Various fixes.
This commit is contained in:
Alexandre Pujol
parent
8fdd8a7b21
commit
370dda124d
11 changed files with 32 additions and 16 deletions
|
|
@ -20,7 +20,7 @@ profile gdm @{exec_path} {
|
|||
|
||||
ptrace (read) peer=unconfined,
|
||||
|
||||
signal (send) set=(term) peer=confined,
|
||||
signal (send) set=(term),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
@ -38,6 +38,7 @@ profile gdm @{exec_path} {
|
|||
@{run}/gdm/gdm.pid rw,
|
||||
@{run}/gdm/greeter/ rw,
|
||||
@{run}/systemd/seats/seat[0-9]* r,
|
||||
@{run}/systemd/sessions/[0-9] r,
|
||||
@{run}/systemd/sessions/[0-9].ref r,
|
||||
@{run}/systemd/userdb/ r,
|
||||
@{run}/systemd/users/[0-9]* r,
|
||||
|
|
|
|||
|
|
@ -12,9 +12,6 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/authentication>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
signal (receive) set=term peer=gdm,
|
||||
signal (send) set=term peer=gdm-wayland-session,
|
||||
|
||||
capability audit_write,
|
||||
capability chown,
|
||||
capability dac_override,
|
||||
|
|
@ -27,6 +24,10 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
|
|||
capability sys_nice,
|
||||
capability sys_tty_config,
|
||||
|
||||
signal (send) set=hup peer=gsd-*,
|
||||
signal (send) set=hup peer=gnome-*,
|
||||
signal (send) set=hup peer=xwayland,
|
||||
signal (send) set=term peer=gdm-wayland-session,
|
||||
signal (receive) set=term peer=gdm,
|
||||
|
||||
network netlink raw,
|
||||
|
|
@ -46,6 +47,7 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
|
|||
/etc/security/limits.d/{,*.conf} r,
|
||||
|
||||
/usr/share/gdm/gdm.schemas r,
|
||||
/usr/share/wayland-sessions/*.desktop r,
|
||||
|
||||
@{run}/faillock/[a-zA-z0-9]* rwk,
|
||||
@{run}/systemd/sessions/[0-9].ref rw,
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
ptrace (read),
|
||||
|
||||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
signal (send) set=(term) peer=polkit*,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
|
|
|||
|
|
@ -9,12 +9,9 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}lib/goa-identity-service
|
||||
profile goa-identity-service @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/authentication>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
# Kerberos authentication
|
||||
/etc/krb5.conf r,
|
||||
deny /etc/krb5.conf w,
|
||||
|
||||
include if exists <local/goa-identity-service>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,6 +14,13 @@ profile gsd-xsettings @{exec_path} {
|
|||
include <abstractions/fontconfig-cache-read>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
network inet stream,
|
||||
network inet6 stream,
|
||||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
network netlink raw,
|
||||
|
||||
@{exec_path} mr,
|
||||
/{usr/,}bin/xrdb rPx,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue