mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-15 07:54:17 +01:00
feat(abs): general update.
This commit is contained in:
parent
a1fe682e7a
commit
ff16790421
@ -3,8 +3,8 @@
|
|||||||
# Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
|
# Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
|
||||||
# SPDX-License-Identifier: GPL-2.0-only
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
@{bin}/* rPUx,
|
@{bin}/* PUx,
|
||||||
/usr/local/{s,}bin/* rPUx,
|
/usr/local/{s,}bin/* PUx,
|
||||||
|
|
||||||
@{bin}/ r,
|
@{bin}/ r,
|
||||||
/ r,
|
/ r,
|
||||||
|
@ -3,19 +3,18 @@
|
|||||||
# Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
|
# Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
|
||||||
# SPDX-License-Identifier: GPL-2.0-only
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
@{bin}/* rPUx,
|
@{bin}/* PUx,
|
||||||
/opt/*/** rPUx,
|
/opt/*/** PUx,
|
||||||
/usr/share/*/* rPUx,
|
/usr/share/*/* PUx,
|
||||||
/usr/local/bin/* rPUx,
|
/usr/local/bin/* PUx,
|
||||||
|
|
||||||
@{bin}/chromium rPx,
|
@{brave_path} Px,
|
||||||
@{brave_path} rPx,
|
@{chrome_path} Px,
|
||||||
@{chrome_path} rPx,
|
@{chromium_path} Px,
|
||||||
@{chromium_path} rPx,
|
@{firefox_path} Px,
|
||||||
@{firefox_path} rPx,
|
@{opera_path} Px,
|
||||||
@{opera_path} rPx,
|
@{thunderbird_path} Px,
|
||||||
@{thunderbird_path} rPx,
|
@{offices_path} PUx,
|
||||||
@{lib}/libreoffice/program/{soffice{,.bin},oosplash} rPUx,
|
|
||||||
|
|
||||||
@{bin}/ r,
|
@{bin}/ r,
|
||||||
/ r,
|
/ r,
|
||||||
|
@ -41,6 +41,8 @@
|
|||||||
network inet6 stream,
|
network inet6 stream,
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
|
ptrace trace peer=@{profile_name},
|
||||||
|
|
||||||
signal (send) set=(term, kill) peer=@{profile_name}-*,
|
signal (send) set=(term, kill) peer=@{profile_name}-*,
|
||||||
|
|
||||||
@{sh_path} rix,
|
@{sh_path} rix,
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
# apparmor.d - Full set of apparmor profiles
|
# apparmor.d - Full set of apparmor profiles
|
||||||
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
|
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
|
||||||
# SPDX-License-Identifier: GPL-2.0-only
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
# LOGPROF-SUGGEST: no
|
||||||
|
|
||||||
# Common rules for applications sandboxed using bwrap.
|
# Common rules for applications sandboxed using bwrap.
|
||||||
|
|
||||||
@ -40,8 +41,9 @@
|
|||||||
@{bin}/ r,
|
@{bin}/ r,
|
||||||
@{lib}/ r,
|
@{lib}/ r,
|
||||||
/usr/local/bin/ r,
|
/usr/local/bin/ r,
|
||||||
owner /@{uuid}/ w,
|
|
||||||
owner /_@{int}_/ w,
|
owner /_@{int}_/ w,
|
||||||
|
owner /@{uuid}/ w,
|
||||||
|
owner /var/cache/ldconfig/{,**} rw,
|
||||||
|
|
||||||
# Full access to user's data
|
# Full access to user's data
|
||||||
/ r,
|
/ r,
|
||||||
|
@ -5,7 +5,8 @@
|
|||||||
# Extra Mesa rules for desktop environments
|
# Extra Mesa rules for desktop environments
|
||||||
owner @{desktop_cache_dirs}/ w,
|
owner @{desktop_cache_dirs}/ w,
|
||||||
owner @{desktop_cache_dirs}/mesa_shader_cache/ rw,
|
owner @{desktop_cache_dirs}/mesa_shader_cache/ rw,
|
||||||
owner @{desktop_cache_dirs}/mesa_shader_cache/index rw,
|
|
||||||
owner @{desktop_cache_dirs}/mesa_shader_cache/@{hex2}/ rw,
|
owner @{desktop_cache_dirs}/mesa_shader_cache/@{hex2}/ rw,
|
||||||
owner @{desktop_cache_dirs}/mesa_shader_cache/@{hex2}/@{hex38} rw,
|
owner @{desktop_cache_dirs}/mesa_shader_cache/@{hex2}/@{hex38} rw,
|
||||||
owner @{desktop_cache_dirs}/mesa_shader_cache/@{hex2}/@{hex38}.tmp rwk,
|
owner @{desktop_cache_dirs}/mesa_shader_cache/@{hex2}/@{hex38}.tmp rwk,
|
||||||
|
owner @{desktop_cache_dirs}/mesa_shader_cache/index rw,
|
||||||
|
owner @{desktop_cache_dirs}/mesa_shader_cache/marker rw,
|
||||||
|
@ -15,7 +15,7 @@
|
|||||||
/etc/vulkan/implicit_layer.d/{,*.json} r,
|
/etc/vulkan/implicit_layer.d/{,*.json} r,
|
||||||
|
|
||||||
owner @{user_share_dirs}/vulkan/implicit_layer.d/{,*.json} r,
|
owner @{user_share_dirs}/vulkan/implicit_layer.d/{,*.json} r,
|
||||||
owner @{user_cache_dirs}/radv_builtin_shaders64 r, #Vulkan radv shaders cache
|
owner @{user_cache_dirs}/radv_builtin_shaders{32,64} r, # Vulkan radv shaders cache
|
||||||
|
|
||||||
@{sys}/class/ r,
|
@{sys}/class/ r,
|
||||||
@{sys}/class/drm/ r,
|
@{sys}/class/drm/ r,
|
||||||
|
Loading…
Reference in New Issue
Block a user