mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-14 23:43:56 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: variour small fixes.

Browse Source 
See #409
This commit is contained in:
Alexandre Pujol 2024-07-14 12:12:30 +01:00
parent bd1239b46a
commit 9c9f743e1e
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
10 changed files with 26 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
apparmor.d/groups/bus/ibus-daemon
View File

@ -42,6 +42,7 @@ profile ibus-daemon @{exec_path} flags=(attach_disconnected) {
@{sh_path} rix,
@{lib}/{,ibus/}ibus-* rPUx,
@{lib}/ibus-*/ibus-* rPUx,
/usr/share/ibus/{,**} r,
/usr/share/ibus-table/{,**} r,

5
apparmor.d/groups/freedesktop/xdg-desktop-portal
View File

@ -84,6 +84,11 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
owner @{run}/user/@{uid}/.flatpak/{,*/*} r,
@{sys}/devices/virtual/dmi/id/bios_vendor r,
@{sys}/devices/virtual/dmi/id/board_vendor r,
@{sys}/devices/virtual/dmi/id/product_name r,
@{sys}/devices/virtual/dmi/id/sys_vendor r,
@{PROC}/ r,
@{PROC}/*/ r,
@{PROC}/1/cgroup r,

5
apparmor.d/groups/gnome/gio-launch-desktop
View File

@ -3,6 +3,11 @@
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
# TODO: Rethink this profile:
# - Access to gio from a profile is handled by child-open-*
# - Direct access should only be needed is some special context and it should not
# require access to that much resources.
abi <abi/3.0>,
include <tunables/global>

2
apparmor.d/groups/gnome/gsd-color
View File

@ -21,6 +21,8 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
include <abstractions/gnome-strict>
include <abstractions/nameservice-strict>
network inet stream,
signal (receive) set=(term, hup) peer=gdm*,
#aa:dbus own bus=session name=org.gnome.SettingsDaemon.Color

2
apparmor.d/groups/gnome/gsd-keyboard
View File

@ -21,6 +21,8 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) {
include <abstractions/gnome-strict>
include <abstractions/nameservice-strict>
network inet stream,
signal (receive) set=(term, hup) peer=gdm*,
#aa:dbus own bus=session name=org.gnome.SettingsDaemon.Keyboard

1
apparmor.d/groups/gnome/gsd-power
View File

@ -30,6 +30,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
include <abstractions/gnome-strict>
include <abstractions/nameservice-strict>
network inet stream,
network netlink raw,
signal (receive) set=(term, hup) peer=gdm*,

10
apparmor.d/groups/gnome/gsd-smartcard
View File

@ -31,13 +31,17 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) {
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/etc/{,opensc/}opensc.conf r,
owner @{GDM_HOME}/greeter-dconf-defaults r,
owner @{gdm_config_dirs}/dconf/user r,
/etc/tpm2-tss/* r,
/var/tmp/ r,
/tmp/ r,
owner @{GDM_HOME}/.tpm2_pkcs11/tpm2_pkcs11.sqlite3 rw,
owner @{GDM_HOME}/greeter-dconf-defaults r,
owner @{gdm_config_dirs}/dconf/user r,
owner @{HOME}/.tpm2_pkcs11/tpm2_pkcs11.sqlite3 rw,
owner /dev/tty@{int} rw,
include if exists <local/gsd-smartcard>

1
apparmor.d/groups/systemd/systemd-sleep-tlp
View File

@ -12,6 +12,7 @@ profile systemd-sleep-tlp @{exec_path} {
@{exec_path} mr,
@{sh_path} rix,
@{bin}/tlp rPUx,
include if exists <local/systemd-sleep-tlp>

2
apparmor.d/profiles-s-z/usbguard-daemon
View File

@ -24,8 +24,8 @@ profile usbguard-daemon @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
/etc/usbguard/{,**} r,
/etc/usbguard/*.conf rw,
/etc/usbguard/IPCAccessControl.d/{,*} r,
owner @{run}/usbguard.pid rwk,

1
dists/flags/main.flags
View File

@ -353,6 +353,7 @@ systemd-portabled complain
systemd-remount-fs complain
systemd-resolve complain
systemd-shutdown complain
systemd-sleep-tlp complain
systemd-socket-proxyd complain
systemd-udevd attach_disconnected,complain
systemd-user-sessions complain