From b65955d0551f3b9820f7456ced5c12167d1b85ac Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Fri, 20 Aug 2021 19:14:49 +0100 Subject: [PATCH] Better tunables definitions. --- apparmor.d/tunables/extend | 15 ++++++++ apparmor.d/tunables/global | 24 +++++++++++++ .../complete => xdg-user-dirs} | 36 +++++++++---------- 3 files changed, 56 insertions(+), 19 deletions(-) create mode 100644 apparmor.d/tunables/extend create mode 100644 apparmor.d/tunables/global rename apparmor.d/tunables/{xdg-user-dirs.d/complete => xdg-user-dirs} (65%) diff --git a/apparmor.d/tunables/extend b/apparmor.d/tunables/extend new file mode 100644 index 00000000..26fcbe44 --- /dev/null +++ b/apparmor.d/tunables/extend @@ -0,0 +1,15 @@ +# apparmor.d - Full set of apparmor profiles +# Extended systemd directories definition +# Copyright (C) 2021 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +# To allow extended personalisation without breaking everything. +# All apparmor profiles should always use the variables defined here. + +# Common mountpoints +@{MOUNTS}=/media/ @{run}/media /mnt + +# Libexec path. Different in some distribution +@{libexec}=/usr/lib + +include if exists \ No newline at end of file diff --git a/apparmor.d/tunables/global b/apparmor.d/tunables/global new file mode 100644 index 00000000..2d003bf2 --- /dev/null +++ b/apparmor.d/tunables/global @@ -0,0 +1,24 @@ +# ------------------------------------------------------------------ +# +# Copyright (C) 2006-2009 Novell/SUSE +# Copyright (C) 2010-2014 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +# All the tunables definitions that should be available to every profile +# should be included here + +include +include +include +include +include +include +include +include +include +include diff --git a/apparmor.d/tunables/xdg-user-dirs.d/complete b/apparmor.d/tunables/xdg-user-dirs similarity index 65% rename from apparmor.d/tunables/xdg-user-dirs.d/complete rename to apparmor.d/tunables/xdg-user-dirs index 10c54793..646a48fa 100644 --- a/apparmor.d/tunables/xdg-user-dirs.d/complete +++ b/apparmor.d/tunables/xdg-user-dirs @@ -1,5 +1,5 @@ # apparmor.d - Full set of apparmor profiles -# Extended XDG directories definition +# Extended user XDG directories definition # Copyright (C) 2021 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only @@ -9,22 +9,16 @@ # XDG_*_DIR variables are relative pathnames from the user home directory. # user_*_dirs variables are absolute path. -# The default values -# @{XDG_DESKTOP_DIR}="Desktop" -# @{XDG_DOWNLOAD_DIR}="Downloads" -# @{XDG_TEMPLATES_DIR}="Templates" -# @{XDG_PUBLICSHARE_DIR}="Public" -# @{XDG_DOCUMENTS_DIR}="Documents" -# @{XDG_MUSIC_DIR}="Music" -# @{XDG_PICTURES_DIR}="Pictures" -# @{XDG_VIDEOS_DIR}="Videos" -# @{user_share_dirs}=@{HOME}/.local/share - -# Common mountpoints -@{MOUNTS}=/media/ @{run}/media /mnt - -# Libexec path. Different in some distribution -@{libexec}=/usr/lib +# Define the common set of XDG user directories (usually defined in +# /etc/xdg/user-dirs.defaults) +@{XDG_DESKTOP_DIR}="Desktop" +@{XDG_DOWNLOAD_DIR}="Downloads" +@{XDG_TEMPLATES_DIR}="Templates" +@{XDG_PUBLICSHARE_DIR}="Public" +@{XDG_DOCUMENTS_DIR}="Documents" +@{XDG_MUSIC_DIR}="Music" +@{XDG_PICTURES_DIR}="Pictures" +@{XDG_VIDEOS_DIR}="Videos" # Extra user personal directories @{XDG_PROJECTS_DIR}="Projects" @@ -50,6 +44,10 @@ @{user_lib_dirs}=@{HOME}/@{XDG_LIB_HOME} # User build directories and output -@{user_build_dirs}="/tmp/build" +@{user_build_dirs}="/tmp/" @{user_pkg_dirs}="/tmp/pkg/" -@{user_tmp_dirs}="/run/user/@{uid}" "/tmp" +@{user_tmp_dirs}=@{run}/user/@{uid} /tmp/ + +# Also, include files in tunables/xdg-user-dirs.d for site-specific adjustments +# to the various XDG directories +include