mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 16:03:51 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
e9b8e62fcd
apparmor.d/profiles/abstractions/fontconfig-cache-read
Alexandre Pujol e9b8e62fcd
apparmor.d -> profiles
2021-04-01 16:02:59 +01:00

50 lines
2.2 KiB
Plaintext
Raw Blame History

# vim:syntax=apparmor
# ------------------------------------------------------------------
#
# Copyright (C) 2018-2021 Mikhail Morfikov
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
abi <abi/3.0>,
# The fontconfig cache can be generated via the following command:
# $ fc-cache -f -v
# There's no need to give apps the ability to create cache for their own. Apps can generate the
# fontconfig cache if some cache files are missing, so if this behavior is desirable, you can use
# the "fontconfig-cache-write" abstraction.
owner @{HOME}/.cache/fontconfig/ r,
deny @{HOME}/.cache/fontconfig/ w,
deny @{HOME}/.cache/fontconfig/** w,
owner @{HOME}/.cache/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} r,
owner @{HOME}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,
owner @{HOME}/.fontconfig/ r,
deny @{HOME}/.fontconfig/ w,
deny @{HOME}/.fontconfig/** w,
owner @{HOME}/.fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} r,
owner @{HOME}/.fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,
/var/cache/fontconfig/ r,
deny /var/cache/fontconfig/ w,
deny /var/cache/fontconfig/** w,
/var/cache/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} r,
/var/cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,
# This is to create .uuid file containing an UUID at a font directory. The UUID will be used to
# identify the font directory and is used to determine the cache filename if available.
owner /usr/local/share/fonts/.uuid r,
deny /usr/local/share/fonts/.uuid{,.NEW,.LCK,.TMP-*} w,
/usr/share/**/.uuid r,
deny /usr/share/**/.uuid{,.NEW,.LCK,.TMP-*} w,
# For Google Fonts downloaded via font-manager
owner "@{HOME}/.local/share/fonts/Google Fonts/.uuid" r,
deny "@{HOME}/.local/share/fonts/Google Fonts/.uuid{,.NEW,.LCK,.TMP-*}" w,
owner "@{HOME}/.local/share/fonts/Google Fonts/**/.uuid" r,
deny "@{HOME}/.local/share/fonts/Google Fonts/**/.uuid{,.NEW,.LCK,.TMP-*}" w,
Reference in New Issue View Git Blame Copy Permalink