felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles) add initial support for ubuntu 22.04

Browse source
This commit is contained in:
Alexandre Pujol 2022-05-21 16:49:45 +01:00
parent 3ac7d41bf5
commit 0dbe0d2790
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
33 changed files with 253 additions and 121 deletions
Download patch file Download diff file Expand all files Collapse all files

52
apparmor.d/groups/gnome/gnome-shell
View file

@ -44,6 +44,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
@{libexec}/polkit-1/polkit* rPx,
@{libexec}/* rPUx,
/opt/*/**/*.png r,
/usr/share/backgrounds/{,**} r,
/usr/share/dconf/profile/gdm r,
/usr/share/desktop-directories/{,*.directory} r,
@ -57,29 +58,40 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
/usr/share/libinput/ r,
/usr/share/libinput/[0-9][0-9]-*.quirks r,
/usr/share/libwacom/{,*.stylus,*.tablet} r,
/usr/share/plymouth/*.png r,
/usr/share/ubuntu/applications/{,*.desktop} r,
/usr/share/wayland-sessions/{,*.desktop} r,
/usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r,
/usr/share/xsessions/{,*.desktop} r,
/opt/*/**/*.png r,
/.flatpak-info r,
/etc/fstab r,
/etc/machine-id r,
/etc/xdg/menus/gnome-applications.menu r,
/var/lib/dbus/machine-id r,
/var/lib/gdm/.config/dconf/user r,
/var/lib/gdm/.config/ibus/ rw,
/var/lib/gdm/.config/ibus/bus/ rw,
/var/lib/gdm/.config/ibus/bus/[0-9a-f]*-unix-{,wayland-}[0-9] r,
/var/lib/gdm/.config/pulse/ r,
/var/lib/gdm/.config/pulse/client.conf r,
/var/lib/gdm/.config/pulse/cookie rwk,
/var/lib/gdm/.local/share/applications/{,**} r,
/var/lib/gdm/.local/share/gnome-shell/ rw,
/var/lib/gdm{3,}/.cache/ w,
/var/lib/gdm{3,}/.cache/mesa_shader_cache/ rw,
/var/lib/gdm{3,}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/ rw,
/var/lib/gdm{3,}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]* rw,
/var/lib/gdm{3,}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]*.tmp rwk,
/var/lib/gdm{3,}/.cache/mesa_shader_cache/index rw,
/var/lib/gdm{3,}/.config/dconf/user r,
/var/lib/gdm{3,}/.config/ibus/ rw,
/var/lib/gdm{3,}/.config/ibus/bus/ rw,
/var/lib/gdm{3,}/.config/ibus/bus/[0-9a-f]*-unix-{,wayland-}[0-9] r,
/var/lib/gdm{3,}/.config/pulse/ r,
/var/lib/gdm{3,}/.config/pulse/client.conf r,
/var/lib/gdm{3,}/.config/pulse/cookie rwk,
/var/lib/gdm{3,}/.local/share/applications/{,**} r,
/var/lib/gdm{3,}/.local/share/gnome-shell/ rw,
/var/lib/gdm{3,}/greeter-dconf-defaults r,
/var/lib/flatpak/app/**/gnome-shell/{,**} r,
/var/lib/flatpak/exports/share/gnome-shell/{,**} r,
/var/lib/snapd/desktop/icons/{,**} r,
owner @{HOME}/.mozilla/firefox/firefox-mpris/{,*} r,
owner @{HOME}/@{XDG_MUSIC_DIR}/**/*.jpg r,
owner @{HOME}/@{XDG_WALLPAPERS_DIR}/{,**} r,
@ -91,6 +103,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
owner @{user_config_dirs}/monitors.xml{,~} rwl,
owner @{user_share_dirs}/backgrounds/{,**} rw,
owner @{user_share_dirs}/desktop-directories/{,**} r,
owner @{user_share_dirs}/gnome-shell/{,**} rw,
owner @{user_share_dirs}/gnome-shell/extensions/{,**} r,
owner @{user_share_dirs}/gvfs-metadata/{,*} r,
@ -103,13 +116,14 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
owner @{user_cache_dirs}/media-art/{,**} r,
owner @{user_cache_dirs}/vlc/**/*.jpg r,
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{run}/user/@{uid}/gnome-shell-disable-extensions rw,
owner @{run}/user/@{uid}/gnome-shell/{,**} rw,
owner @{run}/user/@{uid}/gvfsd/socket-[0-9A-Za-z]* rw,
owner @{run}/user/@{uid}/wayland-[0-9].lock rwk,
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* rw,
owner /dev/shm/.org.chromium.Chromium.* rw,
owner /dev/shm/wayland.mozilla.ipc.[0-9]* rw,
@ -144,30 +158,34 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
@{sys}/bus/ r,
@{sys}/class/ r,
@{sys}/class/net/ r,
@{sys}/class/input/ r,
@{sys}/class/hwmon/ r,
@{sys}/class/input/ r,
@{sys}/class/net/ r,
@{sys}/class/power_supply/ r,
@{sys}/**/uevent r,
@{sys}/devices/virtual/net/*/statistics/{rx_bytes,tx_bytes} r,
@{sys}/devices/**/power_supply/**/{type,online} r,
@{sys}/devices/**/hwmon/{,name,temp*,fan*} r,
@{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r,
@{sys}/devices/**/hwmon[0-9]*/{,name,temp*,fan*} r,
@{sys}/devices/**/hwmon[0-9]*/**/{,name,temp*,fan*} r,
@{sys}/devices/**/hwmon/{,name,temp*,fan*} r,
@{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r,
@{sys}/devices/**/power_supply/**/{type,online} r,
@{sys}/devices/pci[0-9]*/**/boot_vga r,
@{sys}/devices/pci[0-9]*/**/drm/ r,
@{sys}/devices/pci[0-9]*/**/input[0-9]*/{properties,name} r,
@{sys}/devices/pci[0-9]*/**/net/*/statistics/{rx_bytes,tx_bytes} r,
@{sys}/devices/virtual/net/*/statistics/{rx_bytes,tx_bytes} r,
owner @{PROC}/@{pid}/comm r,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/task/@{pid}/cmdline r,
@{PROC}/ r,
@{PROC}/@{pid}/attr/current r,
@{PROC}/@{pid}/cgroup r,
@{PROC}/@{pid}/net/* r,
@{PROC}/@{pid}/stat r,
@{PROC}/@{pid}/task/@{tid}/stat r,
@{PROC}/@{pids}/cmdline r,
@{PROC}/1/cgroup r,
@{PROC}/cmdline r,
@{PROC}/sys/kernel/osrelease r,