mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-14 23:43:56 +01:00
Alexandre Pujol
parent
e74fade49a
commit
f14ed2f024
@ -7,13 +7,16 @@ abi <abi/3.0>,
|
|||||||
|
|
||||||
include <tunables/global>
|
include <tunables/global>
|
||||||
|
|
||||||
@{exec_path} = @{bin}/dino-im
|
@{exec_path} = @{bin}/dino{,-im}
|
||||||
profile dino-im @{exec_path} {
|
profile dino @{exec_path} flags=(attach_disconnected) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
|
include <abstractions/audio-client>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
include <abstractions/desktop>
|
include <abstractions/desktop>
|
||||||
include <abstractions/fontconfig-cache-read>
|
include <abstractions/fontconfig-cache-read>
|
||||||
|
include <abstractions/gstreamer>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
|
include <abstractions/p11-kit>
|
||||||
include <abstractions/ssl_certs>
|
include <abstractions/ssl_certs>
|
||||||
|
|
||||||
network inet dgram,
|
network inet dgram,
|
||||||
@ -24,30 +27,26 @@ profile dino-im @{exec_path} {
|
|||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
# Needed for GPG/PGP support
|
# Not in a subprofile because of no new privs
|
||||||
@{bin}/gpg{,2} rCx -> gpg,
|
@{bin}/gpg{,2} rix,
|
||||||
@{bin}/gpgconf rCx -> gpg,
|
@{bin}/gpgconf rix,
|
||||||
@{bin}/gpgsm rCx -> gpg,
|
@{bin}/gpgsm rix,
|
||||||
|
@{lib}/gnupg/keyboxd rix,
|
||||||
|
|
||||||
|
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
|
||||||
|
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
|
||||||
|
|
||||||
owner @{user_share_dirs}/dino/ rw,
|
owner @{user_share_dirs}/dino/ rw,
|
||||||
owner @{user_share_dirs}/dino/** rwk,
|
owner @{user_share_dirs}/dino/** rwk,
|
||||||
|
|
||||||
|
owner @{run}/user/@{uid}/gnupg/ rw,
|
||||||
|
owner @{run}/user/@{uid}/gnupg/S.keyboxd rw,
|
||||||
|
|
||||||
|
@{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
|
||||||
owner @{PROC}/@{pid}/fd/ r,
|
owner @{PROC}/@{pid}/fd/ r,
|
||||||
|
owner @{PROC}/@{pid}/mountinfo r,
|
||||||
|
|
||||||
profile gpg {
|
include if exists <local/dino>
|
||||||
include <abstractions/base>
|
|
||||||
|
|
||||||
@{bin}/gpg{,2} mr,
|
|
||||||
@{bin}/gpgconf mr,
|
|
||||||
@{bin}/gpgsm mr,
|
|
||||||
|
|
||||||
owner @{HOME}/.gnupg/ rw,
|
|
||||||
owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**,
|
|
||||||
|
|
||||||
include if exists <local/dino-im_gpg>
|
|
||||||
}
|
|
||||||
|
|
||||||
include if exists <local/dino-im>
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# vim:syntax=apparmor
|
# vim:syntax=apparmor
|
||||||
@ -87,6 +87,7 @@ cups-notifier-rss complain
|
|||||||
cups-pk-helper-mechanism complain
|
cups-pk-helper-mechanism complain
|
||||||
cupsd attach_disconnected,complain
|
cupsd attach_disconnected,complain
|
||||||
ddcutil complain
|
ddcutil complain
|
||||||
|
dino attach_disconnected,complain
|
||||||
DiscoverNotifier complain
|
DiscoverNotifier complain
|
||||||
dkms attach_disconnected,complain
|
dkms attach_disconnected,complain
|
||||||
dockerd attach_disconnected,complain
|
dockerd attach_disconnected,complain
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user