feat(profile): general update.
This commit is contained in:
Alexandre Pujol
parent
bf973760fd
commit
319b976beb
47 changed files with 118 additions and 100 deletions
|
|
@ -103,7 +103,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain)
|
|||
|
||||
/usr/lib/os-release rk,
|
||||
/usr/share/fonts/**.{ttf,otf} rk,
|
||||
/usr/share/terminfo/x/xterm-256color r,
|
||||
/usr/share/terminfo/** r,
|
||||
/usr/share/themes/{,**} r,
|
||||
/usr/share/X11/{,**} r,
|
||||
/usr/share/zenity/* r,
|
||||
|
|
|
|||
|
|
@ -55,8 +55,8 @@ profile steam-game @{exec_path} flags=(attach_disconnected) {
|
|||
mount -> /tmp/newroot/,
|
||||
umount /{,oldroot/},
|
||||
|
||||
pivot_root /newroot/,
|
||||
pivot_root oldroot=/tmp/oldroot/ /tmp/,
|
||||
pivot_root oldroot=/newroot/ -> /newroot/,
|
||||
pivot_root oldroot=/tmp/oldroot/ -> /tmp/,
|
||||
|
||||
signal (receive) peer=steam,
|
||||
|
||||
|
|
@ -122,7 +122,7 @@ profile steam-game @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
/usr/share/egl/{,**} r,
|
||||
/usr/share/icons/{,**} r,
|
||||
/usr/share/terminfo/x/xterm-256color r,
|
||||
/usr/share/terminfo/** r,
|
||||
|
||||
/etc/machine-id r,
|
||||
/etc/udev/udev.conf r,
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ profile thermald @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
capability sys_boot,
|
||||
|
||||
dbus (bind) bus=system name=org.freedesktop.thermald,
|
||||
dbus bind bus=system name=org.freedesktop.thermald,
|
||||
|
||||
dbus send bus=system path=/net/hadess/PowerProfiles
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
|
|
@ -25,8 +25,7 @@ profile thermald @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
/etc/thermald/thermal-conf.xml r,
|
||||
/etc/thermald/thermal-cpu-cdev-order.xml r,
|
||||
/etc/thermald/{,*} r,
|
||||
|
||||
owner @{run}/thermald/ rw,
|
||||
owner @{run}/thermald/thd_preference.conf rw,
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ profile top @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/terminfo/x/xterm-256color r,
|
||||
/usr/share/terminfo/** r,
|
||||
|
||||
@{PROC}/ r,
|
||||
@{PROC}/loadavg r,
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2018-2022 Mikhail Morfikov
|
||||
# Copyright (C) 2021-2022 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
|
@ -23,6 +23,8 @@ profile wpa-supplicant @{exec_path} flags=(attach_disconnected) {
|
|||
capability net_raw,
|
||||
capability sys_module,
|
||||
|
||||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
network netlink raw,
|
||||
network packet dgram,
|
||||
network packet raw,
|
||||
|
|
@ -30,7 +32,8 @@ profile wpa-supplicant @{exec_path} flags=(attach_disconnected) {
|
|||
dbus bind bus=system name=fi.w1.wpa_supplicant1,
|
||||
dbus receive bus=system path=/fi/w1/wpa_supplicant1
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll,
|
||||
member=GetAll
|
||||
peer=(name=:*),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -12,13 +12,13 @@ profile xinit @{exec_path} {
|
|||
include <abstractions/base>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
signal (receive) set=(usr1) peer=xorg,
|
||||
|
||||
signal (send) set=(term, kill) peer=xorg,
|
||||
signal (send) set=(hup),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/ r,
|
||||
@{bin}/{,ba,da}sh rix,
|
||||
@{bin}/{,e}grep rix,
|
||||
|
|
@ -86,6 +86,7 @@ profile xinit @{exec_path} {
|
|||
owner /dev/tty@{int} rw,
|
||||
owner @{HOME}/.xsession-errors w,
|
||||
|
||||
include if exists <local/xinit_run-parts>
|
||||
}
|
||||
|
||||
profile udevadm {
|
||||
|
|
@ -95,25 +96,26 @@ profile xinit @{exec_path} {
|
|||
|
||||
/etc/udev/udev.conf r,
|
||||
|
||||
owner @{PROC}/@{pid}/stat r,
|
||||
@{PROC}/cmdline r,
|
||||
@{PROC}/1/sched r,
|
||||
@{PROC}/1/environ r,
|
||||
@{PROC}/sys/kernel/osrelease r,
|
||||
|
||||
@{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r,
|
||||
|
||||
@{run}/udev/data/* r,
|
||||
|
||||
@{sys}/bus/ r,
|
||||
@{sys}/bus/*/devices/ r,
|
||||
@{sys}/class/ r,
|
||||
@{sys}/class/*/ r,
|
||||
@{sys}/devices/**/uevent r,
|
||||
@{run}/udev/data/* r,
|
||||
@{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r,
|
||||
|
||||
@{PROC}/1/environ r,
|
||||
@{PROC}/1/sched r,
|
||||
@{PROC}/cmdline r,
|
||||
@{PROC}/sys/kernel/osrelease r,
|
||||
owner @{PROC}/@{pid}/stat r,
|
||||
|
||||
# file_inherit
|
||||
owner /dev/tty@{int} rw,
|
||||
owner @{HOME}/.xsession-errors w,
|
||||
|
||||
include if exists <local/xinit_udevadm>
|
||||
}
|
||||
|
||||
include if exists <local/xinit>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue