@{HOME}/.cache -> @{user_cache_dirs}
This commit is contained in:
Alexandre Pujol
parent
091d20d086
commit
1c9fc00c13
86 changed files with 266 additions and 266 deletions
|
|
@ -133,22 +133,22 @@ profile android-studio @{exec_path} {
|
|||
owner @{HOME}/.config/Google/ rw,
|
||||
owner @{HOME}/.config/Google/** rwk,
|
||||
|
||||
owner @{HOME}/.cache/ rw,
|
||||
owner "@{HOME}/.cache/Android Open Source Project/" rw,
|
||||
owner "@{HOME}/.cache/Android Open Source Project/**" rw,
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner "@{user_cache_dirs}/Android Open Source Project/" rw,
|
||||
owner "@{user_cache_dirs}/Android Open Source Project/**" rw,
|
||||
|
||||
owner @{HOME}/.cache/Google/ rw,
|
||||
owner @{HOME}/.cache/Google/** rwk,
|
||||
owner @{user_cache_dirs}/Google/ rw,
|
||||
owner @{user_cache_dirs}/Google/** rwk,
|
||||
# To remove the following error:
|
||||
# Location: /home/morfik/.cache/Google/AndroidStudio4.1/tmp
|
||||
# java.io.IOException: Cannot run program
|
||||
# "/home/morfik/.cache/Google/AndroidStudio4.1/tmp/ij659840309.tmp": error=13, Permission denied
|
||||
owner @{HOME}/.cache/Google/AndroidStudio*/tmp/ij[0-9]*.tmp rwkix,
|
||||
owner @{user_cache_dirs}/Google/AndroidStudio*/tmp/ij[0-9]*.tmp rwkix,
|
||||
#
|
||||
owner @{HOME}/.cache/Google/AndroidStudio*/tmp/jna[0-9]*.tmp mrwk,
|
||||
owner @{user_cache_dirs}/Google/AndroidStudio*/tmp/jna[0-9]*.tmp mrwk,
|
||||
|
||||
owner @{HOME}/.cache/JNA/ rw,
|
||||
owner @{HOME}/.cache/JNA/** rw,
|
||||
owner @{user_cache_dirs}/JNA/ rw,
|
||||
owner @{user_cache_dirs}/JNA/** rw,
|
||||
|
||||
owner @{HOME}/.gradle/ rw,
|
||||
owner @{HOME}/.gradle/** mrwkix,
|
||||
|
|
|
|||
|
|
@ -93,18 +93,18 @@ profile calibre @{exec_path} {
|
|||
owner @{HOME}/.local/share/calibre-ebook.com/calibre/ rw,
|
||||
owner @{HOME}/.local/share/calibre-ebook.com/calibre/** rwk,
|
||||
|
||||
owner @{HOME}/.cache/ rw,
|
||||
owner @{HOME}/.cache/calibre/ rw,
|
||||
owner @{HOME}/.cache/calibre/** rwkl -> @{HOME}/.cache/calibre/**,
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{user_cache_dirs}/calibre/ rw,
|
||||
owner @{user_cache_dirs}/calibre/** rwkl -> @{user_cache_dirs}/calibre/**,
|
||||
|
||||
owner @{HOME}/.cache/qtshadercache/ rw,
|
||||
owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw,
|
||||
owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9],
|
||||
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
|
||||
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
|
||||
owner @{user_cache_dirs}/qtshadercache/ rw,
|
||||
owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw,
|
||||
owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9],
|
||||
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
|
||||
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
|
||||
|
||||
owner @{HOME}/.cache/gstreamer-[0-9]*/ rw,
|
||||
owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
||||
owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
|
||||
owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
||||
|
||||
owner /tmp/calibre_*_tmp_*/{,**} rw,
|
||||
owner /tmp/calibre-*/{,**} rw,
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ include <tunables/global>
|
|||
|
||||
@{DISCORD_LIBDIR} = /usr/share/discord
|
||||
@{DISCORD_HOMEDIR} = @{HOME}/.config/discord
|
||||
@{DISCORD_CACHEDIR} = @{HOME}/.cache/discord
|
||||
@{DISCORD_CACHEDIR} = @{user_cache_dirs}/discord
|
||||
|
||||
@{exec_path} = @{DISCORD_LIBDIR}/Discord /{usr/,}bin/discord
|
||||
profile discord @{exec_path} {
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ include <tunables/global>
|
|||
|
||||
@{DISCORD_LIBDIR} = /usr/share/discord
|
||||
@{DISCORD_HOMEDIR} = @{HOME}/.config/discord
|
||||
@{DISCORD_CACHEDIR} = @{HOME}/.cache/discord
|
||||
@{DISCORD_CACHEDIR} = @{user_cache_dirs}/discord
|
||||
|
||||
@{exec_path} = @{DISCORD_LIBDIR}/chrome-sandbox
|
||||
|
||||
|
|
|
|||
|
|
@ -33,8 +33,8 @@ profile filezilla @{exec_path} {
|
|||
owner @{HOME}/.config/filezilla/ rw,
|
||||
owner @{HOME}/.config/filezilla/* rwk,
|
||||
|
||||
owner @{HOME}/.cache/filezilla/ rw,
|
||||
owner @{HOME}/.cache/filezilla/default_*.png rw,
|
||||
owner @{user_cache_dirs}/filezilla/ rw,
|
||||
owner @{user_cache_dirs}/filezilla/default_*.png rw,
|
||||
|
||||
/usr/share/filezilla/{,**} r,
|
||||
|
||||
|
|
|
|||
|
|
@ -57,8 +57,8 @@ profile okular @{exec_path} {
|
|||
owner @{HOME}/.config/qt5ct/{,**} r,
|
||||
/usr/share/qt5ct/** r,
|
||||
|
||||
owner @{HOME}/.cache/ rw,
|
||||
owner @{HOME}/.cache/okular/{,**} rw,
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{user_cache_dirs}/okular/{,**} rw,
|
||||
|
||||
/usr/share/okular/{,**} r,
|
||||
/usr/share/kxmlgui5/okular/{,*} r,
|
||||
|
|
|
|||
|
|
@ -33,9 +33,9 @@ profile spotify @{exec_path} {
|
|||
owner @{HOME}/.config/spotify/ rw,
|
||||
owner @{HOME}/.config/spotify/** rw,
|
||||
|
||||
owner @{HOME}/.cache/ rw,
|
||||
owner @{HOME}/.cache/spotify/ rw,
|
||||
owner @{HOME}/.cache/spotify/** rwk,
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{user_cache_dirs}/spotify/ rw,
|
||||
owner @{user_cache_dirs}/spotify/** rwk,
|
||||
|
||||
owner @{HOME}/.Xauthority r,
|
||||
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ include <tunables/global>
|
|||
|
||||
@{MOZ_LIBDIR} = /{usr/,}lib/thunderbird
|
||||
@{MOZ_HOMEDIR} = @{HOME}/.thunderbird
|
||||
@{MOZ_CACHEDIR} = @{HOME}/.cache/thunderbird
|
||||
@{MOZ_CACHEDIR} = @{user_cache_dirs}/thunderbird
|
||||
|
||||
@{exec_path} = @{MOZ_LIBDIR}/thunderbird{,-bin}
|
||||
@{exec_path} += /{usr/,}bin/thunderbird
|
||||
|
|
@ -83,7 +83,7 @@ profile thunderbird @{exec_path} {
|
|||
deny @{HOME}/.mozilla/** mrwkl,
|
||||
|
||||
# Cache
|
||||
owner @{HOME}/.cache/ rw,
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{MOZ_CACHEDIR}/{,**} rw,
|
||||
|
||||
# Needed for system mails
|
||||
|
|
|
|||
|
|
@ -122,7 +122,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
|
|||
owner @{HOME}/.config/soffice.binrc rwl -> @{HOME}/.config/#[0-9]*,
|
||||
owner @{HOME}/.config/soffice.binrc.* rwl -> @{HOME}/.config/#[0-9]*,
|
||||
owner @{HOME}/.config/soffice.binrc.lock rwk,
|
||||
owner @{HOME}/.cache/fontconfig/** rw,
|
||||
owner @{user_cache_dirs}/fontconfig/** rw,
|
||||
owner @{HOME}/.config/gtk-???/bookmarks r, #Make bookmarks work
|
||||
|
||||
owner /{,var/}run/user/*/dconf/user rw,
|
||||
|
|
@ -153,7 +153,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
|
|||
/dev/tty rw,
|
||||
|
||||
/usr/lib{,32,64}/@{multiarch}/gstreamer???/gstreamer-???/gst-plugin-scanner rmPUx,
|
||||
owner @{HOME}/.cache/gstreamer-???/** rw,
|
||||
owner @{user_cache_dirs}/gstreamer-???/** rw,
|
||||
unix peer=(addr=@/tmp/.ICE-unix/* label=unconfined), #Gstreamer doesn't work without this
|
||||
|
||||
/usr/lib{,32,64}/jvm/ r,
|
||||
|
|
@ -234,7 +234,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
|
|||
/usr/share/plasma/look-and-feel/**/contents/defaults r,
|
||||
|
||||
# TODO: remove when rules are available in abstractions/kde
|
||||
owner @{HOME}/.cache/ksycoca5_??_* r, # KDE System Configuration Cache
|
||||
owner @{user_cache_dirs}/ksycoca5_??_* r, # KDE System Configuration Cache
|
||||
owner @{HOME}/.config/baloofilerc r, # indexing options (excludes, etc), used by KFileWidget
|
||||
owner @{HOME}/.config/dolphinrc r, # settings used by KFileWidget
|
||||
owner @{HOME}/.config/kde.org/libphonon.conf r, # for KNotifications::sendEvent()
|
||||
|
|
@ -243,7 +243,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
|
|||
/usr/share/knotifications5/*.notifyrc r, # KNotification::sendEvent
|
||||
|
||||
# TODO: remove when rules are available in abstractions/kde-write-icon-cache or similar
|
||||
owner @{HOME}/.cache/icon-cache.kcache rw, # for KIconLoader
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw, # for KIconLoader
|
||||
|
||||
# TODO: remove when rules are available in abstractions/kdeframeworks5 or similar
|
||||
/usr/share/kservices5/*.protocol r,
|
||||
|
|
@ -256,7 +256,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
|
|||
owner @{HOME}/.config/QtProject.conf.lock rwk,
|
||||
|
||||
# TODO: use qt5-compose-cache-write abstraction when it is available
|
||||
owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* r,
|
||||
owner @{user_cache_dirs}/qt_compose_cache_{little,big}_endian_* r,
|
||||
|
||||
# TODO: use recent-documents-write abstraction when it is available
|
||||
owner @{HOME}/.local/share/RecentDocuments/** r,
|
||||
|
|
|
|||
|
|
@ -102,9 +102,9 @@ profile vlc @{exec_path} {
|
|||
owner @{HOME}/.config/vlc/* rwkl -> @{HOME}/.config/vlc/#[0-9]*[0-9],
|
||||
owner @{HOME}/.local/share/vlc/{,*} rw,
|
||||
|
||||
owner @{HOME}/.cache/ rw,
|
||||
owner @{HOME}/.cache/vlc/{,**} rw,
|
||||
owner @{HOME}/.cache/#[0-9]*[0-9] rw,
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{user_cache_dirs}/vlc/{,**} rw,
|
||||
owner @{user_cache_dirs}/#[0-9]*[0-9] rw,
|
||||
|
||||
# To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration
|
||||
owner @{HOME}/.config/qt5ct/{,**} r,
|
||||
|
|
|
|||
|
|
@ -102,10 +102,10 @@ profile aptitude @{exec_path} flags=(complain) {
|
|||
owner /tmp/aptitude-*.@{pid}:*/cache{ContentCompressed,Extracted}* rw,
|
||||
owner /tmp/aptitude-*.@{pid}:*/aptitude-download-* rw,
|
||||
owner /tmp/aptitude-*.@{pid}:*/parsedchangelog* w,
|
||||
owner @{HOME}/.cache/ rw,
|
||||
owner @{HOME}/.cache/aptitude/ rw,
|
||||
owner @{HOME}/.cache/aptitude/metadata-download{,-journal} rw,
|
||||
owner @{HOME}/.cache/aptitude/metadata-download rwk,
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{user_cache_dirs}/aptitude/ rw,
|
||||
owner @{user_cache_dirs}/aptitude/metadata-download{,-journal} rw,
|
||||
owner @{user_cache_dirs}/aptitude/metadata-download rwk,
|
||||
/{usr/,}bin/sensible-pager rCx -> pager,
|
||||
|
||||
# For aptitude-run-state-bundle
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ include <tunables/global>
|
|||
|
||||
@{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev}
|
||||
@{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||
@{BRAVE_CACHEDIR} = @{HOME}/.cache/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||
@{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||
|
||||
@{exec_path} = @{BRAVE_INSTALLDIR}/brave{,-beta,-dev}
|
||||
profile brave @{exec_path} {
|
||||
|
|
@ -94,8 +94,8 @@ profile brave @{exec_path} {
|
|||
owner @{BRAVE_HOMEDIR}/WidevineCdm/libwidevinecdm.so mrw,
|
||||
|
||||
# Cache files
|
||||
owner @{HOME}/.cache/ rw,
|
||||
owner @{HOME}/.cache/BraveSoftware/ rw,
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{user_cache_dirs}/BraveSoftware/ rw,
|
||||
owner @{BRAVE_CACHEDIR}/{,**/} rw,
|
||||
owner @{BRAVE_CACHEDIR}/*/**/{*-,}index rw,
|
||||
owner @{BRAVE_CACHEDIR}/*/**/[a-f0-9]*_? rw,
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
@{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev}
|
||||
@{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||
@{BRAVE_CACHEDIR} = @{HOME}/.cache/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||
@{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
@{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev}
|
||||
@{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||
@{BRAVE_CACHEDIR} = @{HOME}/.cache/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||
@{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ include <tunables/global>
|
|||
|
||||
@{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium
|
||||
@{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium
|
||||
@{CHROMIUM_CACHEDIR} = @{HOME}/.cache/chromium
|
||||
@{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium
|
||||
|
||||
@{exec_path} = /{usr/,}bin/chromium
|
||||
profile chromium @{exec_path} {
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ include <tunables/global>
|
|||
|
||||
@{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium
|
||||
@{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium
|
||||
@{CHROMIUM_CACHEDIR} = @{HOME}/.cache/chromium
|
||||
@{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium
|
||||
|
||||
@{exec_path} = @{CHROMIUM_INSTALLDIR}/chrome-sandbox
|
||||
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ include <tunables/global>
|
|||
|
||||
@{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium
|
||||
@{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium
|
||||
@{CHROMIUM_CACHEDIR} = @{HOME}/.cache/chromium
|
||||
@{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium
|
||||
|
||||
@{exec_path} = @{CHROMIUM_INSTALLDIR}/chromium
|
||||
profile chromium-chromium @{exec_path} {
|
||||
|
|
@ -91,7 +91,7 @@ profile chromium-chromium @{exec_path} {
|
|||
owner @{HOME}/.local/share/.org.chromium.Chromium.* rw,
|
||||
|
||||
# Cache files
|
||||
owner @{HOME}/.cache/ rw,
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{CHROMIUM_CACHEDIR}/{,**/} rw,
|
||||
owner @{CHROMIUM_CACHEDIR}/*/**/{*-,}index rw,
|
||||
owner @{CHROMIUM_CACHEDIR}/*/**/[a-f0-9]*_? rw,
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ include <tunables/global>
|
|||
|
||||
@{MOZ_LIBDIR} = /{usr/,}lib/firefox{,-esr}
|
||||
@{MOZ_HOMEDIR} = @{HOME}/.mozilla
|
||||
@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla
|
||||
@{MOZ_CACHEDIR} = @{user_cache_dirs}/mozilla
|
||||
|
||||
@{exec_path} = @{MOZ_LIBDIR}/firefox{,-bin,-esr}
|
||||
profile firefox @{exec_path} {
|
||||
|
|
@ -84,12 +84,12 @@ profile firefox @{exec_path} {
|
|||
owner @{MOZ_HOMEDIR}/native-messaging-hosts/org.keepassxc.keepassxc_browser.json r,
|
||||
|
||||
# Cache
|
||||
owner @{HOME}/.cache/ rw,
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{MOZ_CACHEDIR}/ rw,
|
||||
owner @{MOZ_CACHEDIR}/** rwk,
|
||||
|
||||
owner @{HOME}/.cache/gstreamer-[0-9]*/ rw,
|
||||
owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
||||
owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
|
||||
owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
|
||||
|
||||
deny @{sys}/devices/system/cpu/present r,
|
||||
deny @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r,
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ include <tunables/global>
|
|||
|
||||
@{MOZ_LIBDIR} = /{usr/,}lib/firefox
|
||||
@{MOZ_HOMEDIR} = @{HOME}/.mozilla
|
||||
@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla
|
||||
@{MOZ_CACHEDIR} = @{user_cache_dirs}/mozilla
|
||||
|
||||
@{exec_path} = @{MOZ_LIBDIR}/crashreporter
|
||||
profile firefox-crashreporter @{exec_path} {
