mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 08:58:15 +01:00
feat(profiles): add firefox-kmozillahelper.
This commit is contained in:
Alexandre Pujol
parent
f086f71ba9
commit
c9ef8f55c4
3 changed files with 50 additions and 0 deletions
|
|
@ -181,6 +181,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
|
||||||
owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
||||||
|
|
||||||
owner @{user_config_dirs}/ r,
|
owner @{user_config_dirs}/ r,
|
||||||
|
owner @{user_config_dirs}/gtk-{3,4}.0/assets/*.svg r,
|
||||||
owner @{user_config_dirs}/ibus/bus/{,@{hex}-unix{,-wayland}-[0-9]*} r,
|
owner @{user_config_dirs}/ibus/bus/{,@{hex}-unix{,-wayland}-[0-9]*} r,
|
||||||
owner @{user_config_dirs}/mimeapps.list{,.*} rw,
|
owner @{user_config_dirs}/mimeapps.list{,.*} rw,
|
||||||
|
|
||||||
|
|
|
||||||
48
apparmor.d/groups/browsers/firefox-kmozillahelper
Normal file
48
apparmor.d/groups/browsers/firefox-kmozillahelper
Normal file
|
|
@ -0,0 +1,48 @@
|
||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/3.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
@{exec_path} = /{usr/,}lib/mozilla/kmozillahelper
|
||||||
|
profile firefox-kmozillahelper @{exec_path} {
|
||||||
|
include <abstractions/base>
|
||||||
|
include <abstractions/dri-common>
|
||||||
|
include <abstractions/fonts>
|
||||||
|
include <abstractions/freedesktop.org>
|
||||||
|
include <abstractions/mesa>
|
||||||
|
include <abstractions/nameservice-strict>
|
||||||
|
include <abstractions/qt5>
|
||||||
|
|
||||||
|
ptrace (read) peer=firefox,
|
||||||
|
|
||||||
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
/usr/share/hwdata/*.ids r,
|
||||||
|
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
|
||||||
|
/usr/share/kservices5/{,**} r,
|
||||||
|
/usr/share/mime/ r,
|
||||||
|
|
||||||
|
/etc/xdg/kdeglobals r,
|
||||||
|
/etc/xdg/kwinrc r,
|
||||||
|
/etc/xdg/menus/ r,
|
||||||
|
/etc/xdg/menus/applications-merged/ r,
|
||||||
|
|
||||||
|
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||||
|
owner @{user_cache_dirs}/ksycoca5_* r,
|
||||||
|
|
||||||
|
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
|
||||||
|
owner @{user_config_dirs}/kdedefaults/kwinrc r,
|
||||||
|
owner @{user_config_dirs}/kdeglobals r,
|
||||||
|
owner @{user_config_dirs}/kwinrc r,
|
||||||
|
|
||||||
|
owner @{run}/user/@{uid}/xauth_* rl,
|
||||||
|
|
||||||
|
@{PROC}/sys/kernel/core_pattern r,
|
||||||
|
|
||||||
|
/dev/tty r,
|
||||||
|
|
||||||
|
include if exists <local/firefox-kmozillahelper>
|
||||||
|
}
|
||||||
|
|
@ -98,6 +98,7 @@ fail2ban-client attach_disconnected,complain
|
||||||
fail2ban-server attach_disconnected,complain
|
fail2ban-server attach_disconnected,complain
|
||||||
fdisk complain
|
fdisk complain
|
||||||
file-roller complain
|
file-roller complain
|
||||||
|
firefox-kmozillahelper complain
|
||||||
firewalld complain
|
firewalld complain
|
||||||
flatpak-session-helper complain
|
flatpak-session-helper complain
|
||||||
fsck-ext4 complain
|
fsck-ext4 complain
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue