felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): use the new @{tmp} variable.

Browse source 
It is only used with the owner statement.
This commit is contained in:
Alexandre Pujol 2024-05-02 22:12:02 +01:00
parent 0bbbe71422
commit 3f69b9fec4
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
257 changed files with 668 additions and 685 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/freedesktop/accounts-daemon
View file

@ -75,7 +75,7 @@ profile accounts-daemon @{exec_path} flags=(attach_disconnected) {
# wtmp.d ?
/var/log/wtmp r,
owner /tmp/gnome-control-center-user-icon-@{rand6} rw,
owner @{tmp}/gnome-control-center-user-icon-@{rand6} rw,
include if exists <local/accounts-daemon>
}

2
apparmor.d/groups/freedesktop/pipewire
View file

@ -49,7 +49,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) {
owner @{user_config_dirs}/pipewire/{,**} r,
owner /tmp/librnnoise-@{int}.so rm,
owner @{tmp}/librnnoise-@{int}.so rm,
owner @{run}/user/@{uid}/pipewire-@{int} rw,
owner @{run}/user/@{uid}/pipewire-@{int}-manager.lock rwk,

2
apparmor.d/groups/freedesktop/pipewire-pulse
View file

@ -32,7 +32,7 @@ profile pipewire-pulse @{exec_path} flags=(attach_disconnected) {
/.flatpak-info r,
owner @{run}/user/@{uid}/pulse/pid w,
owner /tmp/librnnoise-@{int}.so rm,
owner @{tmp}/librnnoise-@{int}.so rm,
@{sys}/devices/virtual/dmi/id/product_name r,
@{sys}/devices/virtual/dmi/id/sys_vendor r,

4
apparmor.d/groups/freedesktop/polkit-kde-authentication-agent
View file

@ -37,8 +37,8 @@ profile polkit-kde-authentication-agent @{exec_path} flags=(attach_disconnected)
owner @{user_cache_dirs}/icon-cache.kcache rw,
owner /tmp/#@{int} rw,
owner /tmp/polkit-kde-authentication-agent-[0-9].* rwl -> /tmp/#@{int},
owner @{tmp}/#@{int} rw,
owner @{tmp}/polkit-kde-authentication-agent-[0-9].* rwl -> /tmp/#@{int},
# owner /tmp/xauth_@{rand6} r,
/dev/shm/#@{int} rw,

2
apparmor.d/groups/freedesktop/xdg-desktop-portal
View file

@ -83,7 +83,7 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
@{user_config_dirs}/kioslaverc r,
owner /tmp/icon* rw,
owner @{tmp}/icon* rw,
owner @{run}/user/@{uid}/.flatpak/{,*/*} r,
owner @{run}/user/@{uid}/pipewire-@{int} rw,

4
apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome
View file

@ -72,8 +72,8 @@ profile xdg-desktop-portal-gnome @{exec_path} flags=(attach_disconnected) {
owner @{HOME}/*/{,**} rw,
owner /tmp/.goutputstream-@{rand6} rw,
owner /tmp/@{rand6} rw,
owner @{tmp}/.goutputstream-@{rand6} rw,
owner @{tmp}/@{rand6} rw,
@{run}/mount/utab r,

2
apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
View file

@ -62,7 +62,7 @@ profile xdg-desktop-portal-gtk @{exec_path} {
owner @{HOME}/.icons/{,**} r,
owner @{HOME}/@{XDG_DATA_DIR}/ r,
owner /tmp/runtime-*/xauth_@{rand6} r,
owner @{tmp}/runtime-*/xauth_@{rand6} r,
@{run}/mount/utab r,
@{run}/user/@{uid}/xauth_@{rand6} rl,

2
apparmor.d/groups/freedesktop/xdg-icon-resource
View file

@ -33,7 +33,7 @@ profile xdg-icon-resource @{exec_path} flags=(attach_disconnected) {
/usr/share/icons/*/.xdg-icon-resource-dummy rw,
/usr/share/terminfo/** r,
owner /tmp/.com.google.Chrome.*/chrome-*.png r,
owner @{tmp}/.com.google.Chrome.*/chrome-*.png r,
owner @{user_share_dirs}/icons/**/apps/chrome-*.png rw,
owner @{user_share_dirs}/icons/**/.xdg-icon-resource-dummy rw,

2
apparmor.d/groups/freedesktop/xdg-screensaver
View file

@ -36,7 +36,7 @@ profile xdg-screensaver @{exec_path} {
owner @{HOME}/ r,
owner @{HOME}/.Xauthority r,
owner /tmp/xauth-@{int}-_[0-9] r,
owner @{tmp}/xauth-@{int}-_[0-9] r,
owner @{run}/user/@{uid}/ r,

2
apparmor.d/groups/freedesktop/xkbcomp
View file

@ -31,7 +31,7 @@ profile xkbcomp @{exec_path} flags=(attach_disconnected) {
owner @{run}/user/@{uid}/server-@{int}.xkm rwk,
owner /tmp/server-@{int}.xkm rwk,
owner @{tmp}/server-@{int}.xkm rwk,
/dev/dri/card@{int} rw,
/dev/fb@{int} rw,

8
apparmor.d/groups/freedesktop/xorg
View file

@ -83,10 +83,10 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
/tmp/ r,
/tmp/server-@{int}.xkm rw,
owner /tmp/.tX@{int}-lock rwk,
owner /tmp/.X@{int}-lock rwkl -> /tmp/.tX@{int}-lock,
owner /tmp/server-* rwk,
owner /tmp/serverauth.* r,
owner @{tmp}/.tX@{int}-lock rwk,
owner @{tmp}/.X@{int}-lock rwkl -> /tmp/.tX@{int}-lock,
owner @{tmp}/server-* rwk,
owner @{tmp}/serverauth.* r,
@{sys}/bus/ r,
@{sys}/bus/pci/devices/ r,

12
apparmor.d/groups/freedesktop/xrdb
View file

@ -37,12 +37,12 @@ profile xrdb @{exec_path} {
owner @{user_share_dirs}/sddm/wayland-session.log w,
owner /tmp/kcminit.* r,
owner /tmp/kded{5,6}.@{rand6} r,
owner /tmp/plasma-apply-lookandfeel.* r,
owner /tmp/runtime-*/xauth_@{rand6} r,
owner /tmp/startplasma-x11.@{rand6} r,
owner /tmp/xauth-@{int}-_[0-9] r,
owner @{tmp}/kcminit.* r,
owner @{tmp}/kded{5,6}.@{rand6} r,
owner @{tmp}/plasma-apply-lookandfeel.* r,
owner @{tmp}/runtime-*/xauth_@{rand6} r,
owner @{tmp}/startplasma-x11.@{rand6} r,
owner @{tmp}/xauth-@{int}-_[0-9] r,
@{run}/sddm/\{@{uuid}\} r,
@{run}/sddm/xauth_@{rand6} r,

2
apparmor.d/groups/freedesktop/xsetroot
View file

@ -29,7 +29,7 @@ profile xsetroot @{exec_path} {
owner @{user_share_dirs}/sddm/xorg-session.log w,
owner @{user_share_dirs}/sddm/wayland-session.log w,
owner /tmp/xauth_@{rand6} r,
owner @{tmp}/xauth_@{rand6} r,
@{run}/sddm/\{@{uuid}\} r,
@{run}/user/@{uid}/xauth_@{rand6} rl,

2
apparmor.d/groups/freedesktop/xwayland
View file

@ -26,7 +26,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
/usr/share/fonts/{,**} r,
/usr/share/ghostscript/fonts/{,**} r,
owner /tmp/server-@{int}.xkm rwk,
owner @{tmp}/server-@{int}.xkm rwk,
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} rw,
owner @{run}/user/@{uid}/server-@{int}.xkm rw,
owner @{run}/user/@{uid}/xwayland-shared-@{rand6} rw,