mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-14 23:43:56 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Akonadi and plasmashell updates (#163)

Browse Source 
* Update plasmashell

* Update akonadi_akonotes_resource

* Update akonadi_archivemail_agent

* Update akonadi_birthdays_resource

* Update akonadi_contacts_resource

* Update akonadi_control

* Update akonadi_followupreminder_agent

* Update akonadi_ical_resource

* Update akonadi_indexing_agent

* Update akonadi_maildir_resource

* Update akonadi_maildispatcher_agent

* Update akonadi_mailfilter_agent

* Update akonadi_mailmerge_agent

* Update akonadi_migration_agent

* Update akonadi_newmailnotifier_agent

* Update akonadi_sendlater_agent

* Update akonadi_unifiedmailbox_agent

* Revert change

* Revert change

* Revert change

* Revert change

* Revert change and add dri-enumerate abstraction

* Revert change

* Revert change and add dri-enumerate abstraction

* Revert change

* Revert change

* Revert change

* Revert change

* Revert change and add dri-enumerate abstraction

* Revert change

* Revert change

* Revert change

* Revert change

* Removing /usr/share/icons/{,**} again

* Adding the audio abstraction

* Adding the consoles abstraction

* plasmashell: adding back /dev/shm/ r, and /dev/ptmx rw,

* akonadi_mailfilter_agent: removing the user-tmp abstraction

I haven't been able to observe new related requests.

---------

Co-authored-by: Alex <roddhjav@users.noreply.github.com>
This commit is contained in:
curiosityseeker 2023-06-14 23:46:34 +02:00 committed by GitHub
parent d4d1b949cd
commit 98e59e9336
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 68 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apparmor.d/groups/akonadi/akonadi_akonotes_resource
View File

@ -38,10 +38,10 @@ profile akonadi_akonotes_resource @{exec_path} {
owner @{user_config_dirs}/kdedefaults/kwinrc r,
owner @{user_config_dirs}/kdeglobals r,
owner @{user_config_dirs}/kwinrc r,
@{PROC}/sys/kernel/core_pattern r,
/dev/tty r,
include if exists <local/akonadi_akonotes_resource>
}
}

6
apparmor.d/groups/akonadi/akonadi_archivemail_agent
View File

@ -20,7 +20,7 @@ profile akonadi_archivemail_agent @{exec_path} {
@{exec_path} mr,
/usr/share/akonadi/plugins/serializer/*.desktop r,
/usr/share/akonadi/plugins/serializer/{,*.desktop} r,
/usr/share/hwdata/*.ids r,
/usr/share/mime/{,**} r,
/usr/share/qt{5,}/translations/*.qm r,
@ -45,11 +45,11 @@ profile akonadi_archivemail_agent @{exec_path} {
owner @{user_config_dirs}/kdedefaults/kwinrc r,
owner @{user_config_dirs}/kdeglobals r,
owner @{user_config_dirs}/kwinrc r,
@{PROC}/sys/kernel/core_pattern r,
@{PROC}/sys/kernel/random/boot_id r,
/dev/tty r,
include if exists <local/akonadi_archivemail_agent>
}
}

4
apparmor.d/groups/akonadi/akonadi_birthdays_resource
View File

@ -36,10 +36,10 @@ profile akonadi_birthdays_resource @{exec_path} {
owner @{user_config_dirs}/kdedefaults/kwinrc r,
owner @{user_config_dirs}/kdeglobals r,
owner @{user_config_dirs}/kwinrc r,
@{PROC}/sys/kernel/core_pattern r,
/dev/tty r,
include if exists <local/akonadi_birthdays_resource>
}
}

5
apparmor.d/groups/akonadi/akonadi_contacts_resource
View File

@ -16,6 +16,7 @@ profile akonadi_contacts_resource @{exec_path} {
include <abstractions/mesa>
include <abstractions/nameservice-strict>
include <abstractions/qt5>
include <abstractions/vulkan>
include <abstractions/X-strict>
@{exec_path} mr,
@ -37,10 +38,10 @@ profile akonadi_contacts_resource @{exec_path} {
owner @{user_config_dirs}/kwinrc r,
owner @{user_share_dirs}/contacts/ r,
@{PROC}/sys/kernel/core_pattern r,
/dev/tty r,
include if exists <local/akonadi_contacts_resource>
}
}

9
apparmor.d/groups/akonadi/akonadi_control
View File

@ -10,10 +10,12 @@ include <tunables/global>
profile akonadi_control @{exec_path} {
include <abstractions/base>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/freedesktop.org>
include <abstractions/fonts>
include <abstractions/mesa>
include <abstractions/nameservice-strict>
include <abstractions/vulkan>
include <abstractions/X-strict>
include <abstractions/qt5>
@ -34,14 +36,17 @@ profile akonadi_control @{exec_path} {
owner @{user_cache_dirs}/akonadi/{,**} rwl,
owner @{user_config_dirs}/akonadi/ rw,
owner @{user_config_dirs}/akonadi/agentsrc.lock k,
owner @{user_config_dirs}/akonadi/** rwl -> @{user_config_dirs}/akonadi/**,
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
owner @{user_config_dirs}/kdeglobals r,
owner @{user_config_dirs}/libaccounts-glib/accounts.db{,-shm,-wal} rwk,
owner @{user_share_dirs}/akonadi/{,**} rwl,
@{PROC}/sys/kernel/core_pattern r,
/dev/tty r,
include if exists <local/akonadi_control>
}
}

5
apparmor.d/groups/akonadi/akonadi_followupreminder_agent
View File

@ -15,6 +15,7 @@ profile akonadi_followupreminder_agent @{exec_path} {
include <abstractions/freedesktop.org>
include <abstractions/mesa>
include <abstractions/nameservice-strict>
include <abstractions/vulkan>
include <abstractions/X-strict>
include <abstractions/qt5>
@ -40,10 +41,10 @@ profile akonadi_followupreminder_agent @{exec_path} {
owner @{user_config_dirs}/kdedefaults/kwinrc r,
owner @{user_config_dirs}/kdeglobals r,
owner @{user_config_dirs}/kwinrc r,
@{PROC}/sys/kernel/core_pattern r,
/dev/tty r,
include if exists <local/akonadi_followupreminder_agent>
}
}

6
apparmor.d/groups/akonadi/akonadi_ical_resource
View File

@ -10,8 +10,10 @@ include <tunables/global>
profile akonadi_ical_resource @{exec_path} {
include <abstractions/base>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/mesa>
include <abstractions/nameservice-strict>
include <abstractions/vulkan>
include <abstractions/X-strict>
@{exec_path} mr,
@ -31,10 +33,10 @@ profile akonadi_ical_resource @{exec_path} {
owner @{user_config_dirs}/kdeglobals r,
owner @{user_config_dirs}/kwinrc r,
owner @{user_share_dirs}/apps/korganizer/{,**} rw,
@{PROC}/sys/kernel/core_pattern r,
/dev/tty r,
include if exists <local/akonadi_ical_resource>
}
}

6
apparmor.d/groups/akonadi/akonadi_indexing_agent
View File

@ -34,7 +34,7 @@ profile akonadi_indexing_agent @{exec_path} {
owner @{user_config_dirs}/akonadi_indexing_agentrc r,
owner @{user_config_dirs}/akonadi/#[0-9]* rw,
owner @{user_config_dirs}/akonadi/agent_config_akonadi_indexing_agent* rwlk,
owner @{user_config_dirs}/akonadi/agent_config_akonadi_indexing_agent{,.*} rwlk,
owner @{user_config_dirs}/akonadi/akonadiconnectionrc r,
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
owner @{user_config_dirs}/kdedefaults/kwinrc r,
@ -42,11 +42,11 @@ profile akonadi_indexing_agent @{exec_path} {
owner @{user_config_dirs}/kwinrc r,
owner @{user_share_dirs}/akonadi/** rwk,
@{PROC}/sys/kernel/core_pattern r,
@{PROC}/sys/kernel/random/boot_id r,
/dev/tty r,
include if exists <local/akonadi_indexing_agent>
}
}

4
apparmor.d/groups/akonadi/akonadi_maildir_resource
View File

@ -41,10 +41,10 @@ profile akonadi_maildir_resource @{exec_path} {
owner @{user_share_dirs}/akonadi/{,**} rwk,
owner @{user_share_dirs}/local-mail*/{,**} rw,
@{PROC}/sys/kernel/core_pattern rw,
/dev/tty r,
include if exists <local/akonadi_maildir_resource>
}
}

4
apparmor.d/groups/akonadi/akonadi_maildispatcher_agent
View File

@ -45,10 +45,10 @@ profile akonadi_maildispatcher_agent @{exec_path} {
owner @{user_config_dirs}/kdeglobals r,
owner @{user_config_dirs}/kwinrc r,
owner @{user_config_dirs}/specialmailcollectionsrc r,
@{PROC}/sys/kernel/core_pattern r,
/dev/tty r,
include if exists <local/akonadi_maildispatcher_agent>
}
}

6
apparmor.d/groups/akonadi/akonadi_mailfilter_agent
View File

@ -53,12 +53,12 @@ profile akonadi_mailfilter_agent @{exec_path} {
owner @{user_config_dirs}/specialmailcollectionsrc r,
owner @{user_share_dirs}/akonadi/file_db_data/{,**} r,
owner @{user_share_dirs}/akonadi/file_db_data/{,**} rw,
@{PROC}/sys/kernel/core_pattern r,
@{PROC}/sys/kernel/random/boot_id r,
/dev/tty r,
include if exists <local/akonadi_mailfilter_agent>
}
}

6
apparmor.d/groups/akonadi/akonadi_mailmerge_agent
View File

@ -10,10 +10,12 @@ include <tunables/global>
profile akonadi_mailmerge_agent @{exec_path} {
include <abstractions/base>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/fonts>
include <abstractions/freedesktop.org>
include <abstractions/mesa>
include <abstractions/nameservice-strict>
include <abstractions/vulkan>
include <abstractions/X-strict>
network inet dgram,
@ -35,10 +37,10 @@ profile akonadi_mailmerge_agent @{exec_path} {
owner @{user_config_dirs}/kdedefaults/kwinrc r,
owner @{user_config_dirs}/kdeglobals r,
owner @{user_config_dirs}/kwinrc r,
@{PROC}/sys/kernel/core_pattern r,
/dev/tty r,
include if exists <local/akonadi_mailmerge_agent>
}
}

4
apparmor.d/groups/akonadi/akonadi_migration_agent
View File

@ -38,10 +38,10 @@ profile akonadi_migration_agent @{exec_path} {
owner @{user_config_dirs}/kwinrc r,
owner @{user_share_dirs}/akonadi_migration_agent/{,**} rw,
@{PROC}/sys/kernel/core_pattern r,
/dev/tty r,
include if exists <local/akonadi_migration_agent>
}
}

6
apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent
View File

@ -21,6 +21,7 @@ profile akonadi_newmailnotifier_agent @{exec_path} {
@{exec_path} mr,
/usr/share/akonadi/plugins/serializer/*.desktop r,
/usr/share/hwdata/*.ids r,
/usr/share/mime/{,**} r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
@ -44,11 +45,12 @@ profile akonadi_newmailnotifier_agent @{exec_path} {
owner @{user_config_dirs}/kdeglobals r,
owner @{user_config_dirs}/kmail2rc r,
owner @{user_config_dirs}/kwinrc r,
owner @{user_config_dirs}/specialmailcollectionsrc r,
@{PROC}/sys/kernel/core_pattern r,
@{PROC}/sys/kernel/random/boot_id r,
/dev/tty r,
include if exists <local/akonadi_newmailnotifier_agent>
}
}

4
apparmor.d/groups/akonadi/akonadi_sendlater_agent
View File

@ -43,10 +43,10 @@ profile akonadi_sendlater_agent @{exec_path} {
owner @{user_config_dirs}/kdedefaults/kwinrc r,
owner @{user_config_dirs}/kdeglobals r,
owner @{user_config_dirs}/kwinrc r,
@{PROC}/sys/kernel/core_pattern r,
/dev/tty r,
include if exists <local/akonadi_sendlater_agent>
}
}

6
apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent
View File

@ -38,8 +38,10 @@ profile akonadi_unifiedmailbox_agent @{exec_path} {
owner @{user_config_dirs}/kdedefaults/kwinrc r,
owner @{user_config_dirs}/kdeglobals r,
owner @{user_config_dirs}/kwinrc r,
@{PROC}/sys/kernel/core_pattern r,
/dev/tty r,
include if exists <local/akonadi_unifiedmailbox_agent>
}
}

22
apparmor.d/groups/kde/plasmashell
View File

@ -10,6 +10,8 @@ include <tunables/global>
profile plasmashell @{exec_path} {
include <abstractions/base>
include <abstractions/app-launcher-user>
include <abstractions/audio>
include <abstractions/consoles>
include <abstractions/dbus-session-strict>
include <abstractions/disks-read>
include <abstractions/dri-common>
@ -41,6 +43,7 @@ profile plasmashell @{exec_path} {
@{libexec}/libheif/ r,
@{libexec}/libheif/*.so* rm,
@{libexec}/kf5/kioslave5 rPx,
@{libexec}/kf5/kdesu{,d} rix,
/{usr/,}bin/dolphin rPUx, # TODO: rPx,
/{usr/,}bin/plasma-discover rPUx,
@ -55,11 +58,15 @@ profile plasmashell @{exec_path} {
/usr/share/krunner/{,**} r,
/usr/share/konsole/ r,
/usr/share/akonadi/firstrun/{,*} r,
/usr/share/lshw/artwork/logo.svg r,
/usr/share/knotifications5/*.notifyrc r,
/usr/share/desktop-directories/kf5-*.directory r,
/etc/appstream.conf r,
/etc/cups/client.conf r,
/etc/fstab r,
/etc/machine-id r,
/etc/pipewire/client.conf.d/ r,
/etc/pulse/client.conf r,
/etc/pulse/client.conf.d/ r,
/etc/xdg/baloofilerc r,
@ -69,6 +76,7 @@ profile plasmashell @{exec_path} {
/etc/xdg/krunnerrc r,
/etc/xdg/kwinrc r,
/etc/xdg/menus/ r,
/etc/xdg/menus/applications.menu r,
/etc/xdg/menus/applications-merged/ r,
/etc/xdg/plasmanotifyrc r,
/etc/xdg/plasmarc r,
@ -81,6 +89,7 @@ profile plasmashell @{exec_path} {
owner @{user_cache_dirs}/ r,
owner @{user_cache_dirs}/#[0-9]* rw,
owner @{user_cache_dirs}/event-sound-cache.tdb.*.x86_64-pc-linux-gnu rwk,
owner @{user_cache_dirs}/icon-cache.kcache rw,
owner @{user_cache_dirs}/ksycoca5_* r,
owner @{user_cache_dirs}/org.kde.dirmodel-qml.kcache rw,
@ -111,7 +120,9 @@ profile plasmashell @{exec_path} {
owner @{user_config_dirs}/plasma-org.kde.plasma.desktop-appletsrc.?????? rk,
owner @{user_config_dirs}/plasma-pk-updates r,
owner @{user_config_dirs}/plasma*desktop* rwlk,
owner @{user_config_dirs}/plasmanotifyrc r,
owner @{user_config_dirs}/plasmanotifyrc rw,
owner @{user_config_dirs}/plasmanotifyrc.lock rwk,
owner @{user_config_dirs}/plasmanotifyrc.* rwl,
owner @{user_config_dirs}/plasmaparc r,
owner @{user_config_dirs}/plasmashellrc r,
owner @{user_config_dirs}/pulse/cookie rwk,
@ -135,6 +146,7 @@ profile plasmashell @{exec_path} {
owner @{user_share_dirs}/user-places.xbel r,
owner @{run}/user/@{uid}/#[0-9]* rw,
owner @{run}/user/@{uid}/kdesud_:1 w,
owner @{run}/user/@{uid}/plasmashell??????.[0-9].kioworker.socket rwl,
owner @{run}/user/@{uid}/gvfs/ r,
owner @{run}/user/@{uid}/pulse/ rw,
@ -148,9 +160,11 @@ profile plasmashell @{exec_path} {
owner @{PROC}/@{pid}/environ r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/{cgroup,cmdline,stat,statm} r,
owner @{PROC}/@{pid}/attr/current r,
/dev/shm/ r,
/dev/tty r,
/dev/ptmx rw,
include if exists <local/plasmashell>
}