diff --git a/apparmor.d/abstractions/kde5-plasma5 b/apparmor.d/abstractions/kde5-plasma5 deleted file mode 100644 index 0a4c3539..00000000 --- a/apparmor.d/abstractions/kde5-plasma5 +++ /dev/null @@ -1,62 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2018-2021 Mikhail Morfikov -# SPDX-License-Identifier: GPL-2.0-only - - abi , - - include - - # KDE/Plasma5 themes - #@{lib}/@{multiarch}/qt5/plugins/platformthemes/KDEPlasmaPlatformTheme.so mr, - #@{lib}/@{multiarch}/qt5/plugins/styles/breeze.so mr, - #/usr/share/plasma/look-and-feel/** r, - #/usr/share/color-schemes/*.colors r, - - #/usr/share/kservices5/{,**/} r, - #/usr/share/kservices5/*.protocol r, - - #/usr/share/knotifications5/plasma_workspace.notifyrc r, - - # For app config (in order to work the KDE_APP_NAME variable has to be set in profile which - # includes this abstraction) - #owner @{user_config_dirs}/#@{int} rwk, - #owner @{user_config_dirs}/@{KDE_APP_NAME}rc* rwlk -> @{user_config_dirs}/#@{int}, - #owner @{run}/user/@{uid}/#@{int} rw, - #owner @{run}/user/@{uid}/@{KDE_APP_NAME}*.slave-socket rwl -> @{run}/user/@{uid}/#@{int}, - - # Common KDE config files - #owner @{user_config_dirs}/#@{int} rw, - #owner @{user_config_dirs}/kdeglobals* rwkl -> @{user_config_dirs}/#@{int}, - #owner @{user_config_dirs}/baloofilerc r, - #owner @{user_config_dirs}/dolphinrc r, - #owner @{user_config_dirs}/trashrc r, - #owner @{user_config_dirs}/knfsshare r, - #owner /**/.directory r, - - # For bookmarks - #@{bin}/keditbookmarks rPUx, - #owner @{user_share_dirs}/kfile/ rw, - #owner @{user_share_dirs}/kfile/#@{int} rw, - #owner @{user_share_dirs}/kfile/bookmarks.xml* rwl -> @{user_share_dirs}/kfile/#@{int}, - - # Common cache files - #owner @{user_cache_dirs}/icon-cache.kcache rw, - #owner @{user_cache_dirs}/ksycoca5_* r, - - # Think what to do about this #FIXME# - # It seems when a QT app is started in Plasma5/KDE5 environment it also wants the following. - include - #signal (send) set=(term, kill) peer=unconfined, - #deny @{sys}/bus/ r, - #deny @{sys}/bus/usb/devices/ r, - #deny @{sys}/class/ r, - #deny @{run}/udev/data/b8:[0-9]* r, # for /dev/sda1 , etc. - #deny @{run}/udev/data/c189:@{int} r, # for /dev/bus/usb/001/001 , etc. - #deny @{run}/udev/data/+usb:* r, # - #/etc/exports r, - #/etc/xdg/menus/ r, - #/usr/share/mime/ r, - #owner @{user_config_dirs}/menus/ r, - #owner @{user_config_dirs}/menus/applications-merged/ r, - - include if exists \ No newline at end of file diff --git a/apparmor.d/profiles-g-l/gzdoom b/apparmor.d/profiles-g-l/gzdoom deleted file mode 100644 index e1193eb2..00000000 --- a/apparmor.d/profiles-g-l/gzdoom +++ /dev/null @@ -1,97 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2021 Mikhail Morfikov -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = /usr/games/gzdoom -@{exec_path} += /opt/gzdoom/gzdoom -profile gzdoom @{exec_path} { - include - include - include - include - include - include - include - include - include - include - include - - network netlink raw, - - ptrace (trace) peer=@{profile_name}, - - @{exec_path} mrix, - - @{bin}/{,ba,da}sh rix, - - @{bin}/zsh rix, - @{bin}/uname rix, - @{bin}/xmessage rix, - @{bin}/gdb rix, - @{bin}/iconv rix, - - /opt/gzdoom/ r, - /opt/gzdoom/** mr, - - /etc/gdb/gdbinit.d/ r, - /etc/gdb/gdbinit r, - - /usr/share/gdb/{,**} r, - /usr/share/gcc/{,**} r, - deny /usr/share/gdb/{,**} w, - deny /usr/share/gcc/{,**} w, - - /etc/zsh/zshenv r, - - /etc/X11/app-defaults/* r, - - /etc/machine-id r, - /var/lib/dbus/machine-id r, - - @{sys}/devices/@{pci}/usb@{int}/**/uevent r, - - owner @{HOME}/ r, - owner @{user_config_dirs}/gzdoom/ rw, - owner @{user_config_dirs}/gzdoom/** rw, - - owner @{user_config_dirs}/zdoom/ rw, - owner @{user_config_dirs}/zdoom/** rwk, - - owner @{HOME}/gzdoom-crash.log rw, - - owner @{HOME}/gdb-respfile-* rw, - - owner @{PROC}/@{pid}/fd/ r, - owner @{PROC}/@{pids}/mem r, - owner @{PROC}/@{pids}/task/@{tid}/stat r, - owner @{PROC}/@{pids}/task/@{tid}/comm r, - owner @{PROC}/@{pids}/task/@{tid}/maps r, - owner @{PROC}/@{pids}/task/ r, - owner @{PROC}/@{pid}/loginuid r, - owner @{PROC}/@{pid}/cmdline r, - - @{sys}/bus/ r, - @{sys}/class/ r, - @{sys}/class/sound/ r, - @{sys}/class/input/ r, - @{sys}/class/hidraw/ r, - - @{sys}/devices/**/uevent r, - @{sys}/devices/**/sound/**/{uevent,ev,rel,key,abs} r, - @{sys}/devices/**/input/**/{uevent,ev,rel,key,abs} r, - - @{run}/udev/data/+sound:* r, - @{run}/udev/data/+input:* r, - @{run}/udev/data/c13:@{int} r, # For /dev/input/* - @{run}/udev/data/c116:@{int} r, # For ALSA - @{run}/udev/data/c23[4-9]:@{int} r, # For dynamic assignment range 234 to 254 - @{run}/udev/data/c24[0-9]:@{int} r, - @{run}/udev/data/c25[0-4]:@{int} r, - - include if exists -} diff --git a/apparmor.d/profiles-s-z/suid3num b/apparmor.d/profiles-s-z/suid3num deleted file mode 100644 index d15d6fb0..00000000 --- a/apparmor.d/profiles-s-z/suid3num +++ /dev/null @@ -1,35 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2020-2021 Mikhail Morfikov -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/suid3num -@{exec_path} += @{bin}/suid3num.py -profile suid3num @{exec_path} { - include - include - - capability dac_read_search, - capability sys_ptrace, - - ptrace (read), - - @{exec_path} r, - @{bin}/python3.[0-9]* r, - - @{bin}/{,ba,da}sh rix, - /usr/bin/find rix, - - owner @{PROC}/@{pid}/fd/ r, - - / r, - /**/ r, - - deny @{MOUNTS}/ r, - deny @{MOUNTS}/**/ r, - - include if exists -}