mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-14 23:43:56 +01:00
feat(profile): add signal from systemd-user.
This commit is contained in:
parent
968da5518b
commit
d0a052b7ae
@ -22,6 +22,7 @@ profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) {
|
|||||||
network inet6 dgram,
|
network inet6 dgram,
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term hup kill) peer=dbus-daemon,
|
signal (receive) set=(term hup kill) peer=dbus-daemon,
|
||||||
signal (receive) set=(term hup kill) peer=gdm*,
|
signal (receive) set=(term hup kill) peer=gdm*,
|
||||||
signal (receive) set=(term hup kill) peer=gnome-session-binary,
|
signal (receive) set=(term hup kill) peer=gnome-session-binary,
|
||||||
|
@ -19,10 +19,12 @@ profile pipewire @{exec_path} flags=(attach_disconnected) {
|
|||||||
|
|
||||||
capability sys_ptrace,
|
capability sys_ptrace,
|
||||||
|
|
||||||
ptrace (read),
|
|
||||||
|
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
|
ptrace (read),
|
||||||
|
|
||||||
# dbus: own bus=session name=org.pulseaudio.Server
|
# dbus: own bus=session name=org.pulseaudio.Server
|
||||||
|
|
||||||
dbus send bus=session path=/org/freedesktop/DBus
|
dbus send bus=session path=/org/freedesktop/DBus
|
||||||
|
@ -23,6 +23,8 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
|
|||||||
|
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
ptrace (read),
|
ptrace (read),
|
||||||
|
|
||||||
# dbus: own bus=session name=org.freedesktop.portal.Desktop path=/org/freedesktop/portal/desktop interface={org.freedesktop.DBus.Properties,org.freedesktop{,.impl}.portal.{Settings,Background}}
|
# dbus: own bus=session name=org.freedesktop.portal.Desktop path=/org/freedesktop/portal/desktop interface={org.freedesktop.DBus.Properties,org.freedesktop{,.impl}.portal.{Settings,Background}}
|
||||||
|
@ -29,6 +29,7 @@ profile xdg-desktop-portal-gnome @{exec_path} {
|
|||||||
|
|
||||||
network unix stream,
|
network unix stream,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=term peer=gdm,
|
signal (receive) set=term peer=gdm,
|
||||||
|
|
||||||
dbus bind bus=session name=org.freedesktop.impl.portal.desktop.gnome,
|
dbus bind bus=session name=org.freedesktop.impl.portal.desktop.gnome,
|
||||||
|
@ -29,6 +29,8 @@ profile xdg-desktop-portal-gtk @{exec_path} {
|
|||||||
include <abstractions/user-download>
|
include <abstractions/user-download>
|
||||||
include <abstractions/user-write>
|
include <abstractions/user-write>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
unix (send, receive, connect) type=stream peer=(addr="@/tmp/.X11-unix/*", label=gnome-shell),
|
unix (send, receive, connect) type=stream peer=(addr="@/tmp/.X11-unix/*", label=gnome-shell),
|
||||||
|
|
||||||
dbus bind bus=session name=org.freedesktop.impl.portal.desktop.gtk,
|
dbus bind bus=session name=org.freedesktop.impl.portal.desktop.gtk,
|
||||||
|
@ -18,10 +18,11 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
|
|||||||
|
|
||||||
mount fstype=fuse.portal -> @{run}/user/@{uid}/doc/,
|
mount fstype=fuse.portal -> @{run}/user/@{uid}/doc/,
|
||||||
|
|
||||||
ptrace (read) peer=xdg-desktop-portal,
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
signal (receive) set=(term) peer=gdm,
|
signal (receive) set=(term) peer=gdm,
|
||||||
|
|
||||||
|
ptrace (read) peer=xdg-desktop-portal,
|
||||||
|
|
||||||
unix (send receive) type=stream peer=(label=xdg-document-portal//fusermount),
|
unix (send receive) type=stream peer=(label=xdg-document-portal//fusermount),
|
||||||
|
|
||||||
# dbus: own bus=session name=org.freedesktop.portal.Documents path=/org/freedesktop/portal/documents
|
# dbus: own bus=session name=org.freedesktop.portal.Documents path=/org/freedesktop/portal/documents
|
||||||
@ -63,6 +64,8 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
|
|||||||
|
|
||||||
umount @{run}/user/@{uid}/doc/,
|
umount @{run}/user/@{uid}/doc/,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
unix (send receive) type=stream peer=(label=xdg-document-portal),
|
unix (send receive) type=stream peer=(label=xdg-document-portal),
|
||||||
|
|
||||||
@{bin}/fusermount{,3} mr,
|
@{bin}/fusermount{,3} mr,
|
||||||
|
@ -13,6 +13,7 @@ profile xdg-permission-store @{exec_path} flags=(attach_disconnected) {
|
|||||||
|
|
||||||
capability sys_nice,
|
capability sys_nice,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term hup kill) peer=dbus-daemon,
|
signal (receive) set=(term hup kill) peer=dbus-daemon,
|
||||||
signal (receive) set=(term hup kill) peer=gdm*,
|
signal (receive) set=(term hup kill) peer=gdm*,
|
||||||
|
|
||||||
|
@ -13,6 +13,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
|
|||||||
include <abstractions/graphics>
|
include <abstractions/graphics>
|
||||||
include <abstractions/X-strict>
|
include <abstractions/X-strict>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term hup) peer=gdm*,
|
signal (receive) set=(term hup) peer=gdm*,
|
||||||
signal (receive) set=(term hup) peer=gnome-shell,
|
signal (receive) set=(term hup) peer=gnome-shell,
|
||||||
signal (receive) set=(term hup) peer=kwin_wayland,
|
signal (receive) set=(term hup) peer=kwin_wayland,
|
||||||
|
@ -25,6 +25,8 @@ profile evolution-addressbook-factory @{exec_path} {
|
|||||||
network inet6 dgram,
|
network inet6 dgram,
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
dbus bind bus=session name=org.gnome.evolution.dataserver.AddressBook@{int},
|
dbus bind bus=session name=org.gnome.evolution.dataserver.AddressBook@{int},
|
||||||
|
|
||||||
dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
|
dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
|
||||||
|
@ -21,6 +21,8 @@ profile evolution-alarm-notify @{exec_path} {
|
|||||||
|
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
# dbus: own bus=session name=org.gnome.Evolution-alarm-notify
|
# dbus: own bus=session name=org.gnome.Evolution-alarm-notify
|
||||||
|
|
||||||
dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
|
dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
|
||||||
|
@ -24,6 +24,8 @@ profile evolution-calendar-factory @{exec_path} {
|
|||||||
network inet6 dgram,
|
network inet6 dgram,
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
dbus bind bus=session name=org.gnome.evolution.dataserver.Calendar@{int},
|
dbus bind bus=session name=org.gnome.evolution.dataserver.Calendar@{int},
|
||||||
|
|
||||||
dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
|
dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**
|
||||||
|
@ -22,6 +22,8 @@ profile evolution-source-registry @{exec_path} {
|
|||||||
network inet6 dgram,
|
network inet6 dgram,
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
dbus bind bus=session name=org.gnome.evolution.dataserver.Sources@{int},
|
dbus bind bus=session name=org.gnome.evolution.dataserver.Sources@{int},
|
||||||
dbus receive bus=session path=/org/gnome/evolution/dataserver/SourceManager{,/**}
|
dbus receive bus=session path=/org/gnome/evolution/dataserver/SourceManager{,/**}
|
||||||
interface={org.freedesktop.DBus.ObjectManager,org.freedesktop.DBus.Properties}
|
interface={org.freedesktop.DBus.ObjectManager,org.freedesktop.DBus.Properties}
|
||||||
|
@ -27,6 +27,7 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
|
|||||||
|
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term hup) peer=gdm*,
|
signal (receive) set=(term hup) peer=gdm*,
|
||||||
|
|
||||||
# dbus: own bus=session name=org.freedesktop.Notifications
|
# dbus: own bus=session name=org.freedesktop.Notifications
|
||||||
|
@ -20,6 +20,7 @@ profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) {
|
|||||||
|
|
||||||
capability ipc_lock,
|
capability ipc_lock,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term) peer=gdm,
|
signal (receive) set=(term) peer=gdm,
|
||||||
signal (send) set=(term) peer=ssh-agent,
|
signal (send) set=(term) peer=ssh-agent,
|
||||||
|
|
||||||
|
@ -29,6 +29,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
|||||||
network inet6 dgram,
|
network inet6 dgram,
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term, hup) peer=gdm*,
|
signal (receive) set=(term, hup) peer=gdm*,
|
||||||
signal (send) set=(term) peer=at-spi-bus-launcher,
|
signal (send) set=(term) peer=at-spi-bus-launcher,
|
||||||
signal (send) set=(term) peer=gsd-*,
|
signal (send) set=(term) peer=gsd-*,
|
||||||
|
@ -64,6 +64,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
|||||||
|
|
||||||
ptrace (read),
|
ptrace (read),
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term, hup) peer=gdm*,
|
signal (receive) set=(term, hup) peer=gdm*,
|
||||||
signal (send),
|
signal (send),
|
||||||
|
|
||||||
|
@ -13,6 +13,8 @@ profile gnome-shell-calendar-server @{exec_path} {
|
|||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
# dbus: own bus=session name=org.gnome.Shell.CalendarServer
|
# dbus: own bus=session name=org.gnome.Shell.CalendarServer
|
||||||
|
|
||||||
dbus (send receive) bus=session path=/org/gnome/evolution/dataserver/{,**}
|
dbus (send receive) bus=session path=/org/gnome/evolution/dataserver/{,**}
|
||||||
|
@ -27,6 +27,8 @@ profile gnome-software @{exec_path} {
|
|||||||
mount fstype=fuse.revokefs-fuse options=(rw, nosuid, nodev) -> /var/tmp/flatpak-cache-*/*/,
|
mount fstype=fuse.revokefs-fuse options=(rw, nosuid, nodev) -> /var/tmp/flatpak-cache-*/*/,
|
||||||
umount /var/tmp/flatpak-cache-*/*/,
|
umount /var/tmp/flatpak-cache-*/*/,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
@{bin}/baobab rPUx,
|
@{bin}/baobab rPUx,
|
||||||
|
@ -18,6 +18,7 @@ profile gnome-terminal-server @{exec_path} {
|
|||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
include <abstractions/gnome-strict>
|
include <abstractions/gnome-strict>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (send) set=(hup) peer=htop,
|
signal (send) set=(hup) peer=htop,
|
||||||
signal (send) set=(term hup kill) peer=unconfined,
|
signal (send) set=(term hup kill) peer=unconfined,
|
||||||
|
|
||||||
|
@ -25,6 +25,8 @@ profile goa-daemon @{exec_path} {
|
|||||||
network inet6 dgram,
|
network inet6 dgram,
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
# dbus: own bus=session name=org.gnome.OnlineAccounts
|
# dbus: own bus=session name=org.gnome.OnlineAccounts
|
||||||
|
|
||||||
dbus send bus=session path=/org/gnome/Identity
|
dbus send bus=session path=/org/gnome/Identity
|
||||||
|
@ -12,6 +12,8 @@ profile goa-identity-service @{exec_path} {
|
|||||||
include <abstractions/authentication>
|
include <abstractions/authentication>
|
||||||
include <abstractions/bus-session>
|
include <abstractions/bus-session>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
# dbus: own bus=session name=org.gnome.Identity
|
# dbus: own bus=session name=org.gnome.Identity
|
||||||
|
|
||||||
dbus send bus=session path=/org/gnome/OnlineAccounts
|
dbus send bus=session path=/org/gnome/OnlineAccounts
|
||||||
|
@ -13,6 +13,7 @@ profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) {
|
|||||||
include <abstractions/bus/org.gnome.SessionManager>
|
include <abstractions/bus/org.gnome.SessionManager>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term, hup) peer=gdm*,
|
signal (receive) set=(term, hup) peer=gdm*,
|
||||||
|
|
||||||
# dbus: own bus=session name=org.gnome.SettingsDaemon.A11ySettings
|
# dbus: own bus=session name=org.gnome.SettingsDaemon.A11ySettings
|
||||||
|
@ -22,6 +22,7 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
|
|||||||
include <abstractions/gnome-strict>
|
include <abstractions/gnome-strict>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term, hup) peer=gdm*,
|
signal (receive) set=(term, hup) peer=gdm*,
|
||||||
|
|
||||||
# dbus: own bus=session name=org.gnome.SettingsDaemon.Color
|
# dbus: own bus=session name=org.gnome.SettingsDaemon.Color
|
||||||
|
@ -13,6 +13,7 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) {
|
|||||||
include <abstractions/bus/org.gnome.SessionManager>
|
include <abstractions/bus/org.gnome.SessionManager>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term, hup) peer=gdm*,
|
signal (receive) set=(term, hup) peer=gdm*,
|
||||||
|
|
||||||
# dbus: own bus=session name=org.gnome.SettingsDaemon.Datetime
|
# dbus: own bus=session name=org.gnome.SettingsDaemon.Datetime
|
||||||
|
@ -13,6 +13,8 @@ profile gsd-disk-utility-notify @{exec_path} {
|
|||||||
include <abstractions/bus-system>
|
include <abstractions/bus-system>
|
||||||
include <abstractions/bus/org.freedesktop.UDisks2>
|
include <abstractions/bus/org.freedesktop.UDisks2>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
# dbus: own bus=session name=org.gnome.Disks.NotificationMonitor
|
# dbus: own bus=session name=org.gnome.Disks.NotificationMonitor
|
||||||
|
|
||||||
dbus receive bus=session
|
dbus receive bus=session
|
||||||
|
@ -16,6 +16,7 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) {
|
|||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
include <abstractions/thumbnails-cache-read>
|
include <abstractions/thumbnails-cache-read>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term, hup) peer=gdm*,
|
signal (receive) set=(term, hup) peer=gdm*,
|
||||||
signal (receive) set=(term, hup) peer=gnome*,
|
signal (receive) set=(term, hup) peer=gnome*,
|
||||||
|
|
||||||
|
@ -21,6 +21,7 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) {
|
|||||||
include <abstractions/gnome-strict>
|
include <abstractions/gnome-strict>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term, hup) peer=gdm*,
|
signal (receive) set=(term, hup) peer=gdm*,
|
||||||
|
|
||||||
# dbus: own bus=session name=org.gnome.SettingsDaemon.Keyboard
|
# dbus: own bus=session name=org.gnome.SettingsDaemon.Keyboard
|
||||||
|
@ -24,6 +24,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
|
|||||||
include <abstractions/gnome-strict>
|
include <abstractions/gnome-strict>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term, hup) peer=gdm*,
|
signal (receive) set=(term, hup) peer=gdm*,
|
||||||
|
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
@ -31,6 +31,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
|
|||||||
|
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term, hup) peer=gdm*,
|
signal (receive) set=(term, hup) peer=gdm*,
|
||||||
|
|
||||||
# dbus: own bus=session name=org.gnome.SettingsDaemon.Power
|
# dbus: own bus=session name=org.gnome.SettingsDaemon.Power
|
||||||
|
@ -18,6 +18,7 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) {
|
|||||||
network inet stream,
|
network inet stream,
|
||||||
network inet6 stream,
|
network inet6 stream,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term, hup) peer=gdm*,
|
signal (receive) set=(term, hup) peer=gdm*,
|
||||||
signal (send) set=(hup) peer=gsd-printer,
|
signal (send) set=(hup) peer=gsd-printer,
|
||||||
|
|
||||||
|
@ -14,6 +14,7 @@ profile gsd-printer @{exec_path} flags=(attach_disconnected) {
|
|||||||
include <abstractions/bus/org.gnome.SessionManager>
|
include <abstractions/bus/org.gnome.SessionManager>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term, hup) peer=gdm*,
|
signal (receive) set=(term, hup) peer=gdm*,
|
||||||
signal (receive) set=(hup) peer=gsd-print-notifications,
|
signal (receive) set=(hup) peer=gsd-print-notifications,
|
||||||
|
|
||||||
|
@ -16,6 +16,7 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) {
|
|||||||
include <abstractions/bus/org.freedesktop.NetworkManager>
|
include <abstractions/bus/org.freedesktop.NetworkManager>
|
||||||
include <abstractions/bus/org.gnome.SessionManager>
|
include <abstractions/bus/org.gnome.SessionManager>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term, hup) peer=gdm*,
|
signal (receive) set=(term, hup) peer=gdm*,
|
||||||
|
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
@ -12,6 +12,7 @@ profile gsd-screensaver-proxy @{exec_path} flags=(attach_disconnected) {
|
|||||||
include <abstractions/bus-session>
|
