felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update apparmor profiles

Browse source 
Adpated to the apparmor.d structure.

Signed-off-by: Mikhail Morfikov <mmorfikov@gmail.com>
This commit is contained in:
Mikhail Morfikov 2021-04-10 08:11:07 +02:00 committed by Alexandre Pujol
parent c1e2b1d15e
commit 0573b2d996
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
29 changed files with 534 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

25
apparmor.d/abstractions/trash
View file

@ -49,3 +49,28 @@
owner /{media,mnt}/*/.Trash-[0-9]*/expunged/[0-9]* rw,
owner /{media,mnt}/*/.Trash-[0-9]*/expunged/[0-9]*/ rw,
owner /{media,mnt}/*/.Trash-[0-9]*/expunged/[0-9]*/** rw,
# Removable media's trash location when the admin creates the .Trash/ folder in the top lvl dir
owner /{media,mnt}/*/*/.Trash/ rw,
owner /{media,mnt}/*/*/.Trash/[0-9]*/ rw,
owner /{media,mnt}/*/*/.Trash/[0-9]*/#[0-9]*[0-9] rw,
owner /{media,mnt}/*/*/.Trash/[0-9]*/directorysizes{,.*} rwl -> /{media,mnt}/*/.Trash/[0-9]*/#[0-9]*[0-9],
owner /{media,mnt}/*/*/.Trash/[0-9]*/files/{,**} rw,
owner /{media,mnt}/*/*/.Trash/[0-9]*/info/ rw,
owner /{media,mnt}/*/*/.Trash/[0-9]*/info/*.trashinfo{,.*} rw,
owner /{media,mnt}/*/*/.Trash/[0-9]*/expunged/ rw,
owner /{media,mnt}/*/*/.Trash/[0-9]*/expunged/[0-9]* rw,
owner /{media,mnt}/*/*/.Trash/[0-9]*/expunged/[0-9]*/ rw,
owner /{media,mnt}/*/*/.Trash/[0-9]*/expunged/[0-9]*/** rw,
# Removable media's trash location when the admin doesn't create the .Trash/ folder in the top lvl dir
owner /{media,mnt}/*/*/.Trash-[0-9]*/ rw,
owner /{media,mnt}/*/*/.Trash-[0-9]*/#[0-9]*[0-9] rw,
owner /{media,mnt}/*/*/.Trash-[0-9]*/directorysizes{,.*} rwl -> /{media,mnt}/*/.Trash-[0-9]*/#[0-9]*[0-9],
owner /{media,mnt}/*/*/.Trash-[0-9]*/files/{,**} rw,
owner /{media,mnt}/*/*/.Trash-[0-9]*/info/ rw,
owner /{media,mnt}/*/*/.Trash-[0-9]*/info/*.trashinfo{,.*} rw,
owner /{media,mnt}/*/*/.Trash-[0-9]*/expunged/ rw,
owner /{media,mnt}/*/*/.Trash-[0-9]*/expunged/[0-9]* rw,
owner /{media,mnt}/*/*/.Trash-[0-9]*/expunged/[0-9]*/ rw,
owner /{media,mnt}/*/*/.Trash-[0-9]*/expunged/[0-9]*/** rw,

8
apparmor.d/abstractions/user-download-strict
View file

@ -5,16 +5,16 @@
abi <abi/3.0>,
owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ r,
owner @{HOME}/@{XDG_DOWNLOAD_DIR}/** rwl,
owner @{HOME}/@{XDG_DOWNLOAD_DIR}/** rwkl,
owner /media/*/@{XDG_DOWNLOAD_DIR}/ r,
owner /media/*/@{XDG_DOWNLOAD_DIR}/** rwl,
owner /media/*/@{XDG_DOWNLOAD_DIR}/** rwkl,
owner /mnt/*/@{XDG_DOWNLOAD_DIR}/ r,
owner /mnt/*/@{XDG_DOWNLOAD_DIR}/** rwl,
owner /mnt/*/@{XDG_DOWNLOAD_DIR}/** rwkl,
owner @{HOME}/@{XDG_DESKTOP_DIR}/ r,
owner @{HOME}/@{XDG_DESKTOP_DIR}/** rwl,
owner @{HOME}/@{XDG_DESKTOP_DIR}/** rwkl,
# For SSHFS mounts (without owner as files in such mounts can be owned by different users)
@{HOME}/mount-sshfs/ r,