mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-06 17:31:01 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/profiles/apparmor.d/abstractions/kde
Vincas Dargis 0f30a59021 kde: fix global settings access for Kubuntu and openSUSE 
On Kubuntu, these denies are being produced:
```
type=AVC msg=audit(1549301888.419:91): apparmor="DENIED" operation="open"
profile="qtox"
name="/usr/share/kubuntu-default-settings/kf5-settings/kdeglobals" pid=1603
comm="qtox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

type=AVC msg=audit(1549301964.008:126): apparmor="DENIED" operation="open"
profile="qtox" name="/usr/share/kubuntu-default-settings/kf5-settings/breezerc"
pid=1822 comm="qtox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

type=AVC msg=audit(1549302031.194:155): apparmor="DENIED" operation="open"
profile="qtox"
name="/usr/share/kubuntu-default-settings/kf5-settings/baloofilerc" pid=1899
comm="qtox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
```

Meanwhile, on openSUSE:
```
type=AVC msg=audit(1549302286.921:205): apparmor="DENIED" operation="open" profile="qtox" name="/etc/xdg/kdeglobals" pid=12781 comm="qtox" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
```

Add read only rules for allowing access to global KDE settings.
2019-02-05 18:46:39 +02:00

80 lines
2.8 KiB
Text
Raw Blame History

# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
# Copyright (C) 2009-2011 Canonical Ltd.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
#include <abstractions/base>
#include <abstractions/fonts>
#include <abstractions/X>
#include <abstractions/freedesktop.org>
#include <abstractions/xdg-desktop>
#include <abstractions/user-tmp>
#include <abstractions/qt5>
/etc/qt3/kstylerc r,
/etc/qt3/qt_plugins_3.3rc r,
/etc/qt3/qtrc r,
/etc/kderc r,
/etc/kde3/* r,
/etc/kde4rc r,
/etc/xdg/kdeglobals r,
/etc/xdg/Trolltech.conf r,
/usr/share/knotifications5/*.notifyrc r, # KNotification::sendEvent()
/usr/share/kubuntu-default-settings/kf5-settings/* r,
owner @{HOME}/.DCOPserver_* r,
owner @{HOME}/.ICEauthority r,
owner @{HOME}/.fonts.* lrw,
owner @{HOME}/.kde{,4}/share/config/kdeglobals rw,
owner @{HOME}/.kde{,4}/share/config/*.lock rwl,
owner @{HOME}/.qt/** rw,
owner @{HOME}/.cache/ksycoca5_??_* r, # KDE System Configuration Cache
owner @{HOME}/.config/Trolltech.conf rwk,
owner @{HOME}/.config/baloofilerc r, # indexing options (excludes, etc), used by KFileWidget
owner @{HOME}/.config/dolphinrc r, # settings used by KFileWidget
owner @{HOME}/.config/kde.org/libphonon.conf r, # for KNotifications::sendEvent()
owner @{HOME}/.config/kdeglobals r, # global settings, used by Breeze style, etc.
owner @{HOME}/.config/klanguageoverridesrc r, # per-application languages, for KDEPrivate::initializeLanguages() from libKF5XmlGui.so
owner @{HOME}/.config/trashrc r, # Used by KFileWidget
/usr/share/X11/XKeysymDB r,
# kde3
/usr/lib*/kde3/plugins/styles/ r,
/usr/lib*/kde3/plugins/styles/* mr,
/usr/lib*/kde3/lib*so* mr,
/usr/lib/@{multiarch}/kde3/plugins/styles/ r,
/usr/lib/@{multiarch}/kde3/plugins/styles/* mr,
/usr/lib/@{multiarch}/kde3/lib*so* mr,
/usr/lib*/qt3/lib*/lib*so* mr,
/usr/lib*/qt3/plugins/** mr,
/usr/lib/@{multiarch}/qt3/lib*/lib*so* mr,
/usr/lib/@{multiarch}/qt3/plugins/** mr,
/usr/lib*/libqt-mt*so* mr,
/usr/lib*/libqui*so* mr,
/usr/lib/@{multiarch}/libqt-mt*so* mr,
/usr/lib/@{multiarch}/libqui*so* mr,
/usr/share/qt3/lib*/libqt-mt*so* mr,
/usr/share/qt3/lib*/libqui*so* mr,
# kde4
/usr/lib*/kde4/plugins/*/*.so mr,
/usr/lib*/kde4/plugins/*/ r,
/usr/lib*/kde4/lib*so* mr,
/usr/lib/@{multiarch}/kde4/plugins/*/*.so mr,
/usr/lib/@{multiarch}/kde4/plugins/*/ r,
/usr/lib/@{multiarch}/kde4/lib*so* mr,
/usr/lib*/qt4/lib*/lib*so* mr,
/usr/lib*/qt4/plugins/** mr,
/usr/lib/@{multiarch}/qt4/lib*/lib*so* mr,
/usr/lib/@{multiarch}/qt4/plugins/** mr,
/usr/share/qt4/** r,
# Include additions to the abstraction
#include if exists <abstractions/kde.d>
Reference in a new issue View git blame Copy permalink