Profiles update.
This commit is contained in:
Alexandre Pujol
parent
b435bc7821
commit
2175a86979
15 changed files with 49 additions and 31 deletions
|
|
@ -24,6 +24,7 @@ profile blueman @{exec_path} {
|
|||
network bluetooth raw,
|
||||
|
||||
ptrace (read) peer=gjs-console,
|
||||
|
||||
@{exec_path} mrix,
|
||||
/{usr/,}bin/python3.[0-9]* r,
|
||||
/{usr/,}bin/blueman-tray rPx,
|
||||
|
|
|
|||
|
|
@ -25,6 +25,10 @@ profile dbus-run-session @{exec_path} {
|
|||
include <abstractions/dconf>
|
||||
owner @{run}/user/[0-9]*/dconf/ rw,
|
||||
owner @{run}/user/[0-9]*/dconf/user rw,
|
||||
/usr/share/dconf/profile/gdm r,
|
||||
/var/lib/gdm/.config/dconf/user r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/dbus-run-session>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,10 +9,10 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}lib/gdm-wayland-session
|
||||
profile gdm-wayland-session @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bash>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/zsh>
|
||||
include <abstractions/bash>
|
||||
|
||||
signal (send) set=(term) peer=dbus-run-session,
|
||||
signal (send) set=(term) peer=gnome-session-binary,
|
||||
|
|
@ -30,6 +30,7 @@ profile gdm-wayland-session @{exec_path} {
|
|||
/{usr/,}bin/dbus-daemon rPx,
|
||||
/{usr/,}lib/gnome-session-binary rPx,
|
||||
|
||||
/etc/shells r,
|
||||
/etc/gdm/custom.conf r,
|
||||
|
||||
/usr/share/gdm/gdm.schemas r,
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ profile gdm-x-session @{exec_path} flags=(attach_disconnected) {
|
|||
/usr/share/gdm/gdm.schemas r,
|
||||
/var/lib/gdm/.cache/gdm/Xauthority rw,
|
||||
|
||||
owner /proc/9503/fd/ r,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
|
||||
/dev/tty[0-9]* rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -7,11 +7,11 @@ abi <abi/3.0>,
|
|||
include <tunables/global>
|
||||
|
||||
@{exec_path} = /etc/gdm/Xsession
|
||||
profile sddm-xsession @{exec_path} {
|
||||
profile gdm-xsession @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bash>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/bash>
|
||||
|
||||
@{exec_path} r,
|
||||
|
||||
|
|
@ -39,5 +39,5 @@ profile sddm-xsession @{exec_path} {
|
|||
|
||||
}
|
||||
|
||||
include if exists <local/sddm-xsession>
|
||||
include if exists <local/gdm-xsession>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}lib/gnome-session-binary
|
||||
profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
signal (send) set=(term) peer=gsd-*,
|
||||
signal (receive) set=(term) peer=gdm-wayland-session,
|
||||
|
|
@ -67,10 +67,10 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
|||
owner @{run}/user/[0-9]*/.mutter-Xwaylandauth.[0-9A-Z]* r,
|
||||
owner @{run}/user/[0-9]*/gnome-session-leader-fifo rw,
|
||||
owner @{run}/user/[0-9]*/ICEauthority{,-[a-z]} rwl,
|
||||
@{run}/systemd/users/[0-9]* r,
|
||||
@{run}/systemd/sessions/[0-9].ref rw,
|
||||
@{run}/systemd/sessions/[0-9] r,
|
||||
@{run}/systemd/inhibit/[0-9]*.ref rw,
|
||||
@{run}/systemd/sessions/[0-9] r,
|
||||
@{run}/systemd/sessions/[0-9].ref rw,
|
||||
@{run}/systemd/users/[0-9]* r,
|
||||
|
||||
@{sys}/devices/**/{vendor,device} r,
|
||||
|
||||
|
|
|
|||
|
|
@ -69,6 +69,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
owner @{user_cache_dirs}/libgweather/{,**} r,
|
||||
owner @{user_cache_dirs}/media-art/{,**} r,
|
||||
owner @{user_cache_dirs}/gnome-screenshot/{,**} rw,
|
||||
|
||||
include <abstractions/dconf>
|
||||
owner @{run}/user/[0-9]*/dconf/ rw,
|
||||
|
|
@ -83,6 +84,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
|||
owner @{run}/user/[0-9]*/.mutter-Xwaylandauth.[0-9A-Z]* rw,
|
||||
|
||||
@{run}/systemd/users/[0-9]* r,
|
||||
@{run}/systemd/sessions/ r,
|
||||
@{run}/systemd/sessions/[0-9] r,
|
||||
@{run}/systemd/inhibit/[0-9]*.ref rw,
|
||||
|
||||
|
|
@ -120,14 +122,14 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/devices/pci[0-9]*/**/input[0-9]*/{properties,name} r,
|
||||
@{sys}/devices/pci[0-9]*/**/net/*/statistics/{rx_bytes,tx_bytes} r,
|
||||
|
||||
owner @{PROC}/[0-9]*/fd/ r,
|
||||
owner @{PROC}/[0-9]*/cgroup r,
|
||||
owner @{PROC}/[0-9]*/mounts r,
|
||||
owner @{PROC}/[0-9]*/mountinfo r,
|
||||
owner @{PROC}/[0-9]*/attr/current r,
|
||||
@{PROC}/[0-9]*/stat r,
|
||||
@{PROC}/[0-9]*/task/[0-9]*/stat r,
|
||||
@{PROC}/[0-9]*/net/* r,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
owner @{PROC}/@{pid}/cgroup r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
owner @{PROC}/@{pid}/attr/current r,
|
||||
@{PROC}/@{pid}/stat r,
|
||||
@{PROC}/@{pid}/task/@{tid}/stat r,
|
||||
@{PROC}/@{pid}/net/* r,
|
||||
@{PROC}/sys/kernel/osrelease r,
|
||||
@{PROC}/1/cgroup r,
|
||||
@{PROC}/cmdline r,
|
||||
|
|
|
|||
|
|
@ -27,8 +27,9 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
|
|||
/var/lib/dbus/machine-id r,
|
||||
/etc/pulse/client.conf r,
|
||||
|
||||
owner @{user_config_dirs}/pulse/cookie rk,
|
||||
owner @{user_cache_dirs}/event-sound-cache.tdb.* rwk,
|
||||
owner @{user_config_dirs}/pulse//client.conf r,
|
||||
owner @{user_config_dirs}/pulse/cookie rk,
|
||||
|
||||
include <abstractions/dconf>
|
||||
owner @{run}/user/[0-9]*/dconf/ rw,
|
||||
|
|
|
|||
|
|
@ -9,15 +9,16 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}lib/gsd-xsettings
|
||||
profile gsd-xsettings @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/dri-common>
|
||||
include <abstractions/dri-enumerate>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/gtk>
|
||||
|
||||
@{exec_path} mr,
|
||||
/{usr/,}bin/xrdb rPx,
|
||||
|
||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||
/usr/share/drirc.d/{,*} r,
|
||||
|
||||
/etc/xdg/Xwayland-session.d/ r,
|
||||
/etc/xdg/Xwayland-session.d/00-xrdb rix,
|
||||
|
|
@ -30,16 +31,10 @@ profile gsd-xsettings @{exec_path} {
|
|||
/usr/share/dconf/profile/gdm r,
|
||||
/var/lib/gdm/.config/dconf/user r,
|
||||
|
||||
@{sys}/devices/pci[0-9]*/**/{device,vendor,uevent} r,
|
||||
@{sys}/devices/pci[0-9]*/**/{subsystem_device,subsystem_vendor} r,
|
||||
|
||||
owner @{run}/user/@{pid}/.mutter-Xwaylandauth.[a-zA-z0-9]* r,
|
||||
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
|
||||
/dev/dri/ r,
|
||||
/dev/dri/renderD[0-9]* rw,
|
||||
|
||||
/dev/tty rw,
|
||||
/dev/tty[0-9]* rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -17,14 +17,20 @@ profile gvfsd-recent @{exec_path} {
|
|||
@{exec_path} mr,
|
||||
/usr/share/mime/mime.cache r,
|
||||
|
||||
# Full access to user's data
|
||||
owner @{HOME}/{,**} rw,
|
||||
owner /media/*/{,**} rw,
|
||||
owner /mnt/*/{,**} rw,
|
||||
|
||||
owner @{HOME}/.zshenv r,
|
||||
owner @{user_config_dirs}/user-dirs.dirs r,
|
||||
owner @{HOME}/.local/share/recently-used.xbel r,
|
||||
owner @{user_share_dirs}/gvfs-metadata/{,*} r,
|
||||
owner @{user_share_dirs}/recently-used.xbel r,
|
||||
|
||||
owner @{run}/user/[0-9]*/gvfsd/ rw,
|
||||
owner @{run}/user/[0-9]*/gvfsd/socket-[a-zA-z0-9]* rw,
|
||||
|
||||
owner @{PROC}/81380/mountinfo r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
|
||||
@{run}/systemd/userdb/ r,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue