mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 16:03:51 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update signal-desktop (#331)

Browse Source 
* Update signal-desktop

* Update signal-desktop-chrome-sandbox

* Update signal-desktop

* Update apparmor.d/groups/apps/signal-desktop

Co-authored-by: Alex <roddhjav@users.noreply.github.com>

* Update signal-desktop

---------

Co-authored-by: Alex <roddhjav@users.noreply.github.com>
This commit is contained in:
fira959 2024-05-14 23:54:31 +02:00 committed by GitHub
parent 855f25da9b
commit acd6a9794d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
apparmor.d/groups/apps/signal-desktop
View File

@ -8,7 +8,8 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{name} = signal-desktop{,-beta} @{name} = signal-desktop{,-beta}
@{lib_dirs} = "/opt/Signal{, Beta}" @{lib_dirs} = "/usr/lib/signal-desktop"
@{lib_dirs} += "/opt/Signal{, Beta}"
@{config_dirs} = "@{user_config_dirs}/Signal{, Beta}" @{config_dirs} = "@{user_config_dirs}/Signal{, Beta}"
@{exec_path} = @{lib_dirs}/@{name} @{exec_path} = @{lib_dirs}/@{name}
@ -16,7 +17,6 @@ profile signal-desktop @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/audio-client> include <abstractions/audio-client>
include <abstractions/common/chromium> include <abstractions/common/chromium>
include <abstractions/consoles>
include <abstractions/desktop> include <abstractions/desktop>
include <abstractions/fontconfig-cache-read> include <abstractions/fontconfig-cache-read>
include <abstractions/graphics> include <abstractions/graphics>
@ -47,6 +47,7 @@ profile signal-desktop @{exec_path} {
@{lib_dirs}/resources/app.asar.unpacked/node_modules/**.node mr, @{lib_dirs}/resources/app.asar.unpacked/node_modules/**.node mr,
@{lib_dirs}/resources/app.asar.unpacked/node_modules/**.so mr, @{lib_dirs}/resources/app.asar.unpacked/node_modules/**.so mr,
@{lib_dirs}/resources/app.asar.unpacked/node_modules/**.so.@{int} mr, @{lib_dirs}/resources/app.asar.unpacked/node_modules/**.so.@{int} mr,
@{lib_dirs}/chrome_crashpad_handler rix,
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
/etc/machine-id r, /etc/machine-id r,
@ -69,5 +70,13 @@ profile signal-desktop @{exec_path} {
owner @{PROC}/@{pids}/task/ r, owner @{PROC}/@{pids}/task/ r,
owner @{PROC}/@{pids}/task/@{tid}/status r, owner @{PROC}/@{pids}/task/@{tid}/status r,
@{sys}/devices/system/cpu/kernel_max r,
@{sys}/devices/virtual/tty/tty@{int}/active r,
@{sys}/fs/cgroup/user.slice/** r,
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/session-@{int}.scope/cpu.max r,
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/session-@{int}.scope/memory.high r,
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/session-@{int}.scope/memory.max r,
include if exists <local/signal-desktop> include if exists <local/signal-desktop>
} }

15
apparmor.d/groups/apps/signal-desktop-chrome-sandbox
View File

@ -7,17 +7,22 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{SIGNAL_INSTALLDIR} = "/opt/Signal{, Beta}" @{lib_dirs} = "/usr/lib/signal-desktop"
@{SIGNAL_HOMEDIR} = "@{user_config_dirs}/Signal{, Beta}" @{lib_dirs} += "/opt/Signal{, Beta}"
@{config_dirs} = "@{user_config_dirs}/Signal{, Beta}"
#@{exec_path} = @{SIGNAL_INSTALLDIR}/chrome-sandbox # (#FIXME#) @{exec_path} = @{lib_dirs}/chrome-sandbox
@{exec_path} = "/opt/Signal{, Beta}/chrome-sandbox"
profile signal-desktop-chrome-sandbox @{exec_path} { profile signal-desktop-chrome-sandbox @{exec_path} {
include <abstractions/base> include <abstractions/base>
capability sys_admin,
capability sys_chroot,
@{exec_path} mr, @{exec_path} mr,
@{SIGNAL_INSTALLDIR}/signal-desktop{,-beta} rPx, @{lib_dirs}/signal-desktop{,-beta} rPx,
@{PROC}/@{pid}/ r,
include if exists <local/signal-desktop-chrome-sandbox> include if exists <local/signal-desktop-chrome-sandbox>
} }