mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-14 23:43:56 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:roddhjav/apparmor.d

Browse Source 
* 'main' of github.com:roddhjav/apparmor.d:
  Reorganise based on type
  Add XDG_GAMES_DIR
  Add missing `user_games_dirs` and reorganise alphabetically
  add config dirs
  complete browsers
  fix lynx profile
  use strict abstraction
  add preview tools
This commit is contained in:
Alexandre Pujol 2024-06-14 20:51:08 +01:00
commit d21af8246b
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
8 changed files with 166 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
apparmor.d/profiles-a-f/elinks Normal file
View File

@ -0,0 +1,27 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 valoq <valoq@mailbox.org>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{bin}/elinks
profile elinks @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>
include <abstractions/ssl_certs>
include <abstractions/user-download-strict>
include <abstractions/user-read-strict>
network inet dgram,
network inet6 dgram,
network inet stream,
network inet6 stream,
@{exec_path} mr,
owner @{user_config_dirs}/elinks/{,**} rw,
include if exists <local/elinks>
}

17
apparmor.d/profiles-a-f/ffmpegthumbnailer Normal file
View File

@ -0,0 +1,17 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 valoq <valoq@mailbox.org>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{bin}/ffmpegthumbnailer
profile ffmpegthumbnailer @{exec_path} {
include <abstractions/base>
include <abstractions/user-write-strict>
@{exec_path} mr,
include if exists <local/ffmpegthumbnailer>
}

17
apparmor.d/profiles-g-l/img2txt Normal file
View File

@ -0,0 +1,17 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 valoq <valoq@mailbox.org>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{bin}/img2txt
profile img2txt @{exec_path} {
include <abstractions/base>
include <abstractions/user-read-strict>
@{exec_path} mr,
include if exists <local/img2txt>
}

15
apparmor.d/profiles-g-l/lynx
View File

@ -13,6 +13,8 @@ profile lynx @{exec_path} {
include <abstractions/nameservice-strict>
include <abstractions/wutmp>
include <abstractions/ssl_certs>
include <abstractions/user-download-strict>
include <abstractions/user-read-strict>
network inet dgram,
network inet6 dgram,
@ -20,20 +22,19 @@ profile lynx @{exec_path} {
network inet6 stream,
@{exec_path} mr,
@{sh_path} rix,
/etc/lynx/{,*} r,
/usr/share/terminfo/{,**} r,
/usr/share/doc/lynx-common/** r,
/etc/mime.types r,
@{sh_path} rix,
/etc/lynx.cfg r,
/etc/lynx.lss r,
/etc/lynx/{,**} r,
/etc/mailcap r,
/etc/mime.types r,
owner @{tmp}/lynxXXXX*/ rw,
owner @{tmp}/lynxXXXX*/*TMP.html{,.gz} rw,
owner @{HOME}/ r,
include if exists <local/lynx>
}

17
apparmor.d/profiles-m-r/odt2txt Normal file
View File

@ -0,0 +1,17 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 valoq <valoq@mailbox.org>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{bin}/odt2txt
profile odt2txt @{exec_path} {
include <abstractions/base>
include <abstractions/user-write-strict>
@{exec_path} mr,
include if exists <local/odt2txt>
}

19
apparmor.d/profiles-m-r/pdftotext Normal file
View File

@ -0,0 +1,19 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 valoq <valoq@mailbox.org>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{bin}/pdftotext
profile pdftotext @{exec_path} {
include <abstractions/base>
include <abstractions/user-write-strict>
@{exec_path} mr,
/usr/share/poppler/{,**} r,
include if exists <local/pdftotext>
}

33
apparmor.d/profiles-s-z/w3m Normal file
View File

@ -0,0 +1,33 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 valoq <valoq@mailbox.org>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{bin}/w3m
profile w3m @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>
include <abstractions/ssl_certs>
include <abstractions/user-download-strict>
include <abstractions/user-read-strict>
network inet dgram,
network inet6 dgram,
network inet stream,
network inet6 stream,
@{exec_path} mr,
/usr/share/terminfo/{,**} r,
/etc/w3m/{,**} r,
owner @{HOME}/.w3m/{,**} r,
owner @{user_config_dirs}/w3m/{,**} r,
owner /tmp/@{rand6}/{,**} rw,
include if exists <local/w3m>
}

52
docs/variables.md
View File

@ -6,70 +6,72 @@ title: Variables References
### User directories
| Description | Name | Default Value |
| Description | Name | Default Value(s) |
|-------------|:----:|---------------|
| Desktop | `@{XDG_DESKTOP_DIR}` | `Desktop` |
| Download | `@{XDG_DOWNLOAD_DIR}` | `Downloads` |
| Templates | `@{XDG_TEMPLATES_DIR}` | `Templates` |
| Public | `@{XDG_PUBLICSHARE_DIR}` | `Public` |
| Documents | `@{XDG_DOCUMENTS_DIR}` | `Documents` |
| Downloads | `@{XDG_DOWNLOAD_DIR}` | `Downloads` |
| Music | `@{XDG_MUSIC_DIR}` | `Music` |
| Pictures | `@{XDG_PICTURES_DIR}` | `Pictures` |
| Videos | `@{XDG_VIDEOS_DIR}` | `Videos` |
| Books | `@{XDG_BOOKS_DIR}` | `Books` |
| Projects | `@{XDG_PROJECTS_DIR}` | `Projects` |
| Screenshots | `@{XDG_SCREENSHOTS_DIR}` | `@{XDG_PICTURES_DIR}/Screenshots` |
| Wallpapers | `@{XDG_WALLPAPERS_DIR}` | `@{XDG_PICTURES_DIR}/Wallpapers` |
| Books | `@{XDG_BOOKS_DIR}` | `Books` |
| Games | `@{XDG_GAMES_DIR}` | `.games` |
| Templates | `@{XDG_TEMPLATES_DIR}` | `Templates` |
| Public | `@{XDG_PUBLICSHARE_DIR}` | `Public` |
| Projects | `@{XDG_PROJECTS_DIR}` | `Projects` |
| Sync | `@{XDG_SYNC_DIR}` | `Sync` |
| Torrents | `@{XDG_TORRENTS_DIR}` | `Torrents` |
| Vm | `@{XDG_VM_DIR}` | `.vm`
| Wallpapers | `@{XDG_WALLPAPERS_DIR}` | `@{XDG_PICTURES_DIR}/Wallpapers` |
| Disk images | `@{XDG_IMG_DIR}` | `images` |
### Dotfiles
| Description | Name | Default Value |
| Description | Name | Default Value(s) |
|-------------|:----:|---------------|
| SSH | `@{XDG_SSH_DIR}` | `.ssh` |
| GPG | `@{XDG_GPG_DIR}` | `.gnupg` |
| Passwords | `@{XDG_PASSWORD_STORE_DIR}` | `.password-store` |
| Cache | ` @{XDG_CACHE_DIR}` | `.cache` |
| Config | `@{XDG_CONFIG_DIR}` | `.config` |
| Data | `@{XDG_DATA_DIR}` | `.local/share` |
| State | `@{XDG_STATE_DIR}` | `.local/state` |
| Bin | `@{XDG_BIN_DIR}` | `.local/bin` |
| Lib | `@{XDG_LIB_DIR}` | `.local/lib` |
| GPG | `@{XDG_GPG_DIR}` | `.gnupg` |
| SSH | `@{XDG_SSH_DIR}` | `.ssh` |
| Passwords | `@{XDG_PASSWORD_STORE_DIR}` | `.password-store` |
### Full configuration path
| Description | Name | Default Value |
| Description | Name | Default Value(s) |
|-------------|:----:|---------------|
| Cache | `@{user_cache_dirs}` | `@{HOME}/@{XDG_CACHE_DIR}` |
| Config | `@{user_config_dirs}` | `@{HOME}/@{XDG_CONFIG_DIR}` |
| Share | `@{user_share_dirs}` | ` @{HOME}/@{XDG_DATA_DIR}` |
| State | `@{user_state_dirs}` | ` @{HOME}/@{XDG_STATE_DIR}` |
| Bin | `@{user_bin_dirs}` | `@{HOME}/@{XDG_BIN_DIR}` |
| Lib | `@{user_lib_dirs}` | `@{HOME}/@{XDG_LIB_DIR}` |
| Share | `@{user_share_dirs}` | ` @{HOME}/@{XDG_DATA_DIR}` |
| State | `@{user_state_dirs}` | ` @{HOME}/@{XDG_STATE_DIR}` |
| Build | `@{user_build_dirs}` | `/tmp/` |
| Tmp | `@{user_tmp_dirs}` | `@{run}/user/@{uid} /tmp/` |
| Packages | `@{user_pkg_dirs}` | `/tmp/pkg/` |
| Tmp | `@{user_tmp_dirs}` | `@{run}/user/@{uid} /tmp/` |
### Full user path
| Description | Name | Default Value |
| Description | Name | Default Value(s) |
|-------------|:----:|---------------|
| Books | `@{user_books_dirs}` | `@{HOME}/@{XDG_BOOKS_DIR} @{MOUNTS}/@{XDG_BOOKS_DIR}` |
| Documents | `@{user_documents_dirs}` | `@{HOME}/@{XDG_DOCUMENTS_DIR} @{MOUNTS}/@{XDG_DOCUMENTS_DIR}` |
| Download | `@{user_download_dirs}` | `@{HOME}/@{XDG_DOWNLOAD_DIR} @{MOUNTS}/@{XDG_DOWNLOAD_DIR}` |
| Downloads | `@{user_download_dirs}` | `@{HOME}/@{XDG_DOWNLOAD_DIR} @{MOUNTS}/@{XDG_DOWNLOAD_DIR}` |
| Music | `@{user_music_dirs}` | `@{HOME}/@{XDG_MUSIC_DIR} @{MOUNTS}/@{XDG_MUSIC_DIR}` |
| Pictures | `@{user_pictures_dirs}` | `@{HOME}/@{XDG_PICTURES_DIR} @{MOUNTS}/@{XDG_PICTURES_DIR}` |
| Videos | `@{user_videos_dirs}` | `@{HOME}/@{XDG_VIDEOS_DIR} @{MOUNTS}/@{XDG_VIDEOS_DIR}` |
| Books | `@{user_books_dirs}` | `@{HOME}/@{XDG_BOOKS_DIR} @{MOUNTS}/@{XDG_BOOKS_DIR}` |
| Games | `@{user_games_dirs}` | `@{HOME}/@{XDG_GAMES_DIR} @{MOUNTS}/@{XDG_GAMES_DIR}` |
| Passwords | `@{user_password_store_dirs}` | `@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}` |
| Projects | `@{user_projects_dirs}` | `@{HOME}/@{XDG_PROJECTS_DIR} @{MOUNTS}/@{XDG_PROJECTS_DIR}` |
| Public | `@{user_publicshare_dirs}` | `@{HOME}/@{XDG_PUBLICSHARE_DIR} @{MOUNTS}/@{XDG_PUBLICSHARE_DIR}` |
| Sync | `@{user_sync_dirs}` | `@{HOME}/@{XDG_SYNC_DIR} @{MOUNTS}/*/@{XDG_SYNC_DIR}` |
| Templates | `@{user_templates_dirs}` | `@{HOME}/@{XDG_TEMPLATES_DIR} @{MOUNTS}/@{XDG_TEMPLATES_DIR}` |
| Torrents | `@{user_torrents_dirs}` | `@{HOME}/@{XDG_TORRENTS_DIR} @{MOUNTS}/@{XDG_TORRENTS_DIR}` |
| Videos | `@{user_videos_dirs}` | `@{HOME}/@{XDG_VIDEOS_DIR} @{MOUNTS}/@{XDG_VIDEOS_DIR}` |
| Sync | `@{user_sync_dirs}` | `@{HOME}/@{XDG_SYNC_DIR} @{MOUNTS}/*/@{XDG_SYNC_DIR}` |
| Vm | `@{user_vm_dirs}` | `@{HOME}/@{XDG_VM_DIR} @{MOUNTS}/@{XDG_VM_DIR}`
| Password | `@{user_password_store_dirs}` | `@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}` |
| Disk images | `@{user_img_dirs}` | `@{HOME}/@{XDG_IMG_DIR} @{MOUNTS}/@{XDG_IMG_DIR}` |
@ -81,7 +83,7 @@ title: Variables References
**Helper variables**
| Description | Name | Default Value |
| Description | Name | Default Value(s) |
|-------------|:----:|---------------|
| Integer (up to 10 digits) | `@{int}` | `[0-9]{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}` |
| Any 6, 8 or 10 characters | `@{rand6}`, `@{rand8}`, `@{rand10}` | |
@ -99,7 +101,7 @@ title: Variables References
**System Paths**
| Description | Name | Default Value |
| Description | Name | Default Value(s) |
|-------------|:----:|---------------|
| Root Home | `@{HOMEDIRS}` | `/home/` |
| Home directories | `@{HOME}` | `@{HOMEDIRS}/*/ /root/` |
@ -111,12 +113,12 @@ title: Variables References
| Proc | `@{PROC}` | `/proc/` |
| Run | `@{run}` | `/run/ /var/run/` |
| Sys | `@{sys}` | `/sys/` |
| Flatpack export | `@{flatpak_exports_root}` | `{flatpak/exports,flatpak/{app,runtime}/*/*/*/*/export}` |
| System wide share | `@{system_share_dirs}` | `/{usr,usr/local,var/lib/@{flatpak_exports_root}}/share` |
| Flatpak export | `@{flatpak_exports_root}` | `{flatpak/exports,flatpak/{app,runtime}/*/*/*/*/export}` |
**Program paths**
| Description | Name | Default Value |
| Description | Name | Default Value(s) |
|-------------|:----:|---------------|
| All the shells | `@{shells}` | `sh zsh bash dash fish rbash ksh tcsh csh` |
| Shells path | `@{shells_path}` | `@{bin}/@{shells}` |