include <abstractions/bus-session>
|
||||||
include <abstractions/bus/org.gnome.SessionManager>
|
include <abstractions/bus/org.gnome.SessionManager>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term, hup) peer=gdm*,
|
signal (receive) set=(term, hup) peer=gdm*,
|
||||||
|
|
||||||
# dbus: own bus=session name=org.freedesktop.ScreenSaver
|
# dbus: own bus=session name=org.freedesktop.ScreenSaver
|
||||||
|
@ -15,6 +15,7 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) {
|
|||||||
include <abstractions/bus/org.gnome.SessionManager>
|
include <abstractions/bus/org.gnome.SessionManager>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term, hup) peer=gdm*,
|
signal (receive) set=(term, hup) peer=gdm*,
|
||||||
|
|
||||||
# dbus: own bus=session name=org.gnome.SettingsDaemon.Sharing
|
# dbus: own bus=session name=org.gnome.SettingsDaemon.Sharing
|
||||||
|
@ -15,6 +15,7 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) {
|
|||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
include <abstractions/p11-kit>
|
include <abstractions/p11-kit>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term, hup) peer=gdm*,
|
signal (receive) set=(term, hup) peer=gdm*,
|
||||||
|
|
||||||
# dbus: own bus=session name=org.gnome.SettingsDaemon.Smartcard
|
# dbus: own bus=session name=org.gnome.SettingsDaemon.Smartcard
|
||||||
|
@ -15,6 +15,7 @@ profile gsd-sound @{exec_path} flags=(attach_disconnected) {
|
|||||||
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term, hup) peer=gdm*,
|
signal (receive) set=(term, hup) peer=gdm*,
|
||||||
|
|
||||||
# dbus: own bus=session name=org.gnome.SettingsDaemon.Sound
|
# dbus: own bus=session name=org.gnome.SettingsDaemon.Sound
|
||||||
|
@ -11,6 +11,8 @@ profile gsd-usb-protection @{exec_path} {
|
|||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||||
|
@ -19,6 +19,7 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) {
|
|||||||
include <abstractions/gnome-strict>
|
include <abstractions/gnome-strict>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (receive) set=(term, hup) peer=gdm*,
|
signal (receive) set=(term, hup) peer=gdm*,
|
||||||
|
|
||||||
# dbus: own bus=session name=org.gnome.SettingsDaemon.Wacom
|
# dbus: own bus=session name=org.gnome.SettingsDaemon.Wacom
|
||||||
|
@ -30,6 +30,8 @@ profile gsd-xsettings @{exec_path} {
|
|||||||
network inet6 dgram,
|
network inet6 dgram,
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
# dbus: own bus=session name=org.gnome.SettingsDaemon.XSettings
|
# dbus: own bus=session name=org.gnome.SettingsDaemon.XSettings
|
||||||
# dbus: own bus=session name=org.gtk.Settings
|
# dbus: own bus=session name=org.gtk.Settings
|
||||||
|
|
||||||
|
@ -17,6 +17,8 @@ profile mutter-x11-frames @{exec_path} {
|
|||||||
include <abstractions/graphics>
|
include <abstractions/graphics>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/dconf/profile/gdm r,
|
/usr/share/dconf/profile/gdm r,
|
||||||
|
@ -12,6 +12,8 @@ profile gvfs-afc-volume-monitor @{exec_path} {
|
|||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/bus-session>
|
include <abstractions/bus-session>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
# dbus: own bus=session name=org.gtk.vfs.AfcVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor
|
# dbus: own bus=session name=org.gtk.vfs.AfcVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor
|
||||||
|
|
||||||
dbus receive bus=session
|
dbus receive bus=session
|
||||||
|
@ -12,6 +12,8 @@ profile gvfs-goa-volume-monitor @{exec_path} {
|
|||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/bus-session>
|
include <abstractions/bus-session>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
dbus bind bus=session name=org.gtk.vfs.GoaVolumeMonitor,
|
dbus bind bus=session name=org.gtk.vfs.GoaVolumeMonitor,
|
||||||
dbus (send, receive) bus=session path=/org/gtk/Private/RemoteVolumeMonitor
|
dbus (send, receive) bus=session path=/org/gtk/Private/RemoteVolumeMonitor
|
||||||
interface=org.gtk.Private.RemoteVolumeMonitor
|
interface=org.gtk.Private.RemoteVolumeMonitor
|
||||||
|
@ -16,6 +16,8 @@ profile gvfs-gphoto2-volume-monitor @{exec_path} {
|
|||||||
|
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
dbus bind bus=session name=org.gtk.vfs.GPhoto2VolumeMonitor,
|
dbus bind bus=session name=org.gtk.vfs.GPhoto2VolumeMonitor,
|
||||||
dbus (send, receive) bus=session path=/org/gtk/Private/RemoteVolumeMonitor
|
dbus (send, receive) bus=session path=/org/gtk/Private/RemoteVolumeMonitor
|
||||||
interface=org.gtk.Private.RemoteVolumeMonitor
|
interface=org.gtk.Private.RemoteVolumeMonitor
|
||||||
|
@ -15,6 +15,8 @@ profile gvfs-mtp-volume-monitor @{exec_path} {
|
|||||||
|
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
dbus bind bus=session name=org.gtk.vfs.MTPVolumeMonitor,
|
dbus bind bus=session name=org.gtk.vfs.MTPVolumeMonitor,
|
||||||
dbus (send, receive) bus=session path=/org/gtk/Private/RemoteVolumeMonitor
|
dbus (send, receive) bus=session path=/org/gtk/Private/RemoteVolumeMonitor
|
||||||
interface=org.gtk.Private.RemoteVolumeMonitor
|
interface=org.gtk.Private.RemoteVolumeMonitor
|
||||||
|
@ -26,6 +26,7 @@ profile gvfs-udisks2-volume-monitor @{exec_path} flags=(attach_disconnected) {
|
|||||||
network inet6 stream,
|
network inet6 stream,
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
signal (send) set=(term, kill) peer=mount,
|
signal (send) set=(term, kill) peer=mount,
|
||||||
|
|
||||||
ptrace (read),
|
ptrace (read),
|
||||||
|
@ -12,6 +12,8 @@ profile gvfsd @{exec_path} {
|
|||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/bus-session>
|
include <abstractions/bus-session>
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
dbus bind bus=session name=org.gtk.vfs.Daemon,
|
dbus bind bus=session name=org.gtk.vfs.Daemon,
|
||||||
|
|
||||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||||
|
@ -13,10 +13,12 @@ profile gvfsd-fuse @{exec_path} {
|
|||||||
include <abstractions/bus-session>
|
include <abstractions/bus-session>
|
||||||
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
||||||
|
|
||||||
unix (send,receive) type=stream addr=none peer=(label=gvfsd-fuse//fusermount),
|
|
||||||
|
|
||||||
mount fstype={fuse,fuse.*} -> @{run}/user/@{uid}/gvfs/,
|
mount fstype={fuse,fuse.*} -> @{run}/user/@{uid}/gvfs/,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
|
unix (send,receive) type=stream addr=none peer=(label=gvfsd-fuse//fusermount),
|
||||||
|
|
||||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||||
interface=org.gtk.vfs.MountTracker
|
interface=org.gtk.vfs.MountTracker
|
||||||
member=RegisterFuse
|
member=RegisterFuse
|
||||||
@ -42,11 +44,13 @@ profile gvfsd-fuse @{exec_path} {
|
|||||||
capability dac_read_search,
|
capability dac_read_search,
|
||||||
capability sys_admin, # To mount anything
|
capability sys_admin, # To mount anything
|
||||||
|
|
||||||
unix (send,receive) type=stream addr=none peer=(label=gvfsd-fuse),
|
|
||||||
|
|
||||||
mount fstype={fuse,fuse.*} -> @{run}/user/@{uid}/gvfs/,
|
mount fstype={fuse,fuse.*} -> @{run}/user/@{uid}/gvfs/,
|
||||||
umount @{run}/user/@{uid}/**/,
|
umount @{run}/user/@{uid}/**/,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
|
unix (send,receive) type=stream addr=none peer=(label=gvfsd-fuse),
|
||||||
|
|
||||||
@{bin}/fusermount{,3} mr,
|
@{bin}/fusermount{,3} mr,
|
||||||
|
|
||||||
/etc/fuse{,3}.conf r,
|
/etc/fuse{,3}.conf r,
|
||||||
|
@ -23,6 +23,8 @@ profile wireplumber @{exec_path} {
|
|||||||
network bluetooth stream,
|
network bluetooth stream,
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
|
signal (receive) set=(cont, term) peer=systemd-user,
|
||||||
|
|
||||||
dbus bind bus=session name=org.freedesktop.ReserveDevice1.Audio0,
|
dbus bind bus=session name=org.freedesktop.ReserveDevice1.Audio0,
|
||||||
|
|
||||||
dbus receive bus=session
|
dbus receive bus=session
|
||||||
|
Loading…
Reference in New Issue
Block a user