,
/usr/share/mime/ r,
/etc/gnome/defaults.list r,

3
apparmor.d/groups/freedesktop/xdg-desktop-portal
View file

@ -78,9 +78,6 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
/var/lib/gdm{,3}/greeter-dconf-defaults r,
/var/lib/flatpak/exports/share/mime/mime.cache r,
/var/lib/flatpak/exports/share/applications/{**,} r,
@{user_config_dirs}/kioslaverc r,
owner @{tmp}/icon* rw,

2
apparmor.d/groups/gnome/gnome-control-center-goa-helper
View file

@ -46,8 +46,6 @@ profile gnome-control-center-goa-helper @{exec_path} {
/usr/share/cracklib/* r,
/usr/share/publicsuffix/public_suffix_list.dafsa r,
/var/lib/flatpak/exports/share/icons/{,**} r,
owner @{user_config_dirs}/goa-1.0/accounts.conf r,
owner @{user_cache_dirs}/gnome-control-center-goa-helper/{,**} rwl,

3
apparmor.d/groups/gnome/gnome-shell
View file

@ -196,7 +196,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
/usr/share/gdm/BuiltInSessions/{,*.desktop} r,
/usr/share/gdm/greeter-dconf-defaults r,
/usr/share/gdm/greeter/applications/{,**} r,
/usr/share/gnome-shell/{,**} r,
/usr/share/libgweather/Locations.xml r,
/usr/share/libinput*/ r,
/usr/share/libinput*/{,**/}[0-9][0-9]-*.quirks r,
@ -205,6 +204,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
/usr/share/wallpapers/** r,
/usr/share/wayland-sessions/{,*.desktop} r,
/usr/share/xml/iso-codes/{,**} r,
@{system_share_dirs}/gnome-shell/{,**} r,
/ r,
/.flatpak-info r,
@ -217,7 +217,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
/var/lib/flatpak/app/**/gnome-shell/{,**} r,
/var/lib/flatpak/appstream/**/icons/** r,
/var/lib/flatpak/exports/share/gnome-shell/{,**} r,
owner @{GDM_HOME}/greeter-dconf-defaults r,
owner @{gdm_cache_dirs}/ w,

3
apparmor.d/groups/gnome/tracker-extract
View file

@ -49,9 +49,6 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
/etc/blkid.conf r,
/etc/fstab r,
/var/lib/flatpak/exports/share/applications/mimeinfo.cache r,
/var/lib/flatpak/exports/share/mime/mime.cache r,
owner @{GDM_HOME}/greeter-dconf-defaults r,
owner @{gdm_cache_dirs}/ rw,
owner @{gdm_cache_dirs}/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rw,

2
apparmor.d/groups/kde/ksmserver
View file

@ -41,8 +41,6 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) {
/etc/xdg/kscreenlockerrc r,
/etc/xdg/menus/ r,
/var/lib/flatpak/exports/share/mime/ r,
owner @{HOME}/@{rand6} rw,
owner @{HOME}/.Xauthority rw,

2
apparmor.d/groups/kde/ksmserver-logout-greeter
View file

@ -30,8 +30,6 @@ profile ksmserver-logout-greeter @{exec_path} flags=(attach_disconnected) {
/usr/share/plasma/desktoptheme/** r,
/usr/share/plasma/look-and-feel/** r,
/var/lib/AccountsService/icons/ r,
/var/lib/flatpak/exports/share/icons/{,**} r,
/var/lib/flatpak/exports/share/mime/generic-icons r,
owner @{HOME}/ r,

2
apparmor.d/groups/kde/kstart
View file

@ -22,8 +22,6 @@ profile kstart @{exec_path} flags=(attach_disconnected) {
@{bin}/** rPUx,
@{bin}/konsole rPx,
/var/lib/flatpak/exports/share/mime/ r,
owner @{user_cache_dirs}/mesa_shader_cache/index rw,
owner @{user_share_dirs}/kservices{5,6}/ r,
owner @{user_share_dirs}/kservices{5,6}/ServiceMenus/ r,

2
apparmor.d/groups/kde/plasma-browser-integration-host
View file

@ -28,8 +28,6 @@ profile plasma-browser-integration-host @{exec_path} {
/etc/xdg/menus/ r,
/etc/xdg/taskmanagerrulesrc r,
/var/lib/flatpak/exports/share/mime/ r,
owner @{user_cache_dirs}/icon-cache.kcache rw,
owner @{user_cache_dirs}/ksycoca{5,6}_* r,

1
apparmor.d/groups/kde/plasmashell
View file

@ -85,7 +85,6 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
/etc/xdg/** r,
/var/lib/AccountsService/icons/* r,
/var/lib/flatpak/exports/share/mime/ r,
@{HOME}/ r,
owner @{HOME}/@{XDG_DESKTOP_DIR}/*.desktop r,

10
apparmor.d/profiles-g-l/gtk-update-icon-cache
View file

@ -14,13 +14,9 @@ profile gtk-update-icon-cache @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
/usr/share/icons/** r,
/usr/share/icons/**/.icon-theme.cache rw,
/usr/share/icons/**/icon-theme.cache rw,
/var/lib/flatpak/exports/share/icons/{,**/} r,
/var/lib/flatpak/exports/share/icons/hicolor/.icon-theme.cache rw,
/var/lib/flatpak/exports/share/icons/hicolor/icon-theme.cache w,
@{system_share_dirs}/icons/{,**/} r,
@{system_share_dirs}/icons/**/.icon-theme.cache rw,
@{system_share_dirs}/icons/**/icon-theme.cache w,
owner @{user_share_dirs}/** r,
owner @{user_share_dirs}/**/.icon-theme.cache rw,