felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): use the new @{tmp} variable.

Browse source 
It is only used with the owner statement.
This commit is contained in:
Alexandre Pujol 2024-05-02 22:12:02 +01:00
parent 0bbbe71422
commit 3f69b9fec4
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
257 changed files with 668 additions and 685 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/abstractions/X-strict
View file

@ -19,7 +19,7 @@
/tmp/.ICE-unix/* rw,
/tmp/.X@{int}-lock rw,
/tmp/.X11-unix/* rw,
owner /tmp/xauth_@{rand6} rl -> /tmp/#@{int},
owner @{tmp}/xauth_@{rand6} rl -> /tmp/#@{int},
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} rw, # Xwayland
owner @{run}/user/@{uid}/gdm{[1-9],}/Xauthority r,

18
apparmor.d/abstractions/app/chromium
View file

@ -151,17 +151,13 @@
/tmp/ r,
/var/tmp/ r,
owner /tmp/.@{domain}.* rw,
owner /tmp/.@{domain}*/{,**} rw,
owner /tmp/@{name}-crashlog-@{int}-@{int}.txt rw,
owner /tmp/scoped_dir*/{,**} rw,
owner /tmp/tmp.* rw,
owner /tmp/tmp.*/ rw,
owner /tmp/tmp.*/** rwk,
# libpam-tmpdir support
owner /tmp/user/@{uid}/ rw,
owner /tmp/user/@{uid}/** rwk,
owner @{tmp}/.@{domain}.* rw,
owner @{tmp}/.@{domain}*/{,**} rw,
owner @{tmp}/@{name}-crashlog-@{int}-@{int}.txt rw,
owner @{tmp}/scoped_dir*/{,**} rw,
owner @{tmp}/tmp.* rw,
owner @{tmp}/tmp.*/ rw,
owner @{tmp}/tmp.*/** rwk,
/dev/shm/ r,
owner /dev/shm/.@{domain}* rw,

4
apparmor.d/abstractions/bus-session
View file

@ -19,8 +19,8 @@
/etc/machine-id r,
/var/lib/dbus/machine-id r,
owner /tmp/dbus-@{rand8} rw,
owner /tmp/dbus-@{rand10} rw,
owner @{tmp}/dbus-@{rand8} rw,
owner @{tmp}/dbus-@{rand10} rw,
owner @{run}/user/@{uid}/bus rw,

2
apparmor.d/abstractions/common/app
View file

@ -53,7 +53,7 @@
owner @{user_share_dirs}/** rwkl,
owner @{user_games_dirs}/{,**} rm,
owner /tmp/** rmwk,
owner @{tmp}/** rmwk,
owner /dev/shm/** rwlk -> /dev/shm/**,
@{run}/cups/cups.sock rw, # Allow access to cups printing socket.

5
apparmor.d/abstractions/common/apt
View file

@ -25,8 +25,7 @@
/var/lib/dpkg/status r,
/var/lib/ubuntu-advantage/apt-esm/{,**} r,
owner /tmp/#@{int} rw,
owner /tmp/clearsigned.message.* rw,
owner /tmp/user/@{uid}/#@{int} rw,
owner @{tmp}/#@{int} rw,
owner @{tmp}/clearsigned.message.* rw,
include if exists <abstractions/common/apt.d>

4
apparmor.d/abstractions/common/bwrap
View file

@ -37,8 +37,8 @@
owner / r,
owner /newroot/{,**} w,
owner /tmp/newroot/ w,
owner /tmp/oldroot/ w,
owner @{tmp}/newroot/ w,
owner @{tmp}/oldroot/ w,
@{PROC}/sys/kernel/overflowgid r,
@{PROC}/sys/kernel/overflowuid r,

12
apparmor.d/abstractions/common/chromium
View file

@ -24,12 +24,12 @@
/tmp/ r,
/var/tmp/ r,
owner /tmp/.org.chromium.Chromium.* rw,
owner /tmp/.org.chromium.Chromium.*/{,**} rw,
owner /tmp/scoped_dir*/ rw,
owner /tmp/scoped_dir*/SingletonCookie w,
owner /tmp/scoped_dir*/SingletonSocket w,
owner /tmp/scoped_dir*/SS w,
owner @{tmp}/.org.chromium.Chromium.* rw,
owner @{tmp}/.org.chromium.Chromium.*/{,**} rw,
owner @{tmp}/scoped_dir*/ rw,
owner @{tmp}/scoped_dir*/SingletonCookie w,
owner @{tmp}/scoped_dir*/SingletonSocket w,
owner @{tmp}/scoped_dir*/SS w,
/dev/shm/ r,
owner /dev/shm/.org.chromium.Chromium.* rw,

16
apparmor.d/abstractions/common/electron
View file

@ -50,14 +50,14 @@
owner @{HOME}/.pki/nssdb/{cert9,key4}.db rwk,
owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw,
owner /tmp/.org.chromium.Chromium.@{rand6} rw,
owner /tmp/.org.chromium.Chromium.@{rand6}/ rw,
owner /tmp/.org.chromium.Chromium.@{rand6}/SingletonCookie w,
owner /tmp/.org.chromium.Chromium.@{rand6}/SingletonSocket w,
owner /tmp/scoped_dir@{rand6}/ rw,
owner /tmp/scoped_dir@{rand6}/SingletonCookie w,
owner /tmp/scoped_dir@{rand6}/SingletonSocket w,
owner /tmp/scoped_dir@{rand6}/SS w,
owner @{tmp}/.org.chromium.Chromium.@{rand6} rw,
owner @{tmp}/.org.chromium.Chromium.@{rand6}/ rw,
owner @{tmp}/.org.chromium.Chromium.@{rand6}/SingletonCookie w,
owner @{tmp}/.org.chromium.Chromium.@{rand6}/SingletonSocket w,
owner @{tmp}/scoped_dir@{rand6}/ rw,
owner @{tmp}/scoped_dir@{rand6}/SingletonCookie w,
owner @{tmp}/scoped_dir@{rand6}/SingletonSocket w,
owner @{tmp}/scoped_dir@{rand6}/SS w,
owner /dev/shm/.org.chromium.Chromium.@{rand6} rw,