felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): cleanup some rules already included in abs.

Browse source
This commit is contained in:
Alexandre Pujol 2024-03-16 21:40:35 +00:00
parent b15aaae553
commit 0c5e71f971
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
36 changed files with 20 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

1
apparmor.d/groups/gnome/gdm-session-worker
View file

@ -60,7 +60,6 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
@{exec_path} mrix,
@{bin}/gnome-keyring-daemon rPx,
@{bin}/unix_chkpwd rPx,
@{etc_ro}/X11/xdm/Xstartup rPUx,
@{lib}/{,gdm/}gdm-{x,wayland}-session rPx -> gdm-session,
/etc/gdm{3,}/{Pre,Post}Session/Default rix,

11
apparmor.d/groups/gnome/gnome-disk-image-mounter
View file

@ -10,23 +10,18 @@ include <tunables/global>
profile gnome-disk-image-mounter @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>
include <abstractions/fonts>
include <abstractions/freedesktop.org>
include <abstractions/gtk>
include <abstractions/X-strict>
include <abstractions/gnome-strict>
@{exec_path} mr,
/usr/share/X11/xkb/{,**} r,
# Allow to mount user files
owner @{HOME}/{,**} r,
owner @{MOUNTS}/{,**} r,
owner /tmp/*/{,**} r,
owner @{PROC}/@{pid}/mountinfo r,
@{run}/mount/utab r,
owner @{PROC}/@{pid}/mountinfo r,
include if exists <local/gnome-disk-image-mounter>
}

1
apparmor.d/groups/gnome/gnome-software
View file

@ -101,7 +101,6 @@ profile gnome-software @{exec_path} {
@{PROC}/@{pids}/mounts r,
@{PROC}/sys/fs/pipe-max-size r,
@{PROC}/sys/kernel/random/boot_id r,
@{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/fdinfo/@{int} r,