feat(profile): general update.

2023-12-05 20:45:13 +00:00 · 2023-12-05 20:45:13 +00:00 · 319b976beb
commit 319b976beb
parent bf973760fd
47 changed files with 118 additions and 100 deletions
--- a/apparmor.d/profiles-a-f/aa-enforce
+++ b/apparmor.d/profiles-a-f/aa-enforce
@ -19,7 +19,7 @@ profile aa-enforce @{exec_path} {
  @{bin}/ r,
  @{bin}/apparmor_parser     rPx,

-  /usr/share/terminfo/{,**} r,
+  /usr/share/terminfo/** r,

  /etc/apparmor/logprof.conf r,
  /etc/apparmor.d/{,**} rw,
--- a/apparmor.d/profiles-a-f/aa-notify
+++ b/apparmor.d/profiles-a-f/aa-notify
@ -25,18 +25,15 @@ profile aa-notify @{exec_path} {

  /etc/apparmor/*.conf r,
  /etc/inputrc r,
-
  /usr/etc/inputrc.keys r,
-  /usr/share/terminfo/d/dumb r,
-  /usr/share/terminfo/x/xterm r,
-  /usr/share/terminfo/x/xterm-256color r,
+  /usr/share/terminfo/** r,

  /var/log/audit/audit.log r,

  owner @{HOME}/.inputrc r,
  owner @{HOME}/.terminfo/@{int}/dumb r,

-  owner /tmp/*@{rand6} rw,
+  owner /tmp/@{rand8} rw,
  owner /tmp/apparmor-bugreport-*.txt rw,

  @{PROC}/ r,
--- a/apparmor.d/profiles-a-f/aa-teardown
+++ b/apparmor.d/profiles-a-f/aa-teardown
@ -18,7 +18,7 @@ profile aa-teardown @{exec_path} {
  @{bin}/{,ba,da}sh rix,
  @{lib}/apparmor/apparmor.systemd rPx,

-  /usr/share/terminfo/x/* r,
+  /usr/share/terminfo/** r,

  /dev/tty rw,

--- a/apparmor.d/profiles-a-f/atril
+++ b/apparmor.d/profiles-a-f/atril
@ -40,8 +40,8 @@ profile atril @{exec_path} {

  @{bin}/atril-previewer rPx,

-  @{lib}/@{multiarch}/webkit2gtk-4.0/WebKitNetworkProcess rix,
-  @{lib}/@{multiarch}/webkit2gtk-4.0/WebKitWebProcess     rix,
+  @{lib}/{,@{multiarch}/}webkit2gtk-*/WebKitNetworkProcess rix,
+  @{lib}/{,@{multiarch}/}webkit2gtk-*/WebKitWebProcess rix,

  /usr/share/atril/{,**} r,
  /usr/share/poppler/{,**} r,
--- a/apparmor.d/profiles-a-f/code-extension-git-askpass
+++ b/apparmor.d/profiles-a-f/code-extension-git-askpass
@ -21,7 +21,7 @@ profile code-extension-git-askpass @{exec_path} {
  @{bin}/rm                       rix,
  @{lib}/electron@{int}/electron  rix,

-  /usr/share/terminfo/x/xterm-256color r,
+  /usr/share/terminfo/** r,

  owner /tmp/tmp.* rw,

--- a/apparmor.d/profiles-a-f/dmesg
+++ b/apparmor.d/profiles-a-f/dmesg
@ -21,7 +21,7 @@ profile dmesg @{exec_path} {
  @{bin}/less       rPx -> child-pager,

  /dev/kmsg r,
-  /usr/share/terminfo/{,**} r,
+  /usr/share/terminfo/** r,

  deny /{usr/,}local/bin/ r,
  deny @{bin}/{,*/} r,