felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2022-06-26 23:05:09 +01:00
parent e087349662
commit 08beefe867
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
16 changed files with 47 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/groups/gnome/gnome-calculator-search-provider
View file

@ -9,9 +9,10 @@ include <tunables/global>
@{exec_path} = @{libexec}/gnome-calculator-search-provider
profile gnome-calculator-search-provider @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session-strict>
include <abstractions/dconf-write>
include <abstractions/gtk>
include <abstractions/fonts>
include <abstractions/gtk>
signal (send) set=kill peer=unconfined,
@ -23,6 +24,7 @@ profile gnome-calculator-search-provider @{exec_path} {
/usr/share/icons/{,**} r,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{run}/user/@{uid}/wayland-[0-9]* rw,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pids}/cmdline r,

1
apparmor.d/groups/gnome/gnome-control-center
View file

@ -148,6 +148,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/users/@{uid} r,
@{run}/systemd/sessions/ r,
@{run}/systemd/sessions/* r,
@{run}/cups/cups.sock rw,
@{run}/udev/data/+dmi:* r,
@{run}/udev/data/+input* r, # for mouse, keyboard, touchpad

7
apparmor.d/groups/gnome/gnome-control-center-search-provider
View file

@ -9,17 +9,22 @@ include <tunables/global>
@{exec_path} = @{libexec}/gnome-control-center-search-provider
profile gnome-control-center-search-provider @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session-strict>
include <abstractions/dconf-write>
include <abstractions/fonts>
include <abstractions/freedesktop.org>
include <abstractions/gtk>
include <abstractions/fonts>
@{exec_path} mr,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/ubuntu/applications/{,**} r,
/usr/share/X11/xkb/{,**} r,
/etc/gnome/defaults.list r,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{run}/user/@{uid}/wayland-[0-9]* rw,
include if exists <local/gnome-control-center-search-provider>
}

3
apparmor.d/groups/gnome/gnome-terminal-server
View file

@ -20,7 +20,8 @@ profile gnome-terminal-server @{exec_path} {
@{exec_path} mr,
# The shell is not confined on purpose.
/{usr/,}bin/{,z,ba,da}sh rUx,
/{usr/,}bin/{,b,d,rb}ash rUx,
/{usr/,}bin/{c,k,tc,z}sh rUx,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/X11/xkb/{,**} r,

10
apparmor.d/groups/gnome/seahorse
View file

@ -16,11 +16,21 @@ profile seahorse @{exec_path} {
include <abstractions/p11-kit>
include <abstractions/ssl_certs>
dbus send bus=system path=/
interface=org.freedesktop.DBus.Peer
member=Ping
peer=(name=org.freedesktop.Avahi),
dbus send bus=system path=/
interface=org.freedesktop.Avahi.Server
member={GetAPIVersion,GetState,ServiceBrowserNew}
peer=(name=org.freedesktop.Avahi),
dbus send bus=system path=/Client[0-9]*/ServiceBrowser[0-9]*
interface=org.freedesktop.Avahi.ServiceBrowser
member=Free
peer=(name=org.freedesktop.Avahi),
dbus receive bus=system path=/Client[0-9]*/ServiceBrowser[0-9]*
interface=org.freedesktop.Avahi.ServiceBrowser
member={CacheExhausted,AllForNow},