mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 16:03:51 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
b2af7a631a
apparmor.d/apparmor.d/groups/kde/sddm
Jeroen Rijken 40b171ee94 Replace shells with new sh_path variable 
Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2024-02-21 13:56:40 +00:00

204 lines
5.7 KiB
Plaintext
Raw Blame History

# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2018-2021 Mikhail Morfikov
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{bin}/sddm
profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
include <abstractions/base>
include <abstractions/authentication>
include <abstractions/bash>
include <abstractions/fontconfig-cache-read>
include <abstractions/graphics>
include <abstractions/kde-strict>
include <abstractions/nameservice-strict>
include <abstractions/qt5>
include <abstractions/wutmp>
capability audit_write,
capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
capability kill,
capability net_admin,
capability setgid,
capability setuid,
capability sys_resource,
capability sys_tty_config,
network netlink raw,
ptrace (read),
ptrace (trace) peer=@{profile_name},
signal (send) set=(term) peer=kwin_wayland,
signal (send) set=(kill, term) peer=startplasma,
signal (send) set=(term) peer=startplasma-wayland,
signal (send) set=(term) peer=sddm-greeter,
signal (send) set=(kill, term) peer=xorg,
@{exec_path} mr,
@{lib}/@{multiarch}/sddm/sddm-helper rix,
@{lib}/plasma-dbus-run-session-if-needed rix,
@{lib}/sddm/sddm-helper rix,
@{lib}/sddm/sddm-helper-start-wayland rix,
@{lib}/sddm/sddm-helper-start-x11user rix,
@{sh_path} rix,
@{bin}/cat rix,
@{bin}/checkproc rix,
@{bin}/disable-paste rix,
@{bin}/pidof rix,
@{bin}/tr rix,
@{bin}/tty rix,
@{bin}/xdm r,
@{bin}/xmodmap rix,
@{bin}/unix_chkpwd rPx,
@{bin}/dbus-run-session rPx,
@{bin}/kwin_wayland rPx,
@{bin}/sddm-greeter rPx,
@{bin}/Xorg rPx,
/etc/sddm/Xsession rPx,
@{bin}/flatpak rPx,
@{bin}/sway rPUx,
@{bin}/xauth rCx -> xauth,
@{bin}/xsetroot rPx,
@{bin}/dbus-update-activation-environment rCx -> dbus,
@{bin}/gnome-keyring-daemon rPx,
@{bin}/kwalletd5 rPx,
@{bin}/startplasma-wayland rPx,
@{bin}/startplasma-x11 rPx,
@{bin}/systemctl rPx -> child-systemctl,
@{bin}/unix_chkpwd rPx,
@{bin}/xrdb rPx,
@{bin}/xset rPx,
@{etc_ro}/X11/xdm/Xsession rPx,
/usr/etc/X11/xdm/Xsetup rix,
/usr/share/sddm/scripts/wayland-session rix,
/usr/share/sddm/scripts/Xsession rix,
/usr/share/sddm/scripts/Xsetup rix,
/usr/share/sddm/scripts/Xstop rix,
/usr/share/desktop-base/softwaves-theme/login/*.svg r,
/usr/share/icu/@{int}.@{int}/*.dat r,
/usr/share/plasma/desktoptheme/** r,
/usr/share/sddm/faces/.*.icon r,
/usr/share/sddm/themes/** r,
/usr/share/wayland-sessions/{,*.desktop} r,
/usr/share/xsessions/{,*.desktop} r,
/var/lib/AccountsService/icons/*.icon r,
/etc/X11/xinit/xinitrc.d/{,*} r,
/{usr/,}etc/environment r,
/{usr/,}etc/security/limits.d/{,*.conf} r,
/{usr/,}etc/X11/Xmodmap r,
/etc/debuginfod/{,*} r,
/etc/default/locale r,
/etc/locale.conf r,
/etc/machine-id r,
/etc/sddm.conf r,
/etc/sddm.conf.d/{,*} r,
/etc/shells r,
/etc/sysconfig/displaymanager r,
/ r,
/var/lib/lastlog/ r,
/var/lib/lastlog/* rwk,
/var/lib/sddm/state.conf rw,
owner /var/lib/sddm/.cache/sddm-greeter/qmlcache/*.jsc mrw,
owner /var/lib/sddm/.cache/sddm-greeter/qmlcache/*.qmlc mrw,
owner /var/lib/sddm/** rw,
owner @{HOME}/.local/ w,
owner @{HOME}/.Xauthority rw,
owner @{user_config_dirs}/menus/{,**} r,
owner @{user_config_dirs}/startkderc r,
owner @{user_share_dirs}/ w,
owner @{user_share_dirs}/kwalletd/ rw,
owner @{user_share_dirs}/kwalletd/kdewallet.salt rw,
owner @{user_share_dirs}/sddm/ w,
owner @{user_share_dirs}/sddm/wayland-session.log w,
owner @{user_share_dirs}/sddm/xorg-session.log w,
/tmp/sddm-* rw,
/tmp/xauth_@{rand6} rwl -> /tmp/#@{int},
owner /tmp/*/{,s} rw,
owner /tmp/#@{int} rw,
owner /tmp/sddm-auth* rw,
@{run}/faillock/[a-zA-z0-9]* rwk,
@{run}/sddm.pid rw,
@{run}/sddm/\{@{uuid}\} rw,
@{run}/sddm/#@{int} rw,
@{run}/sddm/xauth_@{rand6} rwl -> @{run}/sddm/#@{int},
@{run}/systemd/sessions/*.ref rw,
@{run}/user/@{uid}/xauth_@{rand6} rwl,
owner @{run}/sddm/ rw,
owner @{run}/user/@{uid}/ r,
owner @{run}/user/@{uid}/#@{int} rw,
owner @{run}/user/@{uid}/kwallet5.socket rw,
@{sys}/devices/system/node/ r,
@{sys}/devices/system/node/node@{int}/meminfo r,
@{PROC}/ r,
@{PROC}/uptime r,
@{PROC}/@{pids}/cmdline r,
@{PROC}/@{pids}/stat r,
@{PROC}/sys/kernel/core_pattern r,
owner @{PROC}/@{pid}/loginuid rw,
owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/uid_map r,
owner @{PROC}/1/limits r,
/dev/tty@{int} rw,
/dev/tty rw,
profile xauth {
include <abstractions/base>
@{bin}/xauth mr,
owner @{HOME}/.Xauthority-c w,
owner @{HOME}/.Xauthority-l wl -> @{HOME}/.Xauthority-c,
owner @{HOME}/.Xauthority-n rw,
owner @{HOME}/.Xauthority rwl -> @{HOME}/.Xauthority-n,
owner @{user_share_dirs}/sddm/xorg-session.log w,
owner @{run}/sddm/\{@{uuid}\}-c w,
owner @{run}/sddm/\{@{uuid}\}-l wl -> @{run}/sddm/\{@{uuid}\}-c,
owner @{run}/sddm/\{@{uuid}\}-n rw,
owner @{run}/sddm/\{@{uuid}\} rwl -> @{run}/sddm/\{@{uuid}\}-n,
include if exists <local/sddm_xauth>
}
profile dbus {
include <abstractions/base>
@{bin}/dbus-update-activation-environment mr,
owner @{user_share_dirs}/sddm/xorg-session.log w,
include if exists <local/sddm_dbus>
}
include if exists <local/sddm>
}
Reference in New Issue View Git Blame Copy Permalink