mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 08:58:15 +01:00
freedesktop
This commit is contained in:
nobody43
Alex
parent
491d2176a8
commit
8c0e0a9de1
90 changed files with 48 additions and 137 deletions
|
|
@ -89,7 +89,6 @@
|
||||||
/usr/share/@{chromium_name}/{,**} r,
|
/usr/share/@{chromium_name}/{,**} r,
|
||||||
/usr/share/chromium/extensions/{,**} r,
|
/usr/share/chromium/extensions/{,**} r,
|
||||||
/usr/share/egl/{,**} r,
|
/usr/share/egl/{,**} r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/libdrm/*.ids r,
|
/usr/share/libdrm/*.ids r,
|
||||||
/usr/share/mozilla/extensions/{,**} r,
|
/usr/share/mozilla/extensions/{,**} r,
|
||||||
/usr/share/webext/{,**} r,
|
/usr/share/webext/{,**} r,
|
||||||
|
|
|
||||||
|
|
@ -11,3 +11,5 @@
|
||||||
|
|
||||||
/etc/gnome/defaults.list r,
|
/etc/gnome/defaults.list r,
|
||||||
/etc/xfce4/defaults.list r,
|
/etc/xfce4/defaults.list r,
|
||||||
|
|
||||||
|
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||||
|
|
|
||||||
|
|
@ -209,7 +209,6 @@ profile android-studio @{exec_path} {
|
||||||
|
|
||||||
/usr/share/hwdata/pnp.ids r,
|
/usr/share/hwdata/pnp.ids r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
/var/lib/dbus/machine-id r,
|
/var/lib/dbus/machine-id r,
|
||||||
/etc/machine-id r,
|
/etc/machine-id r,
|
||||||
|
|
|
||||||
|
|
@ -95,7 +95,6 @@ profile atom @{exec_path} {
|
||||||
|
|
||||||
/etc/fstab r,
|
/etc/fstab r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
# Needed or atom gets crash with the following error:
|
# Needed or atom gets crash with the following error:
|
||||||
# FATAL:proc_util.cc(36)] : Permission denied (13)
|
# FATAL:proc_util.cc(36)] : Permission denied (13)
|
||||||
|
|
|
||||||
|
|
@ -69,7 +69,6 @@ profile code @{exec_path} {
|
||||||
|
|
||||||
/etc/fstab r,
|
/etc/fstab r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
# Needed or code gets crash with the following error:
|
# Needed or code gets crash with the following error:
|
||||||
# FATAL:proc_util.cc(36)] : Permission denied (13)
|
# FATAL:proc_util.cc(36)] : Permission denied (13)
|
||||||
|
|
|
||||||
|
|
@ -92,7 +92,6 @@ profile discord @{exec_path} {
|
||||||
# To avoid the following error:
|
# To avoid the following error:
|
||||||
# kernel: traps: Discord[] trap int3 ip:7fa5b7541885 sp:7ffff5539c40 error:0
|
# kernel: traps: Discord[] trap int3 ip:7fa5b7541885 sp:7ffff5539c40 error:0
|
||||||
# in libglib-2.0.so.0.6000.6[7fa5b7508000+80000]
|
# in libglib-2.0.so.0.6000.6[7fa5b7508000+80000]
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
deny @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r,
|
deny @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r,
|
||||||
deny @{sys}/devices/virtual/tty/tty[0-9]/active r,
|
deny @{sys}/devices/virtual/tty/tty[0-9]/active r,
|
||||||
|
|
|
||||||
|
|
@ -68,7 +68,6 @@ profile freetube @{exec_path} {
|
||||||
|
|
||||||
/etc/fstab r,
|
/etc/fstab r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
owner @{user_share_dirs} r,
|
owner @{user_share_dirs} r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -75,7 +75,6 @@ profile signal-desktop @{exec_path} {
|
||||||
/var/lib/dbus/machine-id r,
|
/var/lib/dbus/machine-id r,
|
||||||
/etc/machine-id r,
|
/etc/machine-id r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
# No new privs
|
# No new privs
|
||||||
/{usr/,}bin/xdg-settings rPx,
|
/{usr/,}bin/xdg-settings rPx,
|
||||||
|
|
|
||||||
|
|
@ -76,7 +76,6 @@ profile telegram-desktop @{exec_path} {
|
||||||
/etc/machine-id r,
|
/etc/machine-id r,
|
||||||
|
|
||||||
# Needed when saving files as, or otherwise the app crashes
|
# Needed when saving files as, or otherwise the app crashes
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
/usr/share/hwdata/pnp.ids r,
|
/usr/share/hwdata/pnp.ids r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -146,7 +146,6 @@ profile thunderbird @{exec_path} {
|
||||||
owner @{user_share_dirs}/ r,
|
owner @{user_share_dirs}/ r,
|
||||||
|
|
||||||
# Fix error in libglib while saving files as
|
# Fix error in libglib while saving files as
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
# Spellcheck
|
# Spellcheck
|
||||||
/{usr/,}bin/locale rix,
|
/{usr/,}bin/locale rix,
|
||||||
|
|
|
||||||
|
|
@ -147,7 +147,6 @@ profile vlc @{exec_path} {
|
||||||
|
|
||||||
/{usr/,}bin/xdg-screensaver rCx -> xdg-screensaver,
|
/{usr/,}bin/xdg-screensaver rCx -> xdg-screensaver,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/hwdata/pnp.ids r,
|
/usr/share/hwdata/pnp.ids r,
|
||||||
/usr/share/qt5ct/** r,
|
/usr/share/qt5ct/** r,
|
||||||
/usr/share/vlc/{,**} r,
|
/usr/share/vlc/{,**} r,
|
||||||
|
|
|
||||||
|
|
@ -65,7 +65,6 @@ profile reportbug @{exec_path} {
|
||||||
/{usr/,}lib/python3/dist-packages/pylocales/locales.db rk,
|
/{usr/,}lib/python3/dist-packages/pylocales/locales.db rk,
|
||||||
|
|
||||||
/usr/share/bug/*/{control,presubj} r,
|
/usr/share/bug/*/{control,presubj} r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/X11/xkb/** r,
|
/usr/share/X11/xkb/** r,
|
||||||
|
|
||||||
/etc/** r,
|
/etc/** r,
|
||||||
|
|
|
||||||
|
|
@ -147,7 +147,6 @@ profile synaptic @{exec_path} {
|
||||||
# errorcode: 2
|
# errorcode: 2
|
||||||
/dev/ptmx rw,
|
/dev/ptmx rw,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
/etc/fstab r,
|
/etc/fstab r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -157,7 +157,6 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
|
||||||
/usr/share/doc/{,**} r,
|
/usr/share/doc/{,**} r,
|
||||||
/usr/share/egl/{,**} r,
|
/usr/share/egl/{,**} r,
|
||||||
/usr/share/@{firefox_name}/{,**} r,
|
/usr/share/@{firefox_name}/{,**} r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/libdrm/*.ids r,
|
/usr/share/libdrm/*.ids r,
|
||||||
/usr/share/mozilla/extensions/{,**} r,
|
/usr/share/mozilla/extensions/{,**} r,
|
||||||
/usr/share/webext/{,**} r,
|
/usr/share/webext/{,**} r,
|
||||||
|
|
|
||||||
|
|
@ -37,7 +37,6 @@ profile firefox-crashreporter @{exec_path} flags=(attach_disconnected) {
|
||||||
|
|
||||||
/{usr/,}bin/mv rix,
|
/{usr/,}bin/mv rix,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/X11/xkb/** r,
|
/usr/share/X11/xkb/** r,
|
||||||
|
|
||||||
owner "@{firefox_config_dirs}/firefox/Crash Reports/{,**}" rw,
|
owner "@{firefox_config_dirs}/firefox/Crash Reports/{,**}" rw,
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,6 @@ profile polkit-mate-authentication-agent @{exec_path} {
|
||||||
|
|
||||||
/{usr/,}lib/polkit-[0-9]/polkit-agent-helper-[0-9] rPx,
|
/{usr/,}lib/polkit-[0-9]/polkit-agent-helper-[0-9] rPx,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/X11/xkb/** r,
|
/usr/share/X11/xkb/** r,
|
||||||
|
|
||||||
/var/lib/dbus/machine-id r,
|
/var/lib/dbus/machine-id r,
|
||||||
|
|
|
||||||
|
|
@ -114,7 +114,6 @@ profile pulseaudio @{exec_path} {
|
||||||
/{usr/,}lib/@{multiarch}/pulse/gconf-helper mrix,
|
/{usr/,}lib/@{multiarch}/pulse/gconf-helper mrix,
|
||||||
/{usr/,}lib/pulse-*/modules/*.so mr,
|
/{usr/,}lib/pulse-*/modules/*.so mr,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/pulseaudio/{,**} r,
|
/usr/share/pulseaudio/{,**} r,
|
||||||
|
|
||||||
/var/lib/snapd/desktop/applications/ r,
|
/var/lib/snapd/desktop/applications/ r,
|
||||||
|
|
|
||||||
|
|
@ -118,7 +118,6 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
|
||||||
/ r,
|
/ r,
|
||||||
/.flatpak-info r,
|
/.flatpak-info r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/pipewire/client.conf r,
|
/usr/share/pipewire/client.conf r,
|
||||||
/usr/share/xdg-desktop-portal/portals/{,*.portal} r,
|
/usr/share/xdg-desktop-portal/portals/{,*.portal} r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -115,12 +115,8 @@ profile xdg-desktop-portal-gnome @{exec_path} {
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/ubuntu/applications/ r,
|
|
||||||
/usr/share/X11/xkb/{,**} r,
|
/usr/share/X11/xkb/{,**} r,
|
||||||
|
|
||||||
/etc/gnome/defaults.list r,
|
|
||||||
|
|
||||||
/var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r,
|
/var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r,
|
||||||
/var/lib/snapd/desktop/icons/{,**} r,
|
/var/lib/snapd/desktop/icons/{,**} r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -149,7 +149,6 @@ profile xdg-desktop-portal-gtk @{exec_path} {
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/X11/xkb/{,**} r,
|
/usr/share/X11/xkb/{,**} r,
|
||||||
|
|
||||||
/ r,
|
/ r,
|
||||||
|
|
|
||||||
|
|
@ -33,9 +33,6 @@ profile xdg-mime @{exec_path} flags=(attach_disconnected) {
|
||||||
/{usr/,}bin/xprop rPx,
|
/{usr/,}bin/xprop rPx,
|
||||||
|
|
||||||
/usr/share/terminfo/x/xterm-256color r,
|
/usr/share/terminfo/x/xterm-256color r,
|
||||||
/usr/share/ubuntu/applications/ r,
|
|
||||||
|
|
||||||
/etc/gnome/defaults.list r,
|
|
||||||
|
|
||||||
owner @{HOME}/.Xauthority r,
|
owner @{HOME}/.Xauthority r,
|
||||||
owner @{user_config_dirs}/mimeapps.list{,.new} rw,
|
owner @{user_config_dirs}/mimeapps.list{,.new} rw,
|
||||||
|
|
|
||||||
|
|
@ -33,12 +33,12 @@ profile xdg-open @{exec_path} flags=(attach_disconnected) {
|
||||||
/{usr/,}bin/dbus-launch rCx -> dbus,
|
/{usr/,}bin/dbus-launch rCx -> dbus,
|
||||||
/{usr/,}bin/dbus-send rCx -> dbus,
|
/{usr/,}bin/dbus-send rCx -> dbus,
|
||||||
|
|
||||||
/usr/share/applications/*.desktop r,
|
|
||||||
|
|
||||||
/** r,
|
/** r,
|
||||||
owner /** rw,
|
owner /** rw,
|
||||||
|
|
||||||
|
# freedesktop.org-strict
|
||||||
owner @{user_share_dirs}/applications/ r,
|
owner @{user_share_dirs}/applications/ r,
|
||||||
|
/usr/share/applications/*.desktop r,
|
||||||
|
|
||||||
/dev/tty rw,
|
/dev/tty rw,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -33,9 +33,7 @@ profile xdg-settings @{exec_path} {
|
||||||
/{usr/,}bin/xdg-mime rPx,
|
/{usr/,}bin/xdg-mime rPx,
|
||||||
/{usr/,}bin/xprop rPx,
|
/{usr/,}bin/xprop rPx,
|
||||||
|
|
||||||
/usr/share/applications/{,*} r,
|
|
||||||
/usr/share/terminfo/x/xterm-256color r,
|
/usr/share/terminfo/x/xterm-256color r,
|
||||||
/usr/share/ubuntu/applications/ r,
|
|
||||||
|
|
||||||
/etc/xdg/xfce4/helpers.rc r,
|
/etc/xdg/xfce4/helpers.rc r,
|
||||||
/etc/machine-id r,
|
/etc/machine-id r,
|
||||||
|
|
@ -44,14 +42,17 @@ profile xdg-settings @{exec_path} {
|
||||||
/var/lib/flatpak/exports/share/applications/{,*} r,
|
/var/lib/flatpak/exports/share/applications/{,*} r,
|
||||||
/var/lib/snapd/desktop/applications/{,*} r,
|
/var/lib/snapd/desktop/applications/{,*} r,
|
||||||
|
|
||||||
|
# freedesktop.org-strict
|
||||||
|
/usr/share/applications/{,*} r,
|
||||||
|
/usr/share/ubuntu/applications/ r,
|
||||||
|
owner @{user_share_dirs}/applications/ r,
|
||||||
|
owner @{user_share_dirs}/applications/*.desktop r,
|
||||||
|
|
||||||
owner @{HOME}/ r,
|
owner @{HOME}/ r,
|
||||||
owner @{HOME}/.Xauthority r,
|
owner @{HOME}/.Xauthority r,
|
||||||
|
|
||||||
owner @{user_config_dirs}/xfce4/helpers.rc{,.*} rw,
|
owner @{user_config_dirs}/xfce4/helpers.rc{,.*} rw,
|
||||||
|
|
||||||
owner @{user_share_dirs}/applications/ r,
|
|
||||||
owner @{user_share_dirs}/applications/*.desktop r,
|
|
||||||
|
|
||||||
owner @{run}/user/@{uid}/ r,
|
owner @{run}/user/@{uid}/ r,
|
||||||
|
|
||||||
owner @{PROC}/@{pid}/fd/ r,
|
owner @{PROC}/@{pid}/fd/ r,
|
||||||
|
|
|
||||||
|
|
@ -20,9 +20,11 @@ profile evolution-alarm-notify @{exec_path} {
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/evolution-data-server/{,**} r,
|
/usr/share/evolution-data-server/{,**} r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/ubuntu/applications/ r,
|
|
||||||
/usr/share/{,zoneinfo-}icu/{,**} r,
|
/usr/share/{,zoneinfo-}icu/{,**} r,
|
||||||
|
|
||||||
|
# freedesktop.org-strict
|
||||||
|
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||||
|
/usr/share/*ubuntu/applications/ r,
|
||||||
|
|
||||||
include if exists <local/evolution-alarm-notify>
|
include if exists <local/evolution-alarm-notify>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,6 @@ profile gio-launch-desktop @{exec_path} flags=(attach_disconnected) {
|
||||||
/{usr/,}lib/gio-launch-desktop rix,
|
/{usr/,}lib/gio-launch-desktop rix,
|
||||||
|
|
||||||
# System files
|
# System files
|
||||||
/etc/gnome/defaults.list r,
|
|
||||||
/var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r,
|
/var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r,
|
||||||
|
|
||||||
# User files
|
# User files
|
||||||
|
|
|
||||||
|
|
@ -82,7 +82,6 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
|
||||||
/usr/share/dconf/profile/gdm r,
|
/usr/share/dconf/profile/gdm r,
|
||||||
/usr/share/egl/{,**} r,
|
/usr/share/egl/{,**} r,
|
||||||
/usr/share/gdm/greeter-dconf-defaults r,
|
/usr/share/gdm/greeter-dconf-defaults r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/gnome-shell/{,**} r,
|
/usr/share/gnome-shell/{,**} r,
|
||||||
/usr/share/icu/{,**} r,
|
/usr/share/icu/{,**} r,
|
||||||
/usr/share/X11/xkb/** r,
|
/usr/share/X11/xkb/** r,
|
||||||
|
|
|
||||||
|
|
@ -87,13 +87,11 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
|
||||||
/usr/share/language-tools/language2locale rix,
|
/usr/share/language-tools/language2locale rix,
|
||||||
|
|
||||||
/snap/*/[0-9]*/**.png r,
|
/snap/*/[0-9]*/**.png r,
|
||||||
/usr/share/*ubuntu/applications/{,*} r,
|
|
||||||
/usr/share/backgrounds/{,**} r,
|
/usr/share/backgrounds/{,**} r,
|
||||||
/usr/share/cups/data/testprint r,
|
/usr/share/cups/data/testprint r,
|
||||||
/usr/share/desktop-base/**.{xml,png,svg} r,
|
/usr/share/desktop-base/**.{xml,png,svg} r,
|
||||||
/usr/share/egl/{,**} r,
|
/usr/share/egl/{,**} r,
|
||||||
/usr/share/firefox{,-esr}/browser/chrome/icons/{,**} r,
|
/usr/share/firefox{,-esr}/browser/chrome/icons/{,**} r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/gnome-background-properties/{,**} r,
|
/usr/share/gnome-background-properties/{,**} r,
|
||||||
/usr/share/gnome-bluetooth{-*,}/{,**} r,
|
/usr/share/gnome-bluetooth{-*,}/{,**} r,
|
||||||
/usr/share/gnome-color-manager/{,**} r,
|
/usr/share/gnome-color-manager/{,**} r,
|
||||||
|
|
@ -108,6 +106,10 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
|
||||||
/usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r,
|
/usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r,
|
||||||
/usr/share/zoneinfo/{,**} r,
|
/usr/share/zoneinfo/{,**} r,
|
||||||
|
|
||||||
|
# freedesktop.org-strict
|
||||||
|
/usr/share/*ubuntu/applications/{,**} r,
|
||||||
|
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||||
|
|
||||||
/etc/cups/client.conf r,
|
/etc/cups/client.conf r,
|
||||||
/etc/machine-info r,
|
/etc/machine-info r,
|
||||||
/etc/pipewire/client.conf.d/ r,
|
/etc/pipewire/client.conf.d/ r,
|
||||||
|
|
|
||||||
|
|
@ -21,12 +21,8 @@ profile gnome-control-center-search-provider @{exec_path} {
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/ubuntu/applications/{,**} r,
|
|
||||||
/usr/share/X11/xkb/{,**} r,
|
/usr/share/X11/xkb/{,**} r,
|
||||||
|
|
||||||
/etc/gnome/defaults.list r,
|
|
||||||
|
|
||||||
/var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r,
|
/var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r,
|
||||||
|
|
||||||
owner @{run}/user/@{uid}/gdm/Xauthority r,
|
owner @{run}/user/@{uid}/gdm/Xauthority r,
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,6 @@ profile gnome-disk-image-mounter @{exec_path} {
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/X11/xkb/{,**} r,
|
/usr/share/X11/xkb/{,**} r,
|
||||||
|
|
||||||
# Allow to mount user files
|
# Allow to mount user files
|
||||||
|
|
|
||||||
|
|
@ -148,14 +148,10 @@ profile gnome-extension-ding @{exec_path} {
|
||||||
/{usr/,}bin/gnome-control-center rPx,
|
/{usr/,}bin/gnome-control-center rPx,
|
||||||
/{usr/,}bin/nautilus rPx,
|
/{usr/,}bin/nautilus rPx,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/gnome-shell/extensions/ding@rastersoft.com/* r,
|
/usr/share/gnome-shell/extensions/ding@rastersoft.com/* r,
|
||||||
/usr/share/thumbnailers/{,*.thumbnailer} r,
|
/usr/share/thumbnailers/{,*.thumbnailer} r,
|
||||||
/usr/share/ubuntu/applications/{,**} r,
|
|
||||||
/usr/share/X11/{,**} r,
|
/usr/share/X11/{,**} r,
|
||||||
|
|
||||||
/etc/gnome/defaults.list r,
|
|
||||||
|
|
||||||
/var/lib/snapd/desktop/icons/{,**} r,
|
/var/lib/snapd/desktop/icons/{,**} r,
|
||||||
|
|
||||||
owner @{HOME}/@{XDG_TEMPLATES_DIR}/ r,
|
owner @{HOME}/@{XDG_TEMPLATES_DIR}/ r,
|
||||||
|
|
|
||||||
|
|
@ -35,7 +35,6 @@ profile gnome-extension-manager @{exec_path} {
|
||||||
/{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,
|
/{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,
|
||||||
/{usr/,}lib/gio-launch-desktop rPx -> child-open,
|
/{usr/,}lib/gio-launch-desktop rPx -> child-open,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/gnome-shell/org.gnome.Shell.Extensions r,
|
/usr/share/gnome-shell/org.gnome.Shell.Extensions r,
|
||||||
/usr/share/themes/{,**} r,
|
/usr/share/themes/{,**} r,
|
||||||
/usr/share/X11/xkb/{,**} r,
|
/usr/share/X11/xkb/{,**} r,
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,6 @@ profile gnome-extensions-app @{exec_path} {
|
||||||
/{usr/,}bin/{,ba,da}sh rix,
|
/{usr/,}bin/{,ba,da}sh rix,
|
||||||
/{usr/,}bin/gjs-console rix,
|
/{usr/,}bin/gjs-console rix,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/gnome-shell/org.gnome.Extensions* r,
|
/usr/share/gnome-shell/org.gnome.Extensions* r,
|
||||||
/usr/share/icu/{,**} r,
|
/usr/share/icu/{,**} r,
|
||||||
/usr/share/terminfo/x/xterm-256color r,
|
/usr/share/terminfo/x/xterm-256color r,
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
include <abstractions/dri-common>
|
include <abstractions/dri-common>
|
||||||
include <abstractions/dri-enumerate>
|
include <abstractions/dri-enumerate>
|
||||||
|
include <abstractions/freedesktop.org>
|
||||||
include <abstractions/gtk>
|
include <abstractions/gtk>
|
||||||
include <abstractions/mesa>
|
include <abstractions/mesa>
|
||||||
include <abstractions/vulkan>
|
include <abstractions/vulkan>
|
||||||
|
|
@ -183,20 +184,14 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
||||||
@{libexec}/gsd-disk-utility-notify rPx,
|
@{libexec}/gsd-disk-utility-notify rPx,
|
||||||
@{libexec}/evolution-data-server/{,evolution-data-server/}evolution-alarm-notify rPx,
|
@{libexec}/evolution-data-server/{,evolution-data-server/}evolution-alarm-notify rPx,
|
||||||
|
|
||||||
/usr/share/applications/{,**} r,
|
|
||||||
/usr/share/dconf/profile/gdm r,
|
/usr/share/dconf/profile/gdm r,
|
||||||
/usr/share/gdm/greeter-dconf-defaults r,
|
/usr/share/gdm/greeter-dconf-defaults r,
|
||||||
/usr/share/gdm/greeter/applications/{,**} r,
|
/usr/share/gdm/greeter/applications/{,**} r,
|
||||||
/usr/share/gdm/greeter/autostart/{,*.desktop} r,
|
/usr/share/gdm/greeter/autostart/{,*.desktop} r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/glvnd/egl_vendor.d/ r,
|
/usr/share/glvnd/egl_vendor.d/ r,
|
||||||
/usr/share/gnome-session/hardware-compatibility r,
|
/usr/share/gnome-session/hardware-compatibility r,
|
||||||
/usr/share/gnome-session/sessions/*.session r,
|
/usr/share/gnome-session/sessions/*.session r,
|
||||||
/usr/share/gnome/autostart/{,*.desktop} r,
|
/usr/share/gnome/autostart/{,*.desktop} r,
|
||||||
/usr/share/icons/{,**} r,
|
|
||||||
/usr/share/mime/mime.cache r,
|
|
||||||
/usr/share/*ubuntu/applications/{,*.desktop} r,
|
|
||||||
/usr/share/*ubuntu/applications/mimeinfo.cache r,
|
|
||||||
/usr/share/X11/xkb/{,**} r,
|
/usr/share/X11/xkb/{,**} r,
|
||||||
/usr/share/session-migration/scripts/{,*} r,
|
/usr/share/session-migration/scripts/{,*} r,
|
||||||
|
|
||||||
|
|
@ -223,15 +218,8 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
||||||
owner @{user_config_dirs}/gnome-session/saved-session/ rw,
|
owner @{user_config_dirs}/gnome-session/saved-session/ rw,
|
||||||
owner @{user_config_dirs}/gtk-3.0/bookmarks rw,
|
owner @{user_config_dirs}/gtk-3.0/bookmarks rw,
|
||||||
owner @{user_config_dirs}/gtk-3.0/bookmarks.[0-9A-Z]* rw,
|
owner @{user_config_dirs}/gtk-3.0/bookmarks.[0-9A-Z]* rw,
|
||||||
owner @{user_config_dirs}/mimeapps.list r,
|
|
||||||
owner @{user_config_dirs}/user-dirs.dirs r,
|
|
||||||
owner @{user_config_dirs}/user-dirs.locale r,
|
owner @{user_config_dirs}/user-dirs.locale r,
|
||||||
owner @{user_share_dirs}/applications/ r,
|
|
||||||
owner @{user_share_dirs}/applications/defaults.list r,
|
|
||||||
owner @{user_share_dirs}/applications/mimeapps.list r,
|
|
||||||
owner @{user_share_dirs}/applications/mimeinfo.cache r,
|
|
||||||
owner @{user_share_dirs}/gnome-shell/gnome-overrides-migrated rw,
|
owner @{user_share_dirs}/gnome-shell/gnome-overrides-migrated rw,
|
||||||
owner @{user_share_dirs}/mime/mime.cache r,
|
|
||||||
owner @{user_share_dirs}/session_migration-ubuntu r,
|
owner @{user_share_dirs}/session_migration-ubuntu r,
|
||||||
|
|
||||||
@{run}/systemd/inhibit/[0-9]*.ref rw,
|
@{run}/systemd/inhibit/[0-9]*.ref rw,
|
||||||
|
|
|
||||||
|
|
@ -487,7 +487,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
||||||
/opt/*/**/*.png r,
|
/opt/*/**/*.png r,
|
||||||
/snap/*/@{uid}/**.png r,
|
/snap/*/@{uid}/**.png r,
|
||||||
/usr/share/{,zoneinfo-}icu/{,**} r,
|
/usr/share/{,zoneinfo-}icu/{,**} r,
|
||||||
/usr/share/*ubuntu/applications/{,*.desktop} r,
|
|
||||||
/usr/share/app-info/icons/{,**} r,
|
/usr/share/app-info/icons/{,**} r,
|
||||||
/usr/share/backgrounds/{,**} r,
|
/usr/share/backgrounds/{,**} r,
|
||||||
/usr/share/dconf/profile/gdm r,
|
/usr/share/dconf/profile/gdm r,
|
||||||
|
|
@ -499,7 +498,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
||||||
/usr/share/gdm/BuiltInSessions/{,*.desktop} r,
|
/usr/share/gdm/BuiltInSessions/{,*.desktop} r,
|
||||||
/usr/share/gdm/greeter-dconf-defaults r,
|
/usr/share/gdm/greeter-dconf-defaults r,
|
||||||
/usr/share/gdm/greeter/applications/{,**} r,
|
/usr/share/gdm/greeter/applications/{,**} r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/gnome-shell/{,**} r,
|
/usr/share/gnome-shell/{,**} r,
|
||||||
/usr/share/libdrm/*.ids r,
|
/usr/share/libdrm/*.ids r,
|
||||||
/usr/share/libgweather/Locations.xml r,
|
/usr/share/libgweather/Locations.xml r,
|
||||||
|
|
@ -513,6 +511,10 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
||||||
/usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r,
|
/usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r,
|
||||||
/usr/share/gnome-packagekit/icons/hicolor/{,**} r,
|
/usr/share/gnome-packagekit/icons/hicolor/{,**} r,
|
||||||
|
|
||||||
|
# freedesktop.org-strict
|
||||||
|
/usr/share/*ubuntu/applications/{,**} r,
|
||||||
|
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||||
|
|
||||||
/.flatpak-info r,
|
/.flatpak-info r,
|
||||||
/etc/fstab r,
|
/etc/fstab r,
|
||||||
/etc/udev/hwdb.bin r,
|
/etc/udev/hwdb.bin r,
|
||||||
|
|
|
||||||
|
|
@ -44,7 +44,6 @@ profile gnome-software @{exec_path} {
|
||||||
|
|
||||||
/usr/share/app-info/{,**} r,
|
/usr/share/app-info/{,**} r,
|
||||||
/usr/share/appdata/{,**} r,
|
/usr/share/appdata/{,**} r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/metainfo/{,**} r,
|
/usr/share/metainfo/{,**} r,
|
||||||
/usr/share/swcatalog/xml/{,**} r,
|
/usr/share/swcatalog/xml/{,**} r,
|
||||||
/usr/share/X11/xkb/{,**} r,
|
/usr/share/X11/xkb/{,**} r,
|
||||||
|
|
|
||||||
|
|
@ -28,10 +28,12 @@ profile gnome-system-monitor @{exec_path} flags=(attach_disconnected) {
|
||||||
|
|
||||||
/{usr/,}bin/pkexec rPx,
|
/{usr/,}bin/pkexec rPx,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/gnome-system-monitor/{,**} r,
|
/usr/share/gnome-system-monitor/{,**} r,
|
||||||
|
|
||||||
|
# freedesktop.org-strict
|
||||||
/usr/share/pixmaps/{,**} r,
|
/usr/share/pixmaps/{,**} r,
|
||||||
/usr/share/ubuntu/applications/{,**} r,
|
/usr/share/*ubuntu/applications/{,**} r,
|
||||||
|
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||||
|
|
||||||
/etc/machine-id r,
|
/etc/machine-id r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -36,7 +36,6 @@ profile gnome-terminal-server @{exec_path} {
|
||||||
/{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,
|
/{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,
|
||||||
/{usr/,}lib/gio-launch-desktop rPx -> child-open,
|
/{usr/,}lib/gio-launch-desktop rPx -> child-open,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/icu/{,**} r,
|
/usr/share/icu/{,**} r,
|
||||||
/usr/share/X11/xkb/{,**} r,
|
/usr/share/X11/xkb/{,**} r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -162,7 +162,6 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
|
||||||
|
|
||||||
/usr/share/dconf/profile/gdm r,
|
/usr/share/dconf/profile/gdm r,
|
||||||
/usr/share/gdm/greeter-dconf-defaults r,
|
/usr/share/gdm/greeter-dconf-defaults r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/icons/{,**} r,
|
/usr/share/icons/{,**} r,
|
||||||
/usr/share/mime/mime.cache r,
|
/usr/share/mime/mime.cache r,
|
||||||
/usr/share/sounds/freedesktop/stereo/*.oga r,
|
/usr/share/sounds/freedesktop/stereo/*.oga r,
|
||||||
|
|
|
||||||
|
|
@ -96,14 +96,16 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) {
|
||||||
|
|
||||||
/usr/share/dconf/profile/gdm r,
|
/usr/share/dconf/profile/gdm r,
|
||||||
/usr/share/gdm/greeter-dconf-defaults r,
|
/usr/share/gdm/greeter-dconf-defaults r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/icons/{,**} r,
|
|
||||||
/usr/share/libwacom/{,*} r,
|
/usr/share/libwacom/{,*} r,
|
||||||
/usr/share/mime/mime.cache r,
|
|
||||||
/usr/share/X11/xkb/** r,
|
/usr/share/X11/xkb/** r,
|
||||||
|
|
||||||
/etc/machine-id r,
|
/etc/machine-id r,
|
||||||
|
|
||||||
|
# freedesktop.org-strict
|
||||||
|
/usr/share/icons/{,**} r,
|
||||||
|
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||||
|
/usr/share/mime/mime.cache r,
|
||||||
|
|
||||||
owner @{run}/user/@{uid}/gdm/Xauthority r,
|
owner @{run}/user/@{uid}/gdm/Xauthority r,
|
||||||
owner @{run}/user/@{uid}/wayland-[0-9] rw,
|
owner @{run}/user/@{uid}/wayland-[0-9] rw,
|
||||||
owner @{run}/user/@{uid}/wayland-cursor-shared-* rw,
|
owner @{run}/user/@{uid}/wayland-cursor-shared-* rw,
|
||||||
|
|
|
||||||
|
|
@ -42,8 +42,9 @@ profile seahorse @{exec_path} {
|
||||||
/{usr/,}bin/gpg{,2} rUx,
|
/{usr/,}bin/gpg{,2} rUx,
|
||||||
/{usr/,}bin/gpgsm rPx,
|
/{usr/,}bin/gpgsm rPx,
|
||||||
|
|
||||||
|
# freedesktop.org-strict
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||||
/usr/share/ubuntu/applications/ r,
|
/usr/share/*ubuntu/applications/ r,
|
||||||
|
|
||||||
/etc/pki/trust/blocklist/ r,
|
/etc/pki/trust/blocklist/ r,
|
||||||
/etc/gcrypt/hwf.deny r,
|
/etc/gcrypt/hwf.deny r,
|
||||||
|
|
|
||||||
|
|
@ -67,7 +67,6 @@ profile tracker-extract @{exec_path} {
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/dconf/profile/gdm r,
|
/usr/share/dconf/profile/gdm r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/hwdata/*.ids r,
|
/usr/share/hwdata/*.ids r,
|
||||||
/usr/share/ladspa/rdf/{,**} r,
|
/usr/share/ladspa/rdf/{,**} r,
|
||||||
/usr/share/mime/mime.cache r,
|
/usr/share/mime/mime.cache r,
|
||||||
|
|
|
||||||
|
|
@ -80,7 +80,6 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) {
|
||||||
|
|
||||||
/usr/share/dconf/profile/gdm r,
|
/usr/share/dconf/profile/gdm r,
|
||||||
/usr/share/gdm/greeter/applications/{,mimeinfo.cache,*.list} r,
|
/usr/share/gdm/greeter/applications/{,mimeinfo.cache,*.list} r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/gvfs/remote-volume-monitors/{,*.monitor} r,
|
/usr/share/gvfs/remote-volume-monitors/{,*.monitor} r,
|
||||||
/usr/share/tracker3-miners/{,**} r,
|
/usr/share/tracker3-miners/{,**} r,
|
||||||
/usr/share/tracker3/{,**} r,
|
/usr/share/tracker3/{,**} r,
|
||||||
|
|
|
||||||
|
|
@ -62,7 +62,6 @@ profile gvfs-udisks2-volume-monitor @{exec_path} flags=(attach_disconnected) {
|
||||||
/{usr/,}bin/mount rPx,
|
/{usr/,}bin/mount rPx,
|
||||||
/{usr/,}bin/umount rPx,
|
/{usr/,}bin/umount rPx,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
/var/lib/gdm{3,}/.config/dconf/user r,
|
/var/lib/gdm{3,}/.config/dconf/user r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,6 @@ profile gvfsd-ftp @{exec_path} {
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
include if exists <local/gvfsd-ftp>
|
include if exists <local/gvfsd-ftp>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,6 @@ profile gvfsd-http @{exec_path} {
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
owner @{run}/user/@{uid}/gvfsd/socket-* rw,
|
owner @{run}/user/@{uid}/gvfsd/socket-* rw,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,6 @@ profile gvfsd-mtp @{exec_path} {
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
owner @{HOME}/{,**} rw,
|
owner @{HOME}/{,**} rw,
|
||||||
owner @{MOUNTS}/{,**} rw,
|
owner @{MOUNTS}/{,**} rw,
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,6 @@ profile gvfsd-smb @{exec_path} {
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
/etc/samba/smb.conf r,
|
/etc/samba/smb.conf r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -40,7 +40,6 @@ profile mullvad-gui @{exec_path} {
|
||||||
|
|
||||||
"/opt/Mullvad VPN/{,**}" r,
|
"/opt/Mullvad VPN/{,**}" r,
|
||||||
/usr/share/themes/{,**} r,
|
/usr/share/themes/{,**} r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
/etc/libva.conf r,
|
/etc/libva.conf r,
|
||||||
/etc/igfx_user_feature{,_next}.txt w,
|
/etc/igfx_user_feature{,_next}.txt w,
|
||||||
|
|
|
||||||
|
|
@ -56,7 +56,6 @@ profile apport-gtk @{exec_path} {
|
||||||
/usr/share/alsa/{,**} r,
|
/usr/share/alsa/{,**} r,
|
||||||
/usr/share/apport/{,**} r,
|
/usr/share/apport/{,**} r,
|
||||||
/usr/share/apport/general-hooks/*.py r,
|
/usr/share/apport/general-hooks/*.py r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/themes/{,**} r,
|
/usr/share/themes/{,**} r,
|
||||||
/usr/share/X11/xkb/{,**} r,
|
/usr/share/X11/xkb/{,**} r,
|
||||||
|
|
||||||
|
|
@ -110,7 +109,6 @@ profile apport-gtk @{exec_path} {
|
||||||
/usr/share/gdb/{,**} r,
|
/usr/share/gdb/{,**} r,
|
||||||
/usr/share/themes/{,**} r,
|
/usr/share/themes/{,**} r,
|
||||||
/usr/share/gnome-shell/{,**} r,
|
/usr/share/gnome-shell/{,**} r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
/etc/gdb/{,**} r,
|
/etc/gdb/{,**} r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -66,14 +66,11 @@ profile update-manager @{exec_path} flags=(attach_disconnected) {
|
||||||
/{usr/,}lib/apt/methods/http{,s} rPx,
|
/{usr/,}lib/apt/methods/http{,s} rPx,
|
||||||
|
|
||||||
/usr/share/distro-info/{,**} r,
|
/usr/share/distro-info/{,**} r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/themes/{,**} r,
|
/usr/share/themes/{,**} r,
|
||||||
/usr/share/ubuntu-release-upgrader/{,**} r,
|
/usr/share/ubuntu-release-upgrader/{,**} r,
|
||||||
/usr/share/ubuntu/applications/{,**} r,
|
|
||||||
/usr/share/update-manager/{,**} r,
|
/usr/share/update-manager/{,**} r,
|
||||||
/usr/share/X11/{,**} r,
|
/usr/share/X11/{,**} r,
|
||||||
|
|
||||||
/etc/gnome/defaults.list r,
|
|
||||||
/etc/gtk-3.0/settings.ini r,
|
/etc/gtk-3.0/settings.ini r,
|
||||||
/etc/machine-id r,
|
/etc/machine-id r,
|
||||||
/etc/update-manager/{,**} r,
|
/etc/update-manager/{,**} r,
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,7 @@ profile update-notifier @{exec_path} {
|
||||||
include <abstractions/dbus-session-strict>
|
include <abstractions/dbus-session-strict>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
include <abstractions/fonts>
|
include <abstractions/fonts>
|
||||||
|
include <abstractions/freedesktop.org>
|
||||||
include <abstractions/gtk>
|
include <abstractions/gtk>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
include <abstractions/openssl>
|
include <abstractions/openssl>
|
||||||
|
|
@ -46,19 +47,12 @@ profile update-notifier @{exec_path} {
|
||||||
|
|
||||||
/{usr/,}lib/python3.[0-9]*/dist-packages/{apt,gi}/**/__pycache__/{,**} rw,
|
/{usr/,}lib/python3.[0-9]*/dist-packages/{apt,gi}/**/__pycache__/{,**} rw,
|
||||||
|
|
||||||
/usr/share/applications/{,**} r,
|
|
||||||
/usr/share/dpkg/cputable r,
|
/usr/share/dpkg/cputable r,
|
||||||
/usr/share/dpkg/tupletable r,
|
/usr/share/dpkg/tupletable r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/icons/{,**} r,
|
|
||||||
/usr/share/mime/mime.cache r,
|
|
||||||
/usr/share/pixmaps/ r,
|
|
||||||
/usr/share/ubuntu/applications/ r,
|
|
||||||
/usr/share/update-notifier/{,**} r,
|
/usr/share/update-notifier/{,**} r,
|
||||||
/usr/share/X11/{,**} r,
|
/usr/share/X11/{,**} r,
|
||||||
|
|
||||||
/etc/machine-id r,
|
/etc/machine-id r,
|
||||||
/etc/gnome/defaults.list r,
|
|
||||||
|
|
||||||
/var/lib/snapd/desktop/applications/{,**} r,
|
/var/lib/snapd/desktop/applications/{,**} r,
|
||||||
/var/lib/snapd/desktop/icons/ r,
|
/var/lib/snapd/desktop/icons/ r,
|
||||||
|
|
|
||||||
|
|
@ -23,10 +23,8 @@ profile appstreamcli @{exec_path} flags=(complain) {
|
||||||
|
|
||||||
/usr/share/app-info/{,**} r,
|
/usr/share/app-info/{,**} r,
|
||||||
/usr/share/appdata/ r,
|
/usr/share/appdata/ r,
|
||||||
/usr/share/applications/{,*.desktop} r,
|
|
||||||
/usr/share/metainfo/ r,
|
/usr/share/metainfo/ r,
|
||||||
/usr/share/metainfo/*.{metainfo,appdata}.xml r,
|
/usr/share/metainfo/*.{metainfo,appdata}.xml r,
|
||||||
/usr/share/mime/mime.cache r,
|
|
||||||
/usr/share/swcatalog/{,**} r,
|
/usr/share/swcatalog/{,**} r,
|
||||||
|
|
||||||
/etc/appstream.conf r,
|
/etc/appstream.conf r,
|
||||||
|
|
@ -35,7 +33,6 @@ profile appstreamcli @{exec_path} flags=(complain) {
|
||||||
owner @{user_cache_dirs}/appstream-cache-*.mdb rw,
|
owner @{user_cache_dirs}/appstream-cache-*.mdb rw,
|
||||||
owner @{user_cache_dirs}/appstream/ rw,
|
owner @{user_cache_dirs}/appstream/ rw,
|
||||||
owner @{user_cache_dirs}/appstream/appcache-*.mdb rw,
|
owner @{user_cache_dirs}/appstream/appcache-*.mdb rw,
|
||||||
owner @{user_share_dirs}/mime/mime.cache r,
|
|
||||||
|
|
||||||
/var/lib/app-info/ w,
|
/var/lib/app-info/ w,
|
||||||
/var/lib/app-info/yaml/ r,
|
/var/lib/app-info/yaml/ r,
|
||||||
|
|
@ -60,6 +57,11 @@ profile appstreamcli @{exec_path} flags=(complain) {
|
||||||
|
|
||||||
owner @{PROC}/@{pid}/fd/ r,
|
owner @{PROC}/@{pid}/fd/ r,
|
||||||
|
|
||||||
|
# freedesktop.org-strict
|
||||||
|
/usr/share/applications/{,*.desktop} r,
|
||||||
|
/usr/share/mime/mime.cache r,
|
||||||
|
owner @{user_share_dirs}/mime/mime.cache r,
|
||||||
|
|
||||||
profile curl {
|
profile curl {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
|
|
|
||||||
|
|
@ -82,7 +82,6 @@ profile arduino @{exec_path} {
|
||||||
owner @{run}/lock/tmp* rw,
|
owner @{run}/lock/tmp* rw,
|
||||||
owner @{run}/lock/LCK..ttyS[0-9]* rw,
|
owner @{run}/lock/LCK..ttyS[0-9]* rw,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
owner @{PROC}/@{pid}/fd/ r,
|
owner @{PROC}/@{pid}/fd/ r,
|
||||||
owner @{PROC}/@{pid}/coredump_filter rw,
|
owner @{PROC}/@{pid}/coredump_filter rw,
|
||||||
|
|
|
||||||
|
|
@ -51,7 +51,6 @@ profile atril @{exec_path} {
|
||||||
|
|
||||||
/usr/share/atril/{,**} r,
|
/usr/share/atril/{,**} r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
owner @{PROC}/@{pid}/fd/ r,
|
owner @{PROC}/@{pid}/fd/ r,
|
||||||
owner @{PROC}/@{pid}/mountinfo r,
|
owner @{PROC}/@{pid}/mountinfo r,
|
||||||
|
|
|
||||||
|
|
@ -36,7 +36,6 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
|
||||||
/{usr/,}bin/xdg-open rCx -> open,
|
/{usr/,}bin/xdg-open rCx -> open,
|
||||||
|
|
||||||
/usr/share/blueman/{,**} r,
|
/usr/share/blueman/{,**} r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/X11/xkb/{,**} r,
|
/usr/share/X11/xkb/{,**} r,
|
||||||
|
|
||||||
/etc/machine-id r,
|
/etc/machine-id r,
|
||||||
|
|
|
||||||
|
|
@ -39,7 +39,6 @@ profile cawbird @{exec_path} {
|
||||||
owner @{user_cache_dirs}/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{user_cache_dirs}/cawbird-* rw,
|
owner @{user_cache_dirs}/cawbird-* rw,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
/usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r,
|
/usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -34,7 +34,6 @@ profile claws-mail @{exec_path} flags=(complain) {
|
||||||
/{usr/,}{s,}bin/exim4 rPUx,
|
/{usr/,}{s,}bin/exim4 rPUx,
|
||||||
/{usr/,}bin/geany rPUx,
|
/{usr/,}bin/geany rPUx,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/publicsuffix/*.dafsa r,
|
/usr/share/publicsuffix/*.dafsa r,
|
||||||
/usr/share/sounds/freedesktop/stereo/*.oga r,
|
/usr/share/sounds/freedesktop/stereo/*.oga r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -37,7 +37,6 @@ profile czkawka-gui @{exec_path} {
|
||||||
|
|
||||||
@{sys}/fs/cgroup/{,**} r,
|
@{sys}/fs/cgroup/{,**} r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
profile open {
|
profile open {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
|
|
|
||||||
|
|
@ -47,7 +47,6 @@ profile deltachat-desktop @{exec_path} {
|
||||||
owner @{HOME}/.config/DeltaChat/ rw,
|
owner @{HOME}/.config/DeltaChat/ rw,
|
||||||
owner @{HOME}/.config/DeltaChat/** rwk,
|
owner @{HOME}/.config/DeltaChat/** rwk,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
owner /tmp/@{hex}/ rw,
|
owner /tmp/@{hex}/ rw,
|
||||||
owner /tmp/@{hex}/db.sqlite-blobs/ rw,
|
owner /tmp/@{hex}/db.sqlite-blobs/ rw,
|
||||||
|
|
|
||||||
|
|
@ -31,7 +31,6 @@ profile dino-im @{exec_path} {
|
||||||
/{usr/,}bin/gpgconf rCx -> gpg,
|
/{usr/,}bin/gpgconf rCx -> gpg,
|
||||||
/{usr/,}bin/gpgsm rCx -> gpg,
|
/{usr/,}bin/gpgsm rCx -> gpg,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
owner @{user_share_dirs}/dino/ rw,
|
owner @{user_share_dirs}/dino/ rw,
|
||||||
owner @{user_share_dirs}/dino/** rwk,
|
owner @{user_share_dirs}/dino/** rwk,
|
||||||
|
|
|
||||||
|
|
@ -125,7 +125,6 @@ profile engrampa @{exec_path} {
|
||||||
|
|
||||||
/etc/magic r,
|
/etc/magic r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
# gnome-tiny
|
# gnome-tiny
|
||||||
@{run}/mount/utab r,
|
@{run}/mount/utab r,
|
||||||
|
|
|
||||||
|
|
@ -47,7 +47,6 @@ profile exo-helper @{exec_path} {
|
||||||
|
|
||||||
/etc/fstab r,
|
/etc/fstab r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
# file_inherit
|
# file_inherit
|
||||||
owner /dev/tty[0-9]* rw,
|
owner /dev/tty[0-9]* rw,
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,6 @@ profile file-roller @{exec_path} {
|
||||||
|
|
||||||
/{usr/,}bin/unzip rix,
|
/{usr/,}bin/unzip rix,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/themes/{,**} r,
|
/usr/share/themes/{,**} r,
|
||||||
/usr/share/X11/xkb/{,**} r,
|
/usr/share/X11/xkb/{,**} r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -28,10 +28,11 @@ profile firecfg @{exec_path} flags=(attach_disconnected) {
|
||||||
/usr/local/bin/ r,
|
/usr/local/bin/ r,
|
||||||
/usr/local/bin/* rw,
|
/usr/local/bin/* rw,
|
||||||
|
|
||||||
|
# freedesktop.org-strict
|
||||||
/usr/share/applications/ r,
|
/usr/share/applications/ r,
|
||||||
/usr/share/applications/*.desktop r,
|
/usr/share/applications/*.desktop r,
|
||||||
|
|
||||||
@{user_share_dirs}/applications/ r,
|
@{user_share_dirs}/applications/ r,
|
||||||
|
|
||||||
@{user_share_dirs}/applications/*.desktop rw,
|
@{user_share_dirs}/applications/*.desktop rw,
|
||||||
|
|
||||||
/dev/tty rw,
|
/dev/tty rw,
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,6 @@ profile font-manager @{exec_path} {
|
||||||
/{usr/,}lib/@{multiarch}/webkit*gtk-*/WebKitWebProcess rix,
|
/{usr/,}lib/@{multiarch}/webkit*gtk-*/WebKitWebProcess rix,
|
||||||
/{usr/,}lib/@{multiarch}/webkit*gtk-*/WebKitNetworkProcess rix,
|
/{usr/,}lib/@{multiarch}/webkit*gtk-*/WebKitNetworkProcess rix,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
owner @{user_cache_dirs}/ rw,
|
owner @{user_cache_dirs}/ rw,
|
||||||
owner @{user_cache_dirs}/font-manager/ rw,
|
owner @{user_cache_dirs}/font-manager/ rw,
|
||||||
|
|
|
||||||
|
|
@ -84,7 +84,6 @@ profile gajim @{exec_path} {
|
||||||
|
|
||||||
/etc/fstab r,
|
/etc/fstab r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
/usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r,
|
/usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -62,7 +62,6 @@ profile ganyremote @{exec_path} {
|
||||||
|
|
||||||
/etc/fstab r,
|
/etc/fstab r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
# Doc dirs
|
# Doc dirs
|
||||||
deny /usr/local/share/ r,
|
deny /usr/local/share/ r,
|
||||||
|
|
|
||||||
|
|
@ -131,7 +131,6 @@ profile gpartedbin @{exec_path} {
|
||||||
/var/lib/dbus/machine-id r,
|
/var/lib/dbus/machine-id r,
|
||||||
/etc/machine-id r,
|
/etc/machine-id r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
@{run}/mount/utab r,
|
@{run}/mount/utab r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -44,7 +44,6 @@ profile gpodder @{exec_path} {
|
||||||
|
|
||||||
/etc/fstab r,
|
/etc/fstab r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
owner /var/tmp/etilqs_@{hex} rw,
|
owner /var/tmp/etilqs_@{hex} rw,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -56,7 +56,6 @@ profile gsmartcontrol @{exec_path} {
|
||||||
|
|
||||||
/etc/fstab r,
|
/etc/fstab r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
/var/lib/dbus/machine-id r,
|
/var/lib/dbus/machine-id r,
|
||||||
/etc/machine-id r,
|
/etc/machine-id r,
|
||||||
|
|
|
||||||
|
|
@ -76,7 +76,6 @@ profile hypnotix @{exec_path} {
|
||||||
|
|
||||||
/dev/ r,
|
/dev/ r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
/etc/vdpau_wrapper.cfg r,
|
/etc/vdpau_wrapper.cfg r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -41,7 +41,6 @@ profile jami-gnome @{exec_path} {
|
||||||
/{usr/,}lib/@{multiarch}/webkit2gtk-4.0/WebKitNetworkProcess rix,
|
/{usr/,}lib/@{multiarch}/webkit2gtk-4.0/WebKitNetworkProcess rix,
|
||||||
/{usr/,}lib/@{multiarch}/webkit2gtk-4.0/WebKitWebProcess rix,
|
/{usr/,}lib/@{multiarch}/webkit2gtk-4.0/WebKitWebProcess rix,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
/usr/share/ring/{,**} r,
|
/usr/share/ring/{,**} r,
|
||||||
/usr/share/sounds/jami-gnome/{,**} r,
|
/usr/share/sounds/jami-gnome/{,**} r,
|
||||||
|
|
|
||||||
|
|
@ -43,7 +43,6 @@ profile keepassxc @{exec_path} {
|
||||||
/{usr/,}bin/xdg-open rCx -> child-open,
|
/{usr/,}bin/xdg-open rCx -> child-open,
|
||||||
/{usr/,}lib/firefox/firefox rPx,
|
/{usr/,}lib/firefox/firefox rPx,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/hwdata/pnp.ids r,
|
/usr/share/hwdata/pnp.ids r,
|
||||||
/usr/share/keepassxc/{,**} r,
|
/usr/share/keepassxc/{,**} r,
|
||||||
/usr/share/libdrm/*.ids r,
|
/usr/share/libdrm/*.ids r,
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,6 @@ profile light-locker @{exec_path} {
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
@{PROC}/1/cgroup r,
|
@{PROC}/1/cgroup r,
|
||||||
owner @{PROC}/@{pid}/cgroup r,
|
owner @{PROC}/@{pid}/cgroup r,
|
||||||
|
|
|
||||||
|
|
@ -55,7 +55,6 @@ profile mediainfo-gui @{exec_path} {
|
||||||
owner @{MOUNTS}/**/ r,
|
owner @{MOUNTS}/**/ r,
|
||||||
owner /{home,media}/**.@{mediainfo_ext} r,
|
owner /{home,media}/**.@{mediainfo_ext} r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
profile open {
|
profile open {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
|
|
|
||||||
|
|
@ -16,10 +16,12 @@ profile obamenu @{exec_path} {
|
||||||
|
|
||||||
/{usr/,}bin/ r,
|
/{usr/,}bin/ r,
|
||||||
|
|
||||||
|
/usr/share/*/*.desktop r,
|
||||||
|
|
||||||
|
# freedesktop.org-strict
|
||||||
/usr/share/applications/ r,
|
/usr/share/applications/ r,
|
||||||
/usr/share/applications/*.desktop r,
|
/usr/share/applications/*.desktop r,
|
||||||
/usr/share/pixmaps/ r,
|
/usr/share/pixmaps/ r,
|
||||||
/usr/share/*/*.desktop r,
|
|
||||||
|
|
||||||
include if exists <local/obamenu>
|
include if exists <local/obamenu>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -32,7 +32,6 @@ profile obconf @{exec_path} {
|
||||||
|
|
||||||
/etc/fstab r,
|
/etc/fstab r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
# file_inherit
|
# file_inherit
|
||||||
owner /dev/tty[0-9]* rw,
|
owner /dev/tty[0-9]* rw,
|
||||||
|
|
|
||||||
|
|
@ -32,7 +32,6 @@ profile pulseeffects @{exec_path} {
|
||||||
owner @{PROC}/@{pid}/cmdline r,
|
owner @{PROC}/@{pid}/cmdline r,
|
||||||
owner @{PROC}/@{pid}/fd/ r,
|
owner @{PROC}/@{pid}/fd/ r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
# file_inherit
|
# file_inherit
|
||||||
owner /dev/tty[0-9]* rw,
|
owner /dev/tty[0-9]* rw,
|
||||||
|
|
|
||||||
|
|
@ -169,7 +169,6 @@ profile qbittorrent @{exec_path} {
|
||||||
|
|
||||||
# gnome-tiny
|
# gnome-tiny
|
||||||
/usr/share/gvfs/remote-volume-monitors/{,*} r,
|
/usr/share/gvfs/remote-volume-monitors/{,*} r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
# Launch external apps
|
# Launch external apps
|
||||||
/{usr/,}bin/xdg-{open,mime} rCx -> open,
|
/{usr/,}bin/xdg-{open,mime} rCx -> open,
|
||||||
|
|
|
||||||
|
|
@ -116,7 +116,6 @@ profile remmina @{exec_path} {
|
||||||
/etc/ssh/ssh_config r,
|
/etc/ssh/ssh_config r,
|
||||||
/etc/ssh/ssh_config.d/{,*} r,
|
/etc/ssh/ssh_config.d/{,*} r,
|
||||||
/usr/share/remmina/{,**} r,
|
/usr/share/remmina/{,**} r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
owner @{user_config_dirs}/autostart/remmina-applet.desktop r,
|
owner @{user_config_dirs}/autostart/remmina-applet.desktop r,
|
||||||
owner @{user_config_dirs}/gtk-3.0/bookmarks r,
|
owner @{user_config_dirs}/gtk-3.0/bookmarks r,
|
||||||
|
|
|
||||||
|
|
@ -43,7 +43,6 @@ profile rpi-imager @{exec_path} {
|
||||||
|
|
||||||
/etc/fstab r,
|
/etc/fstab r,
|
||||||
/etc/X11/cursors/*.theme r,
|
/etc/X11/cursors/*.theme r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/hwdata/pnp.ids r,
|
/usr/share/hwdata/pnp.ids r,
|
||||||
/usr/share/qt5ct/** r,
|
/usr/share/qt5ct/** r,
|
||||||
/usr/share/X11/xkb/{,**} r,
|
/usr/share/X11/xkb/{,**} r,
|
||||||
|
|
|
||||||
|
|
@ -61,7 +61,6 @@ profile rustdesk @{exec_path} {
|
||||||
/{,usr/}bin/{,ba,da}sh rPx -> rustdesk_shell,
|
/{,usr/}bin/{,ba,da}sh rPx -> rustdesk_shell,
|
||||||
|
|
||||||
/etc/gdm{,3}/custom.conf r,
|
/etc/gdm{,3}/custom.conf r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
owner @{HOME}/.local/ w,
|
owner @{HOME}/.local/ w,
|
||||||
owner @{user_share_dirs}/ w,
|
owner @{user_share_dirs}/ w,
|
||||||
|
|
|
||||||
|
|
@ -99,7 +99,6 @@ profile steam @{exec_path} {
|
||||||
@{user_share_dirs}/Steam/ubuntu[0-9]*_{32,64}/steamwebhelper.sh rix,
|
@{user_share_dirs}/Steam/ubuntu[0-9]*_{32,64}/steamwebhelper.sh rix,
|
||||||
|
|
||||||
/usr/share/fonts/**.{ttf,otf} rk,
|
/usr/share/fonts/**.{ttf,otf} rk,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/terminfo/x/xterm-256color r,
|
/usr/share/terminfo/x/xterm-256color r,
|
||||||
/usr/share/themes/{,**} r,
|
/usr/share/themes/{,**} r,
|
||||||
/usr/share/X11/{,**} r,
|
/usr/share/X11/{,**} r,
|
||||||
|
|
|
||||||
|
|
@ -46,7 +46,6 @@ profile system-config-printer @{exec_path} flags=(complain) {
|
||||||
/usr/share/hplip/query.py rPUx,
|
/usr/share/hplip/query.py rPUx,
|
||||||
|
|
||||||
/usr/share/cups/data/testprint r,
|
/usr/share/cups/data/testprint r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/system-config-printer/{,**} r,
|
/usr/share/system-config-printer/{,**} r,
|
||||||
/usr/share/X11/xkb/{,**} r,
|
/usr/share/X11/xkb/{,**} r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -36,7 +36,6 @@ profile udiskie @{exec_path} {
|
||||||
|
|
||||||
/etc/fstab r,
|
/etc/fstab r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
# Allowed apps to open
|
# Allowed apps to open
|
||||||
/{usr/,}bin/spacefm rPx,
|
/{usr/,}bin/spacefm rPx,
|
||||||
|
|
|
||||||
|
|
@ -38,7 +38,6 @@ profile utox @{exec_path} {
|
||||||
|
|
||||||
deny owner @{PROC}/@{pid}/cmdline r,
|
deny owner @{PROC}/@{pid}/cmdline r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
profile open {
|
profile open {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
|
|
|
||||||
|
|
@ -49,7 +49,6 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) {
|
||||||
/{usr/,}lib/spice-client-glib-usb-acl-helper rPx,
|
/{usr/,}lib/spice-client-glib-usb-acl-helper rPx,
|
||||||
|
|
||||||
/usr/share/egl/{,**} r,
|
/usr/share/egl/{,**} r,
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
/usr/share/gtksourceview-4/{,**} r,
|
/usr/share/gtksourceview-4/{,**} r,
|
||||||
/usr/share/hwdata/*.ids r,
|
/usr/share/hwdata/*.ids r,
|
||||||
/usr/share/ladspa/rdf/{,ladspa.rdfs} r,
|
/usr/share/ladspa/rdf/{,ladspa.rdfs} r,
|
||||||
|
|
|
||||||
|
|
@ -32,7 +32,6 @@ profile volumeicon @{exec_path} {
|
||||||
/var/lib/dbus/machine-id r,
|
/var/lib/dbus/machine-id r,
|
||||||
/etc/machine-id r,
|
/etc/machine-id r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
# Start the PulseAudio sound mixer
|
# Start the PulseAudio sound mixer
|
||||||
/{usr/,}bin/{,ba,da}sh rix,
|
/{usr/,}bin/{,ba,da}sh rix,
|
||||||
|
|
|
||||||
|
|
@ -72,7 +72,6 @@ profile wireshark @{exec_path} {
|
||||||
|
|
||||||
/etc/fstab r,
|
/etc/fstab r,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
/usr/share/hwdata/pnp.ids r,
|
/usr/share/hwdata/pnp.ids r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -57,7 +57,6 @@ profile xarchiver @{exec_path} {
|
||||||
/tmp/ r,
|
/tmp/ r,
|
||||||
owner /tmp/** rw,
|
owner /tmp/** rw,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
|
||||||
|
|
||||||
owner @{PROC}/@{pid}/fd/ r,
|
owner @{PROC}/@{pid}/fd/ r,
|
||||||
@{PROC}/@{pid}/mountinfo r,
|
@{PROC}/@{pid}/mountinfo r,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue