felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add @{MOUNTS} for all common mountpoints.

Browse source
This commit is contained in:
Alexandre Pujol 2021-04-19 15:20:32 +01:00
parent a5ec3e559c
commit 1f11e6398b
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
127 changed files with 286 additions and 306 deletions
Download patch file Download diff file Expand all files Collapse all files

7
apparmor.d/abstractions/user-download-strict
View file

@ -7,11 +7,8 @@
owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ r, owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ r,
owner @{HOME}/@{XDG_DOWNLOAD_DIR}/** rwkl, owner @{HOME}/@{XDG_DOWNLOAD_DIR}/** rwkl,
owner /media/*/@{XDG_DOWNLOAD_DIR}/ r, owner @{MOUNTS}/*/@{XDG_DOWNLOAD_DIR}/ r,
owner /media/*/@{XDG_DOWNLOAD_DIR}/** rwkl, owner @{MOUNTS}/*/@{XDG_DOWNLOAD_DIR}/** rwkl,
owner /mnt/*/@{XDG_DOWNLOAD_DIR}/ r,
owner /mnt/*/@{XDG_DOWNLOAD_DIR}/** rwkl,
owner @{HOME}/@{XDG_DESKTOP_DIR}/ r, owner @{HOME}/@{XDG_DESKTOP_DIR}/ r,
owner @{HOME}/@{XDG_DESKTOP_DIR}/** rwkl, owner @{HOME}/@{XDG_DESKTOP_DIR}/** rwkl,

8
apparmor.d/groups/apps/android-studio
View file

@ -6,8 +6,8 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{AS_LIBDIR} = /media/*/android-studio @{AS_LIBDIR} = @{MOUNTS}/*/android-studio
@{AS_SDKDIR} = /media/*/SDK @{AS_SDKDIR} = @{MOUNTS}/*/SDK
@{AS_HOMEDIR} = @{HOME}/.AndroidStudio* @{AS_HOMEDIR} = @{HOME}/.AndroidStudio*
@{AS_PROJECTDIR} = @{HOME}/AndroidStudioProjects @{AS_PROJECTDIR} = @{HOME}/AndroidStudioProjects
@ -90,8 +90,8 @@ profile android-studio @{exec_path} {
/ r, / r,
/home/ r, /home/ r,
/media/ r, @{MOUNTS}/ r,
/media/*/ r, @{MOUNTS}/*/ r,
/usr/ r, /usr/ r,
/{usr/,}lib/ r, /{usr/,}lib/ r,
/{usr/,}lib{x32,32,64}/ r, /{usr/,}lib{x32,32,64}/ r,

8
apparmor.d/groups/apps/atom
View file

@ -86,10 +86,10 @@ profile atom @{exec_path} {
# Git dirs # Git dirs
/ r, / r,
/media/ r, @{MOUNTS}/ r,
owner /media/*/ r, owner @{MOUNTS}/*/ r,
owner /media/*/atom/ r, owner @{MOUNTS}/*/atom/ r,
owner /media/*/atom/** rwkl -> /media/*/atom/**, owner @{MOUNTS}/*/atom/** rwkl -> @{MOUNTS}/*/atom/**,
owner @{user_config_dirs}/git/config r, owner @{user_config_dirs}/git/config r,

10
apparmor.d/groups/apps/calibre
View file

@ -76,8 +76,8 @@ profile calibre @{exec_path} {
/home/ r, /home/ r,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/**/ r, owner @{HOME}/**/ r,
/media/ r, @{MOUNTS}/ r,
owner /media/**/ r, owner @{MOUNTS}/**/ r,
owner /{home,media}/**.@{calibre_ext} rw, owner /{home,media}/**.@{calibre_ext} rw,
/usr/share/calibre/{,**} r, /usr/share/calibre/{,**} r,
@ -85,9 +85,9 @@ profile calibre @{exec_path} {
owner @{HOME}/@{XDG_BOOKS_DIR} rw, owner @{HOME}/@{XDG_BOOKS_DIR} rw,
owner @{HOME}/@{XDG_BOOKS_DIR}/** rwkl, owner @{HOME}/@{XDG_BOOKS_DIR}/** rwkl,
owner /media/*/@{XDG_BOOKS_DIR}/ r, owner @{MOUNTS}/*/@{XDG_BOOKS_DIR}/ r,
owner /media/*/@{XDG_BOOKS_DIR}*/ rw, owner @{MOUNTS}/*/@{XDG_BOOKS_DIR}*/ rw,
owner /media/*/@{XDG_BOOKS_DIR}*/** rwkl -> /media/*/@{XDG_BOOKS_DIR}*/**, owner @{MOUNTS}/*/@{XDG_BOOKS_DIR}*/** rwkl -> @{MOUNTS}/*/@{XDG_BOOKS_DIR}*/**,
owner @{user_config_dirs}/calibre/ rw, owner @{user_config_dirs}/calibre/ rw,
owner @{user_config_dirs}/calibre/** rwk, owner @{user_config_dirs}/calibre/** rwk,

8
apparmor.d/groups/apps/code
View file

@ -65,10 +65,10 @@ profile code @{exec_path} {
# Git dirs # Git dirs
/ r, / r,
/media/ r, @{MOUNTS}/ r,
owner /media/*/ r, owner @{MOUNTS}/*/ r,
owner /media/*/code/ r, owner @{MOUNTS}/*/code/ r,
owner /media/*/code/** rwkl -> /media/*/code/**, owner @{MOUNTS}/*/code/** rwkl -> @{MOUNTS}/*/code/**,
# To remove the following error: # To remove the following error:
# Error initializing NSS with a persistent database # Error initializing NSS with a persistent database

4
apparmor.d/groups/apps/filezilla
View file

@ -57,8 +57,8 @@ profile filezilla @{exec_path} {
/{usr/,}lib/firefox/firefox rPUx, /{usr/,}lib/firefox/firefox rPUx,
# FTP share folder # FTP share folder
owner /media/*/ftp/ r, owner @{MOUNTS}/*/ftp/ r,
owner /media/*/ftp/** rw, owner @{MOUNTS}/*/ftp/** rw,
# Silencer # Silencer
/ r, / r,

6
apparmor.d/groups/apps/geany
View file

@ -72,9 +72,9 @@ profile geany @{exec_path} {
/lost+found/ r, /lost+found/ r,
/lost+found/** r, /lost+found/** r,
owner /lost+found/** rw, owner /lost+found/** rw,
/media/ r, @{MOUNTS}/ r,
/media/** r, @{MOUNTS}/** r,
owner /media/** rw, owner @{MOUNTS}/** rw,
/mnt/ r, /mnt/ r,
/mnt/** r, /mnt/** r,
owner /mnt/** rw, owner /mnt/** rw,

4
apparmor.d/groups/apps/okular
View file

@ -33,8 +33,8 @@ profile okular @{exec_path} {
/home/ r, /home/ r,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/**/ r, owner @{HOME}/**/ r,
/media/ r, @{MOUNTS}/ r,
owner /media/**/ r, owner @{MOUNTS}/**/ r,
/tmp/ r, /tmp/ r,
/tmp/mozilla_*/ r, /tmp/mozilla_*/ r,
owner /{home,media,tmp/mozilla_*}/**.@{okular_ext} rw, owner /{home,media,tmp/mozilla_*}/**.@{okular_ext} rw,

2
apparmor.d/groups/apps/telegram-desktop
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{TELEGRAM_WORK_DIR} = /media/Kabi/telegram @{TELEGRAM_WORK_DIR} = @{MOUNTS}/Kabi/telegram
@{exec_path} = /{usr/,}bin/telegram-desktop @{exec_path} = /{usr/,}bin/telegram-desktop
profile telegram-desktop @{exec_path} { profile telegram-desktop @{exec_path} {

4
apparmor.d/groups/apps/vlc
View file

@ -86,8 +86,8 @@ profile vlc @{exec_path} {
/home/ r, /home/ r,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/**/ r, owner @{HOME}/**/ r,
/media/ r, @{MOUNTS}/ r,
owner /media/**/ r, owner @{MOUNTS}/**/ r,
owner /{home,media}/**.@{vlc_ext} rw, owner /{home,media}/**.@{vlc_ext} rw,
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,

2
apparmor.d/groups/apt/apt
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/apt @{exec_path} = /{usr/,}bin/apt
profile apt @{exec_path} flags=(complain) { profile apt @{exec_path} flags=(complain) {

10
apparmor.d/groups/apt/apt-cdrom
View file

@ -39,11 +39,11 @@ profile apt-cdrom @{exec_path} flags=(complain) {
/media/cdrom[0-9]/dists/**/i18n/Translation-en{,.gz} r, /media/cdrom[0-9]/dists/**/i18n/Translation-en{,.gz} r,
# For pendrives # For pendrives
/media/*/*/ r, @{MOUNTS}/*/*/ r,
/media/*/*/**/ r, @{MOUNTS}/*/*/**/ r,
/media/*/*/.disk/info r, @{MOUNTS}/*/*/.disk/info r,
/media/*/*/dists/**/binary-*/Packages{,.gz} r, @{MOUNTS}/*/*/dists/**/binary-*/Packages{,.gz} r,
/media/*/*/dists/**/i18n/Translation-en{,.gz} r, @{MOUNTS}/*/*/dists/**/i18n/Translation-en{,.gz} r,
/var/lib/apt/lists/** rw, /var/lib/apt/lists/** rw,

2
apparmor.d/groups/apt/apt-extracttemplates
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/apt-extracttemplates @{exec_path} = /{usr/,}bin/apt-extracttemplates
profile apt-extracttemplates @{exec_path} { profile apt-extracttemplates @{exec_path} {

2
apparmor.d/groups/apt/apt-ftparchive
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/apt-ftparchive @{exec_path} = /{usr/,}bin/apt-ftparchive
profile apt-ftparchive @{exec_path} { profile apt-ftparchive @{exec_path} {

2
apparmor.d/groups/apt/apt-get
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/apt-get @{exec_path} = /{usr/,}bin/apt-get
profile apt-get @{exec_path} flags=(complain) { profile apt-get @{exec_path} flags=(complain) {

2
apparmor.d/groups/apt/apt-methods-cdrom
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}lib/apt/methods/cdrom @{exec_path} = /{usr/,}lib/apt/methods/cdrom
profile apt-methods-cdrom @{exec_path} { profile apt-methods-cdrom @{exec_path} {

2
apparmor.d/groups/apt/apt-methods-copy
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}lib/apt/methods/copy @{exec_path} = /{usr/,}lib/apt/methods/copy
profile apt-methods-copy @{exec_path} { profile apt-methods-copy @{exec_path} {

2
apparmor.d/groups/apt/apt-methods-file
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}lib/apt/methods/file @{exec_path} = /{usr/,}lib/apt/methods/file
profile apt-methods-file @{exec_path} { profile apt-methods-file @{exec_path} {

2
apparmor.d/groups/apt/apt-methods-ftp
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}lib/apt/methods/ftp @{exec_path} = /{usr/,}lib/apt/methods/ftp
profile apt-methods-ftp @{exec_path} { profile apt-methods-ftp @{exec_path} {

2
apparmor.d/groups/apt/apt-methods-gpgv
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}lib/apt/methods/gpgv @{exec_path} = /{usr/,}lib/apt/methods/gpgv
profile apt-methods-gpgv @{exec_path} { profile apt-methods-gpgv @{exec_path} {

2
apparmor.d/groups/apt/apt-methods-http
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}lib/apt/methods/http{,s} @{exec_path} = /{usr/,}lib/apt/methods/http{,s}
profile apt-methods-http @{exec_path} { profile apt-methods-http @{exec_path} {

2
apparmor.d/groups/apt/apt-methods-mirror
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}lib/apt/methods/mirror{,+*} @{exec_path} = /{usr/,}lib/apt/methods/mirror{,+*}
profile apt-methods-mirror @{exec_path} { profile apt-methods-mirror @{exec_path} {

2
apparmor.d/groups/apt/apt-methods-rred
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}lib/apt/methods/rred @{exec_path} = /{usr/,}lib/apt/methods/rred
profile apt-methods-rred @{exec_path} { profile apt-methods-rred @{exec_path} {

2
apparmor.d/groups/apt/apt-methods-rsh
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}lib/apt/methods/{r,s}sh @{exec_path} = /{usr/,}lib/apt/methods/{r,s}sh
profile apt-methods-rsh @{exec_path} { profile apt-methods-rsh @{exec_path} {

2
apparmor.d/groups/apt/apt-methods-store
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}lib/apt/methods/store @{exec_path} = /{usr/,}lib/apt/methods/store
profile apt-methods-store @{exec_path} { profile apt-methods-store @{exec_path} {

2
apparmor.d/groups/apt/apt-show-versions
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/apt-show-versions @{exec_path} = /{usr/,}bin/apt-show-versions
profile apt-show-versions @{exec_path} { profile apt-show-versions @{exec_path} {

2
apparmor.d/groups/apt/aptitude
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/aptitude{,-curses} @{exec_path} = /{usr/,}bin/aptitude{,-curses}
profile aptitude @{exec_path} flags=(complain) { profile aptitude @{exec_path} flags=(complain) {

2
apparmor.d/groups/apt/dpkg-checkbuilddeps
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/dpkg-checkbuilddeps @{exec_path} = /{usr/,}bin/dpkg-checkbuilddeps
profile dpkg-checkbuilddeps @{exec_path} flags=(complain) { profile dpkg-checkbuilddeps @{exec_path} flags=(complain) {

2
apparmor.d/groups/apt/dpkg-deb
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/dpkg-deb @{exec_path} = /{usr/,}bin/dpkg-deb
profile dpkg-deb @{exec_path} { profile dpkg-deb @{exec_path} {

2
apparmor.d/groups/apt/dpkg-genbuildinfo
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/dpkg-genbuildinfo @{exec_path} = /{usr/,}bin/dpkg-genbuildinfo
profile dpkg-genbuildinfo @{exec_path} flags=(complain) { profile dpkg-genbuildinfo @{exec_path} flags=(complain) {

2
apparmor.d/groups/apt/dpkg-genchanges
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/dpkg-genchanges @{exec_path} = /{usr/,}bin/dpkg-genchanges
profile dpkg-genchanges @{exec_path} flags=(complain) { profile dpkg-genchanges @{exec_path} flags=(complain) {

2
apparmor.d/groups/apt/dpkg-split
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/dpkg-split @{exec_path} = /{usr/,}bin/dpkg-split
profile dpkg-split @{exec_path} { profile dpkg-split @{exec_path} {

2
apparmor.d/groups/apt/synaptic
View file

@ -4,7 +4,7 @@
abi <abi/3.0>, abi <abi/3.0>,
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
include <tunables/global> include <tunables/global>

4
apparmor.d/groups/desktop/obex-folder-listing
View file

@ -14,8 +14,8 @@ profile obex-folder-listing @{exec_path} {
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/**/ r, owner @{HOME}/**/ r,
owner /media/*/ r, owner @{MOUNTS}/*/ r,
owner /media/*/**/ r, owner @{MOUNTS}/*/**/ r,
include if exists <local/obex-folder-listing> include if exists <local/obex-folder-listing>
} }

3
apparmor.d/groups/gnome/nautilus
View file

@ -25,9 +25,8 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
# Full access to user's data # Full access to user's data
/ r, / r,
owner @{HOME}/{,**} rw, owner @{HOME}/{,**} rw,
owner @{MOUNTS}/*/{,**} rw,
owner @{run}/user/@{uid}/{,**} rw, owner @{run}/user/@{uid}/{,**} rw,
owner /media/*/{,**} rw,
owner /mnt/*/{,**} rw,
owner /tmp/{,**} rw, owner /tmp/{,**} rw,
# Silencer for non user's data # Silencer for non user's data

2
apparmor.d/groups/gnome/tracker-miner
View file

@ -24,7 +24,7 @@ profile tracker-miner @{exec_path} {
# Allow to search user files # Allow to search user files
owner @{HOME}/{,**} r, owner @{HOME}/{,**} r,
owner /media/*/{,**} r, owner @{MOUNTS}/*/{,**} r,
owner /tmp/*/{,**} r, owner /tmp/*/{,**} r,
owner @{user_share_dirs}/{applications/,mime/mime.cache} r, owner @{user_share_dirs}/{applications/,mime/mime.cache} r,

3
apparmor.d/groups/gpg/gpg
View file

@ -64,8 +64,7 @@ profile gpg @{exec_path} {
# Verify files # Verify files
owner @{HOME}/** r, owner @{HOME}/** r,
owner /mnt/*/** r, owner @{MOUNTS}/*/** r,
owner /media/*/** r,
owner @{PROC}/@{pid}/task/@{tid}/stat rw, owner @{PROC}/@{pid}/task/@{tid}/stat rw,
owner @{PROC}/@{pid}/task/@{tid}/comm rw, owner @{PROC}/@{pid}/task/@{tid}/comm rw,

4
apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor
View file

@ -35,8 +35,8 @@ profile gvfs-udisks2-volume-monitor @{exec_path} {
/etc/fstab r, /etc/fstab r,
# Mount points # Mount points
/media/*/ r, @{MOUNTS}/*/ r,
/media/*/*/ r, @{MOUNTS}/*/*/ r,
@{HOME}/*/*/ r, @{HOME}/*/*/ r,
@{HOME}/*/*/**/ r, @{HOME}/*/*/**/ r,
@{HOME}/bluetooth/ r, @{HOME}/bluetooth/ r,

6
apparmor.d/groups/gvfs/gvfsd-archive
View file

@ -16,14 +16,12 @@ profile gvfsd-archive @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
owner @{HOME}/**.{tar,tar.gz,zip} r, owner @{HOME}/**.{tar,tar.gz,zip} r,
owner /media/**.{TAR,TAR.GZ,ZIP} r, owner @{MOUNTS}/**.{TAR,TAR.GZ,ZIP} r,
owner @{HOME}/**.{tar,tar.gz,zip} r, owner @{HOME}/**.{tar,tar.gz,zip} r,
owner /mnt/**.{TAR,TAR.GZ,ZIP} r,
owner @{HOME}/**.{iso,img,bin,mdf,nrg} r, owner @{HOME}/**.{iso,img,bin,mdf,nrg} r,
owner /media/*/**.{iso,img,bin,mdf,nrg} r, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} r,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} r, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} r,
owner /mnt/*/**.{ISO,IMG,BIN,MDF,NRG} r,
include if exists <local/gvfsd-archive> include if exists <local/gvfsd-archive>
} }

3
apparmor.d/groups/gvfs/gvfsd-recent
View file

@ -19,8 +19,7 @@ profile gvfsd-recent @{exec_path} {
# Full access to user's data # Full access to user's data
owner @{HOME}/{,**} rw, owner @{HOME}/{,**} rw,
owner /media/*/{,**} rw, owner @{MOUNTS}/*/{,**} rw,
owner /mnt/*/{,**} rw,
owner @{HOME}/.zshenv r, owner @{HOME}/.zshenv r,
owner @{user_config_dirs}/user-dirs.dirs r, owner @{user_config_dirs}/user-dirs.dirs r,

3
apparmor.d/groups/gvfs/gvfsd-trash
View file

@ -31,8 +31,7 @@ profile gvfsd-trash @{exec_path} {
# Can restore all user files # Can restore all user files
owner @{HOME}/{,**} rw, owner @{HOME}/{,**} rw,
owner /media/*/{,**} rw, owner @{MOUNTS}/*/{,**} rw,
owner /mnt/*/{,**} rw,
include if exists <local/gvfsd-trash> include if exists <local/gvfsd-trash>
} }

4
apparmor.d/profiles-a-l/amarok
View file

@ -75,8 +75,8 @@ profile amarok @{exec_path} {
/home/ r, /home/ r,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/**/ r, owner @{HOME}/**/ r,
/media/ r, @{MOUNTS}/ r,
owner /media/**/ r, owner @{MOUNTS}/**/ r,
owner /{home,media}/**.@{amarok_ext} rw, owner /{home,media}/**.@{amarok_ext} rw,
# Amarok home files # Amarok home files

2
apparmor.d/profiles-a-l/appimage-beyond-all-reason
View file

@ -125,7 +125,7 @@ profile appimage-beyond-all-reason @{exec_path} {
/etc/fuse.conf r, /etc/fuse.conf r,
owner @{HOME}/**.AppImage r, owner @{HOME}/**.AppImage r,
owner /media/*/**.AppImage r, owner @{MOUNTS}/*/**.AppImage r,
@{PROC}/@{pid}/mounts r, @{PROC}/@{pid}/mounts r,

2
apparmor.d/profiles-a-l/badblocks
View file

@ -19,7 +19,7 @@ profile badblocks @{exec_path} {
# A place for a list of already existing known bad blocks # A place for a list of already existing known bad blocks
@{HOME}/** rwk, @{HOME}/** rwk,
/media/*/** rwk, @{MOUNTS}/*/** rwk,
include if exists <local/badblocks> include if exists <local/badblocks>
} }

3
apparmor.d/profiles-a-l/blkid
View file

@ -29,8 +29,7 @@ profile blkid @{exec_path} {
# Image files # Image files
@{HOME}/** r, @{HOME}/** r,
/media/*/** r, @{MOUNTS}/*/** r,
/mnt/*/** r,
include if exists <local/blkid> include if exists <local/blkid>
} }

17
apparmor.d/profiles-a-l/borg
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BACKUP_DIR} = /media/Arti/backup-* @{BACKUP_DIR} = @{MOUNTS}/Arti/backup-*
@{exec_path} = /{usr/,}bin/borg @{exec_path} = /{usr/,}bin/borg
profile borg @{exec_path} { profile borg @{exec_path} {
@ -38,10 +38,10 @@ profile borg @{exec_path} {
/{usr/,}bin/ccache rCx -> ccache, /{usr/,}bin/ccache rCx -> ccache,
/usr/bin/fusermount{,3} rCx -> fusermount, /usr/bin/fusermount{,3} rCx -> fusermount,
mount fstype=fuse -> /media/*/, mount fstype=fuse -> @{MOUNTS}/*/,
mount fstype=fuse -> /media/*/*/, mount fstype=fuse -> @{MOUNTS}/*/*/,
umount /media/*/, umount @{MOUNTS}/*/,
umount /media/*/*/, umount @{MOUNTS}/*/*/,
/dev/fuse rw, /dev/fuse rw,
@ -71,8 +71,7 @@ profile borg @{exec_path} {
/efi/{,**} r, /efi/{,**} r,
/etc/{,**} r, /etc/{,**} r,
/home/{,**} r, /home/{,**} r,
/media/{,**} r, @{MOUNTS}/{,**} r,
/mnt/{,**} r,
/opt/{,**} r, /opt/{,**} r,
/root/{,**} r, /root/{,**} r,
/srv/{,**} r, /srv/{,**} r,
@ -107,8 +106,8 @@ profile borg @{exec_path} {
/{usr/,}bin/fusermount{,3} mr, /{usr/,}bin/fusermount{,3} mr,
umount /media/*/, umount @{MOUNTS}/*/,
umount /media/*/*/, umount @{MOUNTS}/*/*/,
} }

16
apparmor.d/profiles-a-l/btrfs
View file

@ -33,18 +33,18 @@ profile btrfs @{exec_path} {
/var/lib/btrfs/scrub.status.[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*{,_tmp} rwk, /var/lib/btrfs/scrub.status.[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*{,_tmp} rwk,
# Saved metadata # Saved metadata
/media/*/ r, @{MOUNTS}/*/ r,
/media/*/ext2_saved/ rw, @{MOUNTS}/*/ext2_saved/ rw,
/media/*/ext2_saved/image rw, @{MOUNTS}/*/ext2_saved/image rw,
/media/*/*/ r, @{MOUNTS}/*/*/ r,
/media/*/*/ext2_saved/ rw, @{MOUNTS}/*/*/ext2_saved/ rw,
/media/*/*/ext2_saved/image rw, @{MOUNTS}/*/*/ext2_saved/image rw,
# To be able to manage btrfs volumes # To be able to manage btrfs volumes
owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk,
owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk,
include if exists <local/btrfs> include if exists <local/btrfs>
} }

4
apparmor.d/profiles-a-l/btrfs-find-root
View file

@ -15,9 +15,9 @@ profile btrfs-find-root @{exec_path} {
# A place for file images # A place for file images
owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk,
owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk,
include if exists <local/btrfs-find-root> include if exists <local/btrfs-find-root>
} }

4
apparmor.d/profiles-a-l/btrfs-image
View file

@ -17,9 +17,9 @@ profile btrfs-image @{exec_path} {
# Image files # Image files
owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk,
owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk,
include if exists <local/btrfs-image> include if exists <local/btrfs-image>
} }

4
apparmor.d/profiles-a-l/btrfs-map-logical
View file

@ -15,9 +15,9 @@ profile btrfs-map-logical @{exec_path} {
# A place for file images # A place for file images
owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk,
owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk,
include if exists <local/btrfs-map-logical> include if exists <local/btrfs-map-logical>
} }

6
apparmor.d/profiles-a-l/cfdisk
View file

@ -25,13 +25,13 @@ profile cfdisk @{exec_path} {
# A place for file images # A place for file images
owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk,
owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk,
# A place for backups # A place for backups
owner @{HOME}/**.{bak,back} rwk, owner @{HOME}/**.{bak,back} rwk,
owner /media/*/**.{bak,back} rwk, owner @{MOUNTS}/*/**.{bak,back} rwk,
include if exists <local/cfdisk> include if exists <local/cfdisk>
} }

6
apparmor.d/profiles-a-l/cgdisk
View file

@ -17,13 +17,13 @@ profile cgdisk @{exec_path} {
# A place for file images # A place for file images
owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk,
owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk,
# A place for backups # A place for backups
owner @{HOME}/**.{bak,back} rwk, owner @{HOME}/**.{bak,back} rwk,
owner /media/*/**.{bak,back} rwk, owner @{MOUNTS}/*/**.{bak,back} rwk,
include if exists <local/cgdisk> include if exists <local/cgdisk>
} }

2
apparmor.d/profiles-a-l/changestool
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/changestool @{exec_path} = /{usr/,}bin/changestool
profile changestool @{exec_path} { profile changestool @{exec_path} {

2
apparmor.d/profiles-a-l/czkawka-cli
View file

@ -14,7 +14,7 @@ profile czkawka-cli @{exec_path} {
# Dirs to scan for duplicates # Dirs to scan for duplicates
#owner @{HOME}/** rw, #owner @{HOME}/** rw,
owner /media/** rw, owner @{MOUNTS}/** rw,
owner @{user_config_dirs}/czkawka/ rw, owner @{user_config_dirs}/czkawka/ rw,
owner @{user_config_dirs}/czkawka/** rw, owner @{user_config_dirs}/czkawka/** rw,

2
apparmor.d/profiles-a-l/czkawka-gui
View file

@ -20,7 +20,7 @@ profile czkawka-gui @{exec_path} {
# Dirs to scan for duplicates # Dirs to scan for duplicates
#owner @{HOME}/** rw, #owner @{HOME}/** rw,
owner /media/** rw, owner @{MOUNTS}/** rw,
owner @{user_config_dirs}/czkawka/ rw, owner @{user_config_dirs}/czkawka/ rw,
owner @{user_config_dirs}/czkawka/** rw, owner @{user_config_dirs}/czkawka/** rw,

2
apparmor.d/profiles-a-l/debsign
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/debsign @{exec_path} = /{usr/,}bin/debsign
profile debsign @{exec_path} { profile debsign @{exec_path} {

2
apparmor.d/profiles-a-l/debtags
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/debtags @{exec_path} = /{usr/,}bin/debtags
profile debtags @{exec_path} { profile debtags @{exec_path} {

2
apparmor.d/profiles-a-l/dumpe2fs
View file

@ -19,7 +19,7 @@ profile dumpe2fs @{exec_path} {
# Image files # Image files
@{HOME}/** r, @{HOME}/** r,
/media/*/** r, @{MOUNTS}/** r,
include if exists <local/dumpe2fs> include if exists <local/dumpe2fs>
} }

4
apparmor.d/profiles-a-l/e2fsck
View file

@ -28,9 +28,9 @@ profile e2fsck @{exec_path} {
# A place for file images # A place for file images
owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk,
owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk,
include if exists <local/e2fsck> include if exists <local/e2fsck>
} }

4
apparmor.d/profiles-a-l/e2image
View file

@ -19,9 +19,9 @@ profile e2image @{exec_path} {
# A place for the metadata image file # A place for the metadata image file
owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk,
owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk,
include if exists <local/e2image> include if exists <local/e2image>
} }

4
apparmor.d/profiles-a-l/engrampa
View file

@ -54,8 +54,8 @@ profile engrampa @{exec_path} {
/home/ r, /home/ r,
#owner @{HOME}/ r, #owner @{HOME}/ r,
#owner @{HOME}/** rw, #owner @{HOME}/** rw,
/media/ r, @{MOUNTS}/ r,
/media/** rw, @{MOUNTS}/** rw,
/tmp/ r, /tmp/ r,
owner /tmp/** rw, owner /tmp/** rw,

2
apparmor.d/profiles-a-l/execute-dput
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/dput /usr/share/dput/execute-dput @{exec_path} = /{usr/,}bin/dput /usr/share/dput/execute-dput
profile execute-dput @{exec_path} flags=(complain) { profile execute-dput @{exec_path} flags=(complain) {

8
apparmor.d/profiles-a-l/f3read
View file

@ -13,13 +13,13 @@ profile f3read @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
# USB drive mount locations # USB drive mount locations
/media/*/ r, @{MOUNTS}/*/ r,
/media/*/*/ r, @{MOUNTS}/*/*/ r,
/mnt/ r, /mnt/ r,
# To be able to read h2w files # To be able to read h2w files
owner /media/*/[0-9]*.h2w r, owner @{MOUNTS}/*/[0-9]*.h2w r,
owner /media/*/*/[0-9]*.h2w r, owner @{MOUNTS}/*/*/[0-9]*.h2w r,
owner /mnt/[0-9]*.h2w r, owner /mnt/[0-9]*.h2w r,
include if exists <local/f3read> include if exists <local/f3read>

8
apparmor.d/profiles-a-l/f3write
View file

@ -17,13 +17,13 @@ profile f3write @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
# USB drive mount locations # USB drive mount locations
/media/*/ r, @{MOUNTS}/*/ r,
/media/*/*/ r, @{MOUNTS}/*/*/ r,
/mnt/ r, /mnt/ r,
# To be able to write h2w files # To be able to write h2w files
owner /media/*/[0-9]*.h2w w, owner @{MOUNTS}/*/[0-9]*.h2w w,
owner /media/*/*/[0-9]*.h2w w, owner @{MOUNTS}/*/*/[0-9]*.h2w w,
owner /mnt/[0-9]*.h2w w, owner /mnt/[0-9]*.h2w w,
include if exists <local/f3write> include if exists <local/f3write>

6
apparmor.d/profiles-a-l/fdisk
View file

@ -27,13 +27,13 @@ profile fdisk @{exec_path} {
# For disk images # For disk images
owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk,
owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk,
# For backups # For backups
owner @{HOME}/**.{bak,back} rwk, owner @{HOME}/**.{bak,back} rwk,
owner /media/*/**.{bak,back} rwk, owner @{MOUNTS}/*/**.{bak,back} rwk,
include if exists <local/fdisk> include if exists <local/fdisk>
} }

4
apparmor.d/profiles-a-l/ffmpeg
View file

@ -64,8 +64,8 @@ profile ffmpeg @{exec_path} {
/home/ r, /home/ r,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/**/ r, owner @{HOME}/**/ r,
/media/ r, @{MOUNTS} r,
owner /media/**/ r, owner @{MOUNTS}/**/ r,
owner /{home,media}/**.@{ffmpeg_ext}{,.[0-9]*} rw, owner /{home,media}/**.@{ffmpeg_ext}{,.[0-9]*} rw,
@{sys}/devices/system/node/ r, @{sys}/devices/system/node/ r,

4
apparmor.d/profiles-a-l/ffplay
View file

@ -52,8 +52,8 @@ profile ffplay @{exec_path} {
/home/ r, /home/ r,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/**/ r, owner @{HOME}/**/ r,
/media/ r, @{MOUNTS}/ r,
owner /media/**/ r, owner @{MOUNTS}/**/ r,
owner /{home,media}/**.@{ffplay_ext} rw, owner /{home,media}/**.@{ffplay_ext} rw,
/etc/machine-id r, /etc/machine-id r,

4
apparmor.d/profiles-a-l/ffprobe
View file

@ -50,8 +50,8 @@ profile ffprobe @{exec_path} {
/home/ r, /home/ r,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/**/ r, owner @{HOME}/**/ r,
/media/ r, @{MOUNTS}/ r,
owner /media/**/ r, owner @{MOUNTS}/**/ r,
owner /{home,media}/**.@{ffprobe_ext} rw, owner /{home,media}/**.@{ffprobe_ext} rw,
@{sys}/devices/system/node/ r, @{sys}/devices/system/node/ r,

2
apparmor.d/profiles-a-l/fsck
View file

@ -25,7 +25,7 @@ profile fsck @{exec_path} {
owner @{run}/fsck/*.lock rwk, owner @{run}/fsck/*.lock rwk,
# When a mount dir is passed to fsck as an argument. # When a mount dir is passed to fsck as an argument.
/media/*/ r, @{MOUNTS}/*/ r,
/boot/ r, /boot/ r,
/home/ r, /home/ r,

4
apparmor.d/profiles-a-l/fsck-fat
View file

@ -16,9 +16,9 @@ profile fsck-fat @{exec_path} {
# A place for file images # A place for file images
owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk,
owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk,
include if exists <local/fsck-fat> include if exists <local/fsck-fat>
} }

8
apparmor.d/profiles-a-l/fuseiso
View file

@ -27,9 +27,9 @@ profile fuseiso @{exec_path} {
# Image files to be mounted # Image files to be mounted
owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk,
owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk,
owner @{HOME}/.mtab.fuseiso rwk, owner @{HOME}/.mtab.fuseiso rwk,
owner @{HOME}/.mtab.fuseiso.new rw, owner @{HOME}/.mtab.fuseiso.new rw,
@ -60,9 +60,9 @@ profile fuseiso @{exec_path} {
# Image files to be mounted # Image files to be mounted
owner @{HOME}/**.{iso,img,bin,mdf,nrg} r, owner @{HOME}/**.{iso,img,bin,mdf,nrg} r,
owner /media/*/**.{iso,img,bin,mdf,nrg} r, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} r,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} r, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} r,
owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} r, owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} r,
} }

8
apparmor.d/profiles-a-l/fusermount
View file

@ -28,14 +28,14 @@ profile fusermount @{exec_path} {
mount fstype={fuse,fuse.*} -> @{HOME}/*/, mount fstype={fuse,fuse.*} -> @{HOME}/*/,
mount fstype={fuse,fuse.*} -> @{HOME}/*/*/, mount fstype={fuse,fuse.*} -> @{HOME}/*/*/,
mount fstype={fuse,fuse.*} -> @{HOME}/.cache/**/, mount fstype={fuse,fuse.*} -> @{HOME}/.cache/**/,
mount fstype={fuse,fuse.*} -> /media/*/, mount fstype={fuse,fuse.*} -> @{MOUNTS}/*/,
mount fstype={fuse,fuse.*} -> /media/*/*/, mount fstype={fuse,fuse.*} -> @{MOUNTS}/*/*/,
umount @{HOME}/*/, umount @{HOME}/*/,
umount @{HOME}/*/*/, umount @{HOME}/*/*/,
umount @{HOME}/.cache/**/, umount @{HOME}/.cache/**/,
umount /media/*/, umount @{MOUNTS}/*/,
umount /media/*/*/, umount @{MOUNTS}/*/*/,
umount /tmp/.mount_*/, umount /tmp/.mount_*/,
/etc/fuse.conf r, /etc/fuse.conf r,

6
apparmor.d/profiles-a-l/gdisk
View file

@ -24,13 +24,13 @@ profile gdisk @{exec_path} {
# For disk images # For disk images
owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk,
owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk,
# For backups # For backups
owner @{HOME}/**.{bak,back} rwk, owner @{HOME}/**.{bak,back} rwk,
owner /media/*/**.{bak,back} rwk, owner @{MOUNTS}/*/**.{bak,back} rwk,
include if exists <local/gdisk> include if exists <local/gdisk>
} }

8
apparmor.d/profiles-a-l/gpartedbin
View file

@ -146,8 +146,8 @@ profile gpartedbin @{exec_path} {
mount /dev/sd[a-z][0-9]* -> /tmp/gparted-*/, mount /dev/sd[a-z][0-9]* -> /tmp/gparted-*/,
mount /dev/sd[a-z][0-9]* -> /boot/, mount /dev/sd[a-z][0-9]* -> /boot/,
mount /dev/sd[a-z][0-9]* -> /media/*/, mount /dev/sd[a-z][0-9]* -> @{MOUNTS}/*/,
mount /dev/sd[a-z][0-9]* -> /media/*/*/, mount /dev/sd[a-z][0-9]* -> @{MOUNTS}/*/*/,
@{sys}/devices/pci[0-9]*/**/block/sd[a-z]/ r, @{sys}/devices/pci[0-9]*/**/block/sd[a-z]/ r,
@{sys}/devices/pci[0-9]*/**/block/sd[a-z]/dev r, @{sys}/devices/pci[0-9]*/**/block/sd[a-z]/dev r,
@ -169,8 +169,8 @@ profile gpartedbin @{exec_path} {
umount /tmp/gparted-*/, umount /tmp/gparted-*/,
umount /boot/, umount /boot/,
umount /media/*/, umount @{MOUNTS}/*/,
umount /media/*/*/, umount @{MOUNTS}/*/*/,
owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mountinfo r,

2
apparmor.d/profiles-a-l/hdparm
View file

@ -28,7 +28,7 @@ profile hdparm @{exec_path} flags=(complain) {
# Image files # Image files
@{HOME}/** r, @{HOME}/** r,
/media/*/** r, @{MOUNTS}/*/** r,
include if exists <local/hdparm> include if exists <local/hdparm>
} }

2
apparmor.d/profiles-a-l/hugo
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{HUGO_DIR} = /media/debuilder/hugo @{HUGO_DIR} = @{MOUNTS}/debuilder/hugo
@{exec_path} = /{usr/,}bin/hugo @{exec_path} = /{usr/,}bin/hugo
profile hugo @{exec_path} { profile hugo @{exec_path} {

4
apparmor.d/profiles-a-l/hypnotix
View file

@ -55,8 +55,8 @@ profile hypnotix @{exec_path} {
/home/ r, /home/ r,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/**/ r, owner @{HOME}/**/ r,
/media/ r, @{MOUNTS}/ r,
owner /media/**/ r, owner @{MOUNTS}/**/ r,
owner /{home,media}/**.@{hypnotix_ext} r, owner /{home,media}/**.@{hypnotix_ext} r,
# To be able to store settings # To be able to store settings

2
apparmor.d/profiles-a-l/ioping
View file

@ -37,7 +37,7 @@ profile ioping @{exec_path} {
/boot/** r, /boot/** r,
/opt/** r, /opt/** r,
/var/** r, /var/** r,
/media/** r, @{MOUNTS}/** r,
/tmp/** r, /tmp/** r,
/home/** r, /home/** r,

2
apparmor.d/profiles-a-l/keepassxc-proxy
View file

@ -30,7 +30,7 @@ profile keepassxc-proxy @{exec_path} {
# #
deny owner @{HOME}/.mozilla/** rw, deny owner @{HOME}/.mozilla/** rw,
deny owner @{user_cache_dirs}/mozilla/** rw, deny owner @{user_cache_dirs}/mozilla/** rw,
deny owner /media/*/.mozilla/** rw, deny owner @{MOUNTS}/*/.mozilla/** rw,
deny owner /tmp/firefox*/.parentlock rw, deny owner /tmp/firefox*/.parentlock rw,
deny owner /tmp/tmp-*.xpi rw, deny owner /tmp/tmp-*.xpi rw,
deny owner /tmp/tmpaddon r, deny owner /tmp/tmpaddon r,

2
apparmor.d/profiles-a-l/kmod
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{BUILD_DIR} = /media/debuilder/ @{BUILD_DIR} = @{MOUNTS}/debuilder/
@{exec_path} = /{usr/,}bin/{kmod,lsmod} @{exec_path} = /{usr/,}bin/{kmod,lsmod}
@{exec_path} += /{usr/,}{s,}bin/{depmod,insmod,lsmod,rmmod,modinfo,modprobe} @{exec_path} += /{usr/,}{s,}bin/{depmod,insmod,lsmod,rmmod,modinfo,modprobe}

4
apparmor.d/profiles-m-z/mediainfo
View file

@ -43,8 +43,8 @@ profile mediainfo @{exec_path} {
/home/ r, /home/ r,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/**/ r, owner @{HOME}/**/ r,
/media/ r, @{MOUNTS}/ r,
owner /media/**/ r, owner @{MOUNTS}/**/ r,
owner /{home,media}/**.@{mediainfo_ext} r, owner /{home,media}/**.@{mediainfo_ext} r,
include if exists <local/mediainfo> include if exists <local/mediainfo>

4
apparmor.d/profiles-m-z/mediainfo-gui
View file

@ -50,8 +50,8 @@ profile mediainfo-gui @{exec_path} {
/home/ r, /home/ r,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/**/ r, owner @{HOME}/**/ r,
/media/ r, @{MOUNTS}/ r,
owner /media/**/ r, owner @{MOUNTS}/**/ r,
owner /{home,media}/**.@{mediainfo_ext} r, owner /{home,media}/**.@{mediainfo_ext} r,
/usr/share/glib-2.0/schemas/gschemas.compiled r, /usr/share/glib-2.0/schemas/gschemas.compiled r,

6
apparmor.d/profiles-m-z/megasync
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{SYNC_FOLDER}=/media/*/cloud_storage @{SYNC_FOLDER}=@{MOUNTS}/*/cloud_storage
@{exec_path} = /{usr/,}bin/megasync @{exec_path} = /{usr/,}bin/megasync
profile megasync @{exec_path} { profile megasync @{exec_path} {
@ -57,8 +57,8 @@ profile megasync @{exec_path} {
# Sync folder # Sync folder
#/ r, #/ r,
#/media/ r, #@{MOUNTS}/ r,
#/media/*/ r, #@{MOUNTS}/*/ r,
owner @{SYNC_FOLDER}/ r, owner @{SYNC_FOLDER}/ r,
owner @{SYNC_FOLDER}/** rwl -> @{SYNC_FOLDER}/**, owner @{SYNC_FOLDER}/** rwl -> @{SYNC_FOLDER}/**,

