feat(profile): use the new @{tmp} variable.
It is only used with the owner statement.
This commit is contained in:
Alexandre Pujol
parent
0bbbe71422
commit
3f69b9fec4
257 changed files with 668 additions and 685 deletions
|
|
@ -41,7 +41,7 @@ profile YACReaderLibrary @{exec_path} flags=(attach_disconnected,mediate_deleted
|
|||
owner @{user_share_dirs}/YACReader/YACReaderLibrary/ rw,
|
||||
owner @{user_share_dirs}/YACReader/YACReaderLibrary/** rwlk,
|
||||
|
||||
owner /tmp/@{uuid} w,
|
||||
owner @{tmp}/@{uuid} w,
|
||||
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ profile s3fs @{exec_path} {
|
|||
|
||||
owner @{MOUNTS}/ r,
|
||||
owner @{MOUNTS}/*/ r,
|
||||
owner /tmp/* rw,
|
||||
owner @{tmp}/* rw,
|
||||
|
||||
/dev/fuse rw,
|
||||
|
||||
|
|
@ -59,7 +59,7 @@ profile s3fs @{exec_path} {
|
|||
@{MOUNTS}/ r,
|
||||
@{MOUNTS}/*/ r,
|
||||
|
||||
owner /tmp/s3fstmp.* rw,
|
||||
owner @{tmp}/s3fstmp.* rw,
|
||||
|
||||
@{PROC}/@{pids}/mounts r,
|
||||
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ profile sanoid @{exec_path} flags=(complain) {
|
|||
@{run}/sanoid/sanoid_cacheupdate.lock rwk,
|
||||
@{run}/sanoid/sanoid_pruning.lock rwk,
|
||||
|
||||
owner /tmp/** rw,
|
||||
owner @{tmp}/** rw,
|
||||
|
||||
include if exists <local/sanoid>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -64,11 +64,11 @@ profile smplayer @{exec_path} {
|
|||
|
||||
owner @{user_cache_dirs}/#@{int} rw,
|
||||
|
||||
owner /tmp/qtsingleapp-smplay-* rw,
|
||||
owner /tmp/qtsingleapp-smplay-*-lockfile rwk,
|
||||
owner /tmp/smplayer_preview/ rw,
|
||||
owner /tmp/smplayer_preview/@{int}.{jpg,png} rw,
|
||||
owner /tmp/smplayer-mpv-* w,
|
||||
owner @{tmp}/qtsingleapp-smplay-* rw,
|
||||
owner @{tmp}/qtsingleapp-smplay-*-lockfile rwk,
|
||||
owner @{tmp}/smplayer_preview/ rw,
|
||||
owner @{tmp}/smplayer_preview/@{int}.{jpg,png} rw,
|
||||
owner @{tmp}/smplayer-mpv-* w,
|
||||
|
||||
owner @{run}/user/@{uid}/gvfs/smb-share:server=*,share=**/ r,
|
||||
owner @{run}/user/@{uid}/gvfs/smb-share:server=*,share=** r,
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@ profile snap @{exec_path} {
|
|||
@{HOME}/snap/{,**} rw,
|
||||
/snap/{,**} rw,
|
||||
|
||||
owner /tmp/snapd-auto-import-mount-@{int}/ rw,
|
||||
owner @{tmp}/snapd-auto-import-mount-@{int}/ rw,
|
||||
|
||||
@{run}/user/@{uid}/bus rw,
|
||||
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} r,
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ profile snap-update-ns @{exec_path} {
|
|||
owner /var/snap/ rw,
|
||||
owner /var/snap/**/ rw,
|
||||
|
||||
owner /tmp/.snap/{,**} rwk,
|
||||
owner @{tmp}/.snap/{,**} rwk,
|
||||
|
||||
@{run}/snapd/lock/*.lock rwk,
|
||||
@{run}/snapd/ns/{,**} rw,
|
||||
|
|
|
|||
|
|
@ -73,17 +73,17 @@ profile spectre-meltdown-checker @{exec_path} {
|
|||
# To fetch MCE.db from the MCExtractor project
|
