mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-30 23:05:11 +01:00
feat(profile): allow drkonqi to read logs.
Some checks failed
Ubuntu / check (push) Has been cancelled
Ubuntu / build (default, ubuntu-22.04) (push) Has been cancelled
Ubuntu / build (default, ubuntu-24.04) (push) Has been cancelled
Ubuntu / build (full-system-policy, ubuntu-22.04) (push) Has been cancelled
Ubuntu / build (full-system-policy, ubuntu-24.04) (push) Has been cancelled
Ubuntu / tests (push) Has been cancelled
Some checks failed
Ubuntu / check (push) Has been cancelled
Ubuntu / build (default, ubuntu-22.04) (push) Has been cancelled
Ubuntu / build (default, ubuntu-24.04) (push) Has been cancelled
Ubuntu / build (full-system-policy, ubuntu-22.04) (push) Has been cancelled
Ubuntu / build (full-system-policy, ubuntu-24.04) (push) Has been cancelled
Ubuntu / tests (push) Has been cancelled
fix #655
This commit is contained in:
Alexandre Pujol
parent
a68cd26d41
commit
feee34ef7e
2 changed files with 18 additions and 0 deletions
|
|
@ -23,18 +23,35 @@ profile drkonqi @{exec_path} {
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
@{bin}/plasmashell r,
|
||||||
@{bin}/lsb_release rPx -> lsb_release,
|
@{bin}/lsb_release rPx -> lsb_release,
|
||||||
|
|
||||||
/usr/share/drkonqi/{,**} r,
|
/usr/share/drkonqi/{,**} r,
|
||||||
|
|
||||||
|
/etc/machine-id r,
|
||||||
|
|
||||||
|
/ r,
|
||||||
|
|
||||||
owner @{user_cache_dirs}/drkonqi/ rw,
|
owner @{user_cache_dirs}/drkonqi/ rw,
|
||||||
owner @{user_cache_dirs}/drkonqi/** rwlk -> @{user_cache_dirs}/drkonqi/**,
|
owner @{user_cache_dirs}/drkonqi/** rwlk -> @{user_cache_dirs}/drkonqi/**,
|
||||||
owner @{user_cache_dirs}/kcrash-metadata/* w,
|
owner @{user_cache_dirs}/kcrash-metadata/* w,
|
||||||
|
|
||||||
|
owner @{user_config_dirs}/breezerc r,
|
||||||
owner @{user_config_dirs}/drkonqirc r,
|
owner @{user_config_dirs}/drkonqirc r,
|
||||||
|
|
||||||
|
/{run,var}/log/journal/ r,
|
||||||
|
/{run,var}/log/journal/@{hex32}/ r,
|
||||||
|
/{run,var}/log/journal/@{hex32}/system.journal r,
|
||||||
|
/{run,var}/log/journal/@{hex32}/system@@{hex32}-@{hex16}-@{hex16}.journal* r,
|
||||||
|
/{run,var}/log/journal/@{hex32}/user-@{uid}.journal r,
|
||||||
|
/{run,var}/log/journal/@{hex32}/user-@{uid}@@{hex32}-@{hex16}-@{hex16}.journal* r,
|
||||||
|
/{run,var}/log/journal/remote/ r,
|
||||||
|
|
||||||
/dev/tty r,
|
/dev/tty r,
|
||||||
|
|
||||||
|
owner @{PROC}/@{pid}/cmdline r,
|
||||||
|
owner @{PROC}/@{pid}/mountinfo r,
|
||||||
|
|
||||||
include if exists <local/drkonqi>
|
include if exists <local/drkonqi>
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,7 @@ include <tunables/global>
|
||||||
@{exec_path} += @{lib}/@{multiarch}/{,libexec/}drkonqi-coredump-processor
|
@{exec_path} += @{lib}/@{multiarch}/{,libexec/}drkonqi-coredump-processor
|
||||||
profile drkonqi-coredump-processor @{exec_path} {
|
profile drkonqi-coredump-processor @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
|
include <abstractions/consoles>
|
||||||
include <abstractions/qt5>
|
include <abstractions/qt5>
|
||||||
|
|
||||||
capability dac_override,
|
capability dac_override,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue