From cc9e7fdde156bb11ea33bbd3b2063cd617d68ba6 Mon Sep 17 00:00:00 2001 From: valoq Date: Fri, 7 Jun 2024 10:57:21 +0200 Subject: [PATCH 1/8] add preview tools --- apparmor.d/profiles-a-f/elinks | 21 +++++++++++++++++++++ apparmor.d/profiles-a-f/ffmpegthumbnailer | 17 +++++++++++++++++ apparmor.d/profiles-g-l/img2txt | 17 +++++++++++++++++ apparmor.d/profiles-m-r/odt2txt | 17 +++++++++++++++++ apparmor.d/profiles-m-r/pdftotext | 19 +++++++++++++++++++ apparmor.d/profiles-s-z/w3m | 19 +++++++++++++++++++ 6 files changed, 110 insertions(+) create mode 100644 apparmor.d/profiles-a-f/elinks create mode 100644 apparmor.d/profiles-a-f/ffmpegthumbnailer create mode 100644 apparmor.d/profiles-g-l/img2txt create mode 100644 apparmor.d/profiles-m-r/odt2txt create mode 100644 apparmor.d/profiles-m-r/pdftotext create mode 100644 apparmor.d/profiles-s-z/w3m diff --git a/apparmor.d/profiles-a-f/elinks b/apparmor.d/profiles-a-f/elinks new file mode 100644 index 00000000..7154acb5 --- /dev/null +++ b/apparmor.d/profiles-a-f/elinks @@ -0,0 +1,21 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 valoq +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/elinks +profile elinks @{exec_path} { + include + include + include + include + + @{exec_path} mr, + + owner @{user_config_dirs}/elinks/{,**} rw, + + include if exists +} diff --git a/apparmor.d/profiles-a-f/ffmpegthumbnailer b/apparmor.d/profiles-a-f/ffmpegthumbnailer new file mode 100644 index 00000000..f1b3b181 --- /dev/null +++ b/apparmor.d/profiles-a-f/ffmpegthumbnailer @@ -0,0 +1,17 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 valoq +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/ffmpegthumbnailer +profile ffmpegthumbnailer @{exec_path} { + include + include + + @{exec_path} mr, + + include if exists +} diff --git a/apparmor.d/profiles-g-l/img2txt b/apparmor.d/profiles-g-l/img2txt new file mode 100644 index 00000000..d409f0a5 --- /dev/null +++ b/apparmor.d/profiles-g-l/img2txt @@ -0,0 +1,17 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 valoq +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/img2txt +profile img2txt @{exec_path} { + include + include + + @{exec_path} mr, + + include if exists +} diff --git a/apparmor.d/profiles-m-r/odt2txt b/apparmor.d/profiles-m-r/odt2txt new file mode 100644 index 00000000..13a29167 --- /dev/null +++ b/apparmor.d/profiles-m-r/odt2txt @@ -0,0 +1,17 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 valoq +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/odt2txt +profile odt2txt @{exec_path} { + include + include + + @{exec_path} mr, + + include if exists +} diff --git a/apparmor.d/profiles-m-r/pdftotext b/apparmor.d/profiles-m-r/pdftotext new file mode 100644 index 00000000..e0230d62 --- /dev/null +++ b/apparmor.d/profiles-m-r/pdftotext @@ -0,0 +1,19 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 valoq +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/pdftotext +profile pdftotext @{exec_path} { + include + include + + @{exec_path} mr, + + /usr/share/poppler/{,**} r, + + include if exists +} diff --git a/apparmor.d/profiles-s-z/w3m b/apparmor.d/profiles-s-z/w3m new file mode 100644 index 00000000..60f66149 --- /dev/null +++ b/apparmor.d/profiles-s-z/w3m @@ -0,0 +1,19 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 valoq +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/w3m +profile w3m @{exec_path} { + include + include + + @{exec_path} mr, + + /usr/share/terminfo/{,**} r, + + include if exists +} From 7b69b696fb8bb772defd570a1341172c2db12052 Mon Sep 17 00:00:00 2001 From: valoq Date: Fri, 7 Jun 2024 11:02:32 +0200 Subject: [PATCH 2/8] use strict abstraction --- apparmor.d/profiles-a-f/elinks | 2 +- apparmor.d/profiles-a-f/ffmpegthumbnailer | 2 +- apparmor.d/profiles-g-l/img2txt | 2 +- apparmor.d/profiles-m-r/odt2txt | 2 +- apparmor.d/profiles-m-r/pdftotext | 2 +- apparmor.d/profiles-s-z/w3m | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/apparmor.d/profiles-a-f/elinks b/apparmor.d/profiles-a-f/elinks index 7154acb5..ee9c4bd1 100644 --- a/apparmor.d/profiles-a-f/elinks +++ b/apparmor.d/profiles-a-f/elinks @@ -11,7 +11,7 @@ profile elinks @{exec_path} { include include include - include + include @{exec_path} mr, diff --git a/apparmor.d/profiles-a-f/ffmpegthumbnailer b/apparmor.d/profiles-a-f/ffmpegthumbnailer index f1b3b181..34d37e75 100644 --- a/apparmor.d/profiles-a-f/ffmpegthumbnailer +++ b/apparmor.d/profiles-a-f/ffmpegthumbnailer @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/ffmpegthumbnailer profile ffmpegthumbnailer @{exec_path} { include - include + include @{exec_path} mr, diff --git a/apparmor.d/profiles-g-l/img2txt b/apparmor.d/profiles-g-l/img2txt index d409f0a5..1b351877 100644 --- a/apparmor.d/profiles-g-l/img2txt +++ b/apparmor.d/profiles-g-l/img2txt @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/img2txt profile img2txt @{exec_path} { include - include + include @{exec_path} mr, diff --git a/apparmor.d/profiles-m-r/odt2txt b/apparmor.d/profiles-m-r/odt2txt index 13a29167..9be8b864 100644 --- a/apparmor.d/profiles-m-r/odt2txt +++ b/apparmor.d/profiles-m-r/odt2txt @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/odt2txt profile odt2txt @{exec_path} { include - include + include @{exec_path} mr, diff --git a/apparmor.d/profiles-m-r/pdftotext b/apparmor.d/profiles-m-r/pdftotext index e0230d62..9980cff6 100644 --- a/apparmor.d/profiles-m-r/pdftotext +++ b/apparmor.d/profiles-m-r/pdftotext @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/pdftotext profile pdftotext @{exec_path} { include - include + include @{exec_path} mr, diff --git a/apparmor.d/profiles-s-z/w3m b/apparmor.d/profiles-s-z/w3m index 60f66149..557f68c9 100644 --- a/apparmor.d/profiles-s-z/w3m +++ b/apparmor.d/profiles-s-z/w3m @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/w3m profile w3m @{exec_path} { include - include + include @{exec_path} mr, From 94a654e318b007135925a6661a6a52ce253dc06b Mon Sep 17 00:00:00 2001 From: valoq Date: Sat, 8 Jun 2024 12:50:56 +0200 Subject: [PATCH 3/8] fix lynx profile --- apparmor.d/profiles-g-l/lynx | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/apparmor.d/profiles-g-l/lynx b/apparmor.d/profiles-g-l/lynx index a9b3691d..2c205f73 100644 --- a/apparmor.d/profiles-g-l/lynx +++ b/apparmor.d/profiles-g-l/lynx @@ -13,6 +13,8 @@ profile lynx @{exec_path} { include include include + include + include network inet dgram, network inet6 dgram, @@ -20,20 +22,19 @@ profile lynx @{exec_path} { network inet6 stream, @{exec_path} mr, - - /etc/lynx/{,*} r, - + @{sh_path} rix, + + /usr/share/terminfo/{,**} r, /usr/share/doc/lynx-common/** r, - /etc/mime.types r, - - @{sh_path} rix, + /etc/lynx.cfg r, + /etc/lynx.lss r, + /etc/lynx/{,**} r, /etc/mailcap r, + /etc/mime.types r, owner @{tmp}/lynxXXXX*/ rw, owner @{tmp}/lynxXXXX*/*TMP.html{,.gz} rw, - owner @{HOME}/ r, - include if exists } From d7e09d88fd64998e86540e0fffb93bc94617e559 Mon Sep 17 00:00:00 2001 From: valoq Date: Sat, 8 Jun 2024 12:58:01 +0200 Subject: [PATCH 4/8] complete browsers --- apparmor.d/profiles-a-f/elinks | 6 ++++++ apparmor.d/profiles-s-z/w3m | 8 ++++++++ 2 files changed, 14 insertions(+) diff --git a/apparmor.d/profiles-a-f/elinks b/apparmor.d/profiles-a-f/elinks index ee9c4bd1..d926271f 100644 --- a/apparmor.d/profiles-a-f/elinks +++ b/apparmor.d/profiles-a-f/elinks @@ -11,8 +11,14 @@ profile elinks @{exec_path} { include include include + include include + network inet dgram, + network inet6 dgram, + network inet stream, + network inet6 stream, + @{exec_path} mr, owner @{user_config_dirs}/elinks/{,**} rw, diff --git a/apparmor.d/profiles-s-z/w3m b/apparmor.d/profiles-s-z/w3m index 557f68c9..772d07f8 100644 --- a/apparmor.d/profiles-s-z/w3m +++ b/apparmor.d/profiles-s-z/w3m @@ -9,8 +9,16 @@ include @{exec_path} = @{bin}/w3m profile w3m @{exec_path} { include + include + include + include include + network inet dgram, + network inet6 dgram, + network inet stream, + network inet6 stream, + @{exec_path} mr, /usr/share/terminfo/{,**} r, From 26e7da6641df8f4cdbb50d0a16aef1dee8631107 Mon Sep 17 00:00:00 2001 From: valoq Date: Thu, 13 Jun 2024 11:01:19 +0200 Subject: [PATCH 5/8] add config dirs --- apparmor.d/profiles-s-z/w3m | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/apparmor.d/profiles-s-z/w3m b/apparmor.d/profiles-s-z/w3m index 772d07f8..4cc6b57e 100644 --- a/apparmor.d/profiles-s-z/w3m +++ b/apparmor.d/profiles-s-z/w3m @@ -23,5 +23,11 @@ profile w3m @{exec_path} { /usr/share/terminfo/{,**} r, + /etc/w3m/{,**} r, + owner @{HOME}/.w3m/{,**} r, + owner @{user_config_dirs}/w3m/{,**} r, + + owner /tmp/@{rand6}/{,**} rw, + include if exists } From eefb67351f518987206b00ab49ce756a2fceb40b Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 14 Jun 2024 06:40:09 +0200 Subject: [PATCH 6/8] Add missing `user_games_dirs` and reorganise alphabetically Also adds (s) after "Default Value" to make it more clear that you can add multiple values. --- docs/variables.md | 81 ++++++++++++++++++++++++----------------------- 1 file changed, 41 insertions(+), 40 deletions(-) diff --git a/docs/variables.md b/docs/variables.md index 6ea5285c..0ca199f6 100644 --- a/docs/variables.md +++ b/docs/variables.md @@ -6,61 +6,64 @@ title: Variables References ### User directories -| Description | Name | Default Value | +| Description | Name | Default Value(s) | |-------------|:----:|---------------| +| Books | `@{XDG_BOOKS_DIR}` | `Books` | | Desktop | `@{XDG_DESKTOP_DIR}` | `Desktop` | -| Download | `@{XDG_DOWNLOAD_DIR}` | `Downloads` | -| Templates | `@{XDG_TEMPLATES_DIR}` | `Templates` | -| Public | `@{XDG_PUBLICSHARE_DIR}` | `Public` | +| Disk images | `@{XDG_IMG_DIR}` | `images` | | Documents | `@{XDG_DOCUMENTS_DIR}` | `Documents` | +| Download | `@{XDG_DOWNLOAD_DIR}` | `Downloads` | | Music | `@{XDG_MUSIC_DIR}` | `Music` | | Pictures | `@{XDG_PICTURES_DIR}` | `Pictures` | -| Videos | `@{XDG_VIDEOS_DIR}` | `Videos` | -| Books | `@{XDG_BOOKS_DIR}` | `Books` | | Projects | `@{XDG_PROJECTS_DIR}` | `Projects` | +| Public | `@{XDG_PUBLICSHARE_DIR}` | `Public` | | Screenshots | `@{XDG_SCREENSHOTS_DIR}` | `@{XDG_PICTURES_DIR}/Screenshots` | | Sync | `@{XDG_SYNC_DIR}` | `Sync` | +| Templates | `@{XDG_TEMPLATES_DIR}` | `Templates` | | Torrents | `@{XDG_TORRENTS_DIR}` | `Torrents` | +| Videos | `@{XDG_VIDEOS_DIR}` | `Videos` | | Vm | `@{XDG_VM_DIR}` | `.vm` | Wallpapers | `@{XDG_WALLPAPERS_DIR}` | `@{XDG_PICTURES_DIR}/Wallpapers` | -| Disk images | `@{XDG_IMG_DIR}` | `images` | ### Dotfiles -| Description | Name | Default Value | +| Description | Name | Default Value(s) | |-------------|:----:|---------------| -| SSH | `@{XDG_SSH_DIR}` | `.ssh` | -| GPG | `@{XDG_GPG_DIR}` | `.gnupg` | -| Passwords | `@{XDG_PASSWORD_STORE_DIR}` | `.password-store` | +| Bin | `@{XDG_BIN_DIR}` | `.local/bin` | | Cache | ` @{XDG_CACHE_DIR}` | `.cache` | | Config | `@{XDG_CONFIG_DIR}` | `.config` | | Data | `@{XDG_DATA_DIR}` | `.local/share` | -| State | `@{XDG_STATE_DIR}` | `.local/state` | -| Bin | `@{XDG_BIN_DIR}` | `.local/bin` | +| GPG | `@{XDG_GPG_DIR}` | `.gnupg` | | Lib | `@{XDG_LIB_DIR}` | `.local/lib` | +| Passwords | `@{XDG_PASSWORD_STORE_DIR}` | `.password-store` | +| SSH | `@{XDG_SSH_DIR}` | `.ssh` | +| State | `@{XDG_STATE_DIR}` | `.local/state` | ### Full configuration path -| Description | Name | Default Value | +| Description | Name | Default Value(s) | |-------------|:----:|---------------| +| Bin | `@{user_bin_dirs}` | `@{HOME}/@{XDG_BIN_DIR}` | +| Build | `@{user_build_dirs}` | `/tmp/` | | Cache | `@{user_cache_dirs}` | `@{HOME}/@{XDG_CACHE_DIR}` | | Config | `@{user_config_dirs}` | `@{HOME}/@{XDG_CONFIG_DIR}` | +| Lib | `@{user_lib_dirs}` | `@{HOME}/@{XDG_LIB_DIR}` | +| Packages | `@{user_pkg_dirs}` | `/tmp/pkg/` | | Share | `@{user_share_dirs}` | ` @{HOME}/@{XDG_DATA_DIR}` | | State | `@{user_state_dirs}` | ` @{HOME}/@{XDG_STATE_DIR}` | -| Bin | `@{user_bin_dirs}` | `@{HOME}/@{XDG_BIN_DIR}` | -| Lib | `@{user_lib_dirs}` | `@{HOME}/@{XDG_LIB_DIR}` | -| Build | `@{user_build_dirs}` | `/tmp/` | | Tmp | `@{user_tmp_dirs}` | `@{run}/user/@{uid} /tmp/` | -| Packages | `@{user_pkg_dirs}` | `/tmp/pkg/` | ### Full user path -| Description | Name | Default Value | +| Description | Name | Default Value(s) | |-------------|:----:|---------------| | Books | `@{user_books_dirs}` | `@{HOME}/@{XDG_BOOKS_DIR} @{MOUNTS}/@{XDG_BOOKS_DIR}` | +| Disk images | `@{user_img_dirs}` | `@{HOME}/@{XDG_IMG_DIR} @{MOUNTS}/@{XDG_IMG_DIR}` | | Documents | `@{user_documents_dirs}` | `@{HOME}/@{XDG_DOCUMENTS_DIR} @{MOUNTS}/@{XDG_DOCUMENTS_DIR}` | | Download | `@{user_download_dirs}` | `@{HOME}/@{XDG_DOWNLOAD_DIR} @{MOUNTS}/@{XDG_DOWNLOAD_DIR}` | +| Games | `@{user_games_dirs}` | `@{HOME}/@{XDG_GAMES_DIR} @{MOUNTS}/@{XDG_GAMES_DIR}` | | Music | `@{user_music_dirs}` | `@{HOME}/@{XDG_MUSIC_DIR} @{MOUNTS}/@{XDG_MUSIC_DIR}` | +| Password | `@{user_password_store_dirs}` | `@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}` | | Pictures | `@{user_pictures_dirs}` | `@{HOME}/@{XDG_PICTURES_DIR} @{MOUNTS}/@{XDG_PICTURES_DIR}` | | Projects | `@{user_projects_dirs}` | `@{HOME}/@{XDG_PROJECTS_DIR} @{MOUNTS}/@{XDG_PROJECTS_DIR}` | | Public | `@{user_publicshare_dirs}` | `@{HOME}/@{XDG_PUBLICSHARE_DIR} @{MOUNTS}/@{XDG_PUBLICSHARE_DIR}` | @@ -69,8 +72,6 @@ title: Variables References | Torrents | `@{user_torrents_dirs}` | `@{HOME}/@{XDG_TORRENTS_DIR} @{MOUNTS}/@{XDG_TORRENTS_DIR}` | | Videos | `@{user_videos_dirs}` | `@{HOME}/@{XDG_VIDEOS_DIR} @{MOUNTS}/@{XDG_VIDEOS_DIR}` | | Vm | `@{user_vm_dirs}` | `@{HOME}/@{XDG_VM_DIR} @{MOUNTS}/@{XDG_VM_DIR}` -| Password | `@{user_password_store_dirs}` | `@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}` | -| Disk images | `@{user_img_dirs}` | `@{HOME}/@{XDG_IMG_DIR} @{MOUNTS}/@{XDG_IMG_DIR}` | ## System variables @@ -81,46 +82,46 @@ title: Variables References **Helper variables** -| Description | Name | Default Value | +| Description | Name | Default Value(s) | |-------------|:----:|---------------| -| Integer (up to 10 digits) | `@{int}` | `[0-9]{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}` | | Any 6, 8 or 10 characters | `@{rand6}`, `@{rand8}`, `@{rand10}` | | -| Hexadecimal | `@{h}*@{h}` | | -| Universally unique identifier | `@{uuid}` | | | Current Process id | `@{pid}` | `[0-9]*` | -| Processes ids | `@{pids}` | `[0-9]*` | -| User id | `@{uid}` | `[0-9]*` | -| Thread id | `@{tid}` | `[0-9]*` | -| Single hexadecimal character | `@{h}` | `[0-9a-fA-F]` | -| Single alphanumeric character | `@{c}` | `[0-9a-zA-Z]` | +| Hexadecimal | `@{h}*@{h}` | | +| Integer (up to 10 digits) | `@{int}` | `[0-9]{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}` | | PCI Devices | `@{pci}` | `@{pci_bus}/**/` | | PCI Bus | `@{pci_bus}` | `pci@{h}@{h}@{h}@{h}:@{h}@{h}` | | PCI Id | `@{pci_id}` | `@{h}@{h}@{h}@{h}:@{h}@{h}:@{h}@{h}.@{h}` | +| Processes ids | `@{pids}` | `[0-9]*` | +| Single hexadecimal character | `@{h}` | `[0-9a-fA-F]` | +| Single alphanumeric character | `@{c}` | `[0-9a-zA-Z]` | +| Thread id | `@{tid}` | `[0-9]*` | +| Universally unique identifier | `@{uuid}` | | +| User id | `@{uid}` | `[0-9]*` | **System Paths** -| Description | Name | Default Value | +| Description | Name | Default Value(s) | |-------------|:----:|---------------| -| Root Home | `@{HOMEDIRS}` | `/home/` | -| Home directories | `@{HOME}` | `@{HOMEDIRS}/*/ /root/` | -| Root Mountpoints | `@{MOUNTDIRS}` | `/media/ @{run}/media/ /mnt/` | -| Mountpoints directories | `@{MOUNTS}` | `@{MOUNTDIRS}/*/` | | Bin | `@{bin}` | `/{usr/,}{s,}bin` | +| Flatpack export | `@{flatpak_exports_root}` | `{flatpak/exports,flatpak/{app,runtime}/*/*/*/*/export}` | +| Home directories | `@{HOME}` | `@{HOMEDIRS}/*/ /root/` | | Lib | `@{lib}` | `/{usr/,}lib{,exec,32,64}` | -| multi-arch library | `@{multiarch}` | `*-linux-gnu*` | | Proc | `@{PROC}` | `/proc/` | +| Mountpoints directories | `@{MOUNTS}` | `@{MOUNTDIRS}/*/` | +| multi-arch library | `@{multiarch}` | `*-linux-gnu*` | +| Root Home | `@{HOMEDIRS}` | `/home/` | +| Root Mountpoints | `@{MOUNTDIRS}` | `/media/ @{run}/media/ /mnt/` | | Run | `@{run}` | `/run/ /var/run/` | | Sys | `@{sys}` | `/sys/` | -| Flatpack export | `@{flatpak_exports_root}` | `{flatpak/exports,flatpak/{app,runtime}/*/*/*/*/export}` | | System wide share | `@{system_share_dirs}` | `/{usr,usr/local,var/lib/@{flatpak_exports_root}}/share` | **Program paths** -| Description | Name | Default Value | +| Description | Name | Default Value(s) | |-------------|:----:|---------------| +| All browser paths | `@{*_path}` | See [tunables/multiarch.d/paths](https://github.com/roddhjav/apparmor.d/blob/c2d88c9bffc626fcf7d9b15b42b50706afb29562/apparmor.d/tunables/multiarch.d/paths#L11) | All the shells | `@{shells}` | `sh zsh bash dash fish rbash ksh tcsh csh` | -| Shells path | `@{shells_path}` | `@{bin}/@{shells}` | | Coreutils programs that should not have dedicated profile | `@{coreutils}` | See [tunables/multiarch.d/paths](https://github.com/roddhjav/apparmor.d/blob/c2d88c9bffc626fcf7d9b15b42b50706afb29562/apparmor.d/tunables/multiarch.d/paths#L46) | | Coreutils paths | `@{coreutils_path}` | `@{bin}/@{coreutils}` | | Launcher paths | `@{open_path}` | `@{bin}/exo-open @{bin}/xdg-open @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop @{lib}/gio-launch-desktop` -| All browser paths | `@{*_path}` | See [tunables/multiarch.d/paths](https://github.com/roddhjav/apparmor.d/blob/c2d88c9bffc626fcf7d9b15b42b50706afb29562/apparmor.d/tunables/multiarch.d/paths#L11) +| Shells path | `@{shells_path}` | `@{bin}/@{shells}` | From afbe5a95d06ab1495c9ac153e8c26a4f3db9d548 Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 14 Jun 2024 06:53:22 +0200 Subject: [PATCH 7/8] Add XDG_GAMES_DIR --- docs/variables.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/variables.md b/docs/variables.md index 0ca199f6..efbcb8e1 100644 --- a/docs/variables.md +++ b/docs/variables.md @@ -13,6 +13,7 @@ title: Variables References | Disk images | `@{XDG_IMG_DIR}` | `images` | | Documents | `@{XDG_DOCUMENTS_DIR}` | `Documents` | | Download | `@{XDG_DOWNLOAD_DIR}` | `Downloads` | +| Games | `@{XDG_GAMES_DIR}` | `.games` | | Music | `@{XDG_MUSIC_DIR}` | `Music` | | Pictures | `@{XDG_PICTURES_DIR}` | `Pictures` | | Projects | `@{XDG_PROJECTS_DIR}` | `Projects` | From aea114b1ec1c01f460f4b316a5fa00bf9e14a519 Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 14 Jun 2024 19:54:35 +0200 Subject: [PATCH 8/8] Reorganise based on type As discussed in DMs --- docs/variables.md | 88 +++++++++++++++++++++++------------------------ 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/docs/variables.md b/docs/variables.md index efbcb8e1..6045faf0 100644 --- a/docs/variables.md +++ b/docs/variables.md @@ -8,71 +8,71 @@ title: Variables References | Description | Name | Default Value(s) | |-------------|:----:|---------------| -| Books | `@{XDG_BOOKS_DIR}` | `Books` | | Desktop | `@{XDG_DESKTOP_DIR}` | `Desktop` | -| Disk images | `@{XDG_IMG_DIR}` | `images` | | Documents | `@{XDG_DOCUMENTS_DIR}` | `Documents` | -| Download | `@{XDG_DOWNLOAD_DIR}` | `Downloads` | -| Games | `@{XDG_GAMES_DIR}` | `.games` | +| Downloads | `@{XDG_DOWNLOAD_DIR}` | `Downloads` | | Music | `@{XDG_MUSIC_DIR}` | `Music` | | Pictures | `@{XDG_PICTURES_DIR}` | `Pictures` | -| Projects | `@{XDG_PROJECTS_DIR}` | `Projects` | -| Public | `@{XDG_PUBLICSHARE_DIR}` | `Public` | -| Screenshots | `@{XDG_SCREENSHOTS_DIR}` | `@{XDG_PICTURES_DIR}/Screenshots` | -| Sync | `@{XDG_SYNC_DIR}` | `Sync` | -| Templates | `@{XDG_TEMPLATES_DIR}` | `Templates` | -| Torrents | `@{XDG_TORRENTS_DIR}` | `Torrents` | | Videos | `@{XDG_VIDEOS_DIR}` | `Videos` | -| Vm | `@{XDG_VM_DIR}` | `.vm` +| Screenshots | `@{XDG_SCREENSHOTS_DIR}` | `@{XDG_PICTURES_DIR}/Screenshots` | | Wallpapers | `@{XDG_WALLPAPERS_DIR}` | `@{XDG_PICTURES_DIR}/Wallpapers` | +| Books | `@{XDG_BOOKS_DIR}` | `Books` | +| Games | `@{XDG_GAMES_DIR}` | `.games` | +| Templates | `@{XDG_TEMPLATES_DIR}` | `Templates` | +| Public | `@{XDG_PUBLICSHARE_DIR}` | `Public` | +| Projects | `@{XDG_PROJECTS_DIR}` | `Projects` | +| Sync | `@{XDG_SYNC_DIR}` | `Sync` | +| Torrents | `@{XDG_TORRENTS_DIR}` | `Torrents` | +| Vm | `@{XDG_VM_DIR}` | `.vm` +| Disk images | `@{XDG_IMG_DIR}` | `images` | ### Dotfiles | Description | Name | Default Value(s) | |-------------|:----:|---------------| -| Bin | `@{XDG_BIN_DIR}` | `.local/bin` | | Cache | ` @{XDG_CACHE_DIR}` | `.cache` | | Config | `@{XDG_CONFIG_DIR}` | `.config` | | Data | `@{XDG_DATA_DIR}` | `.local/share` | -| GPG | `@{XDG_GPG_DIR}` | `.gnupg` | -| Lib | `@{XDG_LIB_DIR}` | `.local/lib` | -| Passwords | `@{XDG_PASSWORD_STORE_DIR}` | `.password-store` | -| SSH | `@{XDG_SSH_DIR}` | `.ssh` | | State | `@{XDG_STATE_DIR}` | `.local/state` | +| Bin | `@{XDG_BIN_DIR}` | `.local/bin` | +| Lib | `@{XDG_LIB_DIR}` | `.local/lib` | +| GPG | `@{XDG_GPG_DIR}` | `.gnupg` | +| SSH | `@{XDG_SSH_DIR}` | `.ssh` | +| Passwords | `@{XDG_PASSWORD_STORE_DIR}` | `.password-store` | ### Full configuration path | Description | Name | Default Value(s) | |-------------|:----:|---------------| -| Bin | `@{user_bin_dirs}` | `@{HOME}/@{XDG_BIN_DIR}` | -| Build | `@{user_build_dirs}` | `/tmp/` | | Cache | `@{user_cache_dirs}` | `@{HOME}/@{XDG_CACHE_DIR}` | | Config | `@{user_config_dirs}` | `@{HOME}/@{XDG_CONFIG_DIR}` | +| Bin | `@{user_bin_dirs}` | `@{HOME}/@{XDG_BIN_DIR}` | | Lib | `@{user_lib_dirs}` | `@{HOME}/@{XDG_LIB_DIR}` | -| Packages | `@{user_pkg_dirs}` | `/tmp/pkg/` | | Share | `@{user_share_dirs}` | ` @{HOME}/@{XDG_DATA_DIR}` | | State | `@{user_state_dirs}` | ` @{HOME}/@{XDG_STATE_DIR}` | +| Build | `@{user_build_dirs}` | `/tmp/` | +| Packages | `@{user_pkg_dirs}` | `/tmp/pkg/` | | Tmp | `@{user_tmp_dirs}` | `@{run}/user/@{uid} /tmp/` | ### Full user path | Description | Name | Default Value(s) | |-------------|:----:|---------------| -| Books | `@{user_books_dirs}` | `@{HOME}/@{XDG_BOOKS_DIR} @{MOUNTS}/@{XDG_BOOKS_DIR}` | -| Disk images | `@{user_img_dirs}` | `@{HOME}/@{XDG_IMG_DIR} @{MOUNTS}/@{XDG_IMG_DIR}` | | Documents | `@{user_documents_dirs}` | `@{HOME}/@{XDG_DOCUMENTS_DIR} @{MOUNTS}/@{XDG_DOCUMENTS_DIR}` | -| Download | `@{user_download_dirs}` | `@{HOME}/@{XDG_DOWNLOAD_DIR} @{MOUNTS}/@{XDG_DOWNLOAD_DIR}` | -| Games | `@{user_games_dirs}` | `@{HOME}/@{XDG_GAMES_DIR} @{MOUNTS}/@{XDG_GAMES_DIR}` | +| Downloads | `@{user_download_dirs}` | `@{HOME}/@{XDG_DOWNLOAD_DIR} @{MOUNTS}/@{XDG_DOWNLOAD_DIR}` | | Music | `@{user_music_dirs}` | `@{HOME}/@{XDG_MUSIC_DIR} @{MOUNTS}/@{XDG_MUSIC_DIR}` | -| Password | `@{user_password_store_dirs}` | `@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}` | | Pictures | `@{user_pictures_dirs}` | `@{HOME}/@{XDG_PICTURES_DIR} @{MOUNTS}/@{XDG_PICTURES_DIR}` | +| Videos | `@{user_videos_dirs}` | `@{HOME}/@{XDG_VIDEOS_DIR} @{MOUNTS}/@{XDG_VIDEOS_DIR}` | +| Books | `@{user_books_dirs}` | `@{HOME}/@{XDG_BOOKS_DIR} @{MOUNTS}/@{XDG_BOOKS_DIR}` | +| Games | `@{user_games_dirs}` | `@{HOME}/@{XDG_GAMES_DIR} @{MOUNTS}/@{XDG_GAMES_DIR}` | +| Passwords | `@{user_password_store_dirs}` | `@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}` | | Projects | `@{user_projects_dirs}` | `@{HOME}/@{XDG_PROJECTS_DIR} @{MOUNTS}/@{XDG_PROJECTS_DIR}` | | Public | `@{user_publicshare_dirs}` | `@{HOME}/@{XDG_PUBLICSHARE_DIR} @{MOUNTS}/@{XDG_PUBLICSHARE_DIR}` | -| Sync | `@{user_sync_dirs}` | `@{HOME}/@{XDG_SYNC_DIR} @{MOUNTS}/*/@{XDG_SYNC_DIR}` | | Templates | `@{user_templates_dirs}` | `@{HOME}/@{XDG_TEMPLATES_DIR} @{MOUNTS}/@{XDG_TEMPLATES_DIR}` | | Torrents | `@{user_torrents_dirs}` | `@{HOME}/@{XDG_TORRENTS_DIR} @{MOUNTS}/@{XDG_TORRENTS_DIR}` | -| Videos | `@{user_videos_dirs}` | `@{HOME}/@{XDG_VIDEOS_DIR} @{MOUNTS}/@{XDG_VIDEOS_DIR}` | +| Sync | `@{user_sync_dirs}` | `@{HOME}/@{XDG_SYNC_DIR} @{MOUNTS}/*/@{XDG_SYNC_DIR}` | | Vm | `@{user_vm_dirs}` | `@{HOME}/@{XDG_VM_DIR} @{MOUNTS}/@{XDG_VM_DIR}` +| Disk images | `@{user_img_dirs}` | `@{HOME}/@{XDG_IMG_DIR} @{MOUNTS}/@{XDG_IMG_DIR}` | ## System variables @@ -85,44 +85,44 @@ title: Variables References | Description | Name | Default Value(s) | |-------------|:----:|---------------| -| Any 6, 8 or 10 characters | `@{rand6}`, `@{rand8}`, `@{rand10}` | | -| Current Process id | `@{pid}` | `[0-9]*` | -| Hexadecimal | `@{h}*@{h}` | | | Integer (up to 10 digits) | `@{int}` | `[0-9]{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}` | +| Any 6, 8 or 10 characters | `@{rand6}`, `@{rand8}`, `@{rand10}` | | +| Hexadecimal | `@{h}*@{h}` | | +| Universally unique identifier | `@{uuid}` | | +| Current Process id | `@{pid}` | `[0-9]*` | +| Processes ids | `@{pids}` | `[0-9]*` | +| User id | `@{uid}` | `[0-9]*` | +| Thread id | `@{tid}` | `[0-9]*` | +| Single hexadecimal character | `@{h}` | `[0-9a-fA-F]` | +| Single alphanumeric character | `@{c}` | `[0-9a-zA-Z]` | | PCI Devices | `@{pci}` | `@{pci_bus}/**/` | | PCI Bus | `@{pci_bus}` | `pci@{h}@{h}@{h}@{h}:@{h}@{h}` | | PCI Id | `@{pci_id}` | `@{h}@{h}@{h}@{h}:@{h}@{h}:@{h}@{h}.@{h}` | -| Processes ids | `@{pids}` | `[0-9]*` | -| Single hexadecimal character | `@{h}` | `[0-9a-fA-F]` | -| Single alphanumeric character | `@{c}` | `[0-9a-zA-Z]` | -| Thread id | `@{tid}` | `[0-9]*` | -| Universally unique identifier | `@{uuid}` | | -| User id | `@{uid}` | `[0-9]*` | **System Paths** | Description | Name | Default Value(s) | |-------------|:----:|---------------| -| Bin | `@{bin}` | `/{usr/,}{s,}bin` | -| Flatpack export | `@{flatpak_exports_root}` | `{flatpak/exports,flatpak/{app,runtime}/*/*/*/*/export}` | -| Home directories | `@{HOME}` | `@{HOMEDIRS}/*/ /root/` | -| Lib | `@{lib}` | `/{usr/,}lib{,exec,32,64}` | -| Proc | `@{PROC}` | `/proc/` | -| Mountpoints directories | `@{MOUNTS}` | `@{MOUNTDIRS}/*/` | -| multi-arch library | `@{multiarch}` | `*-linux-gnu*` | | Root Home | `@{HOMEDIRS}` | `/home/` | +| Home directories | `@{HOME}` | `@{HOMEDIRS}/*/ /root/` | | Root Mountpoints | `@{MOUNTDIRS}` | `/media/ @{run}/media/ /mnt/` | +| Mountpoints directories | `@{MOUNTS}` | `@{MOUNTDIRS}/*/` | +| Bin | `@{bin}` | `/{usr/,}{s,}bin` | +| Lib | `@{lib}` | `/{usr/,}lib{,exec,32,64}` | +| multi-arch library | `@{multiarch}` | `*-linux-gnu*` | +| Proc | `@{PROC}` | `/proc/` | | Run | `@{run}` | `/run/ /var/run/` | | Sys | `@{sys}` | `/sys/` | | System wide share | `@{system_share_dirs}` | `/{usr,usr/local,var/lib/@{flatpak_exports_root}}/share` | +| Flatpak export | `@{flatpak_exports_root}` | `{flatpak/exports,flatpak/{app,runtime}/*/*/*/*/export}` | **Program paths** | Description | Name | Default Value(s) | |-------------|:----:|---------------| -| All browser paths | `@{*_path}` | See [tunables/multiarch.d/paths](https://github.com/roddhjav/apparmor.d/blob/c2d88c9bffc626fcf7d9b15b42b50706afb29562/apparmor.d/tunables/multiarch.d/paths#L11) | All the shells | `@{shells}` | `sh zsh bash dash fish rbash ksh tcsh csh` | +| Shells path | `@{shells_path}` | `@{bin}/@{shells}` | | Coreutils programs that should not have dedicated profile | `@{coreutils}` | See [tunables/multiarch.d/paths](https://github.com/roddhjav/apparmor.d/blob/c2d88c9bffc626fcf7d9b15b42b50706afb29562/apparmor.d/tunables/multiarch.d/paths#L46) | | Coreutils paths | `@{coreutils_path}` | `@{bin}/@{coreutils}` | | Launcher paths | `@{open_path}` | `@{bin}/exo-open @{bin}/xdg-open @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop @{lib}/gio-launch-desktop` -| Shells path | `@{shells_path}` | `@{bin}/@{shells}` | +| All browser paths | `@{*_path}` | See [tunables/multiarch.d/paths](https://github.com/roddhjav/apparmor.d/blob/c2d88c9bffc626fcf7d9b15b42b50706afb29562/apparmor.d/tunables/multiarch.d/paths#L11)