From c81253de14c33050d235766c6903f8dca8442b0d Mon Sep 17 00:00:00 2001 From: doublez13 Date: Fri, 5 Apr 2024 08:32:31 -0600 Subject: [PATCH] Create profile for taskwarrior --- apparmor.d/profiles-s-z/task | 70 ++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 apparmor.d/profiles-s-z/task diff --git a/apparmor.d/profiles-s-z/task b/apparmor.d/profiles-s-z/task new file mode 100644 index 00000000..3c161081 --- /dev/null +++ b/apparmor.d/profiles-s-z/task @@ -0,0 +1,70 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Zane Zakraisek +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/task +profile task @{exec_path} { + include + include + include + include + + # Task can optionally connect to a taskserver + network inet dgram, + network inet6 dgram, + network inet stream, + network inet6 stream, + network netlink raw, + + @{exec_path} mr, + + @{sh_path} rix, + + @{bin}/vim rCx -> editor, + @{bin}/vim.* rCx -> editor, + @{bin}/sensible-editor rCx -> editor, + + /usr/share/{doc/,}task{warrior,}/** r, + + # Task can edit it's own config, so write is needed + owner @{HOME}/.taskrc rw, + owner @{HOME}/.task/{,**} rwk, + + profile editor { + include + include + + @{bin}/sensible-editor mr, + @{bin}/vim mrix, + @{bin}/vim.* mrix, + @{sh_path} rix, + @{bin}/which{,.debianutils} rix, + + /usr/share/vim/{,**} r, + /usr/share/terminfo/** r, + + /etc/vimrc r, + /etc/vim/{,**} r, + + owner @{HOME}/.selected_editor r, + owner @{HOME}/.viminfo{,.tmp} rw, + owner @{HOME}/.vimrc r, + + # Vim swap file + owner @{HOME}/ r, + owner @{user_cache_dirs}/ r, + owner @{user_cache_dirs}/vim/** wr, + + # Taskwarrior related files + owner @{HOME}/.task/ r, + owner @{HOME}/.task/* rw, + + include if exists + } + + include if exists +}