felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(abs): X-strict: use tunables.

Browse source
This commit is contained in:
Alexandre Pujol 2025-09-13 00:38:34 +02:00
parent db347d13de
commit 26f905bcc2
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
1 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
apparmor.d/abstractions/X-strict
View file

@ -5,10 +5,10 @@
abi <abi/4.0>, abi <abi/4.0>,
# The unix socket to use to connect to the display # The unix socket to use to connect to the display
unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"), unix (connect, receive, send) type=stream peer=(addr=@/tmp/.ICE-unix/@{int}),
unix (connect, receive, send) type=stream peer=(addr="@/tmp/.ICE-unix/[0-9]*"), unix (connect, receive, send) type=stream peer=(addr=@/tmp/.X11-unix/X@{int}),
unix type=stream addr="@/tmp/.ICE-unix/[0-9]*", unix type=stream addr=@/tmp/.ICE-unix/@{int},
unix type=stream addr="@/tmp/.X11-unix/X[0-9]*", unix type=stream addr=@/tmp/.X11-unix/X@{int},
/usr/share/X11/{,**} r, /usr/share/X11/{,**} r,
/usr/share/xsessions/{,*.desktop} r, # Available Xsessions /usr/share/xsessions/{,*.desktop} r, # Available Xsessions
@ -16,13 +16,13 @@
/etc/X11/cursors/{,**} r, /etc/X11/cursors/{,**} r,
owner @{HOME}/.ICEauthority rw, # ICEauthority files required for X authentication, per user owner @{HOME}/.ICEauthority r, # ICEauthority files required for X authentication, per user
owner @{HOME}/.Xauthority rw, # Xauthority files required for X connections, per user owner @{HOME}/.Xauthority rw, # Xauthority files required for X connections, per user
owner @{HOME}/.xsession-errors rw, owner @{HOME}/.xsession-errors rw,
/tmp/.ICE-unix/* rw, /tmp/.ICE-unix/@{int} rw,
/tmp/.X@{int}-lock rw, /tmp/.X@{int}-lock rw,
/tmp/.X11-unix/* rw, /tmp/.X11-unix/X@{int} rw,
owner @{tmp}/xauth_@{rand6} rl -> @{tmp}/#@{int}, owner @{tmp}/xauth_@{rand6} rl -> @{tmp}/#@{int},
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} rw, # Xwayland owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} rw, # Xwayland