mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 17:08:09 +01:00
feat(profile): general update.
This commit is contained in:
Alexandre Pujol
parent
c9b87efebe
commit
be3d625b7f
8 changed files with 41 additions and 40 deletions
|
|
@ -24,6 +24,15 @@ profile ibus-daemon @{exec_path} flags=(attach_disconnected) {
|
|||
# dbus: own bus=session name=org.freedesktop.portal.IBus
|
||||
# dbus: own bus=session name=org.freedesktop.IBus
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/IBus
|
||||
interface=org.freedesktop.DBus.Peer
|
||||
member=Ping
|
||||
peer=(name=org.freedesktop.portal.IBus),
|
||||
dbus send bus=session path=/org/freedesktop/IBus
|
||||
interface=org.freedesktop.DBus.Peer
|
||||
member=Ping
|
||||
peer=(name=org.freedesktop.portal.IBus, label=ibus-portal),
|
||||
|
||||
dbus receive bus=session
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
|
|
@ -35,16 +44,13 @@ profile ibus-daemon @{exec_path} flags=(attach_disconnected) {
|
|||
@{lib}/{,ibus/}ibus-* rPUx,
|
||||
|
||||
/usr/share/ibus/{,**} r,
|
||||
/usr/share/ibus-table/tables/ r,
|
||||
/usr/share/ibus-table/{,**} r,
|
||||
|
||||
/etc/machine-id r,
|
||||
/var/lib/dbus/machine-id r,
|
||||
owner /var/lib/gdm{3,}/.cache/ibus/{,**} rw,
|
||||
owner /var/lib/gdm{3,}/.config/ibus/{,**} rw,
|
||||
|
||||
owner @{user_cache_dirs}/ibus/{,**} rw,
|
||||
|
||||
/var/lib/gdm{3,}/.config/ibus/{,**} rw,
|
||||
/var/lib/gdm{3,}/.cache/ibus/{,**} rw,
|
||||
/var/lib/gdm{3,}/.config/ibus/bus/ r,
|
||||
owner @{user_config_dirs}/ibus/ibus/{,**} rw,
|
||||
|
||||
owner @{PROC}/@{pids}/fd/ r,
|
||||
|
||||
|
|
|
|||
|
|
@ -32,12 +32,13 @@ profile ibus-dconf @{exec_path} flags=(attach_disconnected) {
|
|||
/etc/dconf/db/ibus r,
|
||||
/etc/dconf/profile/ibus r,
|
||||
|
||||
/var/lib/gdm{3,}/.config/ibus/bus/ r,
|
||||
/var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
|
||||
/var/lib/gdm{3,}/.cache/dconf/ w,
|
||||
/var/lib/gdm{3,}/.cache/dconf/user rw,
|
||||
/var/lib/gdm{3,}/.cache/ibus/dbus-@{rand8} rw,
|
||||
/var/lib/gdm{3,}/.config/dconf/ w,
|
||||
/var/lib/gdm{3,}/.config/dconf/user rw,
|
||||
/var/lib/gdm{3,}/.config/ibus/bus/ r,
|
||||
/var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
|
||||
/var/lib/gdm{3,}/greeter-dconf-defaults r,
|
||||
|
||||
owner @{user_cache_dirs}/ibus/dbus-@{rand8} rw,
|
||||
|
|
|
|||
|
|
@ -12,13 +12,9 @@ profile ibus-x11 @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/bus/org.a11y>
|
||||
include <abstractions/dri-common>
|
||||
include <abstractions/dri-enumerate>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/mesa>
|
||||
include <abstractions/desktop>
|
||||
include <abstractions/graphics>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/opencl>
|
||||
|
||||
unix (connect, receive, send) type=stream peer=(label=ibus-daemon),
|
||||
|
||||
|
|
@ -44,9 +40,6 @@ profile ibus-x11 @{exec_path} flags=(attach_disconnected) {
|
|||
owner @{user_config_dirs}/ibus/bus/ r,
|
||||
owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
|
||||
|
||||
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} r,
|
||||
owner @{run}/user/@{uid}/gdm/Xauthority r,
|
||||
|
||||
owner /dev/tty@{int} rw,
|
||||
|
||||
include if exists <local/ibus-x11>
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ profile deja-dup-monitor @{exec_path} {
|
|||
network netlink raw,
|
||||
|
||||
# dbus: own bus=session name=org.gnome.DejaDup.Monitor
|
||||
# dbus: talk bus=session name=org.gnome.DejaDup label=xdg-desktop-portal
|
||||
# dbus: talk bus=session name=org.gnome.DejaDup label=deja-dup
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
|
|
|
|||
|
|
@ -24,9 +24,7 @@ profile gnome-extension-ding @{exec_path} {
|
|||
include <abstractions/bus/org.gtk.vfs.Metadata>
|
||||
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/freedesktop.org>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/gnome-strict>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
unix (send,receive) type=stream addr=none peer=(label=gnome-shell),
|
||||
|
|
@ -62,8 +60,6 @@ profile gnome-extension-ding @{exec_path} {
|
|||
/usr/share/gnome-shell/extensions/ding@rastersoft.com/{,app/}* r,
|
||||
/usr/share/thumbnailers/{,*.thumbnailer} r,
|
||||
|
||||
/var/lib/snapd/desktop/icons/{,**} r,
|
||||
|
||||
owner @{HOME}/@{XDG_TEMPLATES_DIR}/ r,
|
||||
owner @{HOME}/@{XDG_DESKTOP_DIR}/ r,
|
||||
|
||||
|
|
|
|||
|
|
@ -9,14 +9,18 @@ include <tunables/global>
|
|||
@{exec_path} = @{lib}/gnome-initial-setup
|
||||
profile gnome-initial-setup @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus-system>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/bus-system>
|
||||
include <abstractions/bus/org.a11y>
|
||||
include <abstractions/bus/org.freedesktop.Accounts>
|
||||
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/disks-read>
|
||||
include <abstractions/gnome-strict>
|
||||
include <abstractions/graphics>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/ssl_certs>
|
||||
|
||||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
|
|
@ -38,15 +42,27 @@ profile gnome-initial-setup @{exec_path} {
|
|||
@{lib}/gnome-initial-setup-goa-helper rix,
|
||||
|
||||
/usr/share/dconf/profile/gdm r,
|
||||
/usr/share/gnome-initial-setup/{,**} r,
|
||||
/usr/share/xml/iso-codes/{,**} r,
|
||||
|
||||
/etc/timezone r,
|
||||
|
||||
/var/lib/gdm{,3}/greeter-dconf-defaults r,
|
||||
|
||||
@{run}/systemd/sessions/@{int} r,
|
||||
@{run}/systemd/users/@{uid} r,
|
||||
owner @{user_config_dirs}/gnome-initial-setup-done w,
|
||||
owner @{user_config_dirs}/gnome-initial-setup-done.@{rand6}BQK2 rw,
|
||||
|
||||
owner @{user_config_dirs}/ibus/bus/ r,
|
||||
owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
|
||||
|
||||
@{run}/systemd/sessions/@{int} r,
|
||||
@{run}/systemd/users/@{uid} r,
|
||||
|
||||
@{sys}/devices/virtual/dmi/id/bios_vendor r,
|
||||
@{sys}/devices/virtual/dmi/id/bios_version r,
|
||||
@{sys}/devices/virtual/dmi/id/product_family r,
|
||||
@{sys}/devices/virtual/dmi/id/product_name r,
|
||||
@{sys}/devices/virtual/dmi/id/sys_vendor r,
|
||||
|
||||
include if exists <local/gnome-initial-setup>
|
||||
}
|
||||
|
|
@ -14,7 +14,6 @@ profile kwalletmanager @{exec_path} {
|
|||
include <abstractions/consoles>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
include <abstractions/graphics>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/kde-strict>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/qt5-compose-cache-write>
|
||||
|
|
|
|||
|
|
@ -86,20 +86,10 @@ profile logrotate @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
profile systemctl flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/wutmp>
|
||||
include <abstractions/systemctl>
|
||||
|
||||
capability net_admin,
|
||||
capability sys_ptrace,
|
||||
ptrace (read),
|
||||
|
||||
@{bin}/systemctl mr,
|
||||
|
||||
owner @{PROC}/@{pid}/stat r,
|
||||
@{PROC}/1/environ r,
|
||||
@{PROC}/1/sched r,
|
||||
@{PROC}/cmdline r,
|
||||
@{PROC}/sys/kernel/osrelease r,
|
||||
|
||||
/dev/kmsg rw,
|
||||
|
||||
include if exists <local/logrotate_systemctl>
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue