mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 00:48:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2023-12-09 11:28:23 +00:00
parent a9c864fe60
commit ed1ea18a9e
Failed to generate hash of commit
6 changed files with 38 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
apparmor.d/groups/gnome/gio-launch-desktop
View file

@ -15,6 +15,7 @@ profile gio-launch-desktop @{exec_path} flags=(attach_disconnected) {
include <abstractions/app-launcher-user> include <abstractions/app-launcher-user>
include <abstractions/consoles> include <abstractions/consoles>
include <abstractions/gnome-strict> include <abstractions/gnome-strict>
include <abstractions/trash>
@{exec_path} mr, @{exec_path} mr,

1
apparmor.d/groups/ssh/ssh-agent
View file

@ -25,6 +25,7 @@ profile ssh-agent @{exec_path} {
@{bin}/kwalletaskpass rPUx, @{bin}/kwalletaskpass rPUx,
@{bin}/openbox-session rPx, @{bin}/openbox-session rPx,
@{bin}/startkde rPUx, @{bin}/startkde rPUx,
@{bin}/startxfce4 rPUx,
@{bin}/sway rPUx, @{bin}/sway rPUx,
owner @{HOME}/@{XDG_SSH_DIR}/ rw, owner @{HOME}/@{XDG_SSH_DIR}/ rw,

22
apparmor.d/groups/systemd/systemd-socket-proxyd Normal file
View file

@ -0,0 +1,22 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{lib}/systemd/systemd-socket-proxyd
profile systemd-socket-proxyd @{exec_path} {
include <abstractions/base>
include <abstractions/systemd-common>
capability net_admin,
network inet stream,
network inet6 stream,
@{exec_path} mr,
include if exists <local/systemd-socket-proxyd>
}

3
apparmor.d/profiles-a-f/flatpak
View file

@ -60,7 +60,8 @@ profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain
owner @{user_config_dirs}/user-dirs.dirs r, owner @{user_config_dirs}/user-dirs.dirs r,
@{user_share_dirs}/flatpak/{,**} r, @{user_share_dirs}/flatpak/{,**} r,
owner @{user_share_dirs}/flatpak/{,**} rw, owner @{user_share_dirs}/ r,
owner @{user_share_dirs}/flatpak/{,**} rwl,
/tmp/#@{int} rw, /tmp/#@{int} rw,
owner /dev/shm/flatpak*/{,**} rw, owner /dev/shm/flatpak*/{,**} rw,

2
apparmor.d/profiles-m-r/run-parts
View file

@ -104,7 +104,7 @@ profile run-parts @{exec_path} {
# Motd # Motd
/etc/update-motd.d/ r, /etc/update-motd.d/ r,
/etc/update-motd.d/@{int}-[a-z]* rCx -> motd, /etc/update-motd.d/* rCx -> motd,
# Kernel # Kernel
/etc/kernel/header_postinst.d/ r, /etc/kernel/header_postinst.d/ r,

13
apparmor.d/profiles-s-z/torsocks
View file

@ -1,5 +1,6 @@
# apparmor.d - Full set of apparmor profiles # apparmor.d - Full set of apparmor profiles
# Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2019-2021 Mikhail Morfikov
# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only # SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>, abi <abi/3.0>,
@ -9,9 +10,17 @@ include <tunables/global>
@{exec_path} = @{bin}/torsocks @{exec_path} = @{bin}/torsocks
profile torsocks @{exec_path} { profile torsocks @{exec_path} {
include <abstractions/base> include <abstractions/base>
# include <abstractions/app-launcher-root>
@{exec_path} r, capability dac_read_search,
@{bin}/{,ba,da}sh rix,
@{exec_path} rm,
@{bin}/{,ba,da}sh rix,
@{bin}/* rPUx,
@{bin}/getcap rix,
/etc/tor/torsocks.conf r,
include if exists <local/torsocks> include if exists <local/torsocks>
} }