4
apparmor.d/profiles-m-z/mke2fs
View file

@ -28,9 +28,9 @@ profile mke2fs @{exec_path} {
# A place for file images # A place for file images
owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk,
owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk,
# For virt-resize # For virt-resize
owner /var/tmp/.guestfs-[0-9]*/** rwk, owner /var/tmp/.guestfs-[0-9]*/** rwk,

4
apparmor.d/profiles-m-z/mkfs-btrfs
View file

@ -22,9 +22,9 @@ profile mkfs-btrfs @{exec_path} {
# A place for file images # A place for file images
owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk,
owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk,
include if exists <local/mkfs-btrfs> include if exists <local/mkfs-btrfs>
} }

4
apparmor.d/profiles-m-z/mkfs-fat
View file

@ -18,9 +18,9 @@ profile mkfs-fat @{exec_path} {
# A place for file images # A place for file images
owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk,
owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk,
include if exists <local/mkfs-fat> include if exists <local/mkfs-fat>
} }

4
apparmor.d/profiles-m-z/mkvmerge
View file

@ -52,8 +52,8 @@ profile mkvmerge @{exec_path} {
/home/ r, /home/ r,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/**/ r, owner @{HOME}/**/ r,
/media/ r, @{MOUNTS}/ r,
owner /media/**/ r, owner @{MOUNTS}/**/ r,
owner /{home,media}/**.@{mkvmerge_ext} rw, owner /{home,media}/**.@{mkvmerge_ext} rw,
owner /tmp/MKVToolNix-process-*.json r, owner /tmp/MKVToolNix-process-*.json r,

4
apparmor.d/profiles-m-z/mkvtoolnix-gui
View file

@ -67,8 +67,8 @@ profile mkvtoolnix-gui @{exec_path} {
/home/ r, /home/ r,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/**/ r, owner @{HOME}/**/ r,
/media/ r, @{MOUNTS}/ r,
owner /media/**/ r, owner @{MOUNTS}/**/ r,
owner /{home,media}/**.@{mkvtoolnix_ext} rw, owner /{home,media}/**.@{mkvtoolnix_ext} rw,
owner @{user_config_dirs}/bunkus.org/ rw, owner @{user_config_dirs}/bunkus.org/ rw,

10
apparmor.d/profiles-m-z/mount
View file

@ -41,17 +41,15 @@ profile mount @{exec_path} flags=(complain) {
/{usr/,}{s,}bin/mount.* rPx, /{usr/,}{s,}bin/mount.* rPx,
# Mount points # Mount points
/media/*/ r, @{MOUNTS}/*/ r,
/media/*/*/ r, @{MOUNTS}/*/*/ r,
/mnt/ r,
/mnt/*/ r,
/media/cdrom[0-9]/ r, /media/cdrom[0-9]/ r,
# Mount iso/img files # Mount iso/img files
owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk,
owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk,
# The special /dev/loop-control file can be used to create and destroy loop devices or to find # The special /dev/loop-control file can be used to create and destroy loop devices or to find
# the first available loop device. # the first available loop device.

14
apparmor.d/profiles-m-z/mount-cifs
View file

@ -30,19 +30,17 @@ profile mount-cifs @{exec_path} flags=(complain) {
owner @{HOME}/.smbcredentials r, owner @{HOME}/.smbcredentials r,
# Mount points # Mount points
/media/*/ r, @{MOUNTS}/*/ r,
/media/*/*/ r, @{MOUNTS}/*/*/ r,
/mnt/ r,
/mnt/*/ r,
# Allow to mount smb/cifs disks only under the /media/ dirs # Allow to mount smb/cifs disks only under the /media/ dirs
mount fstype=cifs -> /media/*/, mount fstype=cifs -> @{MOUNTS}/*/,
mount fstype=cifs -> /media/*/*/, mount fstype=cifs -> @{MOUNTS}/*/*/,
mount fstype=cifs -> /mnt/, mount fstype=cifs -> /mnt/,
mount fstype=cifs -> /mnt/*/, mount fstype=cifs -> /mnt/*/,
umount /media/*/, umount @{MOUNTS}/*/,
umount /media/*/*/, umount @{MOUNTS}/*/*/,
umount /mnt/, umount /mnt/,
umount /mnt/*/, umount /mnt/*/,

15
apparmor.d/profiles-m-z/mount-nfs
View file

@ -45,19 +45,18 @@ profile mount-nfs @{exec_path} flags=(complain) {
owner @{run}/rpc.statd.lock wk, owner @{run}/rpc.statd.lock wk,
# Mount points # Mount points
/media/*/ r, @{MOUNTS}/*/ r,
/media/*/*/ r, @{MOUNTS}/*/*/ r,
/mnt/ r,
/mnt/*/ r,
# Allow to mount smb/cifs disks only under the /media/ dirs # Allow to mount smb/cifs disks only under the /media/ dirs
mount fstype=nfs -> /media/*/, mount fstype=nfs -> @{MOUNTS}/*/,
mount fstype=nfs -> /media/*/*/, mount fstype=nfs -> @{MOUNTS}/*/*/,
mount fstype=nfs -> /mnt/, mount fstype=nfs -> /mnt/,
mount fstype=nfs -> /mnt/*/, mount fstype=nfs -> /mnt/*/,
umount /media/*/, umount @{MOUNTS}/*/,
umount /media/*/*/, umount @{MOUNTS}/*/*/,
umount /mnt/, umount /mnt/,
umount /mnt/*/, umount /mnt/*/,

4
apparmor.d/profiles-m-z/mpv
View file

@ -92,8 +92,8 @@ profile mpv @{exec_path} {
/home/ r, /home/ r,
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{HOME}/**/ r, owner @{HOME}/**/ r,
/media/ r, @{MOUNTS}/ r,
owner /media/**/ r, owner @{MOUNTS}/**/ r,
/tmp/ r, /tmp/ r,
owner /tmp/mpsyt-input* rw, owner /tmp/mpsyt-input* rw,
owner /tmp/mpsyt-mpv*.sock rw, owner /tmp/mpsyt-mpv*.sock rw,

4
apparmor.d/profiles-m-z/mtools
View file

@ -25,9 +25,9 @@ profile mtools @{exec_path} {
# A place for file images # A place for file images
owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk,
owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk,
include if exists <local/mtools> include if exists <local/mtools>
} }

9
apparmor.d/profiles-m-z/nemo
View file

@ -56,12 +56,9 @@ profile nemo @{exec_path} {
/lost+found/ r, /lost+found/ r,
/lost+found/** r, /lost+found/** r,
owner /lost+found/** rw, owner /lost+found/** rw,
/media/ r, @{MOUNTS}/ r,
/media/** r, @{MOUNTS}/** r,
owner /media/** rw, owner @{MOUNTS}/** rw,
/mnt/ r,
/mnt/** r,
owner /mnt/** rw,
/opt/ r, /opt/ r,
/opt/** r, /opt/** r,
owner /opt/** rw, owner /opt/** rw,

15
apparmor.d/profiles-m-z/ntfs-3g
View file

@ -32,20 +32,19 @@ profile ntfs-3g @{exec_path} {
/dev/fuse rw, /dev/fuse rw,
# Mount points # Mount points
/media/*/ r, @{MOUNTS}/*/ r,
/media/*/*/ r, @{MOUNTS}/*/*/ r,
/mnt/ r,
/mnt/*/ r,
# Allow to mount ntfs disks only under the /media/ and /mnt/ dirs # Allow to mount ntfs disks only under the /media/ and /mnt/ dirs
mount fstype=fuseblk /dev/sd[a-z][0-9]* -> /media/*/, mount fstype=fuseblk /dev/sd[a-z][0-9]* -> @{MOUNTS}/*/,
mount fstype=fuseblk /dev/sd[a-z][0-9]* -> /media/*/*/, mount fstype=fuseblk /dev/sd[a-z][0-9]* -> @{MOUNTS}/*/*/,
mount fstype=fuseblk /dev/sd[a-z][0-9]* -> /mnt/, mount fstype=fuseblk /dev/sd[a-z][0-9]* -> /mnt/,
mount fstype=fuseblk /dev/sd[a-z][0-9]* -> /mnt/*/, mount fstype=fuseblk /dev/sd[a-z][0-9]* -> /mnt/*/,
# Allow to mount encrypted partition # Allow to mount encrypted partition
mount fstype=fuseblk /dev/dm-[0-9]* -> /media/*/, mount fstype=fuseblk /dev/dm-[0-9]* -> @{MOUNTS}/*/,
mount fstype=fuseblk /dev/dm-[0-9]* -> /media/*/*/, mount fstype=fuseblk /dev/dm-[0-9]* -> @{MOUNTS}/*/*/,
mount fstype=fuseblk /dev/dm-[0-9]* -> /mnt/, mount fstype=fuseblk /dev/dm-[0-9]* -> /mnt/,
mount fstype=fuseblk /dev/dm-[0-9]* -> /mnt/*/, mount fstype=fuseblk /dev/dm-[0-9]* -> /mnt/*/,

2
apparmor.d/profiles-m-z/ntfsclone
View file

@ -19,7 +19,7 @@ profile ntfsclone @{exec_path} {
# A place for backups # A place for backups
@{HOME}/** rwk, @{HOME}/** rwk,
/media/*/** rwk, @{MOUNTS}/*/** rwk,
include if exists <local/ntfsclone> include if exists <local/ntfsclone>
} }

8
apparmor.d/profiles-m-z/parted
View file

@ -44,9 +44,9 @@ profile parted @{exec_path} {
# Image files # Image files
owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk,
owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk,
profile udevadm { profile udevadm {
@ -70,9 +70,9 @@ profile parted @{exec_path} {
# file_inherit # file_inherit
include <abstractions/disks-write> # lots of files in this abstraction get inherited include <abstractions/disks-write> # lots of files in this abstraction get inherited
owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk,
owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk,
owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk,
owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk,
} }

14
apparmor.d/profiles-m-z/qbittorrent
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{TORRENT_DIR} = /media/*/torrent @{TORRENT_DIR} = @{MOUNTS}/*/torrent
@{exec_path} = /{usr/,}bin/qbittorrent @{exec_path} = /{usr/,}bin/qbittorrent
profile qbittorrent @{exec_path} { profile qbittorrent @{exec_path} {
@ -58,8 +58,8 @@ profile qbittorrent @{exec_path} {
/usr/share/qt5ct/** r, /usr/share/qt5ct/** r,
# Torrent files # Torrent files
/media/ r, @{MOUNTS}/ r,
owner /media/*/ r, owner @{MOUNTS}/*/ r,
owner @{TORRENT_DIR}/ r, owner @{TORRENT_DIR}/ r,
owner @{TORRENT_DIR}/** rw, owner @{TORRENT_DIR}/** rw,
@ -140,7 +140,7 @@ profile qbittorrent @{exec_path} {
owner /tmp/tmp* rw, owner /tmp/tmp* rw,
# file_inherit # file_inherit
owner /media/*/torrent/** r, owner @{MOUNTS}/*/torrent/** r,
deny /dev/dri/card[0-9]* rw, deny /dev/dri/card[0-9]* rw,
} }
@ -172,9 +172,9 @@ profile qbittorrent @{exec_path} {
/{usr/,}lib/firefox/firefox rPx, /{usr/,}lib/firefox/firefox rPx,
# file_inherit # file_inherit
owner /media/*/torrent/** r, owner @{MOUNTS}/*/torrent/** r,
owner /media/*/torrent/**.[0-9a-f]*.parts rw, owner @{MOUNTS}/*/torrent/**.[0-9a-f]*.parts rw,
owner "/media/*/torrent/**.!qB" rw, owner "@{MOUNTS}/*/torrent/**.!qB" rw,
owner @{HOME}/.xsession-errors w, owner @{HOME}/.xsession-errors w,

6
apparmor.d/profiles-m-z/qbittorrent-nox
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global> include <tunables/global>
@{TORRENT_DIR} = /media/*/torrent @{TORRENT_DIR} = @{MOUNTS}/*/torrent
@{exec_path} = /{usr/,}bin/qbittorrent-nox @{exec_path} = /{usr/,}bin/qbittorrent-nox
profile qbittorrent-nox @{exec_path} { profile qbittorrent-nox @{exec_path} {
@ -37,8 +37,8 @@ profile qbittorrent-nox @{exec_path} {
owner @{user_cache_dirs}/qBittorrent/{,**} rw, owner @{user_cache_dirs}/qBittorrent/{,**} rw,
# Torrent files # Torrent files
/media/ r, @{MOUNTS}/ r,
owner /media/*/ r, owner @{MOUNTS}/*/ r,
owner @{TORRENT_DIR}/ r, owner @{TORRENT_DIR}/ r,
owner @{TORRENT_DIR}/** rw, owner @{TORRENT_DIR}/** rw,

12
apparmor.d/profiles-m-z/qnapi
View file

@ -73,12 +73,12 @@ profile qnapi @{exec_path} {
/{usr/,}bin/xdg-open rCx -> open, /{usr/,}bin/xdg-open rCx -> open,
# Movie dirs # Movie dirs
/media/ r, @{MOUNTS}/ r,
owner /media/*/ r, owner @{MOUNTS}/*/ r,
owner /media/*/** r, owner @{MOUNTS}/*/** r,
owner /media/*/**#[0-9]*[0-9] rw, owner @{MOUNTS}/*/**#[0-9]*[0-9] rw,
owner /media/*/**.@{qnapi_vid_ext} r, owner @{MOUNTS}/*/**.@{qnapi_vid_ext} r,
owner /media/*/**.@{qnapi_txt_ext} rwl -> /media/*/**/#[0-9]*[0-9], owner @{MOUNTS}/*/**.@{qnapi_txt_ext} rwl -> @{MOUNTS}/*/**/#[0-9]*[0-9],
owner @{HOME}/ r, owner @{HOME}/ r,
owner @{user_config_dirs}/qnapi.ini rw, owner @{user_config_dirs}/qnapi.ini rw,

Some files were not shown because too many files have changed in this diff Show more