felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): use the new @{tmp} variable.

Browse source 
It is only used with the owner statement.
This commit is contained in:
Alexandre Pujol 2024-05-02 22:12:02 +01:00
parent 0bbbe71422
commit 3f69b9fec4
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
257 changed files with 668 additions and 685 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/whonix/sdwdate-start
View file

@ -20,7 +20,7 @@ profile sdwdate-start @{exec_path} {
@{bin}/mkfifo rix,
@{bin}/inotifywait rix,
owner /tmp/tmp.@{rand10} rw,
owner @{tmp}/tmp.@{rand10} rw,
owner @{run}/sdwdate/ rw,
owner @{run}/sdwdate/status rw,

24
apparmor.d/groups/whonix/torbrowser
View file

@ -82,18 +82,18 @@ profile torbrowser @{exec_path} flags=(attach_disconnected) {
/tmp/ r,
/var/tmp/ r,
owner /tmp/user/@{uid}/ rw,
owner /tmp/user/@{uid}/* rwk,
owner /tmp/user/@{uid}/Temp-@{uuid}/ rw,
owner /tmp/user/@{uid}/Temp-@{uuid}/* rwk,
owner /tmp/user/@{uid}/firefox/ rw,
owner /tmp/user/@{uid}/firefox/* rwk,
owner /tmp/@{name}/ rw,
owner /tmp/@{name}/* rwk,
owner /tmp/Temp-@{uuid}/ rw,
owner "/tmp/Tor Project*/" rw,
owner "/tmp/Tor Project*/**" rwk,
owner "/tmp/Tor Project*" rwk,
owner @{tmp}/ rw,
owner @{tmp}/* w,
owner @{tmp}/Temp-@{uuid}/ rw,
owner @{tmp}/Temp-@{uuid}/* rwk,
owner @{tmp}/firefox/ rw,
owner @{tmp}/firefox/* rwk,
owner @{tmp}/@{name}/ rw,
owner @{tmp}/@{name}/* rwk,
owner @{tmp}/Temp-@{uuid}/ rw,
owner "@{tmp}/Tor Project*/" rw,
owner "@{tmp}/Tor Project*/**" rwk,
owner "@{tmp}/Tor Project*" rwk,
@{run}/mount/utab r,

2
apparmor.d/groups/whonix/torbrowser-glxtest
View file

@ -23,7 +23,7 @@ profile torbrowser-glxtest @{exec_path} {
owner @{config_dirs}/.parentlock rw,
owner /tmp/@{name}/.parentlock rw,
owner @{tmp}/@{name}/.parentlock rw,
owner @{PROC}/@{pid}/cmdline r,

2
apparmor.d/groups/whonix/torbrowser-updater-permission-fix
View file

@ -30,7 +30,7 @@ profile torbrowser-updater-permission-fix @{exec_path} {
/var/cache/tb-binary/{,**} rw,
owner /tmp/user/@{uid}/tmp.@{rand10} rw,
owner @{tmp}/tmp.@{rand10} rw,
owner @{PROC}/@{pid}/fd/ r,

2
apparmor.d/groups/whonix/torbrowser-vaapitest
View file

@ -21,7 +21,7 @@ profile torbrowser-vaapitest @{exec_path} {
@{exec_path} mr,
owner /tmp/@{name}/.parentlock rw,
owner @{tmp}/@{name}/.parentlock rw,
deny @{config_dirs}/.parentlock rw,
deny @{config_dirs}/startupCache/** r,

3
apparmor.d/groups/whonix/torbrowser-wrapper
View file

@ -43,8 +43,7 @@ profile torbrowser-wrapper @{exec_path} {
owner @{HOME}/.tb/{,**} rw,
owner /var/cache/tb-binary/{,**} rw,
owner /tmp/tmp.@{rand10} rw,
owner /tmp/user/@{uid}/tmp.@{rand10} rw,
owner @{tmp}/tmp.@{rand10} rw,
owner @{run}/mount/utab r,