felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): improve firefox profiles.

Browse source
This commit is contained in:
Alexandre Pujol 2025-08-24 22:06:34 +02:00
parent 3061882809
commit 0fccbef52b
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
4 changed files with 16 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/abstractions/app/firefox
View file

@ -21,8 +21,9 @@
include <abstractions/bus/org.a11y>
include <abstractions/bus/org.freedesktop.FileManager1>
include <abstractions/bus/org.freedesktop.NetworkManager>
include <abstractions/bus/org.freedesktop.timedate1>
include <abstractions/bus/org.freedesktop.portal.Desktop>
include <abstractions/bus/org.freedesktop.RealtimeKit1>
include <abstractions/bus/org.freedesktop.timedate1>
include <abstractions/cups-client>
include <abstractions/dconf-write>
include <abstractions/desktop>
@ -98,6 +99,7 @@
/var/tmp/ r,
owner @{tmp}/@{name}/ rw,
owner @{tmp}/@{name}/* rwk,
owner @{tmp}/@{rand6}.tmp rw,
owner @{tmp}/firefox/ rw,
owner @{tmp}/firefox/* rwk,
owner @{tmp}/mozilla* rw,

6
apparmor.d/groups/browsers/firefox
View file

@ -21,6 +21,9 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
signal send set=(term, kill) peer=firefox//&keepassxc-proxy,
unix type=seqpacket addr=@gecko-crash-helper-pipe.@{int},
unix type=seqpacket peer=(label=firefox-crashhelper),
#aa:dbus own bus=session name=org.mozilla.firefox
#aa:dbus own bus=session name=org.mpris.MediaPlayer2.firefox path=/org/mpris/MediaPlayer2
@ -46,9 +49,10 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
@{open_path} rPx -> child-open,
# Common extensions
/opt/net.downloadhelper.coapp/bin/net.downloadhelper.coapp* rPx,
@{bin}/browserpass rPx,
@{bin}/keepassxc-proxy rPx -> firefox//&keepassxc-proxy,
@{lib}/browserpass/browserpass-native rPx,
/opt/net.downloadhelper.coapp/bin/net.downloadhelper.coapp* rPx,
owner @{user_config_dirs}/gtk-{3,4}.0/assets/*.svg r,
owner @{user_config_dirs}/ibus/bus/ r,

5
apparmor.d/groups/browsers/firefox-crashhelper
View file

@ -15,11 +15,16 @@ include <tunables/global>
profile firefox-crashhelper @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
unix type=seqpacket peer=(label=firefox),
@{exec_path} mr,
owner "@{config_dirs}/firefox/Crash Reports/" rw,
owner "@{config_dirs}/firefox/Crash Reports/crash_helper_server.log" rw,
# file_inherit
deny owner @{user_share_dirs}/gnome-shell/session.gvdb rw,
include if exists <local/firefox-crashhelper>
}

2
apparmor.d/profiles-s-z/thunderbird-glxtest
View file

@ -18,6 +18,8 @@ profile thunderbird-glxtest @{exec_path} flags=(attach_disconnected) {
include <abstractions/wayland>
include <abstractions/X-strict>
network netlink raw,
@{exec_path} mr,
/ r,