felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): cleanup some rules already included in abs.

Browse source
This commit is contained in:
Alexandre Pujol 2024-03-16 21:40:35 +00:00
parent b15aaae553
commit 0c5e71f971
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
36 changed files with 20 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

1
apparmor.d/groups/kde/baloo
View file

@ -41,7 +41,6 @@ profile baloo @{exec_path} {
owner @{user_share_dirs}/baloo/{,**} rwk,
@{PROC}/sys/kernel/core_pattern r,
@{PROC}/sys/kernel/random/boot_id r,
owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/mountinfo r,

1
apparmor.d/groups/kde/dolphin
View file

@ -87,7 +87,6 @@ profile dolphin @{exec_path} {
owner @{run}/user/@{uid}/#@{int} rw,
@{PROC}/sys/kernel/core_pattern r,
@{PROC}/sys/kernel/random/boot_id r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/mounts r,

2
apparmor.d/groups/kde/gmenudbusmenuproxy
View file

@ -24,7 +24,5 @@ profile gmenudbusmenuproxy @{exec_path} {
owner @{user_config_dirs}/gtk-{2,3}.0/settings.ini{,.@{rand6}} rwl,
owner @{user_config_dirs}/gtk-{2,3}.0/settings.ini.lock rwk,
@{PROC}/sys/kernel/random/boot_id r,
include if exists <local/gmenudbusmenuproxy>
}

1
apparmor.d/groups/kde/kactivitymanagerd
View file

@ -38,7 +38,6 @@ profile kactivitymanagerd @{exec_path} {
owner @{user_share_dirs}/recently-used.xbel r,
@{PROC}/sys/kernel/core_pattern r,
@{PROC}/sys/kernel/random/boot_id r,
/dev/tty r,

1
apparmor.d/groups/kde/kde-powerdevil
View file

@ -65,7 +65,6 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted)
@{PROC}/@{pid}/fd/ r,
@{PROC}/@{pid}/mounts r,
@{PROC}/sys/kernel/core_pattern r,
@{PROC}/sys/kernel/random/boot_id r,
/dev/tty rw,
/dev/rfkill r,

1
apparmor.d/groups/kde/kded
View file

@ -154,7 +154,6 @@ profile kded @{exec_path} {
@{PROC}/@{pids}/fd/info/@{int} r,
@{PROC}/sys/fs/inotify/max_user_{instances,watches} r,
@{PROC}/sys/kernel/core_pattern r,
@{PROC}/sys/kernel/random/boot_id r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/mounts r,

2
apparmor.d/groups/kde/ksmserver-logout-greeter
View file

@ -17,7 +17,6 @@ profile ksmserver-logout-greeter @{exec_path} flags=(attach_disconnected) {
include <abstractions/mesa>
include <abstractions/nameservice-strict>
include <abstractions/qt5-shader-cache>
include <abstractions/qt5>
@{exec_path} mr,
@ -60,7 +59,6 @@ profile ksmserver-logout-greeter @{exec_path} flags=(attach_disconnected) {
@{PROC}/sys/dev/i915/perf_stream_paranoid r,
@{PROC}/sys/kernel/core_pattern r,
@{PROC}/sys/kernel/random/boot_id r,
include if exists <local/ksmserver-logout-greeter>
}

1
apparmor.d/groups/kde/kwalletmanager
View file

@ -46,7 +46,6 @@ profile kwalletmanager @{exec_path} {
@{PROC}/@{pid}/mountinfo r,
@{PROC}/@{pid}/mounts r,
@{PROC}/sys/kernel/core_pattern r,
@{PROC}/sys/kernel/random/boot_id r,
owner @{PROC}/@{pid}/cmdline r,
/dev/shm/ r,

3
apparmor.d/groups/kde/kwin_wayland
View file

@ -73,7 +73,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
owner @{user_cache_dirs}/kwin/qmlcache/*.qmlc rw,
owner @{user_cache_dirs}/kwin/qmlcache/*.qmlc.@{rand6} rwl -> @{user_cache_dirs}/kwin/qmlcache/#@{int},
owner @{user_cache_dirs}/kwin/qmlcache/#@{int} rw,
owner @{user_cache_dirs}/plasma_theme_default_v*.kcache rw,
owner @{user_cache_dirs}/plasma_theme_*.kcache rw,
owner @{user_cache_dirs}/plasma-svgelements rw,
owner @{user_cache_dirs}/plasma-svgelements.@{rand6} rwl -> @{user_cache_dirs}/#@{int},
owner @{user_cache_dirs}/plasma-svgelements.lock rwk,
@ -118,7 +118,6 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
@{PROC}/@{pid}/task/@{tid}/comm rw,
@{PROC}/sys/kernel/core_pattern r,
@{PROC}/sys/kernel/random/boot_id r,
/dev/input/event@{int} rw,
/dev/tty r,

3
apparmor.d/groups/kde/kwin_x11
View file

@ -41,8 +41,9 @@ profile kwin_x11 @{exec_path} {
owner @{user_cache_dirs}/kwin/{,**} rwl,
owner @{user_cache_dirs}/plasmarc r,
owner @{user_cache_dirs}/plasma_theme_*.kcache rw,
owner @{user_cache_dirs}/plasma-svgelements rw,
owner @{user_cache_dirs}/plasma-svgelements.@{rand6} rwl -> @{user_cache_dirs}/#@{int},
owner @{user_cache_dirs}/plasma-svgelements.lock rwk,
owner @{user_cache_dirs}/plasma-svgelements{,.@{rand6}} rwl,
owner @{user_cache_dirs}/session/#@{int} rw,
owner @{user_config_dirs}/#@{int} rw,

1
apparmor.d/groups/kde/plasma-discover
View file

@ -99,7 +99,6 @@ profile plasma-discover @{exec_path} {
owner @{run}/user/@{uid}/discover@{rand6}.* rwl -> @{run}/user/@{uid}/#@{int},
@{PROC}/sys/kernel/core_pattern r,
@{PROC}/sys/kernel/random/boot_id r,
owner @{PROC}/@{pid}/mountinfo r,
/dev/tty r,

8
apparmor.d/groups/kde/plasmashell
View file

@ -108,12 +108,15 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
owner @{user_cache_dirs}/bookmarksrunner/** rwkl -> @{user_cache_dirs}/bookmarksrunner/#@{int},
owner @{user_cache_dirs}/icon-cache.kcache rw,
owner @{user_cache_dirs}/kcrash-metadata/plasmashell.*.ini w,
owner @{user_cache_dirs}/ksvg-elements* rwlk -> @{user_cache_dirs}/#@{int},
owner @{user_cache_dirs}/ksvg-elements rw,
owner @{user_cache_dirs}/ksvg-elements.@{rand6} rwlk -> @{user_cache_dirs}/#@{int},
owner @{user_cache_dirs}/ksvg-elements.lock rwlk,
owner @{user_cache_dirs}/ksycoca{5,6}_* rwlk -> @{user_cache_dirs}/#@{int},
owner @{user_cache_dirs}/org.kde.dirmodel-qml.kcache rw,
owner @{user_cache_dirs}/plasma_theme_*.kcache rw,
owner @{user_cache_dirs}/plasma-svgelements rw,
owner @{user_cache_dirs}/plasma-svgelements.@{rand6} rwl -> @{user_cache_dirs}/#@{int},
owner @{user_cache_dirs}/plasma-svgelements.lock rwk,
owner @{user_cache_dirs}/plasma-svgelements{,.@{rand6}} rwlk -> @{user_cache_dirs}/#@{int},
owner @{user_cache_dirs}/plasmashell/ rw,
owner @{user_cache_dirs}/plasmashell/** rwkl -> @{user_cache_dirs}/plasmashell/**,
owner @{user_cache_dirs}/org.kde.*/ rw,
@ -191,7 +194,6 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
@{PROC}/diskstats r,
@{PROC}/loadavg r,
@{PROC}/sys/kernel/core_pattern r,
@{PROC}/sys/kernel/random/boot_id r,
@{PROC}/uptime r,
@{PROC}/vmstat r,
owner @{PROC}/@{pid}/{cgroup,cmdline,stat,statm} r,

7
apparmor.d/groups/kde/sddm-greeter
View file

@ -38,7 +38,6 @@ profile sddm-greeter @{exec_path} {
/usr/share/hunspell/** r,
/etc/fstab r,
/etc/machine-id r,
/etc/sddm.conf r,
/etc/sddm.conf.d/{,*} r,
/etc/xdg/plasmarc r,
@ -53,7 +52,9 @@ profile sddm-greeter @{exec_path} {
owner @{user_cache_dirs}/ rw,
owner @{user_cache_dirs}/icon-cache.kcache rw,
owner @{user_cache_dirs}/plasma_theme_*.kcache rw,
owner @{user_cache_dirs}/plasma-svgelements-* rw,
owner @{user_cache_dirs}/plasma-svgelements rw,
owner @{user_cache_dirs}/plasma-svgelements.@{rand6} rw,
owner @{user_cache_dirs}/plasma-svgelements.lock rwk,
owner @{user_cache_dirs}/sddm-greeter/{,**} rwl,
owner @{user_config_dirs}/plasmarc r,
@ -68,9 +69,9 @@ profile sddm-greeter @{exec_path} {
owner @{run}/sddm/{,*} rw,
@{PROC}/sys/kernel/core_pattern r,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/mounts r,
@{PROC}/sys/kernel/core_pattern r,
include if exists <local/sddm-greeter>
}

1
apparmor.d/groups/kde/startplasma
View file

@ -66,7 +66,6 @@ profile startplasma @{exec_path} {
owner @{run}/user/@{uid}/ r,
@{PROC}/sys/kernel/core_pattern r,
@{PROC}/sys/kernel/random/boot_id r,
/dev/tty r,
/dev/tty@{int} rw,