felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(abs): add proc stat to the gnome common abs.

Browse source
This commit is contained in:
Alexandre Pujol 2025-05-18 13:47:08 +02:00
parent 9499116542
commit 1fab846875
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
15 changed files with 1 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

1
apparmor.d/abstractions/common/gnome
View file

@ -32,6 +32,7 @@
owner @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/cpu.max r, owner @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/cpu.max r,
owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/stat r,
owner @{PROC}/@{pid}/task/@{tid}/comm rw, owner @{PROC}/@{pid}/task/@{tid}/comm rw,
include if exists <abstractions/common/gnome.d> include if exists <abstractions/common/gnome.d>

1
apparmor.d/groups/apparmor/aa-notify
View file

@ -75,7 +75,6 @@ profile aa-notify @{exec_path} {
owner @{user_share_dirs}/org.gnome.TextEditor/{,**} rw, owner @{user_share_dirs}/org.gnome.TextEditor/{,**} rw,
owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/stat r,
deny @{user_share_dirs}/gvfs-metadata/* r, deny @{user_share_dirs}/gvfs-metadata/* r,

1
apparmor.d/groups/gnome/decibels
View file

@ -28,7 +28,6 @@ profile decibels @{exec_path} {
owner @{user_videos_dirs}/{,**} r, owner @{user_videos_dirs}/{,**} r,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/stat r,
owner @{PROC}/@{pid}/task/@{tid}/stat r, owner @{PROC}/@{pid}/task/@{tid}/stat r,
include if exists <local/decibels> include if exists <local/decibels>

2
apparmor.d/groups/gnome/gnome-calculator
View file

@ -23,8 +23,6 @@ profile gnome-calculator @{exec_path} {
@{open_path} rPx -> child-open-help, @{open_path} rPx -> child-open-help,
owner @{PROC}/@{pid}/stat r,
include if exists <local/gnome-calculator> include if exists <local/gnome-calculator>
} }

1
apparmor.d/groups/gnome/gnome-characters
View file

@ -29,7 +29,6 @@ profile gnome-characters @{exec_path} {
/usr/share/xml/iso-codes/{,**} r, /usr/share/xml/iso-codes/{,**} r,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/stat r,
owner @{PROC}/@{pid}/status r, owner @{PROC}/@{pid}/status r,
owner @{PROC}/@{pid}/task/@{tid}/stat r, owner @{PROC}/@{pid}/task/@{tid}/stat r,

1
apparmor.d/groups/gnome/gnome-extensions-app
View file

@ -22,7 +22,6 @@ profile gnome-extensions-app @{exec_path} {
/usr/share/terminfo/** r, /usr/share/terminfo/** r,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pids}/stat r,
owner @{PROC}/@{pids}/task/@{tid}/stat r, owner @{PROC}/@{pids}/task/@{tid}/stat r,
/dev/tty rw, /dev/tty rw,

2
apparmor.d/groups/gnome/gnome-logs
View file

@ -27,8 +27,6 @@ profile gnome-logs @{exec_path} {
/{run,var}/log/journal/@{hex32}/user-@{uid}@@{hex32}-@{hex16}-@{hex16}.journal r, /{run,var}/log/journal/@{hex32}/user-@{uid}@@{hex32}-@{hex16}-@{hex16}.journal r,
/{run,var}/log/journal/remote/ r, /{run,var}/log/journal/remote/ r,
owner @{PROC}/@{pid}/stat r,
include if exists <local/gnome-logs> include if exists <local/gnome-logs>
} }

1
apparmor.d/groups/gnome/gnome-maps
View file

@ -45,7 +45,6 @@ profile gnome-maps @{exec_path} {
owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/cgroup r,
owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/stat r,
owner @{PROC}/@{pid}/task/@{tid}/stat r, owner @{PROC}/@{pid}/task/@{tid}/stat r,
include if exists <local/gnome-maps> include if exists <local/gnome-maps>

1
apparmor.d/groups/gnome/gnome-text-editor
View file

@ -24,7 +24,6 @@ profile gnome-text-editor @{exec_path} {
owner @{user_share_dirs}/org.gnome.TextEditor/{,**} rw, owner @{user_share_dirs}/org.gnome.TextEditor/{,**} rw,
owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/stat r,
deny @{user_share_dirs}/gvfs-metadata/* r, deny @{user_share_dirs}/gvfs-metadata/* r,

1
apparmor.d/groups/gnome/gnome-weather
View file

@ -31,7 +31,6 @@ profile gnome-weather @{exec_path} {
@{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r, @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/stat r,
owner @{PROC}/@{pid}/task/@{tid}/stat r, owner @{PROC}/@{pid}/task/@{tid}/stat r,
deny owner @{user_share_dirs}/gvfs-metadata/* r, deny owner @{user_share_dirs}/gvfs-metadata/* r,

1
apparmor.d/groups/gnome/papers
View file

@ -32,7 +32,6 @@ profile papers @{exec_path} {
@{run}/mount/utab r, @{run}/mount/utab r,
owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/stat r,
profile open { profile open {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/groups/gnome/ptyxis
View file

@ -28,8 +28,6 @@ profile ptyxis @{exec_path} {
owner @{user_share_dirs}/org.gnome.Ptyxis/ rw, owner @{user_share_dirs}/org.gnome.Ptyxis/ rw,
owner @{user_share_dirs}/org.gnome.Ptyxis/** rwlk -> @{user_share_dirs}/org.gnome.Ptyxis/**, owner @{user_share_dirs}/org.gnome.Ptyxis/** rwlk -> @{user_share_dirs}/org.gnome.Ptyxis/**,
owner @{PROC}/@{pid}/stat r,
/dev/ptmx rw, /dev/ptmx rw,
include if exists <local/ptyxis> include if exists <local/ptyxis>

1
apparmor.d/profiles-a-f/file-roller
View file

@ -48,7 +48,6 @@ profile file-roller @{exec_path} {
@{run}/mount/utab r, @{run}/mount/utab r,
owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/stat r,
include if exists <local/file-roller> include if exists <local/file-roller>
} }

1
apparmor.d/profiles-a-f/foliate
View file

@ -51,7 +51,6 @@ profile foliate @{exec_path} flags=(attach_disconnected) {
owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/cgroup r,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/smaps r, owner @{PROC}/@{pid}/smaps r,
owner @{PROC}/@{pid}/stat r,
owner @{PROC}/@{pid}/statm r, owner @{PROC}/@{pid}/statm r,
owner @{PROC}/@{pid}/task/@{tid}/stat r, owner @{PROC}/@{pid}/task/@{tid}/stat r,

1
apparmor.d/profiles-a-f/fractal
View file

@ -41,7 +41,6 @@ profile fractal @{exec_path} flags=(attach_disconnected) {
@{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r, @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/cgroup r,
owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/stat r,
/dev/ r, /dev/ r,