felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): enable desktop user variable everywhere.

Browse source 
Also restrict access to these files.
This commit is contained in:
Alexandre Pujol 2024-03-19 11:26:57 +00:00
parent a370281e9b
commit 3787eb1745
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
26 changed files with 80 additions and 119 deletions
Download patch file Download diff file Expand all files Collapse all files

26
apparmor.d/groups/kde/kwin_wayland
View file

@ -53,21 +53,19 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
/etc/xdg/menus/applications-merged/ r,
/etc/xdg/plasmarc r,
owner /var/lib/sddm/.cache/#@{int} rwk,
owner /var/lib/sddm/.cache/fontconfig/* rwk,
owner /var/lib/sddm/.cache/fontconfig/*-le64.cache-@{int}{,TMP-@{rand6},NEW,LCK} w,
owner /var/lib/sddm/.cache/fontconfig/*-le64.cache-@{int}.LCK l -> /var/lib/sddm/.cache/fontconfig/*-le64.cache-@{int}.TMP-@{rand6},
owner /var/lib/sddm/.cache/mesa_shader_cache/** r,
owner /var/lib/sddm/.cache/mesa_shader_cache/index rw,
owner /var/lib/sddm/.cache/ksycoca{5,6}_* rwkl -> /var/lib/sddm/.cache/#@{int},
owner @{sddm_cache_dirs}/#@{int} rwk,
owner @{sddm_cache_dirs}/fontconfig/* rwk,
owner @{sddm_cache_dirs}/fontconfig/*-le64.cache-@{int}.LCK l -> @{sddm_cache_dirs}/fontconfig/*-le64.cache-@{int}.TMP-@{rand6},
owner @{sddm_cache_dirs}/fontconfig/*-le64.cache-@{int}{,TMP-@{rand6},NEW,LCK} w,
owner @{sddm_cache_dirs}/ksycoca{5,6}_* rwkl -> @{sddm_cache_dirs}/#@{int},
owner /var/lib/sddm/.config/#@{int} rw,
owner /var/lib/sddm/.config/kcminputrc r,
owner /var/lib/sddm/.config/kdeglobals r,
owner /var/lib/sddm/.config/kglobalshortcutsrc.lock rwk,
owner /var/lib/sddm/.config/kglobalshortcutsrc{,.@{rand6}} rwl -> /var/lib/sddm/.config/#@{int},
owner /var/lib/sddm/.config/kwinrc.lock rwk,
owner /var/lib/sddm/.config/kwinrc{,.@{rand6}} rwl -> /var/lib/sddm/.config/#@{int},
owner @{sddm_config_dirs}/#@{int} rw,
owner @{sddm_config_dirs}/kcminputrc r,
owner @{sddm_config_dirs}/kdeglobals r,
owner @{sddm_config_dirs}/kglobalshortcutsrc.lock rwk,
owner @{sddm_config_dirs}/kglobalshortcutsrc{,.@{rand6}} rwl -> @{sddm_config_dirs}/#@{int},
owner @{sddm_config_dirs}/kwinrc.lock rwk,
owner @{sddm_config_dirs}/kwinrc{,.@{rand6}} rwl -> @{sddm_config_dirs}/#@{int},
owner @{user_cache_dirs}/ r,
owner @{user_cache_dirs}/#@{int} rw,

8
apparmor.d/groups/kde/sddm
View file

@ -144,10 +144,10 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
/var/lib/wtmpdb/ r,
/var/lib/wtmpdb/* rwk,
/var/lib/sddm/state.conf rw,
owner /var/lib/sddm/.cache/sddm-greeter/qmlcache/*.jsc mrw,
owner /var/lib/sddm/.cache/sddm-greeter/qmlcache/*.qmlc mrw,
owner /var/lib/sddm/** rw,
@{SDDM_HOME}/state.conf rw,
owner @{SDDM_HOME}/** rw,
owner @{sddm_cache_dirs}/sddm-greeter/qmlcache/*.jsc mrw,
owner @{sddm_cache_dirs}/sddm-greeter/qmlcache/*.qmlc mrw,
owner @{HOME}/.local/ w,
owner @{HOME}/.Xauthority rw,

8
apparmor.d/groups/kde/sddm-greeter
View file

@ -44,10 +44,10 @@ profile sddm-greeter @{exec_path} {
/var/lib/AccountsService/icons/*.icon r,
/var/lib/dbus/machine-id r,
owner /var/lib/sddm/** rw,
owner /var/lib/sddm/#@{int} mrw,
owner /var/lib/sddm/.cache/** mrwkl -> /var/lib/sddm/.cache/**,
/var/lib/sddm/state.conf r,
@{SDDM_HOME}/state.conf r,
owner @{SDDM_HOME}/** rw,
owner @{SDDM_HOME}/#@{int} mrw,
owner @{sddm_cache_dirs}/** mrwkl -> @{sddm_cache_dirs}/**,
owner @{user_cache_dirs}/ rw,
owner @{user_cache_dirs}/icon-cache.kcache rw,