felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): enable desktop user variable everywhere.

Browse source 
Also restrict access to these files.
This commit is contained in:
Alexandre Pujol 2024-03-19 11:26:57 +00:00
parent a370281e9b
commit 3787eb1745
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
26 changed files with 80 additions and 119 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/profiles-s-z/snap
View file

@ -58,9 +58,9 @@ profile snap @{exec_path} {
/var/cache/snapd/commands.db rwk,
/var/cache/snapd/names r,
@{DESKTOP_HOME}/snap/{,**} rw,
@{HOME}/snap/{,**} rw,
/snap/{,**} rw,
/var/lib/gdm{,3}/snap/{,**} rw,
owner /tmp/snapd-auto-import-mount-@{int}/ rw,

4
apparmor.d/profiles-s-z/spice-vdagent
View file

@ -36,11 +36,9 @@ profile spice-vdagent @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
/var/lib/gdm{3,}/.config/pulse/cookie rk,
/var/lib/gdm{3,}/.config/user-dirs.dirs r,
/var/lib/nscd/passwd r,
owner @{desktop_config_dirs}/user-dirs.dirs r,
owner @{user_config_dirs}/user-dirs.dirs r,
@{run}/spice-vdagentd/spice-vdagent-sock rw,

6
apparmor.d/profiles-s-z/wireplumber
View file

@ -41,9 +41,9 @@ profile wireplumber @{exec_path} {
/etc/machine-id r,
/var/lib/gdm{3,}/.local/state/ w,
/var/lib/gdm{3,}/.local/ w,
/var/lib/gdm{3,}/.local/state/wireplumber/{,**} rw,
owner @{desktop_local_dirs}/ w,
owner @{desktop_local_dirs}/state/ w,
owner @{desktop_local_dirs}/state/wireplumber/{,**} rw,
owner @{HOME}/.local/ w,
owner @{user_state_dirs}/ w,