mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 17:08:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Archlinux has no libexec.

Browse source 
/usr/libexec ->{lib,libexec}
This commit is contained in:
Alexandre Pujol 2021-04-01 23:36:58 +01:00
parent 08c220deee
commit 9f02bd0ab9
Failed to generate hash of commit
52 changed files with 69 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/desktop/accounts-daemon
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/accountsservice/accounts-daemon @{exec_path} = /{usr/,}lib/accountsservice/accounts-daemon
@{exec_path} += /usr/libexec/accounts-daemon @{exec_path} += /usr/{lib,libexec}/accounts-daemon
profile accounts-daemon @{exec_path} { profile accounts-daemon @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/wutmp> include <abstractions/wutmp>

2
apparmor.d/groups/desktop/at-spi-bus-launcher
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/at-spi2-core/at-spi-bus-launcher @{exec_path} = /{usr/,}lib/at-spi2-core/at-spi-bus-launcher
@{exec_path} += /usr/libexec/at-spi-bus-launcher @{exec_path} += /usr/{lib,libexec}/at-spi-bus-launcher
profile at-spi-bus-launcher @{exec_path} { profile at-spi-bus-launcher @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>

2
apparmor.d/groups/desktop/at-spi2-registryd
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/at-spi2-core/at-spi2-registryd @{exec_path} = /{usr/,}lib/at-spi2-core/at-spi2-registryd
@{exec_path} += /usr/libexec/at-spi2-registryd @{exec_path} += /usr/{lib,libexec}/at-spi2-registryd
profile at-spi2-registryd @{exec_path} { profile at-spi2-registryd @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>

11
apparmor.d/groups/desktop/blueman-mechanism
View file

@ -6,7 +6,8 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /usr/libexec/blueman-mechanism @{exec_path} = /usr/{lib,libexec}/blueman-mechanism
@{exec_path} += /{usr/,}lib/blueman/blueman-mechanism
profile blueman-mechanism @{exec_path} { profile blueman-mechanism @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/python> include <abstractions/python>
@ -22,7 +23,7 @@ profile blueman-mechanism @{exec_path} {
@{exec_path} r, @{exec_path} r,
/{usr/,}bin/python3.[0-9]* r, /{usr/,}bin/python3.[0-9]* r,
/usr/libexec/ r, /usr/{lib,libexec}/ r,
/var/lib/blueman/network.state rw, /var/lib/blueman/network.state rw,
@ -33,9 +34,9 @@ profile blueman-mechanism @{exec_path} {
# For network AP # For network AP
#/{usr/,}bin/ip rix, #/{usr/,}bin/ip rix,
#/{usr/,}sbin/xtables-nft-multi rix, #/{usr/,}{s,}bin/xtables-nft-multi rix,
#/{usr/,}sbin/dnsmasq rPx, #/{usr/,}{s,}bin/dnsmasq rPx,
#/{usr/,}sbin/dhclient rPx, #/{usr/,}{s,}bin/dhclient rPx,
# @{PROC}/sys/net/ipv4/ip_forward w, # @{PROC}/sys/net/ipv4/ip_forward w,
# @{PROC}/sys/net/ipv4/conf/ r, # @{PROC}/sys/net/ipv4/conf/ r,
# @{PROC}/sys/net/ipv4/conf/*/forwarding w, # @{PROC}/sys/net/ipv4/conf/*/forwarding w,

4
apparmor.d/groups/desktop/blueman-rfcomm-watcher
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /usr/libexec/blueman-rfcomm-watcher @{exec_path} = /usr/{lib,libexec}/blueman-rfcomm-watcher
profile blueman-rfcomm-watcher @{exec_path} { profile blueman-rfcomm-watcher @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/python> include <abstractions/python>
@ -14,7 +14,7 @@ profile blueman-rfcomm-watcher @{exec_path} {
@{exec_path} r, @{exec_path} r,
/{usr/,}bin/python3.[0-9]* r, /{usr/,}bin/python3.[0-9]* r,
/usr/libexec/ r, /usr/{lib,libexec}/ r,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,

2
apparmor.d/groups/desktop/bluetoothd
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/bluetooth/bluetoothd @{exec_path} = /{usr/,}lib/bluetooth/bluetoothd
@{exec_path} += /usr/libexec/bluetooth/bluetoothd @{exec_path} += /usr/{lib,libexec}/bluetooth/bluetoothd
profile bluetoothd @{exec_path} { profile bluetoothd @{exec_path} {
include <abstractions/base> include <abstractions/base>

6
apparmor.d/groups/desktop/colord
View file

@ -6,8 +6,8 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/colord/colord /usr/libexec/colord @{exec_path} = /{usr/,}lib/colord/colord /usr/lib/colord
profile colord @{exec_path} { profile colord @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/devices-usb> include <abstractions/devices-usb>
@ -17,7 +17,7 @@ profile colord @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
/{usr/,}lib/colord/colord-sane rPx, /{usr/,}lib/colord/colord-sane rPx,
/usr/libexec/colord-sane rPx, /usr/{lib,libexec}/colord-sane rPx,
owner /var/lib/colord/** r, owner /var/lib/colord/** r,
owner /var/lib/colord/.cache/ rw, owner /var/lib/colord/.cache/ rw,

2
apparmor.d/groups/desktop/colord-sane
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/colord/colord-sane @{exec_path} = /{usr/,}lib/colord/colord-sane
@{exec_path} += /usr/libexec/colord-sane @{exec_path} += /usr/{lib,libexec}/colord-sane
profile colord-sane @{exec_path} flags=(complain) { profile colord-sane @{exec_path} flags=(complain) {
include <abstractions/base> include <abstractions/base>
include <abstractions/devices-usb> include <abstractions/devices-usb>

2
apparmor.d/groups/desktop/colord-session
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/colord/colord-session /usr/libexec/colord-session @{exec_path} = /{usr/,}lib/colord/colord-session /usr/{lib,libexec}/colord-session
profile colord-session @{exec_path} flags=(complain) { profile colord-session @{exec_path} flags=(complain) {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/desktop/dconf-service
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/dconf/dconf-service /usr/libexec/dconf-service @{exec_path} = /{usr/,}lib/dconf/dconf-service /usr/{lib,libexec}/dconf-service
profile dconf-service @{exec_path} { profile dconf-service @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/gvfs/gvfs-afc-volume-monitor
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfs-afc-volume-monitor @{exec_path} = /{usr/,}lib/gvfs/gvfs-afc-volume-monitor
@{exec_path} += /usr/libexec/gvfs-afc-volume-monitor @{exec_path} += /usr/{lib,libexec}/gvfs-afc-volume-monitor
profile gvfs-afc-volume-monitor @{exec_path} { profile gvfs-afc-volume-monitor @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/gvfs/gvfs-goa-volume-monitor
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfs-goa-volume-monitor @{exec_path} = /{usr/,}lib/gvfs/gvfs-goa-volume-monitor
@{exec_path} += /usr/libexec/gvfs-goa-volume-monitor @{exec_path} += /usr/{lib,libexec}/gvfs-goa-volume-monitor
profile gvfs-goa-volume-monitor @{exec_path} { profile gvfs-goa-volume-monitor @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfs-gphoto2-volume-monitor @{exec_path} = /{usr/,}lib/gvfs/gvfs-gphoto2-volume-monitor
@{exec_path} += /usr/libexec/gvfs-gphoto2-volume-monitor @{exec_path} += /usr/{lib,libexec}/gvfs-gphoto2-volume-monitor
profile gvfs-gphoto2-volume-monitor @{exec_path} { profile gvfs-gphoto2-volume-monitor @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/disks-read> include <abstractions/disks-read>

2
apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfs-mtp-volume-monitor @{exec_path} = /{usr/,}lib/gvfs/gvfs-mtp-volume-monitor
@{exec_path} += /usr/libexec/gvfs-mtp-volume-monitor @{exec_path} += /usr/{lib,libexec}/gvfs-mtp-volume-monitor
profile gvfs-mtp-volume-monitor @{exec_path} { profile gvfs-mtp-volume-monitor @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/devices-usb> include <abstractions/devices-usb>

2
apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfs-udisks2-volume-monitor @{exec_path} = /{usr/,}lib/gvfs/gvfs-udisks2-volume-monitor
@{exec_path} += /usr/libexec/gvfs-udisks2-volume-monitor @{exec_path} += /usr/{lib,libexec}/gvfs-udisks2-volume-monitor
profile gvfs-udisks2-volume-monitor @{exec_path} { profile gvfs-udisks2-volume-monitor @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/freedesktop.org> include <abstractions/freedesktop.org>

4
apparmor.d/groups/gvfs/gvfsd
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd @{exec_path} = /{usr/,}lib/gvfs/gvfsd
@{exec_path} += /usr/libexec/gvfsd @{exec_path} += /usr/{lib,libexec}/gvfsd
profile gvfsd @{exec_path} { profile gvfsd @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -17,7 +17,7 @@ profile gvfsd @{exec_path} {
# Don't strip env here. # Don't strip env here.
/{usr/,}lib/gvfs/gvfsd-* rPx, /{usr/,}lib/gvfs/gvfsd-* rPx,
/usr/libexec/gvfsd-* rPx, /usr/{lib,libexec}/gvfsd-* rPx,
/usr/share/gvfs/{,**} r, /usr/share/gvfs/{,**} r,

2
apparmor.d/groups/gvfs/gvfsd-admin
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-admin @{exec_path} = /{usr/,}lib/gvfs/gvfsd-admin
@{exec_path} += /usr/libexec/gvfsd-admin @{exec_path} += /usr/{lib,libexec}/gvfsd-admin
profile gvfsd-admin @{exec_path} { profile gvfsd-admin @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/gvfs/gvfsd-afc
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-afc @{exec_path} = /{usr/,}lib/gvfs/gvfsd-afc
@{exec_path} += /usr/libexec/gvfsd-afc @{exec_path} += /usr/{lib,libexec}/gvfsd-afc
profile gvfsd-afc @{exec_path} { profile gvfsd-afc @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/gvfs/gvfsd-afp
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-afp @{exec_path} = /{usr/,}lib/gvfs/gvfsd-afp
@{exec_path} += /usr/libexec/gvfsd-afp @{exec_path} += /usr/{lib,libexec}/gvfsd-afp
profile gvfsd-afp @{exec_path} { profile gvfsd-afp @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/gvfs/gvfsd-afp-browse
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-afp-browse @{exec_path} = /{usr/,}lib/gvfs/gvfsd-afp-browse
@{exec_path} += /usr/libexec/gvfsd-afp-browse @{exec_path} += /usr/{lib,libexec}/gvfsd-afp-browse
profile gvfsd-afp-browse @{exec_path} { profile gvfsd-afp-browse @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/gvfs/gvfsd-archive
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-archive @{exec_path} = /{usr/,}lib/gvfs/gvfsd-archive
@{exec_path} += /usr/libexec/gvfsd-archive @{exec_path} += /usr/{lib,libexec}/gvfsd-archive
profile gvfsd-archive @{exec_path} { profile gvfsd-archive @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/freedesktop.org> include <abstractions/freedesktop.org>

2
apparmor.d/groups/gvfs/gvfsd-burn
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-burn @{exec_path} = /{usr/,}lib/gvfs/gvfsd-burn
@{exec_path} += /usr/libexec/gvfsd-burn @{exec_path} += /usr/{lib,libexec}/gvfsd-burn
profile gvfsd-burn @{exec_path} { profile gvfsd-burn @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/gvfs/gvfsd-cdda
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-cdda @{exec_path} = /{usr/,}lib/gvfs/gvfsd-cdda
@{exec_path} += /usr/libexec/gvfsd-cdda @{exec_path} += /usr/{lib,libexec}/gvfsd-cdda
profile gvfsd-cdda @{exec_path} { profile gvfsd-cdda @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/gvfs/gvfsd-computer
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-computer @{exec_path} = /{usr/,}lib/gvfs/gvfsd-computer
@{exec_path} += /usr/libexec/gvfsd-computer @{exec_path} += /usr/{lib,libexec}/gvfsd-computer
profile gvfsd-computer @{exec_path} { profile gvfsd-computer @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/gvfs/gvfsd-dav
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-dav @{exec_path} = /{usr/,}lib/gvfs/gvfsd-dav
@{exec_path} += /usr/libexec/gvfsd-dav @{exec_path} += /usr/{lib,libexec}/gvfsd-dav
profile gvfsd-dav @{exec_path} { profile gvfsd-dav @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/gvfs/gvfsd-dnssd
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-dnssd @{exec_path} = /{usr/,}lib/gvfs/gvfsd-dnssd
@{exec_path} += /usr/libexec/gvfsd-dnssd @{exec_path} += /usr/{lib,libexec}/gvfsd-dnssd
profile gvfsd-dnssd @{exec_path} { profile gvfsd-dnssd @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/gvfs/gvfsd-ftp
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-ftp @{exec_path} = /{usr/,}lib/gvfs/gvfsd-ftp
@{exec_path} += /usr/libexec/gvfsd-ftp @{exec_path} += /usr/{lib,libexec}/gvfsd-ftp
profile gvfsd-ftp @{exec_path} { profile gvfsd-ftp @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/freedesktop.org> include <abstractions/freedesktop.org>

2
apparmor.d/groups/gvfs/gvfsd-fuse
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-fuse @{exec_path} = /{usr/,}lib/gvfs/gvfsd-fuse
@{exec_path} += /usr/libexec/gvfsd-fuse @{exec_path} += /usr/{lib,libexec}/gvfsd-fuse
profile gvfsd-fuse @{exec_path} { profile gvfsd-fuse @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/gvfs/gvfsd-google
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-google @{exec_path} = /{usr/,}lib/gvfs/gvfsd-google
@{exec_path} += /usr/libexec/gvfsd-google @{exec_path} += /usr/{lib,libexec}/gvfsd-google
profile gvfsd-google @{exec_path} { profile gvfsd-google @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/gvfs/gvfsd-gphoto2
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-gphoto2 @{exec_path} = /{usr/,}lib/gvfs/gvfsd-gphoto2
@{exec_path} += /usr/libexec/gvfsd-gphoto2 @{exec_path} += /usr/{lib,libexec}/gvfsd-gphoto2
profile gvfsd-gphoto2 @{exec_path} { profile gvfsd-gphoto2 @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/gvfs/gvfsd-http
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-http @{exec_path} = /{usr/,}lib/gvfs/gvfsd-http
@{exec_path} += /usr/libexec/gvfsd-http @{exec_path} += /usr/{lib,libexec}/gvfsd-http
profile gvfsd-http @{exec_path} { profile gvfsd-http @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/freedesktop.org> include <abstractions/freedesktop.org>

2
apparmor.d/groups/gvfs/gvfsd-localtest
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-localtest @{exec_path} = /{usr/,}lib/gvfs/gvfsd-localtest
@{exec_path} += /usr/libexec/gvfsd-localtest @{exec_path} += /usr/{lib,libexec}/gvfsd-localtest
profile gvfsd-localtest @{exec_path} { profile gvfsd-localtest @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/gvfs/gvfsd-metadata
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-metadata @{exec_path} = /{usr/,}lib/gvfs/gvfsd-metadata
@{exec_path} += /usr/libexec/gvfsd-metadata @{exec_path} += /usr/{lib,libexec}/gvfsd-metadata
profile gvfsd-metadata @{exec_path} { profile gvfsd-metadata @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/disks-read> include <abstractions/disks-read>

2
apparmor.d/groups/gvfs/gvfsd-mtp
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-mtp @{exec_path} = /{usr/,}lib/gvfs/gvfsd-mtp
@{exec_path} += /usr/libexec/gvfsd-mtp @{exec_path} += /usr/{lib,libexec}/gvfsd-mtp
profile gvfsd-mtp @{exec_path} { profile gvfsd-mtp @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/freedesktop.org> include <abstractions/freedesktop.org>

2
apparmor.d/groups/gvfs/gvfsd-network
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-network @{exec_path} = /{usr/,}lib/gvfs/gvfsd-network
@{exec_path} += /usr/libexec/gvfsd-network @{exec_path} += /usr/{lib,libexec}/gvfsd-network
profile gvfsd-network @{exec_path} { profile gvfsd-network @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/gvfs/gvfsd-nfs
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-nfs @{exec_path} = /{usr/,}lib/gvfs/gvfsd-nfs
@{exec_path} += /usr/libexec/gvfsd-nfs @{exec_path} += /usr/{lib,libexec}/gvfsd-nfs
profile gvfsd-nfs @{exec_path} { profile gvfsd-nfs @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>

2
apparmor.d/groups/gvfs/gvfsd-recent
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-recent @{exec_path} = /{usr/,}lib/gvfs/gvfsd-recent
@{exec_path} += /usr/libexec/gvfsd-recent @{exec_path} += /usr/{lib,libexec}/gvfsd-recent
profile gvfsd-recent @{exec_path} { profile gvfsd-recent @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/gvfs/gvfsd-sftp
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-sftp @{exec_path} = /{usr/,}lib/gvfs/gvfsd-sftp
@{exec_path} += /usr/libexec/gvfsd-sftp @{exec_path} += /usr/{lib,libexec}/gvfsd-sftp
profile gvfsd-sftp @{exec_path} { profile gvfsd-sftp @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/consoles> include <abstractions/consoles>

2
apparmor.d/groups/gvfs/gvfsd-smb
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-smb @{exec_path} = /{usr/,}lib/gvfs/gvfsd-smb
@{exec_path} += /usr/libexec/gvfsd-smb @{exec_path} += /usr/{lib,libexec}/gvfsd-smb
profile gvfsd-smb @{exec_path} { profile gvfsd-smb @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/freedesktop.org> include <abstractions/freedesktop.org>

2
apparmor.d/groups/gvfs/gvfsd-smb-browse
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-smb-browse @{exec_path} = /{usr/,}lib/gvfs/gvfsd-smb-browse
@{exec_path} += /usr/libexec/gvfsd-smb-browse @{exec_path} += /usr/{lib,libexec}/gvfsd-smb-browse
profile gvfsd-smb-browse @{exec_path} { profile gvfsd-smb-browse @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/gvfs/gvfsd-trash
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/gvfs/gvfsd-trash @{exec_path} = /{usr/,}lib/gvfs/gvfsd-trash
@{exec_path} += /usr/libexec/gvfsd-trash @{exec_path} += /usr/{lib,libexec}/gvfsd-trash
profile gvfsd-trash @{exec_path} { profile gvfsd-trash @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>

6
apparmor.d/groups/network/openvpn
View file

@ -16,7 +16,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}sbin/openvpn @{exec_path} = /{usr/,}{s,}bin/openvpn
profile openvpn @{exec_path} { profile openvpn @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
@ -81,7 +81,7 @@ profile openvpn @{exec_path} {
/{usr/,}bin/cut rix, /{usr/,}bin/cut rix,
/{usr/,}bin/which rix, /{usr/,}bin/which rix,
/{usr/,}bin/ip rix, /{usr/,}bin/ip rix,
/{usr/,}sbin/xtables-nft-multi rix, /{usr/,}{s,}bin/xtables-nft-multi rix,
/etc/iproute2/rt_tables r, /etc/iproute2/rt_tables r,
/etc/iproute2/rt_tables.d/ r, /etc/iproute2/rt_tables.d/ r,
@ -106,7 +106,7 @@ profile openvpn @{exec_path} {
/{usr/,}bin/cut rix, /{usr/,}bin/cut rix,
/{usr/,}bin/{,e}grep rix, /{usr/,}bin/{,e}grep rix,
/{usr/,}bin/ip rix, /{usr/,}bin/ip rix,
/{usr/,}sbin/nft rix, /{usr/,}{s,}bin/nft rix,
/{usr/,}bin/env rix, /{usr/,}bin/env rix,
/etc/iproute2/rt_realms r, /etc/iproute2/rt_realms r,

4
apparmor.d/groups/systemd/systemd-fsck
View file

@ -20,8 +20,8 @@ profile systemd-fsck @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
/{usr/,}sbin/fsck rPx, /{usr/,}{s,}bin/fsck rPx,
/{usr/,}sbin/e2fsck rPx, /{usr/,}{s,}bin/e2fsck rPx,
owner @{run}/systemd/quotacheck w, owner @{run}/systemd/quotacheck w,

2
apparmor.d/profiles-a-l/iwconfig
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}sbin/iwconfig @{exec_path} = /{usr/,}{s,}bin/iwconfig
profile iwconfig @{exec_path} { profile iwconfig @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/profiles-a-l/lightdm
View file

@ -116,7 +116,7 @@ profile lightdm @{exec_path} {
/var/cache/lightdm/dmrc/*.dmrc* rw, /var/cache/lightdm/dmrc/*.dmrc* rw,
/{usr/,}lib/at-spi2-core/at-spi-bus-launcher rPUx, /{usr/,}lib/at-spi2-core/at-spi-bus-launcher rPUx,
/usr/libexec/at-spi-bus-launcher rPUx, /usr/{lib,libexec}/at-spi-bus-launcher rPUx,
include if exists <local/lightdm> include if exists <local/lightdm>
} }

2
apparmor.d/profiles-a-l/lightdm-gtk-greeter
View file

@ -51,7 +51,7 @@ profile lightdm-gtk-greeter @{exec_path} {
@{HOME}/.face r, @{HOME}/.face r,
/{usr/,}lib/at-spi2-core/at-spi-bus-launcher rPUx, /{usr/,}lib/at-spi2-core/at-spi-bus-launcher rPUx,
/usr/libexec/at-spi-bus-launcher rPUx, /usr/{lib,libexec}/at-spi-bus-launcher rPUx,
profile systemd { profile systemd {

2
apparmor.d/profiles-m-z/obexd
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /usr/libexec/bluetooth/obexd @{exec_path} = /usr/{lib,libexec}/bluetooth/obexd
profile obexd @{exec_path} { profile obexd @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/user-download-strict> include <abstractions/user-download-strict>

4
apparmor.d/profiles-m-z/openbox
View file

@ -24,7 +24,7 @@ profile openbox @{exec_path} {
# Apps allowed to run # Apps allowed to run
/{usr/,}{s,}bin/* rPUx, /{usr/,}{s,}bin/* rPUx,
/{usr/,}bin/* rPUx, /{usr/,}bin/* rPUx,
/usr/libexec/* rPUx, /usr/{lib,libexec}/* rPUx,
/usr/share/themes/*/openbox-3/themerc r, /usr/share/themes/*/openbox-3/themerc r,
@ -61,7 +61,7 @@ profile openbox @{exec_path} {
# Apps allowed to run # Apps allowed to run
/{usr/,}bin/* rPUx, /{usr/,}bin/* rPUx,
/usr/libexec/* rPUx, /usr/{lib,libexec}/* rPUx,
/{usr/,}lib/@{multiarch}/*/** rPUx, /{usr/,}lib/@{multiarch}/*/** rPUx,
/usr/local/lib/python*/dist-packages/ r, /usr/local/lib/python*/dist-packages/ r,

2
apparmor.d/profiles-m-z/rfkill
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}sbin/rfkill @{exec_path} = /{usr/,}{s,}bin/rfkill
profile rfkill @{exec_path} { profile rfkill @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/profiles-m-z/rtkit-daemon
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /usr/libexec/rtkit-daemon @{exec_path} = /usr/{lib,libexec}/rtkit-daemon
profile rtkit-daemon @{exec_path} { profile rtkit-daemon @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>

4
apparmor.d/profiles-m-z/udisksd
View file

@ -7,8 +7,8 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/udisks2/udisksd @{exec_path} = /{usr/,}lib/udisks2/udisksd
@{exec_path} += /usr/libexec/udisks2/udisksd @{exec_path} += /usr/{lib,libexec}/udisks2/udisksd
profile udisksd @{exec_path} { profile udisksd @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/disks-write> include <abstractions/disks-write>

4
apparmor.d/profiles-m-z/upowerd
View file

@ -7,8 +7,8 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /{usr/,}lib/upower/upowerd @{exec_path} = /{usr/,}lib/upower/upowerd
@{exec_path} += /usr/libexec/upowerd @{exec_path} += /usr/{lib,libexec}/upowerd
profile upowerd @{exec_path} { profile upowerd @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/devices-usb> include <abstractions/devices-usb>