||||
@{bin}/wget rCx -> mcedb,
|
||||
@{bin}/sqlite3 rCx -> mcedb,
|
||||
owner /tmp/mcedb-* rw,
|
||||
owner /tmp/smc-* rw,
|
||||
owner /tmp/{,smc-}intelfw-*/ rw,
|
||||
owner /tmp/{,smc-}intelfw-*/fw.zip rw,
|
||||
owner /tmp/{,smc-}intelfw-*/Intel-Linux-Processor-Microcode-Data-Files-{master,main}/ rw,
|
||||
owner /tmp/{,smc-}intelfw-*/Intel-Linux-Processor-Microcode-Data-Files-{master,main}/** rw,
|
||||
owner @{tmp}/mcedb-* rw,
|
||||
owner @{tmp}/smc-* rw,
|
||||
owner @{tmp}/{,smc-}intelfw-*/ rw,
|
||||
owner @{tmp}/{,smc-}intelfw-*/fw.zip rw,
|
||||
owner @{tmp}/{,smc-}intelfw-*/Intel-Linux-Processor-Microcode-Data-Files-{master,main}/ rw,
|
||||
owner @{tmp}/{,smc-}intelfw-*/Intel-Linux-Processor-Microcode-Data-Files-{master,main}/** rw,
|
||||
|
||||
owner @{HOME}/.mcedb rw,
|
||||
|
||||
/tmp/ r,
|
||||
owner /tmp/{config,kernel}-* rw,
|
||||
owner @{tmp}/{config,kernel}-* rw,
|
||||
|
||||
owner /dev/cpu/@{int}/cpuid r,
|
||||
owner /dev/cpu/@{int}/msr rw,
|
||||
|
|
@ -166,8 +166,8 @@ profile spectre-meltdown-checker @{exec_path} {
|
|||
owner @{HOME}/.mcedb rw,
|
||||
|
||||
/tmp/ r,
|
||||
owner /tmp/{,smc-}mcedb-* rwk,
|
||||
owner /tmp/{,smc-}intelfw-*/fw.zip rw,
|
||||
owner @{tmp}/{,smc-}mcedb-* rwk,
|
||||
owner @{tmp}/{,smc-}intelfw-*/fw.zip rw,
|
||||
|
||||
/usr/share/publicsuffix/public_suffix_list.* r,
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ profile ss @{exec_path} {
|
|||
|
||||
/etc/iproute2/{,**} r,
|
||||
|
||||
owner /tmp/*.ss rw,
|
||||
owner @{tmp}/*.ss rw,
|
||||
owner @{HOME}/*.ss rw,
|
||||
|
||||
@{PROC} r,
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ profile startx @{exec_path} flags=(attach_disconnected) {
|
|||
owner @{HOME}/.xserverrc r,
|
||||
|
||||
/tmp/ r,
|
||||
owner /tmp/serverauth.* rw,
|
||||
owner @{tmp}/serverauth.* rw,
|
||||
|
||||
/dev/ r,
|
||||
owner /dev/tty@{int} rw,
|
||||
|
|
|
|||
|
|
@ -139,13 +139,13 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain)
|
|||
owner /dev/shm/u@{uid}-ValveIPCSharedObj-Steam rwk,
|
||||
owner /dev/shm/ValveIPCSHM_@{uid} rw,
|
||||
|
||||
owner /tmp/dumps/ rw,
|
||||
owner /tmp/dumps/{assert,crash}_@{int}_@{int}.dmp rw,
|
||||
owner /tmp/gdkpixbuf-xpm-tmp.@{rand6} rw,
|
||||
owner /tmp/miles_image_* mrw,
|
||||
owner /tmp/runtime-info.txt.* rwk,
|
||||
owner /tmp/sh-thd.* rw,
|
||||
owner /tmp/steam_chrome_shmem_uid@{uid}_spid@{int} rw,
|
||||
owner @{tmp}/dumps/ rw,
|
||||
owner @{tmp}/dumps/{assert,crash}_@{int}_@{int}.dmp rw,
|
||||
owner @{tmp}/gdkpixbuf-xpm-tmp.@{rand6} rw,
|
||||
owner @{tmp}/miles_image_* mrw,
|
||||
owner @{tmp}/runtime-info.txt.* rwk,
|
||||
owner @{tmp}/sh-thd.* rw,
|
||||
owner @{tmp}/steam_chrome_shmem_uid@{uid}_spid@{int} rw,
|
||||
|
||||
@{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
|
||||
@{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.)
|
||||
|
|
|
|||
|
|
@ -161,10 +161,10 @@ profile steam-game @{exec_path} flags=(attach_disconnected) {
|
|||
owner /dev/shm/ValveIPCSHM_@{uid} rw,
|
||||
owner /dev/shm/wine-*-fsync rw,
|
||||
|
||||
owner /tmp/.wine-@{uid}/server-*/* rwk,
|
||||
owner /tmp/** rw,
|
||||
owner /tmp/miles_image_* mr,
|
||||
owner /tmp/pressure-vessel-*/{,**} rwl,
|
||||
owner @{tmp}/.wine-@{uid}/server-*/* rwk,
|
||||
owner @{tmp}/** rw,
|
||||
owner @{tmp}/miles_image_* mr,
|
||||
owner @{tmp}/pressure-vessel-*/{,**} rwl,
|
||||
|
||||
@{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad
|
||||
|
||||
|
|
|
|||
|
|
@ -45,9 +45,9 @@ profile steam-gameoverlayui @{exec_path} {
|
|||
owner /dev/shm/u@{uid}-ValveIPCSharedObj-* rwk,
|
||||
owner /dev/shm/ValveIPCSHM_@{uid} rw,
|
||||
|
||||
owner /tmp/gameoverlayui.log* rw,
|
||||
owner /tmp/steam_chrome_overlay_uid@{uid}_spid@{pids} rw,
|
||||
owner /tmp/miles_image_* mrw,
|
||||
owner @{tmp}/gameoverlayui.log* rw,
|
||||
owner @{tmp}/steam_chrome_overlay_uid@{uid}_spid@{pids} rw,
|
||||
owner @{tmp}/miles_image_* mrw,
|
||||
|
||||
deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,
|
||||
|
||||
|
|
|
|||
|
|
@ -79,13 +79,13 @@ profile strawberry @{exec_path} {
|
|||
/dev/shm/#@{int} rw,
|
||||
/dev/sr[0-9]* r,
|
||||
|
||||
owner /tmp/qipc_{systemsem,sharedmemory}_*[a-f0-9]* rw,
|
||||
owner /tmp/.*/ rw,
|
||||
owner /tmp/.*/s rw,
|
||||
owner /tmp/strawberry*[0-9] w,
|
||||
owner /tmp/strawberry-cover-*.jpg rwl -> /tmp/#@{int},
|
||||
owner /tmp/#@{int} rw,
|
||||
owner /tmp/*= w,
|
||||
owner @{tmp}/qipc_{systemsem,sharedmemory}_*[a-f0-9]* rw,
|
||||
owner @{tmp}/.*/ rw,
|
||||
owner @{tmp}/.*/s rw,
|
||||
owner @{tmp}/strawberry*[0-9] w,
|
||||
owner @{tmp}/strawberry-cover-*.jpg rwl -> /tmp/#@{int},
|
||||
owner @{tmp}/#@{int} rw,
|
||||
owner @{tmp}/*= w,
|
||||
|
||||
owner /var/tmp/etilqs_@{hex} rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -21,9 +21,9 @@ profile swtpm_setup @{exec_path} {
|
|||
/var/log/swtpm/{,**} w,
|
||||
/var/lib/libvirt/swtpm/@{uuid}/tpm2/ r,
|
||||
|
||||
owner /tmp/swtpm_setup.certs.*/ w,
|
||||
owner /tmp/swtpm_setup.certs.*/*.cert rw,
|
||||
owner /tmp/.swtpm_setup.pidfile* rw,
|
||||
owner @{tmp}/swtpm_setup.certs.*/ w,
|
||||
owner @{tmp}/swtpm_setup.certs.*/*.cert rw,
|
||||
owner @{tmp}/.swtpm_setup.pidfile* rw,
|
||||
|
||||
include if exists <local/swtpm_setup>
|
||||
}
|
||||
|
|
@ -25,7 +25,7 @@ profile syncoid @{exec_path} flags=(complain) {
|
|||
|
||||
/etc/mbuffer.rc r,
|
||||
|
||||
owner /tmp/** rw,
|
||||
owner @{tmp}/** rw,
|
||||
|
||||
@{PROC}/@{pids}/maps r,
|
||||
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ profile system-config-printer @{exec_path} flags=(complain) {
|
|||
@{run}/cups/cups.sock rw,
|
||||
owner @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw,
|
||||
|
||||
owner /tmp/* rw,
|
||||
owner @{tmp}/* rw,
|
||||
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
owner @{PROC}/@{pid}/fdinfo/@{int} r,
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ profile tasksel @{exec_path} flags=(complain) {
|
|||
|
||||
/usr/share/debconf/confmodule r,
|
||||
|
||||
owner /tmp/file* w,
|
||||
owner @{tmp}/file* w,
|
||||
|
||||
|
||||
profile tasksel-tests flags=(complain) {
|
||||
|
|
@ -66,7 +66,7 @@ profile tasksel @{exec_path} flags=(complain) {
|
|||
|
||||
# The following is needed when debconf uses dialog/whiptail frontend.
|
||||
@{bin}/whiptail rPx,
|
||||
owner /tmp/file* w,
|
||||
owner @{tmp}/file* w,
|
||||
|
||||
/usr/share/debconf/confmodule r,
|
||||
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ profile terminator @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
owner @{user_config_dirs}/terminator/{,**} rw,
|
||||
|
||||
owner /tmp/#@{int} rw,
|
||||
owner @{tmp}/#@{int} rw,
|
||||
|
||||
@{PROC}/ r,
|
||||
@{PROC}/@{pid}/net/tcp{,6} r,
|
||||
|
|
|
|||
|
|
@ -126,14 +126,14 @@ profile thunderbird @{exec_path} {
|
|||
|
||||
/tmp/ r,
|
||||
/var/tmp/ r,
|
||||
owner /tmp/@{name}{,_*}/ rw,
|
||||
owner /tmp/@{name}{,_*}/* rwk,
|
||||
owner /tmp/* rw,
|
||||
owner /tmp/mozilla_*/ rw,
|
||||
owner /tmp/mozilla_*/* rw,
|
||||
owner /tmp/MozillaMailnews/ rw,
|
||||
owner /tmp/MozillaMailnews/*.msf rw,
|
||||
owner /tmp/Temp-@{uuid}/ rw,
|
||||
owner @{tmp}/@{name}{,_*}/ rw,
|
||||
owner @{tmp}/@{name}{,_*}/* rwk,
|
||||
owner @{tmp}/* rw,
|
||||
owner @{tmp}/mozilla_*/ rw,
|
||||
owner @{tmp}/mozilla_*/* rw,
|
||||
owner @{tmp}/MozillaMailnews/ rw,
|
||||
owner @{tmp}/MozillaMailnews/*.msf rw,
|
||||
owner @{tmp}/Temp-@{uuid}/ rw,
|
||||
|
||||
@{run}/mount/utab r,
|
||||
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ profile thunderbird-glxtest @{exec_path} {
|
|||
|
||||
owner @{config_dirs}/*/.parentlock rw,
|
||||
|
||||
owner /tmp/thunderbird/.parentlock rw,
|
||||
owner @{tmp}/thunderbird/.parentlock rw,
|
||||
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ profile thunderbird-vaapitest @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner /tmp/thunderbird/.parentlock rw,
|
||||
owner @{tmp}/thunderbird/.parentlock rw,
|
||||
|
||||
deny @{cache_dirs}/*/startupCache/** r,
|
||||
deny @{config_dirs}/*/.parentlock rw,
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ profile tint2 @{exec_path} {
|
|||
|
||||
owner @{HOME}/.Xauthority r,
|
||||
|
||||
owner /tmp/tint2-@{pid}-@{int}.png rw,
|
||||
owner @{tmp}/tint2-@{pid}-@{int}.png rw,
|
||||
|
||||
# Battery applet
|
||||
@{sys}/class/power_supply/ r,
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ profile transmission-qt @{exec_path} {
|
|||
owner @{user_cache_dirs}/transmission/ rw,
|
||||
owner @{user_cache_dirs}/transmission/** rwk,
|
||||
|
||||
owner /tmp/tr_session_id_* rwk,
|
||||
owner @{tmp}/tr_session_id_* rwk,
|
||||
|
||||
deny owner @{PROC}/@{pid}/cmdline r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ profile ucf @{exec_path} flags=(complain) {
|
|||
/etc/ucf.conf r,
|
||||
/var/lib/ucf/** rw,
|
||||
|
||||
owner /tmp/* rw,
|
||||
owner @{tmp}/* rw,
|
||||
/etc/default/* rw,
|
||||
|
||||
# For md5sum
|
||||
|
|
|
|||
|
|
@ -38,14 +38,14 @@ profile unmkinitramfs @{exec_path} {
|
|||
/boot/ r,
|
||||
owner /boot/initrd.img-* r,
|
||||
/tmp/ r,
|
||||
owner /tmp/initrd.img-* r,
|
||||
owner @{tmp}/initrd.img-* r,
|
||||
/mnt/ r,
|
||||
owner /mnt/initrd.img-* r,
|
||||
/mnt/boot/ r,
|
||||
owner /mnt/boot/initrd.img-* r,
|
||||
|
||||
# To extract the content of the initrd image
|
||||
owner /tmp/** rwl -> /tmp/**,
|
||||
owner @{tmp}/** rwl -> /tmp/**,
|
||||
|
||||
/var/tmp/ r,
|
||||
owner /var/tmp/unmkinitramfs_* rw,
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ profile update-ca-certificates @{exec_path} {
|
|||
/ r,
|
||||
|
||||
/tmp/ r,
|
||||
owner /tmp/ca-certificates{,.crt}.tmp.* rw,
|
||||
owner @{tmp}/ca-certificates{,.crt}.tmp.* rw,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ profile update-cracklib @{exec_path} {
|
|||
|
||||
owner /var/cache/cracklib/{,**} rw,
|
||||
|
||||
owner /tmp/sort@{rand6} rw,
|
||||
owner @{tmp}/sort@{rand6} rw,
|
||||
|
||||
include if exists <local/update-cracklib>
|
||||
}
|
||||
|
|
@ -28,7 +28,7 @@ profile vcsi @{exec_path} {
|
|||
|
||||
/etc/fstab r,
|
||||
|
||||
owner /tmp/* rw,
|
||||
owner @{tmp}/* rw,
|
||||
|
||||
include if exists <local/vcsi>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -51,10 +51,10 @@ profile vidcutter @{exec_path} {
|
|||
owner @{user_config_dirs}/vidcutter/ rw,
|
||||
owner @{user_config_dirs}/vidcutter/* rwkl -> @{user_config_dirs}/vidcutter/#@{int},
|
||||
|
||||
owner /tmp/vidcutter-@{uuid} w,
|
||||
owner /tmp/#@{int} rw,
|
||||
owner /tmp/*.jpg rwl -> /tmp/#@{int},
|
||||
owner /tmp/vidcutter/{,*} rw,
|
||||
owner @{tmp}/vidcutter-@{uuid} w,
|
||||
owner @{tmp}/#@{int} rw,
|
||||
owner @{tmp}/*.jpg rwl -> /tmp/#@{int},
|
||||
owner @{tmp}/vidcutter/{,*} rw,
|
||||
|
||||
deny owner @{PROC}/@{pid}/cmdline r,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ profile whiptail @{exec_path} flags=(complain) {
|
|||
|
||||
/etc/newt/palette.* r,
|
||||
|
||||
owner /tmp/gpm* w,
|
||||
owner @{tmp}/gpm* w,
|
||||
|
||||
include if exists <local/whiptail>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ profile wireshark @{exec_path} {
|
|||
owner @{HOME}/.wireshark/{,**} rw,
|
||||
owner @{user_config_dirs}/wireshark/{,**} rw,
|
||||
|
||||
owner /tmp/wireshark_extcap_ciscodump_@{int}_* rw,
|
||||
owner @{tmp}/wireshark_extcap_ciscodump_@{int}_* rw,
|
||||
|
||||
deny @{PROC}/sys/kernel/random/boot_id r,
|
||||
deny owner @{PROC}/@{pid}/cmdline r,
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ profile wl-copy @{exec_path} {
|
|||
|
||||
@{bin}/xdg-mime rPx,
|
||||
|
||||
owner /tmp/wl-copy-buffer-*/{,**} rw,
|
||||
owner @{tmp}/wl-copy-buffer-*/{,**} rw,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ profile wpa-cli @{exec_path} {
|
|||
owner @{HOME}/.wpa_cli_history-@{int}.tmp rw,
|
||||
|
||||
owner @{run}/wpa_supplicant/ r,
|
||||
owner /tmp/wpa_ctrl_@{pid}-[0-9] rw,
|
||||
owner @{tmp}/wpa_ctrl_@{pid}-[0-9] rw,
|
||||
|
||||
include if exists <local/wpa-cli>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ profile wpa-gui @{exec_path} {
|
|||
|
||||
/usr/share/hwdata/pnp.ids r,
|
||||
|
||||
owner /tmp/wpa_ctrl_@{pid}-[0-9] w,
|
||||
owner @{tmp}/wpa_ctrl_@{pid}-[0-9] w,
|
||||
owner /dev/shm/#@{int} rw,
|
||||
|
||||
@{run}/wpa_supplicant/ r,
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ profile xarchiver @{exec_path} {
|
|||
@{MOUNTS}/ r,
|
||||
@{MOUNTS}/** rw,
|
||||
/tmp/ r,
|
||||
owner /tmp/** rw,
|
||||
owner @{tmp}/** rw,
|
||||
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
@{PROC}/@{pid}/mountinfo r,
|
||||
|
|
|
|||
|
|
@ -26,15 +26,15 @@ profile xauth @{exec_path} {
|
|||
owner @{HOME}/.Xauthority-n rw,
|
||||
owner @{HOME}/.Xauthority rwl -> @{HOME}/.Xauthority-n,
|
||||
|
||||
owner /tmp/serverauth.*-c w,
|
||||
owner /tmp/serverauth.*-l wl -> /tmp/serverauth.*-c,
|
||||
owner /tmp/serverauth.*-n rw,
|
||||
owner /tmp/serverauth.* rwl -> /tmp/serverauth.*-n,
|
||||
owner @{tmp}/serverauth.*-c w,
|
||||
owner @{tmp}/serverauth.*-l wl -> /tmp/serverauth.*-c,
|
||||
owner @{tmp}/serverauth.*-n rw,
|
||||
owner @{tmp}/serverauth.* rwl -> /tmp/serverauth.*-n,
|
||||
|
||||
owner /tmp/runtime-*/xauth_@{rand6} r,
|
||||
owner /tmp/xauth_@{rand6} r,
|
||||
owner /tmp/xauth_@{rand6}-c w,
|
||||
owner /tmp/xauth_@{rand6}-l wl,
|
||||
owner @{tmp}/runtime-*/xauth_@{rand6} r,
|
||||
owner @{tmp}/xauth_@{rand6} r,
|
||||
owner @{tmp}/xauth_@{rand6}-c w,
|
||||
owner @{tmp}/xauth_@{rand6}-l wl,
|
||||
|
||||
owner @{run}/user/@{uid}/xauth_@{rand6} rw,
|
||||
owner @{run}/user/@{uid}/xauth_@{rand6}-c w,
|
||||
|
|
|
|||
|
|
@ -16,8 +16,8 @@ profile xclip @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner /tmp/mutt-* rw,
|
||||
owner /tmp/xauth_@{rand6} r,
|
||||
owner @{tmp}/mutt-* rw,
|
||||
owner @{tmp}/xauth_@{rand6} r,
|
||||
|
||||
owner @{HOME}/.Xauthority r,
|
||||
|
||||
|
|
|
|||
|
|
@ -70,8 +70,8 @@ profile xinit @{exec_path} {
|
|||
owner @{HOME}/.xserverrc r,
|
||||
owner @{HOME}/.xsession-errors w,
|
||||
|
||||
owner /tmp/file* rw,
|
||||
owner /tmp/tmp.* rw,
|
||||
owner @{tmp}/file* rw,
|
||||
owner @{tmp}/tmp.* rw,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ profile xsel @{exec_path} {
|
|||
owner @{user_cache_dirs}/xsel.log rw,
|
||||
|
||||
owner @{HOME}/.Xauthority r,
|
||||
owner /tmp/xauth-@{int}-_[0-9] r,
|
||||
owner @{tmp}/xauth-@{int}-_[0-9] r,
|
||||
|
||||
# file_inherit
|
||||
owner /dev/tty@{int} rw,
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ profile zed @{exec_path} {
|
|||
@{run}/zed.state rwkl,
|
||||
@{run}/zfs-list.cache@* rw,
|
||||
|
||||
owner /tmp/tmp.* rw,
|
||||
owner @{tmp}/tmp.* rw,
|
||||
|
||||
@{sys}/bus/pci/slots/ r,
|
||||
@{sys}/bus/pci/slots/@{int}/address r,
|
||||
|
|
|
|||
|
|
@ -37,8 +37,8 @@ profile zenmap @{exec_path} {
|
|||
|
||||
/usr/share/zenmap/** r,
|
||||
|
||||
owner /tmp/* rw,
|
||||
owner /tmp/zenmap-stdout-* rw,
|
||||
owner @{tmp}/* rw,
|
||||
owner @{tmp}/zenmap-stdout-* rw,
|
||||
|
||||
include if exists <local/zenmap>
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue