mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 00:14:44 +01:00
abstractions/X: Allow (only) reading X compose cache
... (/var/cache/libx11/compose/*), and deny any write attempts
Reported by darix,
https://git.nordisch.org/darix/apparmor-profiles-nordisch/-/blob/master/apparmor.d/teams
MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/685
(cherry picked from commit 78bd811e2a)
Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
Christian Boltz
John Johansen
parent
f305bb1831
commit
085d4cd0e2
1 changed files with 2 additions and 0 deletions
|
|
@ -55,6 +55,8 @@
|
|||
|
||||
# Xcompose
|
||||
owner @{HOME}/.XCompose r,
|
||||
/var/cache/libx11/compose/* r,
|
||||
deny /var/cache/libx11/compose/* wlk,
|
||||
|
||||
# mouse themes
|
||||
/etc/X11/cursors/ r,
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue