mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-12-26 15:06:45 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(profile): small profile update.

Browse source
This commit is contained in:
Alexandre Pujol 2024-11-11 22:18:39 +00:00
parent 0206e04b3f
commit 9a3adc66d0
Failed to generate hash of commit
6 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/abstractions/app/chromium
View file

@ -186,6 +186,7 @@
@{PROC}/ r, @{PROC}/ r,
@{PROC}/@{pid}/fd/ r, @{PROC}/@{pid}/fd/ r,
@{PROC}/@{pid}/stat r, @{PROC}/@{pid}/stat r,
@{PROC}/@{pid}/statm r,
@{PROC}/@{pid}/task/@{tid}/status r, @{PROC}/@{pid}/task/@{tid}/status r,
@{PROC}/pressure/{memory,cpu,io} r, @{PROC}/pressure/{memory,cpu,io} r,
@{PROC}/sys/fs/inotify/max_user_watches r, @{PROC}/sys/fs/inotify/max_user_watches r,
@ -201,7 +202,6 @@
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/oom_{,score_}adj rw, owner @{PROC}/@{pid}/oom_{,score_}adj rw,
owner @{PROC}/@{pid}/setgroups w, owner @{PROC}/@{pid}/setgroups w,
owner @{PROC}/@{pid}/statm r,
owner @{PROC}/@{pid}/task/ r, owner @{PROC}/@{pid}/task/ r,
owner @{PROC}/@{pid}/task/@{tid}/comm rw, owner @{PROC}/@{pid}/task/@{tid}/comm rw,
owner @{PROC}/@{pid}/task/@{tid}/stat r, owner @{PROC}/@{pid}/task/@{tid}/stat r,

1
apparmor.d/groups/freedesktop/xdg-document-portal
View file

@ -41,6 +41,7 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
@{bin}/flatpak rPUx, @{bin}/flatpak rPUx,
@{bin}/fusermount{,3} rCx -> fusermount, @{bin}/fusermount{,3} rCx -> fusermount,
/ r,
owner @{att}/ r, owner @{att}/ r,
owner @{att}/.flatpak-info r, owner @{att}/.flatpak-info r,

6
apparmor.d/groups/gnome/loupe
View file

@ -30,6 +30,8 @@ profile loupe @{exec_path} flags=(attach_disconnected) {
/ r, / r,
owner @{user_cache_dirs}/glycin/{,**} rw,
@{run}/mount/utab r, @{run}/mount/utab r,
@{sys}/fs/cgroup/user.slice/cpu.max r, @{sys}/fs/cgroup/user.slice/cpu.max r,
@ -51,7 +53,9 @@ profile loupe @{exec_path} flags=(attach_disconnected) {
signal (receive) set=(kill) peer=loupe, signal (receive) set=(kill) peer=loupe,
@{bin}/bwrap mr, @{bin}/bwrap mr,
@{lib}/glycin-loaders/*/glycin-image-rs rix, @{lib}/glycin-loaders/*/glycin-* rix,
owner @{PROC}/@{pid}/fd/ r,
deny @{user_share_dirs}/gvfs-metadata/* r, deny @{user_share_dirs}/gvfs-metadata/* r,

1
apparmor.d/profiles-a-f/cctk
View file

@ -11,6 +11,7 @@ profile cctk @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/consoles> include <abstractions/consoles>
capability dac_read_search,
capability mknod, capability mknod,
capability sys_admin, capability sys_admin,
capability sys_rawio, capability sys_rawio,

1
apparmor.d/profiles-g-l/libreoffice
View file

@ -84,6 +84,7 @@ profile libreoffice @{exec_path} {
owner @{tmp}/ r, owner @{tmp}/ r,
owner @{tmp}/.java_pid@{int}{,.tmp} rw, owner @{tmp}/.java_pid@{int}{,.tmp} rw,
owner @{tmp}/@{hex} rw,
owner @{tmp}/@{rand6} rwk, owner @{tmp}/@{rand6} rwk,
owner @{tmp}/@{u64} rw, owner @{tmp}/@{u64} rw,
owner @{tmp}/*.tmp/{,**} rwk, owner @{tmp}/*.tmp/{,**} rwk,

1
apparmor.d/profiles-s-z/scrcpy
View file

@ -25,7 +25,6 @@ profile scrcpy @{exec_path} {
@{bin}/adb rPx, @{bin}/adb rPx,
/usr/share/scrcpy/{,*} r, /usr/share/scrcpy/{,*} r,
/usr/share/icons/{,**} r,
/etc/machine-id r, /etc/machine-id r,