mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-15 16:03:51 +01:00
parent
31bc5a6053
commit
ef1023156e
@ -26,7 +26,7 @@ profile gpg @{exec_path} {
|
|||||||
@{bin}/gpg-connect-agent rPx,
|
@{bin}/gpg-connect-agent rPx,
|
||||||
@{bin}/gpgconf rPx,
|
@{bin}/gpgconf rPx,
|
||||||
@{bin}/gpgsm rPx,
|
@{bin}/gpgsm rPx,
|
||||||
@{lib}/gnupg/scdaemon rPx,
|
@{lib}/{,gnupg/}scdaemon rPx,
|
||||||
|
|
||||||
/etc/inputrc r,
|
/etc/inputrc r,
|
||||||
|
|
||||||
|
@ -19,7 +19,7 @@ profile gpg-agent @{exec_path} {
|
|||||||
|
|
||||||
@{bin}/pinentry{,-*} rPx,
|
@{bin}/pinentry{,-*} rPx,
|
||||||
@{bin}/scdaemon rPx,
|
@{bin}/scdaemon rPx,
|
||||||
@{lib}/gnupg/scdaemon rPx,
|
@{lib}/{,gnupg/}scdaemon rPx,
|
||||||
|
|
||||||
/usr/share/gnupg/* r,
|
/usr/share/gnupg/* r,
|
||||||
|
|
||||||
|
@ -24,7 +24,7 @@ profile gpgconf @{exec_path} {
|
|||||||
@{bin}/gpgsm rPx,
|
@{bin}/gpgsm rPx,
|
||||||
@{bin}/pinentry-* rPx,
|
@{bin}/pinentry-* rPx,
|
||||||
@{bin}/scdaemon rPx,
|
@{bin}/scdaemon rPx,
|
||||||
@{lib}/gnupg/scdaemon rPx,
|
@{lib}/{,gnupg/}scdaemon rPx,
|
||||||
@{lib}/keyboxd rPUx,
|
@{lib}/keyboxd rPUx,
|
||||||
|
|
||||||
/etc/gcrypt/hwf.deny r,
|
/etc/gcrypt/hwf.deny r,
|
||||||
|
@ -7,7 +7,7 @@ abi <abi/3.0>,
|
|||||||
|
|
||||||
include <tunables/global>
|
include <tunables/global>
|
||||||
|
|
||||||
@{exec_path} = @{bin}/scdaemon @{lib}/gnupg/scdaemon
|
@{exec_path} = @{bin}/scdaemon @{lib}/{,gnupg/}scdaemon
|
||||||
profile scdaemon @{exec_path} {
|
profile scdaemon @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/devices-usb>
|
include <abstractions/devices-usb>
|
||||||
|
@ -75,6 +75,8 @@ profile kded5 @{exec_path} {
|
|||||||
owner @{user_cache_dirs}/#@{int} rw,
|
owner @{user_cache_dirs}/#@{int} rw,
|
||||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||||
|
|
||||||
|
@{user_config_dirs}/kcookiejarrc.lock rwk,
|
||||||
|
@{user_config_dirs}/kcookiejarrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||||
owner @{user_config_dirs}/#@{int} rw,
|
owner @{user_config_dirs}/#@{int} rw,
|
||||||
owner @{user_config_dirs}/bluedevilglobalrc.lock rwk,
|
owner @{user_config_dirs}/bluedevilglobalrc.lock rwk,
|
||||||
owner @{user_config_dirs}/bluedevilglobalrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
owner @{user_config_dirs}/bluedevilglobalrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||||
@ -83,8 +85,6 @@ profile kded5 @{exec_path} {
|
|||||||
owner @{user_config_dirs}/kcminputrc r,
|
owner @{user_config_dirs}/kcminputrc r,
|
||||||
owner @{user_config_dirs}/kconf_updaterc rw,
|
owner @{user_config_dirs}/kconf_updaterc rw,
|
||||||
owner @{user_config_dirs}/kconf_updaterc.lock rwk,
|
owner @{user_config_dirs}/kconf_updaterc.lock rwk,
|
||||||
owner @{user_config_dirs}/kcookiejarrc.lock rwk,
|
|
||||||
owner @{user_config_dirs}/kcookiejarrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
|
||||||
owner @{user_config_dirs}/kdebugrc r,
|
owner @{user_config_dirs}/kdebugrc r,
|
||||||
owner @{user_config_dirs}/kded5rc.lock rwk,
|
owner @{user_config_dirs}/kded5rc.lock rwk,
|
||||||
owner @{user_config_dirs}/kded5rc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
owner @{user_config_dirs}/kded5rc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||||
|
@ -39,10 +39,10 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
|||||||
ptrace (read),
|
ptrace (read),
|
||||||
ptrace (trace) peer=@{profile_name},
|
ptrace (trace) peer=@{profile_name},
|
||||||
|
|
||||||
signal (send) set=term peer=kwin_wayland,
|
signal (send) set=(term) peer=kwin_wayland,
|
||||||
signal (send) set=(kill, term) peer=startplasma,
|
signal (send) set=(kill, term) peer=startplasma,
|
||||||
signal (send) set=term peer=startplasma-wayland,
|
signal (send) set=(term) peer=startplasma-wayland,
|
||||||
signal (send) set=term peer=sddm-greeter,
|
signal (send) set=(term) peer=sddm-greeter,
|
||||||
signal (send) set=(kill, term) peer=xorg,
|
signal (send) set=(kill, term) peer=xorg,
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
@ -77,7 +77,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
|||||||
@{bin}/dbus-update-activation-environment rCx -> dbus,
|
@{bin}/dbus-update-activation-environment rCx -> dbus,
|
||||||
@{bin}/gnome-keyring-daemon rPx,
|
@{bin}/gnome-keyring-daemon rPx,
|
||||||
@{bin}/kwalletd5 rPx,
|
@{bin}/kwalletd5 rPx,
|
||||||
@{bin}/startplasma-wayland rPx,
|
@{bin}/startplasma-wayland rPUx,
|
||||||
@{bin}/startplasma-x11 rPx,
|
@{bin}/startplasma-x11 rPx,
|
||||||
@{bin}/systemctl rPx -> child-systemctl,
|
@{bin}/systemctl rPx -> child-systemctl,
|
||||||
@{bin}/xrdb rPx,
|
@{bin}/xrdb rPx,
|
||||||
|
@ -22,8 +22,8 @@ profile xdm-xsession @{exec_path} {
|
|||||||
@{bin}/basename rix,
|
@{bin}/basename rix,
|
||||||
@{bin}/cat rix,
|
@{bin}/cat rix,
|
||||||
@{bin}/dirname rix,
|
@{bin}/dirname rix,
|
||||||
@{bin}/gpg-agent rix,
|
@{bin}/gpg-agent rPx,
|
||||||
@{bin}/gpg-connect-agent rix,
|
@{bin}/gpg-connect-agent rPx,
|
||||||
@{bin}/grep rix,
|
@{bin}/grep rix,
|
||||||
@{bin}/locale rix,
|
@{bin}/locale rix,
|
||||||
@{bin}/manpath rix,
|
@{bin}/manpath rix,
|
||||||
|
@ -126,7 +126,7 @@ profile gajim @{exec_path} {
|
|||||||
@{bin}/gpgsm mr,
|
@{bin}/gpgsm mr,
|
||||||
|
|
||||||
@{bin}/gpg-agent rix,
|
@{bin}/gpg-agent rix,
|
||||||
@{lib}/gnupg/scdaemon rix,
|
@{lib}/{,gnupg/}scdaemon rix,
|
||||||
|
|
||||||
owner @{run}/user/@{uid}/gnupg/d.*/ rw,
|
owner @{run}/user/@{uid}/gnupg/d.*/ rw,
|
||||||
owner @{run}/user/@{uid}/gnupg/d.*/S.gpg-agent{,.extra,.browser,.ssh} w,
|
owner @{run}/user/@{uid}/gnupg/d.*/S.gpg-agent{,.extra,.browser,.ssh} w,
|
||||||
|
Loading…
Reference in New Issue
Block a user