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ include <tunables/global>
|
|||
|
||||
@{MOZ_LIBDIR} = /{usr/,}lib/firefox
|
||||
@{MOZ_HOMEDIR} = @{HOME}/.mozilla
|
||||
@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla
|
||||
@{MOZ_CACHEDIR} = @{user_cache_dirs}/mozilla
|
||||
|
||||
@{exec_path} = /{usr/,}lib/firefox/minidump-analyzer
|
||||
profile firefox-minidump-analyzer @{exec_path} {
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ include <tunables/global>
|
|||
|
||||
@{MOZ_LIBDIR} = /{usr/,}lib/firefox
|
||||
@{MOZ_HOMEDIR} = @{HOME}/.mozilla
|
||||
@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla
|
||||
@{MOZ_CACHEDIR} = @{user_cache_dirs}/mozilla
|
||||
|
||||
@{exec_path} = @{MOZ_LIBDIR}/pingsender
|
||||
profile firefox-pingsender @{exec_path} {
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ include <tunables/global>
|
|||
|
||||
@{MOZ_LIBDIR} = /{usr/,}lib/firefox{,-esr}
|
||||
@{MOZ_HOMEDIR} = @{HOME}/.mozilla
|
||||
@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla
|
||||
@{MOZ_CACHEDIR} = @{user_cache_dirs}/mozilla
|
||||
|
||||
@{exec_path} = @{MOZ_LIBDIR}/plugin-container
|
||||
profile firefox-plugin-container @{exec_path} {
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ include <tunables/global>
|
|||
|
||||
@{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable}
|
||||
@{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable}
|
||||
@{CHROME_CACHEDIR} = @{HOME}/.cache/google-chrome{,-beta,-unstable}
|
||||
@{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable}
|
||||
|
||||
@{exec_path} = @{CHROME_INSTALLDIR}/chrome{,-beta,-unstable}
|
||||
profile google-chrome-chrome @{exec_path} {
|
||||
|
|
@ -87,7 +87,7 @@ profile google-chrome-chrome @{exec_path} {
|
|||
owner @{HOME}/.local/share/.com.google.Chrome.* rw,
|
||||
|
||||
# Cache files
|
||||
owner @{HOME}/.cache/ rw,
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{CHROME_CACHEDIR}/{,**/} rw,
|
||||
owner @{CHROME_CACHEDIR}/*/**/{*-,}index rw,
|
||||
owner @{CHROME_CACHEDIR}/*/**/[a-f0-9]*_? rw,
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ include <tunables/global>
|
|||
|
||||
@{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable}
|
||||
@{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable}
|
||||
@{CHROME_CACHEDIR} = @{HOME}/.cache/google-chrome{,-beta,-unstable}
|
||||
@{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable}
|
||||
|
||||
@{exec_path} = @{CHROME_INSTALLDIR}/chrome-sandbox
|
||||
profile google-chrome-chrome-sandbox @{exec_path} {
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ include <tunables/global>
|
|||
|
||||
@{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable}
|
||||
@{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable}
|
||||
@{CHROME_CACHEDIR} = @{HOME}/.cache/google-chrome{,-beta,-unstable}
|
||||
@{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable}
|
||||
|
||||
@{exec_path} = @{CHROME_INSTALLDIR}/google-chrome{,-beta,-unstable}
|
||||
profile google-chrome-google-chrome @{exec_path} {
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ include <tunables/global>
|
|||
|
||||
@{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer}
|
||||
@{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer}
|
||||
@{OPERA_CACHEDIR} = @{HOME}/.cache/opera{,-beta,-developer}
|
||||
@{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer}
|
||||
|
||||
@{exec_path} = @{OPERA_INSTALLDIR}/opera{,-beta,-developer}
|
||||
profile opera @{exec_path} {
|
||||
|
|
@ -78,7 +78,7 @@ profile opera @{exec_path} {
|
|||
owner @{HOME}/.local/share/.org.chromium.Chromium.* rw,
|
||||
|
||||
# Cache files
|
||||
owner @{HOME}/.cache/ rw,
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{OPERA_CACHEDIR}/{,**/} rw,
|
||||
owner @{OPERA_CACHEDIR}/**/{*-,}index rw,
|
||||
owner @{OPERA_CACHEDIR}/**/[a-f0-9]*_? rw,
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ include <tunables/global>
|
|||
|
||||
@{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer}
|
||||
@{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer}
|
||||
@{OPERA_CACHEDIR} = @{HOME}/.cache/opera{,-beta,-developer}
|
||||
@{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer}
|
||||
|
||||
@{exec_path} = @{OPERA_INSTALLDIR}/opera_crashreporter
|
||||
profile opera-crashreporter @{exec_path} {
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ include <tunables/global>
|
|||
|
||||
@{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer}
|
||||
@{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer}
|
||||
@{OPERA_CACHEDIR} = @{HOME}/.cache/opera{,-beta,-developer}
|
||||
@{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer}
|
||||
|
||||
@{exec_path} = @{OPERA_INSTALLDIR}/opera_sandbox
|
||||
profile opera-sandbox @{exec_path} {
|
||||
|
|
|
|||
|
|
@ -117,8 +117,8 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
|
|||
|
||||
# Silence denial logs about permissions we don't need
|
||||
deny /dev/dri/ rwklx,
|
||||
deny @{HOME}/.cache/fontconfig/ rw,
|
||||
deny @{HOME}/.cache/fontconfig/** rw,
|
||||
deny @{user_cache_dirs}/fontconfig/ rw,
|
||||
deny @{user_cache_dirs}/fontconfig/** rw,
|
||||
deny @{HOME}/.config/gtk-2.0/ rw,
|
||||
deny @{HOME}/.config/gtk-2.0/** rw,
|
||||
deny @{PROC}/@{pid}/net/route r,
|
||||
|
|
|
|||
|
|
@ -33,14 +33,14 @@ profile blueman @{exec_path} {
|
|||
|
||||
/usr/share/blueman/{,**} r,
|
||||
|
||||
owner @{HOME}/.cache/blueman-tray-[0-9]* rw,
|
||||
owner @{HOME}/.cache/blueman-services-[0-9]* rw,
|
||||
owner @{HOME}/.cache/blueman-adapters-[0-9]* rw,
|
||||
owner @{HOME}/.cache/blueman-manager-[0-9]* rw,
|
||||
owner @{HOME}/.cache/blueman-applet-[0-9]* rw,
|
||||
owner @{user_cache_dirs}/blueman-tray-[0-9]* rw,
|
||||
owner @{user_cache_dirs}/blueman-services-[0-9]* rw,
|
||||
owner @{user_cache_dirs}/blueman-adapters-[0-9]* rw,
|
||||
owner @{user_cache_dirs}/blueman-manager-[0-9]* rw,
|
||||
owner @{user_cache_dirs}/blueman-applet-[0-9]* rw,
|
||||
|
||||
owner @{HOME}/.cache/obexd/ rw,
|
||||
owner @{HOME}/.cache/obexd/* rw,
|
||||
owner @{user_cache_dirs}/obexd/ rw,
|
||||
owner @{user_cache_dirs}/obexd/* rw,
|
||||
|
||||
owner @{HOME}/ r,
|
||||
owner @{HOME}/bluetooth*/ r,
|
||||
|
|
|
|||
|
|
@ -14,9 +14,9 @@ profile bluetoothctl @{exec_path} {
|
|||
|
||||
/etc/inputrc r,
|
||||
|
||||
owner @{HOME}/.cache/ rw,
|
||||
owner @{HOME}/.cache/.bluetoothctl_history rw,
|
||||
owner @{HOME}/.cache/.bluetoothctl_history-@{pid}.tmp rw,
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{user_cache_dirs}/.bluetoothctl_history rw,
|
||||
owner @{user_cache_dirs}/.bluetoothctl_history-@{pid}.tmp rw,
|
||||
|
||||
include if exists <local/bluetoothctl>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,9 +21,9 @@ profile dconf-service @{exec_path} {
|
|||
owner @{HOME}/.config/dconf/ rw,
|
||||
owner @{HOME}/.config/dconf/user{,.*} rw,
|
||||
|
||||
owner @{HOME}/.cache/ rw,
|
||||
owner @{HOME}/.cache/dconf/ rw,
|
||||
owner @{HOME}/.cache/dconf/user rw,
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{user_cache_dirs}/dconf/ rw,
|
||||
owner @{user_cache_dirs}/dconf/user rw,
|
||||
|
||||
@{PROC}/cmdline r,
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue