mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 08:58:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

cleanup

Browse source
This commit is contained in:
nobody43 2023-02-25 22:45:21 +00:00 committed by Alex
parent 670411c114
commit c4edf2a6c7
39 changed files with 0 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
apparmor.d/groups/apps/android-studio
View file

@ -209,7 +209,6 @@ profile android-studio @{exec_path} {
/usr/share/hwdata/pnp.ids r, /usr/share/hwdata/pnp.ids r,
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
/etc/machine-id r, /etc/machine-id r,

1
apparmor.d/groups/apps/atom
View file

@ -95,7 +95,6 @@ profile atom @{exec_path} {
/etc/fstab r, /etc/fstab r,
# Needed or atom gets crash with the following error: # Needed or atom gets crash with the following error:
# FATAL:proc_util.cc(36)] : Permission denied (13) # FATAL:proc_util.cc(36)] : Permission denied (13)
@{PROC}/ r, @{PROC}/ r,

1
apparmor.d/groups/apps/code
View file

@ -69,7 +69,6 @@ profile code @{exec_path} {
/etc/fstab r, /etc/fstab r,
# Needed or code gets crash with the following error: # Needed or code gets crash with the following error:
# FATAL:proc_util.cc(36)] : Permission denied (13) # FATAL:proc_util.cc(36)] : Permission denied (13)
@{PROC}/ r, @{PROC}/ r,

4
apparmor.d/groups/apps/discord
View file

@ -89,10 +89,6 @@ profile discord @{exec_path} {
/etc/fstab r, /etc/fstab r,
# To avoid the following error:
# kernel: traps: Discord[] trap int3 ip:7fa5b7541885 sp:7ffff5539c40 error:0
# in libglib-2.0.so.0.6000.6[7fa5b7508000+80000]
deny @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r, deny @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r,
deny @{sys}/devices/virtual/tty/tty[0-9]/active r, deny @{sys}/devices/virtual/tty/tty[0-9]/active r,
# To remove the following error: # To remove the following error:

1
apparmor.d/groups/apps/freetube
View file

@ -68,7 +68,6 @@ profile freetube @{exec_path} {
/etc/fstab r, /etc/fstab r,
owner @{user_share_dirs} r, owner @{user_share_dirs} r,
deny @{sys}/devices/virtual/tty/tty0/active r, deny @{sys}/devices/virtual/tty/tty0/active r,

1
apparmor.d/groups/apps/signal-desktop
View file

@ -75,7 +75,6 @@ profile signal-desktop @{exec_path} {
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
/etc/machine-id r, /etc/machine-id r,
# No new privs # No new privs
/{usr/,}bin/xdg-settings rPx, /{usr/,}bin/xdg-settings rPx,

2
apparmor.d/groups/apps/telegram-desktop
View file

@ -75,8 +75,6 @@ profile telegram-desktop @{exec_path} {
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
/etc/machine-id r, /etc/machine-id r,
# Needed when saving files as, or otherwise the app crashes
/usr/share/hwdata/pnp.ids r, /usr/share/hwdata/pnp.ids r,
owner @{HOME}/.config/qt5ct/{,**} r, owner @{HOME}/.config/qt5ct/{,**} r,

2
apparmor.d/groups/apps/thunderbird
View file

@ -145,8 +145,6 @@ profile thunderbird @{exec_path} {
owner @{HOME}/Mail/** rwl -> @{HOME}/Mail/**, owner @{HOME}/Mail/** rwl -> @{HOME}/Mail/**,
owner @{user_share_dirs}/ r, owner @{user_share_dirs}/ r,
# Fix error in libglib while saving files as
# Spellcheck # Spellcheck
/{usr/,}bin/locale rix, /{usr/,}bin/locale rix,

1
apparmor.d/groups/apt/synaptic
View file

@ -147,7 +147,6 @@ profile synaptic @{exec_path} {
# errorcode: 2 # errorcode: 2
/dev/ptmx rw, /dev/ptmx rw,
/etc/fstab r, /etc/fstab r,
# Synaptic is a GUI app started by root, so without "owner" # Synaptic is a GUI app started by root, so without "owner"

1
apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor
View file

@ -62,7 +62,6 @@ profile gvfs-udisks2-volume-monitor @{exec_path} flags=(attach_disconnected) {
/{usr/,}bin/mount rPx, /{usr/,}bin/mount rPx,
/{usr/,}bin/umount rPx, /{usr/,}bin/umount rPx,
/var/lib/gdm{3,}/.config/dconf/user r, /var/lib/gdm{3,}/.config/dconf/user r,
/ r, / r,

1
apparmor.d/groups/gvfs/gvfsd-ftp
View file

@ -22,6 +22,5 @@ profile gvfsd-ftp @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
include if exists <local/gvfsd-ftp> include if exists <local/gvfsd-ftp>
} }

1
apparmor.d/groups/gvfs/gvfsd-http
View file

@ -24,7 +24,6 @@ profile gvfsd-http @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
owner @{run}/user/@{uid}/gvfsd/socket-* rw, owner @{run}/user/@{uid}/gvfsd/socket-* rw,
include if exists <local/gvfsd-http> include if exists <local/gvfsd-http>

1
apparmor.d/groups/gvfs/gvfsd-mtp
View file

@ -20,7 +20,6 @@ profile gvfsd-mtp @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
owner @{HOME}/{,**} rw, owner @{HOME}/{,**} rw,
owner @{MOUNTS}/{,**} rw, owner @{MOUNTS}/{,**} rw,

1
apparmor.d/groups/gvfs/gvfsd-smb
View file

@ -21,7 +21,6 @@ profile gvfsd-smb @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
/etc/samba/smb.conf r, /etc/samba/smb.conf r,
owner @{run}/user/@{uid}/gvfsd/socket-[a-zA-z0-9]* rw, owner @{run}/user/@{uid}/gvfsd/socket-[a-zA-z0-9]* rw,

1
apparmor.d/profiles-a-f/arduino
View file

@ -82,7 +82,6 @@ profile arduino @{exec_path} {
owner @{run}/lock/tmp* rw, owner @{run}/lock/tmp* rw,
owner @{run}/lock/LCK..ttyS[0-9]* rw, owner @{run}/lock/LCK..ttyS[0-9]* rw,
owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/coredump_filter rw, owner @{PROC}/@{pid}/coredump_filter rw,
owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mountinfo r,

1
apparmor.d/profiles-a-f/atril
View file

@ -51,7 +51,6 @@ profile atril @{exec_path} {
/usr/share/atril/{,**} r, /usr/share/atril/{,**} r,
owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,

1
apparmor.d/profiles-a-f/cawbird
View file

@ -39,7 +39,6 @@ profile cawbird @{exec_path} {
owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/ rw,
owner @{user_cache_dirs}/cawbird-* rw, owner @{user_cache_dirs}/cawbird-* rw,
/usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r, /usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r,
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,

1
apparmor.d/profiles-a-f/czkawka-gui
View file

@ -37,7 +37,6 @@ profile czkawka-gui @{exec_path} {
@{sys}/fs/cgroup/{,**} r, @{sys}/fs/cgroup/{,**} r,
profile open { profile open {
include <abstractions/base> include <abstractions/base>
include <abstractions/xdg-open> include <abstractions/xdg-open>

1
apparmor.d/profiles-a-f/deltachat-desktop
View file

@ -47,7 +47,6 @@ profile deltachat-desktop @{exec_path} {
owner @{HOME}/.config/DeltaChat/ rw, owner @{HOME}/.config/DeltaChat/ rw,
owner @{HOME}/.config/DeltaChat/** rwk, owner @{HOME}/.config/DeltaChat/** rwk,
owner /tmp/@{hex}/ rw, owner /tmp/@{hex}/ rw,
owner /tmp/@{hex}/db.sqlite-blobs/ rw, owner /tmp/@{hex}/db.sqlite-blobs/ rw,
owner /tmp/@{hex}/db.sqlite rwk, owner /tmp/@{hex}/db.sqlite rwk,

1
apparmor.d/profiles-a-f/dino-im
View file

@ -31,7 +31,6 @@ profile dino-im @{exec_path} {
/{usr/,}bin/gpgconf rCx -> gpg, /{usr/,}bin/gpgconf rCx -> gpg,
/{usr/,}bin/gpgsm rCx -> gpg, /{usr/,}bin/gpgsm rCx -> gpg,
owner @{user_share_dirs}/dino/ rw, owner @{user_share_dirs}/dino/ rw,
owner @{user_share_dirs}/dino/** rwk, owner @{user_share_dirs}/dino/** rwk,

2
apparmor.d/profiles-a-f/engrampa
View file

@ -121,11 +121,9 @@ profile engrampa @{exec_path} {
/usr/share/engrampa/{,**} r, /usr/share/engrampa/{,**} r,
/usr/share/**.desktop r, /usr/share/**.desktop r,
/usr/share/**/icons/**.png r,
/etc/magic r, /etc/magic r,
# gnome-tiny # gnome-tiny
@{run}/mount/utab r, @{run}/mount/utab r,

1
apparmor.d/profiles-a-f/exo-helper
View file

@ -47,7 +47,6 @@ profile exo-helper @{exec_path} {
/etc/fstab r, /etc/fstab r,
# file_inherit # file_inherit
owner /dev/tty[0-9]* rw, owner /dev/tty[0-9]* rw,

1
apparmor.d/profiles-a-f/font-manager
View file

@ -29,7 +29,6 @@ profile font-manager @{exec_path} {
/{usr/,}lib/@{multiarch}/webkit*gtk-*/WebKitWebProcess rix, /{usr/,}lib/@{multiarch}/webkit*gtk-*/WebKitWebProcess rix,
/{usr/,}lib/@{multiarch}/webkit*gtk-*/WebKitNetworkProcess rix, /{usr/,}lib/@{multiarch}/webkit*gtk-*/WebKitNetworkProcess rix,
owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/ rw,
owner @{user_cache_dirs}/font-manager/ rw, owner @{user_cache_dirs}/font-manager/ rw,
owner @{user_cache_dirs}/font-manager/* rwk, owner @{user_cache_dirs}/font-manager/* rwk,

1
apparmor.d/profiles-g-l/gajim
View file

@ -84,7 +84,6 @@ profile gajim @{exec_path} {
/etc/fstab r, /etc/fstab r,
/usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r, /usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r,
# TMP files locations (first in /tmp/ , /var/tmp/ and @{HOME}/) # TMP files locations (first in /tmp/ , /var/tmp/ and @{HOME}/)

1
apparmor.d/profiles-g-l/ganyremote
View file

@ -62,7 +62,6 @@ profile ganyremote @{exec_path} {
/etc/fstab r, /etc/fstab r,
# Doc dirs # Doc dirs
deny /usr/local/share/ r, deny /usr/local/share/ r,
deny /usr/share/ r, deny /usr/share/ r,

1
apparmor.d/profiles-g-l/gpartedbin
View file

@ -131,7 +131,6 @@ profile gpartedbin @{exec_path} {
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
/etc/machine-id r, /etc/machine-id r,
@{run}/mount/utab r, @{run}/mount/utab r,
# For fsck of the btrfs filesystem # For fsck of the btrfs filesystem

1
apparmor.d/profiles-g-l/gpodder
View file

@ -44,7 +44,6 @@ profile gpodder @{exec_path} {
/etc/fstab r, /etc/fstab r,
owner /var/tmp/etilqs_@{hex} rw, owner /var/tmp/etilqs_@{hex} rw,
/etc/mime.types r, /etc/mime.types r,

1
apparmor.d/profiles-g-l/gsmartcontrol
View file

@ -56,7 +56,6 @@ profile gsmartcontrol @{exec_path} {
/etc/fstab r, /etc/fstab r,
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
/etc/machine-id r, /etc/machine-id r,

1
apparmor.d/profiles-g-l/hypnotix
View file

@ -76,7 +76,6 @@ profile hypnotix @{exec_path} {
/dev/ r, /dev/ r,
/etc/vdpau_wrapper.cfg r, /etc/vdpau_wrapper.cfg r,
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,

1
apparmor.d/profiles-g-l/jami-gnome
View file

@ -41,7 +41,6 @@ profile jami-gnome @{exec_path} {
/{usr/,}lib/@{multiarch}/webkit2gtk-4.0/WebKitNetworkProcess rix, /{usr/,}lib/@{multiarch}/webkit2gtk-4.0/WebKitNetworkProcess rix,
/{usr/,}lib/@{multiarch}/webkit2gtk-4.0/WebKitWebProcess rix, /{usr/,}lib/@{multiarch}/webkit2gtk-4.0/WebKitWebProcess rix,
/usr/share/ring/{,**} r, /usr/share/ring/{,**} r,
/usr/share/sounds/jami-gnome/{,**} r, /usr/share/sounds/jami-gnome/{,**} r,

1
apparmor.d/profiles-g-l/light-locker
View file

@ -20,7 +20,6 @@ profile light-locker @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{PROC}/1/cgroup r, @{PROC}/1/cgroup r,
owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/cgroup r,

1
apparmor.d/profiles-m-r/mediainfo-gui
View file

@ -55,7 +55,6 @@ profile mediainfo-gui @{exec_path} {
owner @{MOUNTS}/**/ r, owner @{MOUNTS}/**/ r,
owner /{home,media}/**.@{mediainfo_ext} r, owner /{home,media}/**.@{mediainfo_ext} r,
profile open { profile open {
include <abstractions/base> include <abstractions/base>
include <abstractions/xdg-open> include <abstractions/xdg-open>

1
apparmor.d/profiles-m-r/obconf
View file

@ -32,7 +32,6 @@ profile obconf @{exec_path} {
/etc/fstab r, /etc/fstab r,
# file_inherit # file_inherit
owner /dev/tty[0-9]* rw, owner /dev/tty[0-9]* rw,

1
apparmor.d/profiles-m-r/pulseeffects
View file

@ -32,7 +32,6 @@ profile pulseeffects @{exec_path} {
owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/ r,
# file_inherit # file_inherit
owner /dev/tty[0-9]* rw, owner /dev/tty[0-9]* rw,

2
apparmor.d/profiles-s-z/udiskie
View file

@ -36,14 +36,12 @@ profile udiskie @{exec_path} {
/etc/fstab r, /etc/fstab r,
# Allowed apps to open # Allowed apps to open
/{usr/,}bin/spacefm rPx, /{usr/,}bin/spacefm rPx,
# Silencer # Silencer
deny /{usr/,}lib/** w, deny /{usr/,}lib/** w,
profile open { profile open {
include <abstractions/base> include <abstractions/base>
include <abstractions/xdg-open> include <abstractions/xdg-open>

1
apparmor.d/profiles-s-z/utox
View file

@ -38,7 +38,6 @@ profile utox @{exec_path} {
deny owner @{PROC}/@{pid}/cmdline r, deny owner @{PROC}/@{pid}/cmdline r,
profile open { profile open {
include <abstractions/base> include <abstractions/base>
include <abstractions/xdg-open> include <abstractions/xdg-open>

1
apparmor.d/profiles-s-z/volumeicon
View file

@ -32,7 +32,6 @@ profile volumeicon @{exec_path} {
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
/etc/machine-id r, /etc/machine-id r,
# Start the PulseAudio sound mixer # Start the PulseAudio sound mixer
/{usr/,}bin/{,ba,da}sh rix, /{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/pavucontrol rPUx, /{usr/,}bin/pavucontrol rPUx,

1
apparmor.d/profiles-s-z/wireshark
View file

@ -72,7 +72,6 @@ profile wireshark @{exec_path} {
/etc/fstab r, /etc/fstab r,
/usr/share/hwdata/pnp.ids r, /usr/share/hwdata/pnp.ids r,
/usr/share/GeoIP/{,**} r, /usr/share/GeoIP/{,**} r,

1
apparmor.d/profiles-s-z/xarchiver
View file

@ -57,7 +57,6 @@ profile xarchiver @{exec_path} {
/tmp/ r, /tmp/ r,
owner /tmp/** rw, owner /tmp/** rw,
owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/ r,
@{PROC}/@{pid}/mountinfo r, @{PROC}/@{pid}/mountinfo r,
@{PROC}/@{pid}/mounts r, @{PROC}/@{pid}/mounts r,