felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): improve kde profiles.

Browse source 
fix #676
This commit is contained in:
Alexandre Pujol 2025-03-23 15:35:27 +01:00
parent 7684de3459
commit 21dfc6ea26
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
6 changed files with 15 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

5
apparmor.d/groups/kde/dolphin
View file

@ -44,6 +44,7 @@ profile dolphin @{exec_path} {
/usr/share/thumbnailers/{,**} r, /usr/share/thumbnailers/{,**} r,
/etc/fstab r, /etc/fstab r,
/etc/exports r,
/etc/machine-id r, /etc/machine-id r,
/etc/xdg/arkrc r, /etc/xdg/arkrc r,
/etc/xdg/dolphinrc r, /etc/xdg/dolphinrc r,
@ -100,8 +101,10 @@ profile dolphin @{exec_path} {
owner @{run}/user/@{uid}/dolphin@{rand6}.@{int}.kioworker.socket rwl -> @{run}/user/@{uid}/#@{int}, owner @{run}/user/@{uid}/dolphin@{rand6}.@{int}.kioworker.socket rwl -> @{run}/user/@{uid}/#@{int},
@{run}/udev/data/+acpi:* r, # for acpi @{run}/udev/data/+acpi:* r, # for acpi
@{run}/udev/data/+backlight:* r,
@{run}/udev/data/+bluetooth:* r, @{run}/udev/data/+bluetooth:* r,
@{run}/udev/data/+dmi* r, # for motherboard info @{run}/udev/data/+dmi* r, # for motherboard info
@{run}/udev/data/+drm:card@{int}-* r, # For screen outputs
@{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard @{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard
@{run}/udev/data/+i2c:* r, @{run}/udev/data/+i2c:* r,
@{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
@ -121,7 +124,9 @@ profile dolphin @{exec_path} {
@{run}/udev/data/c13:@{int} r, # For /dev/input/* @{run}/udev/data/c13:@{int} r, # For /dev/input/*
@{run}/udev/data/c18[0,8,9]:@{int} r, # USB devices & USB serial converters @{run}/udev/data/c18[0,8,9]:@{int} r, # USB devices & USB serial converters
@{run}/udev/data/c29:@{int} r, # For /dev/fb[0-9]* @{run}/udev/data/c29:@{int} r, # For /dev/fb[0-9]*
@{run}/udev/data/c81:@{int} r, # For video4linux
@{run}/udev/data/c89:@{int} r, # For I2C bus interface @{run}/udev/data/c89:@{int} r, # For I2C bus interface
@{run}/udev/data/c90:@{int} r, # For RAM, ROM, Flash
@{run}/udev/data/c202:@{int} r, # CPU model-specific registers @{run}/udev/data/c202:@{int} r, # CPU model-specific registers
@{run}/udev/data/c203:@{int} r, # CPU CPUID information @{run}/udev/data/c203:@{int} r, # CPU CPUID information
@{run}/udev/data/c226:@{int} r, # For /dev/dri/card[0-9]* @{run}/udev/data/c226:@{int} r, # For /dev/dri/card[0-9]*

1
apparmor.d/groups/kde/drkonqi
View file

@ -51,6 +51,7 @@ profile drkonqi @{exec_path} {
owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/stat r,
include if exists <local/drkonqi> include if exists <local/drkonqi>
} }

4
apparmor.d/groups/kde/drkonqi-coredump-processor
View file

@ -25,9 +25,9 @@ profile drkonqi-coredump-processor @{exec_path} {
/{run,var}/log/journal/ r, /{run,var}/log/journal/ r,
/{run,var}/log/journal/@{hex32}/ r, /{run,var}/log/journal/@{hex32}/ r,
/{run,var}/log/journal/@{hex32}/system.journal r, /{run,var}/log/journal/@{hex32}/system.journal r,
/{run,var}/log/journal/@{hex32}/system@@{hex32}-@{hex16}-@{hex16}.journal* r, /{run,var}/log/journal/@{hex32}/system@*.journal* r,
/{run,var}/log/journal/@{hex32}/user-@{uid}.journal r, /{run,var}/log/journal/@{hex32}/user-@{uid}.journal r,
/{run,var}/log/journal/@{hex32}/user-@{uid}@@{hex32}-@{hex16}-@{hex16}.journal* r, /{run,var}/log/journal/@{hex32}/user-@{uid}@*.journal* r,
/{run,var}/log/journal/remote/ r, /{run,var}/log/journal/remote/ r,
include if exists <local/drkonqi-coredump-processor> include if exists <local/drkonqi-coredump-processor>

8
apparmor.d/groups/kde/kwin_wayland
View file

@ -45,11 +45,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
/usr/share/plasma/desktoptheme/** r, /usr/share/plasma/desktoptheme/** r,
/etc/pipewire/client.conf.d/ r, /etc/pipewire/client.conf.d/ r,
/etc/xdg/kscreenlockerrc r, /etc/xdg/** r,
/etc/xdg/menus/{,applications.menu} r,
/etc/xdg/menus/applications-merged/ r,
/etc/xdg/plasmarc r,
/etc/xdg/Xwayland-session.d/{,*} r,
/etc/machine-id r, /etc/machine-id r,
/var/lib/dbus/machine-id r, /var/lib/dbus/machine-id r,
@ -93,7 +89,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
owner @{user_config_dirs}/kwinrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kwinrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
owner @{user_config_dirs}/kwinrulesrc r, owner @{user_config_dirs}/kwinrulesrc r,
owner @{user_config_dirs}/kxkbrc r, owner @{user_config_dirs}/kxkbrc r,
owner @{user_config_dirs}/menus/{,applications-merged/} r, owner @{user_config_dirs}/menus/** r,
owner @{user_config_dirs}/plasmarc r, owner @{user_config_dirs}/plasmarc r,
owner @{user_config_dirs}/session/* r, owner @{user_config_dirs}/session/* r,

6
apparmor.d/groups/kde/plasmashell
View file

@ -39,9 +39,9 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
network netlink dgram, network netlink dgram,
network netlink raw, network netlink raw,
ptrace (read), ptrace read,
signal (send), signal send,
@{exec_path} mr, @{exec_path} mr,
@ -72,6 +72,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
/usr/share/metainfo/{,**} r, /usr/share/metainfo/{,**} r,
/usr/share/plasma/{,**} r, /usr/share/plasma/{,**} r,
/usr/share/plasma5support/** r, /usr/share/plasma5support/** r,
/usr/share/qalculate/{,**} r,
/usr/share/rider/{,**} r, /usr/share/rider/{,**} r,
/usr/share/solid/actions/{,**} r, /usr/share/solid/actions/{,**} r,
/usr/share/swcatalog/{,**} r, /usr/share/swcatalog/{,**} r,
@ -172,6 +173,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
owner @{user_share_dirs}/plasma_icons/*.desktop r, owner @{user_share_dirs}/plasma_icons/*.desktop r,
owner @{user_share_dirs}/plasma/{,**} r, owner @{user_share_dirs}/plasma/{,**} r,
owner @{user_share_dirs}/plasmashell/** rwkl -> @{user_share_dirs}/plasmashell/**, owner @{user_share_dirs}/plasmashell/** rwkl -> @{user_share_dirs}/plasmashell/**,
owner @{user_share_dirs}/qalculate/{,**} r,
owner @{user_share_dirs}/user-places.xbel{,*} rwl, owner @{user_share_dirs}/user-places.xbel{,*} rwl,
owner @{user_share_dirs}/wallpapers/{,**} rw, owner @{user_share_dirs}/wallpapers/{,**} rw,

1
apparmor.d/profiles-s-z/thunderbird
View file

@ -59,6 +59,7 @@ profile thunderbird @{exec_path} {
owner @{tmp}/nsemail{,-@{int}}.eml rw, owner @{tmp}/nsemail{,-@{int}}.eml rw,
owner @{tmp}/nsma{,-@{int}} rw, owner @{tmp}/nsma{,-@{int}} rw,
owner @{tmp}/pid-@{pid}/{,**} w, owner @{tmp}/pid-@{pid}/{,**} w,
owner @{tmp}/remote-settings-startup-bundle- rw,
/dev/urandom w, /dev/urandom w,