mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-05 00:41:03 +01:00
a91d199ab1
This reverts commit aa3022208f.
Space-separated list of values don't play well with aliases.
For example, in Tails, despite this alias rule:
alias / -> /lib/live/mount/rootfs/*.squashfs/,
… the Tor Browser profile denies access to
/lib/live/mount/rootfs/filesystem.squashfs/usr/share/mime/mime.cache, which
should be equivalent to /usr/share/mime/mime.cache. That's fixed by using
alternations instead; too bad they're less readable.
Possibly related:
https://bugs.launchpad.net/apparmor/+bug/888077
https://bugs.launchpad.net/apparmor/+bug/1703692
https://bugs.launchpad.net/apparmor/+bug/1703692
15 lines
819 B
Text
15 lines
819 B
Text
@{flatpak_exports_root} = {flatpak/exports,flatpak/{app,runtime}/*/*/*/*/export}
|
|
|
|
# System-wide directories with behaviour analogous to /usr/share
|
|
# in patterns like the freedesktop.org basedir spec. These are
|
|
# owned by root or a system user, appear in XDG_DATA_DIRS, and
|
|
# are the parent directory for `applications`, `themes`,
|
|
# `dbus-1/services`, etc.
|
|
@{system_share_dirs} = /{usr,usr/local,var/lib/@{flatpak_exports_root}}/share
|
|
|
|
# Per-user/personal directories with behaviour analogous to
|
|
# ~/.local/share in patterns like the freedesktop.org basedir spec.
|
|
# These are owned by the user running an application, appear in
|
|
# XDG_DATA_DIRS or XDG_DATA_HOME, and are the parent directory
|
|
# for the same subdirectories as @{system_share_dirs}
|
|
@{user_share_dirs} = @{HOME}/.local/{,share/@{flatpak_exports_root}}/share
|