mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 17:08:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(profile): restrict access to /var/lib/gdm in gnome-shell.

Browse source
This commit is contained in:
Alexandre Pujol 2024-03-16 00:22:30 +00:00
parent 66aa230b90
commit e658d1c4d3
Failed to generate hash of commit
1 changed files with 24 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
apparmor.d/groups/gnome/gnome-shell
View file

@ -244,36 +244,36 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
/etc/udev/hwdb.bin r,
/etc/xdg/menus/gnome-applications.menu r,
/var/lib/gdm{3,}/.cache/ w,
/var/lib/gdm{3,}/.cache/event-sound-cache.tdb.@{md5}.@{multiarch} rwk,
/var/lib/gdm{3,}/.cache/fontconfig/{,*} rwl,
/var/lib/gdm{3,}/.cache/gstreamer-@{int}/ rw,
/var/lib/gdm{3,}/.cache/gstreamer-@{int}/registry.*.bin{,.tmp@{rand6}} rw,
/var/lib/gdm{3,}/.cache/libgweather/ r,
/var/lib/gdm{3,}/.cache/mesa_shader_cache/ rw,
/var/lib/gdm{3,}/.cache/mesa_shader_cache/@{h}@{h}/ rw,
/var/lib/gdm{3,}/.cache/mesa_shader_cache/@{h}@{h}/@{hex} rw,
/var/lib/gdm{3,}/.cache/mesa_shader_cache/@{h}@{h}/@{hex}.tmp rwk,
/var/lib/gdm{3,}/.cache/mesa_shader_cache/index rw,
/var/lib/gdm{3,}/.config/dconf/user r,
/var/lib/gdm{3,}/.config/ibus/ rw,
/var/lib/gdm{3,}/.config/ibus/bus/ rw,
/var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
/var/lib/gdm{3,}/.config/pulse/ rw,
/var/lib/gdm{3,}/.config/pulse/client.conf r,
/var/lib/gdm{3,}/.config/pulse/cookie rwk,
/var/lib/gdm{3,}/.local/share/applications/{,**} r,
/var/lib/gdm{3,}/.local/share/gnome-shell/{,**} rw,
/var/lib/gdm{3,}/.local/share/icc/{,*} rw,
/var/lib/gdm{3,}/greeter-dconf-defaults r,
/var/lib/AccountsService/icons/* r,
/var/lib/flatpak/app/**/gnome-shell/{,**} r,
/var/lib/flatpak/appstream/**/icons/** r,
/var/lib/flatpak/exports/share/gnome-shell/{,**} r,
owner /var/lib/gdm{3,}/.cache/ w,
owner /var/lib/gdm{3,}/.cache/event-sound-cache.tdb.@{md5}.@{multiarch} rwk,
owner /var/lib/gdm{3,}/.cache/fontconfig/{,*} rwl,
owner /var/lib/gdm{3,}/.cache/gstreamer-@{int}/ rw,
owner /var/lib/gdm{3,}/.cache/gstreamer-@{int}/registry.*.bin{,.tmp@{rand6}} rw,
owner /var/lib/gdm{3,}/.cache/ibus/dbus-@{rand8} rw,
owner /var/lib/gdm{3,}/.cache/libgweather/ r,
owner /var/lib/gdm{3,}/.cache/mesa_shader_cache/ rw,
owner /var/lib/gdm{3,}/.cache/mesa_shader_cache/@{h}@{h}/ rw,
owner /var/lib/gdm{3,}/.cache/mesa_shader_cache/@{h}@{h}/@{hex} rw,
owner /var/lib/gdm{3,}/.cache/mesa_shader_cache/@{h}@{h}/@{hex}.tmp rwk,
owner /var/lib/gdm{3,}/.cache/mesa_shader_cache/index rw,
owner /var/lib/gdm{3,}/.config/dconf/user r,
owner /var/lib/gdm{3,}/.config/ibus/ rw,
owner /var/lib/gdm{3,}/.config/ibus/bus/ rw,
owner /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
owner /var/lib/gdm{3,}/.config/pulse/ rw,
owner /var/lib/gdm{3,}/.config/pulse/client.conf r,
owner /var/lib/gdm{3,}/.config/pulse/cookie rwk,
owner /var/lib/gdm{3,}/.local/share/applications/{,**} r,
owner /var/lib/gdm{3,}/.local/share/gnome-shell/{,**} rw,
owner /var/lib/gdm{3,}/.local/share/icc/{,*} rw,
owner /var/lib/gdm{3,}/greeter-dconf-defaults r,
owner @{HOME}/.face r,
owner @{HOME}/.mozilla/firefox/firefox-mpris/{,*} r,
owner @{HOME}/.var/app/**/ r,