mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 07:54:17 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
af2c6d0716
apparmor.d/apparmor.d/abstractions/fontconfig-cache-read
Mikhail Morfikov 9eecac80a2
update apparmor profiles
2021-08-20 18:52:56 +01:00

50 lines
2.1 KiB
Plaintext
Raw Blame History

# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2018-2021 Mikhail Morfikov
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
# The fontconfig cache can be generated via the following command:
# $ fc-cache -f -v
# There's no need to give apps the ability to create cache for their own. Apps can generate the
# fontconfig cache if some cache files are missing, so if this behavior is desirable, you can use
# the "fontconfig-cache-write" abstraction.
owner @{user_cache_dirs}/fontconfig/ r,
deny @{user_cache_dirs}/fontconfig/ w,
deny @{user_cache_dirs}/fontconfig/** w,
owner @{user_cache_dirs}/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} r,
owner @{user_cache_dirs}/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,
owner @{HOME}/.fontconfig/ r,
deny @{HOME}/.fontconfig/ w,
deny @{HOME}/.fontconfig/** w,
owner @{HOME}/.fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} r,
owner @{HOME}/.fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,
/var/cache/fontconfig/ r,
deny /var/cache/fontconfig/ w,
deny /var/cache/fontconfig/** w,
/var/cache/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} r,
/var/cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,
#owner @{HOME}/.fonts/ r,
deny @{HOME}/.fonts/ w,
owner @{HOME}/.fonts/.uuid{,.NEW,.LCK,.TMP-*} r,
deny @{HOME}/.fonts/.uuid{,.NEW,.LCK,.TMP-*} w,
# This is to create .uuid file containing an UUID at a font directory. The UUID will be used to
# identify the font directory and is used to determine the cache filename if available.
# owner /usr/local/share/fonts/ r,
owner /usr/local/share/fonts/.uuid r,
deny /usr/local/share/fonts/.uuid{,.NEW,.LCK,.TMP-*} w,
/usr/share/**/.uuid r,
deny /usr/share/**/.uuid{,.NEW,.LCK,.TMP-*} w,
# For fonts downloaded via font-manager
# owner "@{user_share_dirs}/fonts/ r,
owner "@{user_share_dirs}/fonts/**/.uuid" r,
deny "@{user_share_dirs}/fonts/**/.uuid{,.NEW,.LCK,.TMP-*}" w,
include if exists <abstractions/fontconfig-cache-read.d>
Reference in New Issue View Git Blame Copy Permalink