mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-19 01:18:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2024-03-16 19:41:27 +00:00
parent c9b87efebe
commit be3d625b7f
Failed to generate hash of commit
8 changed files with 41 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
apparmor.d/groups/bus/ibus-daemon
View file

@ -24,6 +24,15 @@ profile ibus-daemon @{exec_path} flags=(attach_disconnected) {
# dbus: own bus=session name=org.freedesktop.portal.IBus # dbus: own bus=session name=org.freedesktop.portal.IBus
# dbus: own bus=session name=org.freedesktop.IBus # dbus: own bus=session name=org.freedesktop.IBus
dbus send bus=session path=/org/freedesktop/IBus
interface=org.freedesktop.DBus.Peer
member=Ping
peer=(name=org.freedesktop.portal.IBus),
dbus send bus=session path=/org/freedesktop/IBus
interface=org.freedesktop.DBus.Peer
member=Ping
peer=(name=org.freedesktop.portal.IBus, label=ibus-portal),
dbus receive bus=session dbus receive bus=session
interface=org.freedesktop.DBus.Introspectable interface=org.freedesktop.DBus.Introspectable
member=Introspect member=Introspect
@ -35,16 +44,13 @@ profile ibus-daemon @{exec_path} flags=(attach_disconnected) {
@{lib}/{,ibus/}ibus-* rPUx, @{lib}/{,ibus/}ibus-* rPUx,
/usr/share/ibus/{,**} r, /usr/share/ibus/{,**} r,
/usr/share/ibus-table/tables/ r, /usr/share/ibus-table/{,**} r,
/etc/machine-id r, owner /var/lib/gdm{3,}/.cache/ibus/{,**} rw,
/var/lib/dbus/machine-id r, owner /var/lib/gdm{3,}/.config/ibus/{,**} rw,
owner @{user_cache_dirs}/ibus/{,**} rw, owner @{user_cache_dirs}/ibus/{,**} rw,
owner @{user_config_dirs}/ibus/ibus/{,**} rw,
/var/lib/gdm{3,}/.config/ibus/{,**} rw,
/var/lib/gdm{3,}/.cache/ibus/{,**} rw,
/var/lib/gdm{3,}/.config/ibus/bus/ r,
owner @{PROC}/@{pids}/fd/ r, owner @{PROC}/@{pids}/fd/ r,

5
apparmor.d/groups/bus/ibus-dconf
View file

@ -32,12 +32,13 @@ profile ibus-dconf @{exec_path} flags=(attach_disconnected) {
/etc/dconf/db/ibus r, /etc/dconf/db/ibus r,
/etc/dconf/profile/ibus r, /etc/dconf/profile/ibus r,
/var/lib/gdm{3,}/.config/ibus/bus/ r,
/var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
/var/lib/gdm{3,}/.cache/dconf/ w, /var/lib/gdm{3,}/.cache/dconf/ w,
/var/lib/gdm{3,}/.cache/dconf/user rw, /var/lib/gdm{3,}/.cache/dconf/user rw,
/var/lib/gdm{3,}/.cache/ibus/dbus-@{rand8} rw,
/var/lib/gdm{3,}/.config/dconf/ w, /var/lib/gdm{3,}/.config/dconf/ w,
/var/lib/gdm{3,}/.config/dconf/user rw, /var/lib/gdm{3,}/.config/dconf/user rw,
/var/lib/gdm{3,}/.config/ibus/bus/ r,
/var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
/var/lib/gdm{3,}/greeter-dconf-defaults r, /var/lib/gdm{3,}/greeter-dconf-defaults r,
owner @{user_cache_dirs}/ibus/dbus-@{rand8} rw, owner @{user_cache_dirs}/ibus/dbus-@{rand8} rw,

11
apparmor.d/groups/bus/ibus-x11
View file

@ -12,13 +12,9 @@ profile ibus-x11 @{exec_path} flags=(attach_disconnected) {
include <abstractions/bus-accessibility> include <abstractions/bus-accessibility>
include <abstractions/bus-session> include <abstractions/bus-session>
include <abstractions/bus/org.a11y> include <abstractions/bus/org.a11y>
include <abstractions/dri-common> include <abstractions/desktop>
include <abstractions/dri-enumerate> include <abstractions/graphics>
include <abstractions/fonts>
include <abstractions/gtk>
include <abstractions/mesa>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/opencl>
unix (connect, receive, send) type=stream peer=(label=ibus-daemon), unix (connect, receive, send) type=stream peer=(label=ibus-daemon),
@ -44,9 +40,6 @@ profile ibus-x11 @{exec_path} flags=(attach_disconnected) {
owner @{user_config_dirs}/ibus/bus/ r, owner @{user_config_dirs}/ibus/bus/ r,
owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} r,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner /dev/tty@{int} rw, owner /dev/tty@{int} rw,
include if exists <local/ibus-x11> include if exists <local/ibus-x11>

2
apparmor.d/groups/gnome/deja-dup-monitor
View file

@ -19,7 +19,7 @@ profile deja-dup-monitor @{exec_path} {
network netlink raw, network netlink raw,
# dbus: own bus=session name=org.gnome.DejaDup.Monitor # dbus: own bus=session name=org.gnome.DejaDup.Monitor
# dbus: talk bus=session name=org.gnome.DejaDup label=xdg-desktop-portal # dbus: talk bus=session name=org.gnome.DejaDup label=deja-dup
dbus send bus=system path=/org/freedesktop/NetworkManager dbus send bus=system path=/org/freedesktop/NetworkManager
interface=org.freedesktop.DBus.Properties interface=org.freedesktop.DBus.Properties

6
apparmor.d/groups/gnome/gnome-extension-ding
View file

@ -24,9 +24,7 @@ profile gnome-extension-ding @{exec_path} {
include <abstractions/bus/org.gtk.vfs.Metadata> include <abstractions/bus/org.gtk.vfs.Metadata>
include <abstractions/bus/org.gtk.vfs.MountTracker> include <abstractions/bus/org.gtk.vfs.MountTracker>
include <abstractions/dconf-write> include <abstractions/dconf-write>
include <abstractions/fonts> include <abstractions/gnome-strict>
include <abstractions/freedesktop.org>
include <abstractions/gtk>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
unix (send,receive) type=stream addr=none peer=(label=gnome-shell), unix (send,receive) type=stream addr=none peer=(label=gnome-shell),
@ -62,8 +60,6 @@ profile gnome-extension-ding @{exec_path} {
/usr/share/gnome-shell/extensions/ding@rastersoft.com/{,app/}* r, /usr/share/gnome-shell/extensions/ding@rastersoft.com/{,app/}* r,
/usr/share/thumbnailers/{,*.thumbnailer} r, /usr/share/thumbnailers/{,*.thumbnailer} r,
/var/lib/snapd/desktop/icons/{,**} r,
owner @{HOME}/@{XDG_TEMPLATES_DIR}/ r, owner @{HOME}/@{XDG_TEMPLATES_DIR}/ r,
owner @{HOME}/@{XDG_DESKTOP_DIR}/ r, owner @{HOME}/@{XDG_DESKTOP_DIR}/ r,

22
apparmor.d/groups/gnome/gnome-initial-setup
View file

@ -9,14 +9,18 @@ include <tunables/global>
@{exec_path} = @{lib}/gnome-initial-setup @{exec_path} = @{lib}/gnome-initial-setup
profile gnome-initial-setup @{exec_path} { profile gnome-initial-setup @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/bus-system>
include <abstractions/bus-accessibility> include <abstractions/bus-accessibility>
include <abstractions/bus-session> include <abstractions/bus-session>
include <abstractions/bus-system>
include <abstractions/bus/org.a11y> include <abstractions/bus/org.a11y>
include <abstractions/bus/org.freedesktop.Accounts>
include <abstractions/bus/org.gtk.vfs.MountTracker>
include <abstractions/dconf-write> include <abstractions/dconf-write>
include <abstractions/disks-read>
include <abstractions/gnome-strict> include <abstractions/gnome-strict>
include <abstractions/graphics> include <abstractions/graphics>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/ssl_certs>
network inet dgram, network inet dgram,
network inet6 dgram, network inet6 dgram,
@ -38,15 +42,27 @@ profile gnome-initial-setup @{exec_path} {
@{lib}/gnome-initial-setup-goa-helper rix, @{lib}/gnome-initial-setup-goa-helper rix,
/usr/share/dconf/profile/gdm r, /usr/share/dconf/profile/gdm r,
/usr/share/gnome-initial-setup/{,**} r,
/usr/share/xml/iso-codes/{,**} r, /usr/share/xml/iso-codes/{,**} r,
/etc/timezone r,
/var/lib/gdm{,3}/greeter-dconf-defaults r, /var/lib/gdm{,3}/greeter-dconf-defaults r,
@{run}/systemd/sessions/@{int} r, owner @{user_config_dirs}/gnome-initial-setup-done w,
@{run}/systemd/users/@{uid} r, owner @{user_config_dirs}/gnome-initial-setup-done.@{rand6}BQK2 rw,
owner @{user_config_dirs}/ibus/bus/ r, owner @{user_config_dirs}/ibus/bus/ r,
owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
@{run}/systemd/sessions/@{int} r,
@{run}/systemd/users/@{uid} r,
@{sys}/devices/virtual/dmi/id/bios_vendor r,
@{sys}/devices/virtual/dmi/id/bios_version r,
@{sys}/devices/virtual/dmi/id/product_family r,
@{sys}/devices/virtual/dmi/id/product_name r,
@{sys}/devices/virtual/dmi/id/sys_vendor r,
include if exists <local/gnome-initial-setup> include if exists <local/gnome-initial-setup>
} }

1
apparmor.d/groups/kde/kwalletmanager
View file

@ -14,7 +14,6 @@ profile kwalletmanager @{exec_path} {
include <abstractions/consoles> include <abstractions/consoles>
include <abstractions/fontconfig-cache-read> include <abstractions/fontconfig-cache-read>
include <abstractions/graphics> include <abstractions/graphics>
include <abstractions/gtk>
include <abstractions/kde-strict> include <abstractions/kde-strict>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/qt5-compose-cache-write> include <abstractions/qt5-compose-cache-write>

14
apparmor.d/profiles-g-l/logrotate
View file

@ -86,20 +86,10 @@ profile logrotate @{exec_path} flags=(attach_disconnected) {
profile systemctl flags=(attach_disconnected) { profile systemctl flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/wutmp> include <abstractions/systemctl>
capability net_admin,
capability sys_ptrace, capability sys_ptrace,
ptrace (read),
@{bin}/systemctl mr,
owner @{PROC}/@{pid}/stat r,
@{PROC}/1/environ r,
@{PROC}/1/sched r,
@{PROC}/cmdline r,
@{PROC}/sys/kernel/osrelease r,
/dev/kmsg rw,
include if exists <local/logrotate_systemctl> include if exists <local/logrotate_systemctl>
} }