mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-15 16:03:51 +01:00
parent
b3a5fb1ce5
commit
e4c3f1f076
@ -14,7 +14,7 @@
|
|||||||
include <abstractions/bus-system>
|
include <abstractions/bus-system>
|
||||||
include <abstractions/bus/org.a11y>
|
include <abstractions/bus/org.a11y>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
include <abstractions/deny-sensitive-home>
|
# include <abstractions/deny-sensitive-home>
|
||||||
include <abstractions/desktop>
|
include <abstractions/desktop>
|
||||||
include <abstractions/devices-usb>
|
include <abstractions/devices-usb>
|
||||||
include <abstractions/disks-read>
|
include <abstractions/disks-read>
|
||||||
@ -31,8 +31,7 @@
|
|||||||
|
|
||||||
/usr/** r,
|
/usr/** r,
|
||||||
|
|
||||||
/etc/** r,
|
/etc/{,**} r,
|
||||||
/etc/shells rw,
|
|
||||||
|
|
||||||
/ r,
|
/ r,
|
||||||
/.* r,
|
/.* r,
|
||||||
@ -77,12 +76,14 @@
|
|||||||
@{PROC}/@{pid}/cgroup r,
|
@{PROC}/@{pid}/cgroup r,
|
||||||
@{PROC}/@{pid}/cmdline r,
|
@{PROC}/@{pid}/cmdline r,
|
||||||
@{PROC}/@{pid}/comm r,
|
@{PROC}/@{pid}/comm r,
|
||||||
|
@{PROC}/@{pid}/fd/ r,
|
||||||
@{PROC}/@{pid}/mountinfo r,
|
@{PROC}/@{pid}/mountinfo r,
|
||||||
@{PROC}/@{pid}/net/** r,
|
@{PROC}/@{pid}/net/** r,
|
||||||
@{PROC}/@{pid}/smaps r,
|
@{PROC}/@{pid}/smaps r,
|
||||||
@{PROC}/@{pid}/stat r,
|
@{PROC}/@{pid}/stat r,
|
||||||
@{PROC}/@{pid}/statm r,
|
@{PROC}/@{pid}/statm r,
|
||||||
@{PROC}/@{pid}/task/@{tid}/stat r,
|
@{PROC}/@{pid}/task/@{tid}/stat r,
|
||||||
|
@{PROC}/@{pid}/task/@{tid}/status r,
|
||||||
@{PROC}/bus/pci/devices r,
|
@{PROC}/bus/pci/devices r,
|
||||||
@{PROC}/driver/** r,
|
@{PROC}/driver/** r,
|
||||||
@{PROC}/sys/fs/inotify/max_user_watches r,
|
@{PROC}/sys/fs/inotify/max_user_watches r,
|
||||||
@ -92,8 +93,8 @@
|
|||||||
@{PROC}/sys/kernel/yama/ptrace_scope r,
|
@{PROC}/sys/kernel/yama/ptrace_scope r,
|
||||||
@{PROC}/uptime r,
|
@{PROC}/uptime r,
|
||||||
@{PROC}/zoneinfo r,
|
@{PROC}/zoneinfo r,
|
||||||
|
owner @{PROC}/@{pid}/clear_refs w,
|
||||||
owner @{PROC}/@{pid}/comm rw,
|
owner @{PROC}/@{pid}/comm rw,
|
||||||
owner @{PROC}/@{pid}/fd/ r,
|
|
||||||
owner @{PROC}/@{pid}/fd/@{int} rw,
|
owner @{PROC}/@{pid}/fd/@{int} rw,
|
||||||
owner @{PROC}/@{pid}/io r,
|
owner @{PROC}/@{pid}/io r,
|
||||||
owner @{PROC}/@{pid}/net/if_inet6 r,
|
owner @{PROC}/@{pid}/net/if_inet6 r,
|
||||||
@ -101,7 +102,6 @@
|
|||||||
owner @{PROC}/@{pid}/statm r,
|
owner @{PROC}/@{pid}/statm r,
|
||||||
owner @{PROC}/@{pid}/task/ r,
|
owner @{PROC}/@{pid}/task/ r,
|
||||||
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
|
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
|
||||||
owner @{PROC}/@{pid}/task/@{tid}/status r,
|
|
||||||
|
|
||||||
/dev/hidraw@{int} rw,
|
/dev/hidraw@{int} rw,
|
||||||
/dev/input/ r,
|
/dev/input/ r,
|
||||||
|
@ -64,6 +64,7 @@ profile flatpak-app flags=(attach_disconnected,mediate_deleted) {
|
|||||||
|
|
||||||
/usr/.ref rk,
|
/usr/.ref rk,
|
||||||
|
|
||||||
|
/etc/**/ rw,
|
||||||
/etc/shells rw,
|
/etc/shells rw,
|
||||||
|
|
||||||
/app/.ref k,
|
/app/.ref k,
|
||||||
@ -76,7 +77,7 @@ profile flatpak-app flags=(attach_disconnected,mediate_deleted) {
|
|||||||
|
|
||||||
@{run}/.userns r,
|
@{run}/.userns r,
|
||||||
owner @{run}/flatpak/{,**} rk,
|
owner @{run}/flatpak/{,**} rk,
|
||||||
owner @{run}/flatpak/app/*/*ipc* rw,
|
owner @{run}/flatpak/app/** rw,
|
||||||
owner @{run}/flatpak/doc/** rw,
|
owner @{run}/flatpak/doc/** rw,
|
||||||
owner @{run}/ld-so-cache-dir/* rw,
|
owner @{run}/ld-so-cache-dir/* rw,
|
||||||
owner @{run}/user/@{uid}/*.kioworker.socket r,
|
owner @{run}/user/@{uid}/*.kioworker.socket r,
|
||||||
|
Loading…
Reference in New Issue
Block a user