mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-12-25 06:27:49 +01:00
Compare commits
5 commits
edaa45067a
...
f8fc1aa387
Author | SHA1 | Date | |
---|---|---|---|
|
f8fc1aa387 | ||
|
cf1d7504f4 | ||
|
b35c2a0abf | ||
|
01c1562e7c | ||
|
7167de932c |
4 changed files with 8 additions and 15 deletions
|
@ -7,8 +7,8 @@ abi <abi/4.0>,
|
|||
|
||||
include <tunables/global>
|
||||
|
||||
@{name} = firefox{,.sh,-esr,-bin}
|
||||
@{lib_dirs} = @{lib}/@{name} /opt/@{name}
|
||||
@{name} = firefox{,-esr,-bin}
|
||||
@{lib_dirs} = @{lib}/firefox{,-esr,-beta,-devedition,-nightly} /opt/@{name}
|
||||
@{config_dirs} = @{HOME}/.mozilla/
|
||||
@{cache_dirs} = @{user_cache_dirs}/mozilla/
|
||||
|
||||
|
@ -59,9 +59,8 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
|
|||
owner @{user_share_dirs}/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml.* rw,
|
||||
|
||||
owner @{tmp}/.xfsm-ICE-@{rand6} rw,
|
||||
owner @{tmp}/@{rand6}.tmp r,
|
||||
owner @{tmp}/@{rand8}.txt w,
|
||||
owner @{tmp}/* w, # file downloads (to anywhere)
|
||||
owner @{tmp}/@{rand8}.* rw, # file downloads (to anywhere)
|
||||
owner @{tmp}/@{uuid}.zip{,.tmp} rw,
|
||||
owner @{tmp}/Mozilla@{uuid}-cachePurge-{@{hex15},@{hex16}} rwk,
|
||||
owner @{tmp}/mozilla* rw,
|
||||
owner @{tmp}/mozilla*/ rw,
|
||||
|
|
|
@ -94,7 +94,7 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
|
|||
owner @{user_download_dirs}/{,**} rwl,
|
||||
owner @{user_sync_dirs}/{,**} rwl,
|
||||
|
||||
owner @{HOME}/@{XDG_SSH_DIR}/authorized_keys{,.*} r,
|
||||
@{HOME}/@{XDG_SSH_DIR}/authorized_keys{,.*} r,
|
||||
owner @{user_cache_dirs}/{,motd*} rw,
|
||||
|
||||
@{att}/@{run}/systemd/sessions/@{int}.ref rw,
|
||||
|
|
|
@ -24,6 +24,7 @@ profile systemd-tty-ask-password-agent @{exec_path} {
|
|||
|
||||
@{run}/systemd/ask-password-block/{,*} rw,
|
||||
@{run}/systemd/ask-password/{,*} rw,
|
||||
@{run}/user/@{uid}/systemd/ask-password/ rw,
|
||||
@{run}/utmp rk,
|
||||
|
||||
@{PROC}/@{pids}/stat r,
|
||||
|
|
|
@ -18,19 +18,12 @@ profile sensors @{exec_path} {
|
|||
/etc/sensors.d/{,*} r,
|
||||
/etc/sensors3.conf r,
|
||||
|
||||
@{sys}/bus/i2c/devices/ r,
|
||||
@{sys}/class/hwmon/ r,
|
||||
@{sys}/class/i2c-adapter/ r,
|
||||
@{sys}/devices/**/hwmon*/{,**/} r,
|
||||
@{sys}/devices/**/hwmon*/{in[0-9]_label,in[0-9]_min,in[0-9]_max} r,
|
||||
@{sys}/devices/**/hwmon*/{name,temp*,*_input} r,
|
||||
@{sys}/devices/**/hwmon*/**/{name,temp*,*_input} r,
|
||||
@{sys}/devices/**/hwmon/hwmon@{int}/power@{int}_crit r,
|
||||
@{sys}/devices/**/hwmon/hwmon@{int}/fan@{int}_{label,max,min} r,
|
||||
@{sys}/devices/{,platform/*.{i2c,hdmi}/}i2c-@{int}/name r,
|
||||
@{sys}/devices/@{pci}/name r,
|
||||
@{sys}/devices/platform/**/power_supply/**/hwmon@{int}/curr1_max r,
|
||||
@{sys}/devices/virtual/hwmon/hwmon@{int}/ r,
|
||||
@{sys}/devices/virtual/hwmon/hwmon@{int}/{name,temp*} r,
|
||||
@{sys}/devices/**/hwmon*/** r,
|
||||
|
||||
# file_inherit
|
||||
deny @{PROC}/@{pid}/net/dev r,
|
||||
|
|
Loading…
Reference in a new issue