felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(tunable): unify some XDG and user dirs varibale name.

Browse source
This commit is contained in:
Alexandre Pujol 2024-11-21 20:59:06 +00:00
parent cb86f1c076
commit 044f80b1db
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
11 changed files with 77 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

12
apparmor.d/profiles-m-r/pass
View file

@ -59,7 +59,7 @@ profile pass @{exec_path} {
/usr/share/terminfo/** r,
owner @{user_password_store_dirs}/{,**} rw,
owner @{user_passwordstore_dirs}/{,**} rw,
owner /dev/shm/pass.@{rand}/{,*} rw,
@{sys}/devices/system/node/ r,
@ -88,7 +88,7 @@ profile pass @{exec_path} {
/tmp/ r,
owner @{user_password_store_dirs}/{,**/} r,
owner @{user_passwordstore_dirs}/{,**/} r,
owner /dev/shm/pass.@{rand}/{,*} rw,
@ -120,8 +120,8 @@ profile pass @{exec_path} {
owner @{HOME}/.gitconfig r,
owner @{user_config_dirs}/git/{,*} r,
owner @{user_password_store_dirs}/ rw,
owner @{user_password_store_dirs}/** rwkl -> @{HOME}/.password-store/**,
owner @{user_passwordstore_dirs}/ rw,
owner @{user_passwordstore_dirs}/** rwkl -> @{HOME}/.password-store/**,
owner @{tmp}/.git_vtag_tmp@{rand6} rw, # For git log --show-signature
owner /dev/shm/pass.@{rand}/.git_vtag_tmp@{rand6} rw,
@ -142,8 +142,8 @@ profile pass @{exec_path} {
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
owner @{user_password_store_dirs}/ rw,
owner @{user_password_store_dirs}/** rwkl -> @{HOME}/.password-store/**,
owner @{user_passwordstore_dirs}/ rw,
owner @{user_passwordstore_dirs}/** rwkl -> @{HOME}/.password-store/**,
owner /dev/shm/pass.@{rand}/* rw,
owner @{tmp}/.git_vtag_tmp@{rand6} rw, # For git log --show-signature

2
apparmor.d/profiles-m-r/pass-import
View file

@ -33,7 +33,7 @@ profile pass-import @{exec_path} {
/usr/share/file/misc/magic.mgc r,
owner @{user_password_store_dirs}/{,**} rw,
owner @{user_passwordstore_dirs}/{,**} rw,
owner @{tmp}/[a-zA-Z0-9]* rw,

16
apparmor.d/profiles-m-r/protonmail-bridge-core
View file

@ -5,7 +5,7 @@
# To force the use of the Gnome Keyring or Kwallet secret-service, add the
# following lines in your local/protonmail-bridge-core file:
# deny @{bin}/pass x,
# deny owner @{user_password_store_dirs}/** r,
# deny owner @{user_passwordstore_dirs}/** r,
abi <abi/4.0>,
@ -30,8 +30,8 @@ profile protonmail-bridge-core @{exec_path} {
/etc/lsb-release r,
/etc/machine-id r,
owner @{user_password_store_dirs}/docker-credential-helpers/{,**} r,
owner @{user_password_store_dirs}/protonmail-credentials/{,**} r,
owner @{user_passwordstore_dirs}/docker-credential-helpers/{,**} r,
owner @{user_passwordstore_dirs}/protonmail-credentials/{,**} r,
owner @{user_cache_dirs}/protonmail/{,**} rwk,
owner @{user_config_dirs}/protonmail/{,**} rwk,
@ -48,7 +48,7 @@ profile protonmail-bridge-core @{exec_path} {
@{PROC}/sys/net/core/somaxconn r,
deny @{bin}/pass x,
deny owner @{user_password_store_dirs}/** r,
deny owner @{user_passwordstore_dirs}/** r,
profile pass {
include <abstractions/base>
@ -72,10 +72,10 @@ profile protonmail-bridge-core @{exec_path} {
@{bin}/tty rix,
@{bin}/which rix,
owner @{user_password_store_dirs}/ r,
owner @{user_password_store_dirs}/.gpg-id r,
owner @{user_password_store_dirs}/protonmail-credentials/{,**} rw,
deny owner @{user_password_store_dirs}/**/ r,
owner @{user_passwordstore_dirs}/ r,
owner @{user_passwordstore_dirs}/.gpg-id r,
owner @{user_passwordstore_dirs}/protonmail-credentials/{,**} rw,
deny owner @{user_passwordstore_dirs}/**/ r,
/dev/tty rw,