mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-30 06:45:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Some rules addition for gnome support.

Browse source
This commit is contained in:
Alexandre Pujol 2021-04-02 10:11:59 +01:00
parent e57dd4e3a7
commit e4266d9cda
Failed to generate hash of commit
6 changed files with 26 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
apparmor.d/groups/desktop/accounts-daemon
View file

@ -25,6 +25,7 @@ profile accounts-daemon @{exec_path} {
/usr/share/dbus-1/interfaces/org.freedesktop.DisplayManager.AccountsService.xml r,
/etc/gdm/custom.conf r,
/etc/shells r,
/etc/shadow r,

8
apparmor.d/groups/desktop/at-spi-bus-launcher
View file

@ -1,5 +1,6 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2018-2021 Mikhail Morfikov
# 2021 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
@ -26,20 +27,27 @@ profile at-spi-bus-launcher @{exec_path} {
/{usr/,}bin/dbus-daemon rPUx,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/cgroup r,
owner @{HOME}/.Xauthority r,
/var/lib/lightdm/.Xauthority r,
@{run}/user/[0-9]*/gdm/Xauthority r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
include <abstractions/dconf>
owner @{run}/user/[0-9]*/dconf/ rw,
owner @{run}/user/[0-9]*/dconf/user rw,
/usr/share/dconf/profile/gdm r,
/var/lib/gdm/.config/dconf/user r,
# file_inherit
owner /dev/tty[0-9]* rw,
owner @{HOME}/.xsession-errors w,
/var/log/lightdm/seat[0-9]*-greeter.log w,
/usr/share/gdm/greeter-dconf-defaults r,
@{PROC}/1/cgroup r,
include if exists <local/at-spi-bus-launcher>
}

1
apparmor.d/groups/desktop/at-spi2-registryd
View file

@ -20,6 +20,7 @@ profile at-spi2-registryd @{exec_path} {
owner @{HOME}/.Xauthority r,
/var/lib/lightdm/.Xauthority r,
@{run}/user/[0-9]*/gdm/Xauthority r,
# file_inherit
owner @{HOME}/.xsession-errors w,

9
apparmor.d/groups/desktop/blueman
View file

@ -23,11 +23,13 @@ profile blueman @{exec_path} {
network bluetooth raw,
ptrace (read) peer=gjs-console,
@{exec_path} mrix,
/{usr/,}bin/python3.[0-9]* r,
/{usr/,}bin/blueman-tray rPx,
/{usr/,}bin/ r,
/{usr/,}bin/dash rix,
/{usr/,}bin/{b,d}ash rix,
/{usr/,}bin/xdg-open rCx -> open,
@ -63,6 +65,8 @@ profile blueman @{exec_path} {
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/dev/tty rw,
/dev/rfkill r,
/dev/shm/ r,
@ -70,8 +74,9 @@ profile blueman @{exec_path} {
/var/lib/dbus/machine-id r,
/etc/machine-id r,
@{run}/user/1000/gdm/Xauthority r,
profile open {
profile open {
include <abstractions/base>
include <abstractions/xdg-open>

1
apparmor.d/groups/desktop/bluetoothd
View file

@ -27,6 +27,7 @@ profile bluetoothd @{exec_path} {
/etc/bluetooth/{,*.conf} r,
/dev/uhid rw,
/dev/uinput rw,
/dev/rfkill rw,
/dev/hidraw[0-9]* rw,

9
apparmor.d/groups/desktop/colord
View file

@ -23,14 +23,17 @@ profile colord @{exec_path} flags=(attach_disconnected) {
owner /var/lib/colord/.cache/ rw,
owner /var/lib/colord/.cache/** rw,
owner /var/lib/colord/{mapping,storage}.db rwk,
/var/lib/gdm/.local/share/icc/edid-*.icc r,
/etc/udev/hwdb.bin r,
/usr/share/color/icc/{,**} r,
owner /run/systemd/sessions/1 r,
@{sys}/class/drm/ r,
@{sys}/class/video4linux/ r,
@{sys}/devices/pci[0-9]*/**/drm/card[0-9]/card[0-9]-{HDMI,VGA,LVDS,DP}-*/{enabled,edid} r,
@{sys}/devices/pci[0-9]*/**/drm/card[0-9]/card[0-9]-{HDMI,VGA,LVDS,DP,eDP}-*/{enabled,edid} r,
@{sys}/devices/virtual/dmi/id/{sys_vendor,product_version,product_name} r,
owner @{PROC}/@{pid}/fd/ r,
@ -39,5 +42,9 @@ profile colord @{exec_path} flags=(attach_disconnected) {
/usr/share/mime/mime.cache r,
@{user_share_dirs}/icc/edid-*.icc r,
/run/systemd/sessions/1 r,
include if exists <local/colord>
}