From 2f455786e709cb62788c3cca56876b4b9af951cd Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 16 Apr 2023 20:48:14 +0100 Subject: [PATCH] feat(profiles): general update. --- apparmor.d/groups/gnome/gkbd-keyboard-display | 20 +++++++++++++++++++ apparmor.d/groups/gnome/gnome-characters | 2 +- apparmor.d/groups/gnome/gnome-terminal-server | 2 +- apparmor.d/groups/gnome/nautilus | 2 +- apparmor.d/groups/kde/kwin_x11 | 1 - apparmor.d/groups/virt/virtinterfaced | 3 +-- 6 files changed, 24 insertions(+), 6 deletions(-) create mode 100644 apparmor.d/groups/gnome/gkbd-keyboard-display diff --git a/apparmor.d/groups/gnome/gkbd-keyboard-display b/apparmor.d/groups/gnome/gkbd-keyboard-display new file mode 100644 index 000000000..f3e82b11c --- /dev/null +++ b/apparmor.d/groups/gnome/gkbd-keyboard-display @@ -0,0 +1,20 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = /{usr/,}bin/gkbd-keyboard-display +profile gkbd-keyboard-display @{exec_path} { + include + include + include + + @{exec_path} mr, + + /usr/share/X11/{,**} r, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/groups/gnome/gnome-characters b/apparmor.d/groups/gnome/gnome-characters index 99763c7e6..b5b15620f 100644 --- a/apparmor.d/groups/gnome/gnome-characters +++ b/apparmor.d/groups/gnome/gnome-characters @@ -23,7 +23,7 @@ profile gnome-characters @{exec_path} { /{usr/,}bin/gjs-console rix, /usr/share/glib-2.0/schemas/gschemas.compiled r, - /usr/share/icu/{,**} r, + /usr/share/icu/[0-9]*.[0-9]*/*.dat r, /usr/share/libdrm/*.ids r, /usr/share/org.gnome.Characters/org.gnome.Characters.*.gresource r, /usr/share/themes/{,**} r, diff --git a/apparmor.d/groups/gnome/gnome-terminal-server b/apparmor.d/groups/gnome/gnome-terminal-server index ad24db9ce..d4b6b7d57 100644 --- a/apparmor.d/groups/gnome/gnome-terminal-server +++ b/apparmor.d/groups/gnome/gnome-terminal-server @@ -36,7 +36,7 @@ profile gnome-terminal-server @{exec_path} { /{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open, /{usr/,}lib/gio-launch-desktop rPx -> child-open, - /usr/share/icu/{,**} r, + /usr/share/icu/[0-9]*.[0-9]*/*.dat r, /usr/share/X11/xkb/{,**} r, /var/lib/flatpak/exports/share/icons/{,**} r, diff --git a/apparmor.d/groups/gnome/nautilus b/apparmor.d/groups/gnome/nautilus index 29d09acdd..f665559cb 100644 --- a/apparmor.d/groups/gnome/nautilus +++ b/apparmor.d/groups/gnome/nautilus @@ -50,7 +50,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) { /{usr/,}lib/gio-launch-desktop rPx -> child-open, /usr/share/*ubuntu/applications/{,**} r, - /usr/share/icu/{,**} r, + /usr/share/icu/[0-9]*.[0-9]*/*.dat r, /usr/share/libdrm/*.ids r, /usr/share/nautilus/{,**} r, /usr/share/poppler/{,**} r, diff --git a/apparmor.d/groups/kde/kwin_x11 b/apparmor.d/groups/kde/kwin_x11 index 3b6da3740..53b170126 100644 --- a/apparmor.d/groups/kde/kwin_x11 +++ b/apparmor.d/groups/kde/kwin_x11 @@ -59,4 +59,3 @@ profile kwin_x11 @{exec_path} { include if exists } - diff --git a/apparmor.d/groups/virt/virtinterfaced b/apparmor.d/groups/virt/virtinterfaced index de6d6e06a..75f8162f0 100644 --- a/apparmor.d/groups/virt/virtinterfaced +++ b/apparmor.d/groups/virt/virtinterfaced @@ -24,8 +24,7 @@ profile virtinterfaced @{exec_path} flags=(attach_disconnected) { @{run}/systemd/inhibit/*.ref rw, owner @{run}/user/@{uid}/libvirt/common/system.token rwk, owner @{run}/user/@{uid}/libvirt/interface/ rw, - owner @{run}/user/@{uid}/libvirt/interface/run rw, - owner @{run}/user/@{uid}/libvirt/interface/run/* rwk, + owner @{run}/user/@{uid}/libvirt/interface/run/{,*} rwk, owner @{run}/user/@{uid}/libvirt/secrets/run/driver.pid rw, owner @{run}/user/@{uid}/libvirt/virtinterfaced* rwk,