mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-19 01:18:16 +01:00
feat(profile): use the kde-globals-write abstaction when needed.
This commit is contained in:
Alexandre Pujol
parent
1655a9f5ab
commit
f9169bc40b
5 changed files with 6 additions and 14 deletions
|
|
@ -11,6 +11,7 @@ profile firefox-kmozillahelper @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/audio-client>
|
include <abstractions/audio-client>
|
||||||
include <abstractions/graphics>
|
include <abstractions/graphics>
|
||||||
|
include <abstractions/kde-globals-write>
|
||||||
include <abstractions/kde-strict>
|
include <abstractions/kde-strict>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
include <abstractions/qt5-settings-write>
|
include <abstractions/qt5-settings-write>
|
||||||
|
|
@ -42,8 +43,6 @@ profile firefox-kmozillahelper @{exec_path} {
|
||||||
|
|
||||||
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
|
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
|
||||||
owner @{user_config_dirs}/kdedefaults/kwinrc r,
|
owner @{user_config_dirs}/kdedefaults/kwinrc r,
|
||||||
owner @{user_config_dirs}/kdeglobals r,
|
|
||||||
owner @{user_config_dirs}/kdeglobals.@{rand6} rwl,
|
|
||||||
owner @{user_config_dirs}/kmozillahelperrc r,
|
owner @{user_config_dirs}/kmozillahelperrc r,
|
||||||
owner @{user_config_dirs}/kmozillahelperrc.@{rand6} rwl,
|
owner @{user_config_dirs}/kmozillahelperrc.@{rand6} rwl,
|
||||||
owner @{user_config_dirs}/kwinrc r,
|
owner @{user_config_dirs}/kwinrc r,
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,7 @@ include <tunables/global>
|
||||||
profile xdg-desktop-portal-kde @{exec_path} {
|
profile xdg-desktop-portal-kde @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/graphics>
|
include <abstractions/graphics>
|
||||||
|
include <abstractions/kde-globals-write>
|
||||||
include <abstractions/kde-strict>
|
include <abstractions/kde-strict>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
|
|
@ -30,10 +31,8 @@ profile xdg-desktop-portal-kde @{exec_path} {
|
||||||
|
|
||||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||||
|
|
||||||
owner @{user_config_dirs}/#@{int} rw,
|
|
||||||
owner @{user_config_dirs}/autostart/org.kde.*.desktop r,
|
owner @{user_config_dirs}/autostart/org.kde.*.desktop r,
|
||||||
owner @{user_config_dirs}/breezerc r,
|
owner @{user_config_dirs}/breezerc r,
|
||||||
owner @{user_config_dirs}/kdeglobals{,.*} rwlk,
|
|
||||||
owner @{user_config_dirs}/xdg-desktop-portal-kderc{,.*} rwlk,
|
owner @{user_config_dirs}/xdg-desktop-portal-kderc{,.*} rwlk,
|
||||||
|
|
||||||
owner @{run}/user/@{uid}/xdg-desktop-portal-kde@{rand6}.*.socket rw,
|
owner @{run}/user/@{uid}/xdg-desktop-portal-kde@{rand6}.*.socket rw,
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,7 @@ profile kconf_update @{exec_path} {
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
include <abstractions/graphics>
|
include <abstractions/graphics>
|
||||||
include <abstractions/gtk>
|
include <abstractions/gtk>
|
||||||
|
include <abstractions/kde-globals-write>
|
||||||
include <abstractions/kde-strict>
|
include <abstractions/kde-strict>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
include <abstractions/perl>
|
include <abstractions/perl>
|
||||||
|
|
@ -45,7 +46,6 @@ profile kconf_update @{exec_path} {
|
||||||
|
|
||||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||||
|
|
||||||
owner @{user_config_dirs}/#@{int} rw,
|
|
||||||
owner @{user_config_dirs}/akregatorrc.lock rwk,
|
owner @{user_config_dirs}/akregatorrc.lock rwk,
|
||||||
owner @{user_config_dirs}/akregatorrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
owner @{user_config_dirs}/akregatorrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||||
owner @{user_config_dirs}/dolphinrc.lock rwk,
|
owner @{user_config_dirs}/dolphinrc.lock rwk,
|
||||||
|
|
@ -58,8 +58,6 @@ profile kconf_update @{exec_path} {
|
||||||
owner @{user_config_dirs}/kcminputrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
owner @{user_config_dirs}/kcminputrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||||
owner @{user_config_dirs}/kconf_updaterc.lock rwk,
|
owner @{user_config_dirs}/kconf_updaterc.lock rwk,
|
||||||
owner @{user_config_dirs}/kconf_updaterc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
owner @{user_config_dirs}/kconf_updaterc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||||
owner @{user_config_dirs}/kdeglobals.lock rwk,
|
|
||||||
owner @{user_config_dirs}/kdeglobals{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
|
||||||
owner @{user_config_dirs}/kglobalshortcutsrc.lock rwk,
|
owner @{user_config_dirs}/kglobalshortcutsrc.lock rwk,
|
||||||
owner @{user_config_dirs}/kglobalshortcutsrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
owner @{user_config_dirs}/kglobalshortcutsrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||||
owner @{user_config_dirs}/khotkeysrc.lock rwk,
|
owner @{user_config_dirs}/khotkeysrc.lock rwk,
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,7 @@ profile kded @{exec_path} {
|
||||||
include <abstractions/devices-usb>
|
include <abstractions/devices-usb>
|
||||||
include <abstractions/graphics>
|
include <abstractions/graphics>
|
||||||
include <abstractions/gtk>
|
include <abstractions/gtk>
|
||||||
|
include <abstractions/kde-globals-write>
|
||||||
include <abstractions/kde-strict>
|
include <abstractions/kde-strict>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
include <abstractions/wutmp>
|
include <abstractions/wutmp>
|
||||||
|
|
@ -97,7 +98,6 @@ profile kded @{exec_path} {
|
||||||
|
|
||||||
@{user_config_dirs}/kcookiejarrc.lock rwk,
|
@{user_config_dirs}/kcookiejarrc.lock rwk,
|
||||||
@{user_config_dirs}/kcookiejarrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
@{user_config_dirs}/kcookiejarrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||||
owner @{user_config_dirs}/#@{int} rw,
|
|
||||||
owner @{user_config_dirs}/baloofilerc r,
|
owner @{user_config_dirs}/baloofilerc r,
|
||||||
owner @{user_config_dirs}/bluedevilglobalrc.lock rwk,
|
owner @{user_config_dirs}/bluedevilglobalrc.lock rwk,
|
||||||
owner @{user_config_dirs}/bluedevilglobalrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
owner @{user_config_dirs}/bluedevilglobalrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||||
|
|
@ -112,8 +112,6 @@ profile kded @{exec_path} {
|
||||||
owner @{user_config_dirs}/kded{5,6}rc.lock rwk,
|
owner @{user_config_dirs}/kded{5,6}rc.lock rwk,
|
||||||
owner @{user_config_dirs}/kded{5,6}rc{,.@{rand6}} rwl,
|
owner @{user_config_dirs}/kded{5,6}rc{,.@{rand6}} rwl,
|
||||||
owner @{user_config_dirs}/kdedefaults/{,**} r,
|
owner @{user_config_dirs}/kdedefaults/{,**} r,
|
||||||
owner @{user_config_dirs}/kdeglobals.lock rwk,
|
|
||||||
owner @{user_config_dirs}/kdeglobals{,.@{rand6}} rwl,
|
|
||||||
owner @{user_config_dirs}/khotkeysrc.lock rwk,
|
owner @{user_config_dirs}/khotkeysrc.lock rwk,
|
||||||
owner @{user_config_dirs}/khotkeysrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
owner @{user_config_dirs}/khotkeysrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||||
owner @{user_config_dirs}/kioslaverc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
owner @{user_config_dirs}/kioslaverc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||||
|
|
|
||||||
|
|
@ -10,8 +10,9 @@ include <tunables/global>
|
||||||
profile startplasma @{exec_path} {
|
profile startplasma @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/audio-client>
|
include <abstractions/audio-client>
|
||||||
include <abstractions/kde-strict>
|
|
||||||
include <abstractions/bus-session>
|
include <abstractions/bus-session>
|
||||||
|
include <abstractions/kde-globals-write>
|
||||||
|
include <abstractions/kde-strict>
|
||||||
|
|
||||||
signal (receive) set=(hup) peer=@{p_systemd},
|
signal (receive) set=(hup) peer=@{p_systemd},
|
||||||
signal (receive) set=(term) peer=sddm,
|
signal (receive) set=(term) peer=sddm,
|
||||||
|
|
@ -50,13 +51,10 @@ profile startplasma @{exec_path} {
|
||||||
owner @{user_cache_dirs}/kcrash-metadata/ rw,
|
owner @{user_cache_dirs}/kcrash-metadata/ rw,
|
||||||
owner @{user_cache_dirs}/plasma-svgelements rw,
|
owner @{user_cache_dirs}/plasma-svgelements rw,
|
||||||
|
|
||||||
owner @{user_config_dirs}/#@{int} rw,
|
|
||||||
owner @{user_config_dirs}/gtkrc{,*} rwlk,
|
owner @{user_config_dirs}/gtkrc{,*} rwlk,
|
||||||
owner @{user_config_dirs}/kcminputrc r,
|
owner @{user_config_dirs}/kcminputrc r,
|
||||||
owner @{user_config_dirs}/kdedefaults/ rw,
|
owner @{user_config_dirs}/kdedefaults/ rw,
|
||||||
owner @{user_config_dirs}/kdedefaults/** rwkl -> @{user_config_dirs}/kdedefaults/**,
|
owner @{user_config_dirs}/kdedefaults/** rwkl -> @{user_config_dirs}/kdedefaults/**,
|
||||||
owner @{user_config_dirs}/kdeglobals.lock rwk,
|
|
||||||
owner @{user_config_dirs}/kdeglobals{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
|
||||||
owner @{user_config_dirs}/ksplashrc r,
|
owner @{user_config_dirs}/ksplashrc r,
|
||||||
owner @{user_config_dirs}/kwinkdeglobalsrc.lock rwk,
|
owner @{user_config_dirs}/kwinkdeglobalsrc.lock rwk,
|
||||||
owner @{user_config_dirs}/menus/{,**} r,
|
owner @{user_config_dirs}/menus/{,**} r,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue