feat(profile): general minor update to profiles.

2025-07-18 00:19:29 +02:00 · 2025-07-18 00:19:29 +02:00 · 2f1022dc8d
commit 2f1022dc8d
parent d9d762aaaa
10 changed files with 19 additions and 10 deletions
--- a/apparmor.d/profiles-a-f/alacarte
+++ b/apparmor.d/profiles-a-f/alacarte
@ -7,7 +7,7 @@ abi <abi/4.0>,
 include <tunables/global>

@{exec_path} = @{bin}/alacarte
-profile alacarte @{exec_path} {
+profile alacarte @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/dconf-write>
  include <abstractions/desktop>
@ -30,6 +30,11 @@ profile alacarte @{exec_path} {

  owner @{tmp}/gdkpixbuf-xpm-tmp.@{rand6} rw,

+        @{sys}/fs/cgroup/user.slice/cpu.max r,
+        @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/cpu.max r,
+        @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/cpu.max r,
+  owner @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/cpu.max r,
+
  owner @{PROC}/@{pid}/cgroup r,
  owner @{PROC}/@{pid}/mounts r,

--- a/apparmor.d/profiles-a-f/birdtray
+++ b/apparmor.d/profiles-a-f/birdtray
@ -40,7 +40,7 @@ profile birdtray @{exec_path} {
  owner @{HOME}/.thunderbird/*.*/{Imap,}Mail/**/*.msf r,

  owner @{user_config_dirs}/ulduzsoft/ rw,
-  owner @{user_config_dirs}/ulduzsoft/* rwkl -> /home/morfik/.config/ulduzsoft/*,
+  owner @{user_config_dirs}/ulduzsoft/* rwkl -> @{user_config_dirs}/ulduzsoft/*,

  owner @{user_config_dirs}/birdtray-config.json rwl -> @{user_config_dirs}/#@{int},
  owner @{user_config_dirs}/birdtray-config.json.* rwl -> @{user_config_dirs}/#@{int},
--- a/apparmor.d/profiles-a-f/code-extension-git-askpass
+++ b/apparmor.d/profiles-a-f/code-extension-git-askpass
@ -6,7 +6,7 @@ abi <abi/4.0>,

 include <tunables/global>

-@{exec_path} = @{lib}/code/extensions/git/dist/askpass.sh
+@{exec_path} = @{lib}/code/extensions/git/dist/askpass.sh @{lib}/code/extensions/git/dist/ssh-askpass.sh
 profile code-extension-git-askpass @{exec_path} {
  include <abstractions/base>

@ -23,7 +23,7 @@ profile code-extension-git-askpass @{exec_path} {

  /usr/share/terminfo/** r,

-  owner @{tmp}/tmp.* rw,
+  owner @{tmp}/tmp.@{rand10} rw,

  /dev/tty rw,

--- a/apparmor.d/profiles-a-f/dkms
+++ b/apparmor.d/profiles-a-f/dkms
@ -32,6 +32,7 @@ profile dkms @{exec_path} flags=(attach_disconnected) {
  @{bin}/g++        rix,
  @{bin}/gcc        rix,
  @{bin}/getconf    rix,
+  @{bin}/hostname   rix,
  @{bin}/kill       rix,
  @{bin}/kmod       rCx -> kmod,
  @{bin}/ld         rix,
--- a/apparmor.d/profiles-g-l/git
+++ b/apparmor.d/profiles-g-l/git
@ -133,6 +133,7 @@ profile git @{exec_path} flags=(attach_disconnected) {

    @{bin}/ssh mr,
    @{bin}/ksshaskpass ix,
+    @{lib}/code/extensions/git/dist/ssh-askpass.sh Px,
  
    @{etc_ro}/ssh/ssh_config.d/{,*} r,
    @{etc_ro}/ssh/ssh_config r,
--- a/apparmor.d/profiles-m-r/needrestart-restart
+++ b/apparmor.d/profiles-m-r/needrestart-restart
@ -13,6 +13,7 @@ profile needrestart-restart @{exec_path} {
  @{exec_path} mr,

  @{bin}/systemctl Cx -> systemctl,
+  @{sh_path} r,

  /var/log/unattended-upgrades/unattended-upgrades-dpkg.log rw,

--- a/apparmor.d/profiles-m-r/pass
+++ b/apparmor.d/profiles-m-r/pass
@ -40,7 +40,7 @@ profile pass @{exec_path} {
  @{bin}/tr           ix,
  @{bin}/tree         ix,
  @{bin}/tty          ix,
-  @{bin}/which{,.debianutils}  ix,
+  @{bin}/which{,.debianutils}  rix,

  @{bin}/git             Cx -> git,
  @{bin}/gpg{2,}         Cx -> gpg,
--- a/apparmor.d/profiles-s-z/wechat
+++ b/apparmor.d/profiles-s-z/wechat
@ -14,9 +14,9 @@ include <tunables/global>
@{exec_path} = @{lib_dirs}/wechat
 profile wechat @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/consoles>
  include <abstractions/audio-client>
  include <abstractions/common/electron>
+  include <abstractions/consoles>
  include <abstractions/fontconfig-cache-read>

  network netlink raw,
--- a/apparmor.d/profiles-s-z/wechat-appimage
+++ b/apparmor.d/profiles-s-z/wechat-appimage
@ -14,10 +14,11 @@ include <tunables/global>
@{exec_path} = @{bin}/wechat @{lib_dirs}/wechat-appimage.Appimage /tmp/.mount_wechat??????/user/bin/wechat
 profile wechat-appimage @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/consoles>
  include <abstractions/audio-client>
  include <abstractions/common/electron>
+  include <abstractions/consoles>
  include <abstractions/fontconfig-cache-read>
+  include <abstractions/path>

  network netlink raw,
  network netlink dgram,
--- a/apparmor.d/profiles-s-z/wechat-universal
+++ b/apparmor.d/profiles-s-z/wechat-universal
@ -14,10 +14,10 @@ include <tunables/global>
@{exec_path} = @{bin}/wechat-universal @{lib_dirs}/wechat
 profile wechat-universal @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/consoles>
  include <abstractions/audio-client>
-  include <abstractions/common/electron>
  include <abstractions/common/bwrap>
+  include <abstractions/common/electron>
+  include <abstractions/consoles>
  include <abstractions/fontconfig-cache-read>

  network netlink raw,