mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-19 09:28:17 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Create pokemmo

Browse source
This commit is contained in:
odomingao 2024-09-26 12:28:28 -03:00 committed by Alex
parent af50944fb5
commit b7434eb91b
1 changed files with 100 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

100
apparmor.d/profiles-m-r/pokemmo Normal file
View file

@ -0,0 +1,100 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 odomingao
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{bin}/pokemmo-launcher
profile pokemmo @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/audio-client>
include <abstractions/dconf-write> # Installer
include <abstractions/desktop>
include <abstractions/fontconfig-cache-write> # Installer
include <abstractions/glfw>
include <abstractions/graphics>
include <abstractions/nameservice-strict>
include <abstractions/p11-kit> # Installer
include <abstractions/ssl_certs>
# The installer is a GTK app and requires a few extra abstractions
# GTK/QT/fonts abstractions are unused by the game itself and can
# be removed if this profile is later split into stacked profiles
network inet dgram,
network inet6 dgram,
network inet stream,
network inet6 stream,
network netlink raw,
@{exec_path} mr,
@{coreutils_path} ix,
@{sh_path} ix,
@{bin}/java ix,
@{bin}/perl ix,
@{bin}/python ix,
@{bin}/python@{int} ix,
@{bin}/python@{int}.@{int} ix,
@{bin}/which ix,
@{lib}/jvm/java-@{int}-openjdk/bin/java ix,
# Installer
@{bin}/openssl ix,
@{bin}/ps ix,
@{bin}/wget ix,
@{bin}/zenity ix,
@{lib}/jvm/java-@{int}-openjdk/lib/jspawnhelper ix,
/etc/lsb-release r, # Installer
/etc/java-openjdk/** r,
/etc/timezone r,
/etc/wgetrc r, # Installer
# Installer
owner @{HOME}/ r,
owner @{HOME}/.java/fonts/** rw,
owner @{HOME}/.wget-hsts rwk,
owner @{user_config_dirs}/pokemmo/{,**} rw,
owner @{user_share_dirs}/pokemmo/{,**} rw,
owner /tmp/hsperfdata_user/ rw,
owner /tmp/hsperfdata_user/@{int} rwk,
owner /tmp/libgdxuser/{,**} rw,
owner /tmp/libgdxuser/**/*.so mrw,
owner /tmp/lwjgl_user/{,**} rw,
owner /tmp/lwjgl_user/**/*.so mrwk,
@{sys}/devices/system/cpu/cpu@{int}/microcode/version r,
@{PROC}/@{pid}/net/if_inet6 r,
@{PROC}/cgroups r,
owner @{PROC}/@{pid}/cgroup r,
owner @{PROC}/@{pid}/coredump_filter rw,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
# Installer
@{PROC}/ r,
@{PROC}/uptime r,
@{PROC}/sys/kernel/pid_max r,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/environ r,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/stat r,
/dev/input/ r,
/dev/input/event@{int} rw,
/dev/input/js@{int} rw,
/dev/tty rw,
owner /dev/tty@{int} rw,
include if exists <local/pokemmo>
}
# vim:syntax=apparmor