feat(profiles): general update.
This commit is contained in:
Alexandre Pujol
parent
0b0d58ab03
commit
3ff8e3847d
37 changed files with 95 additions and 61 deletions
|
|
@ -33,11 +33,8 @@ profile evolution-addressbook-factory @{exec_path} {
|
|||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.NetworkManager
|
||||
member={CheckPermissions,StateChanged},
|
||||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=PropertiesChanged,
|
||||
member={CheckPermissions,StateChanged,DeviceAdded,DeviceRemoved}
|
||||
peer=(name=:*, label=NetworkManager),
|
||||
|
||||
@{exec_path} mr,
|
||||
@{exec_path}-subprocess rix,
|
||||
|
|
|
|||
|
|
@ -29,7 +29,8 @@ profile evolution-calendar-factory @{exec_path} {
|
|||
|
||||
dbus receive bus=system path=/org/freedesktop/NetworkManager
|
||||
interface=org.freedesktop.NetworkManager
|
||||
member={CheckPermissions,StateChanged},
|
||||
member={CheckPermissions,StateChanged,DeviceAdded,DeviceRemoved}
|
||||
peer=(name=:*, label=NetworkManager),
|
||||
|
||||
dbus (send,receive) bus=session path=/org/gnome/evolution/dataserver{,/**}
|
||||
interface={org.freedesktop.DBus.{Introspectable,ObjectManager,Properties},org.gnome.evolution.dataserver.*},
|
||||
|
|
|
|||
|
|
@ -21,6 +21,10 @@ profile evolution-source-registry @{exec_path} {
|
|||
network inet6 dgram,
|
||||
network netlink raw,
|
||||
|
||||
dbus (receive) bus=session path=/org/gnome/evolution/dataserver{,/**}
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||
|
|
|
|||
|
|
@ -22,8 +22,9 @@ profile gnome-contacts-search-provider @{exec_path} {
|
|||
|
||||
/var/lib/flatpak/exports/share/mime/mime.cache r,
|
||||
|
||||
owner @{user_share_dirs}/folks/{,**/} rw,
|
||||
owner @{user_share_dirs}/folks/relationships.ini rw,
|
||||
owner @{user_share_dirs}/mime/mime.cache r,
|
||||
owner @{user_share_dirs}/folks/relationships.ini r,
|
||||
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
|
||||
|
|
|
|||
|
|
@ -505,11 +505,11 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
|||
/usr/share/libinput*/{,**/}[0-9][0-9]-*.quirks r,
|
||||
/usr/share/libinput*/libinput/ r,
|
||||
/usr/share/libwacom/{,*.stylus,*.tablet} r,
|
||||
/usr/share/pipewire/client.conf r,
|
||||
/usr/share/plymouth/*.png r,
|
||||
/usr/share/wallpapers/** r,
|
||||
/usr/share/wayland-sessions/{,*.desktop} r,
|
||||
/usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r,
|
||||
/usr/share/gnome-packagekit/icons/hicolor/{,**} r,
|
||||
|
||||
# freedesktop.org-strict
|
||||
/usr/share/*ubuntu/applications/{,**} r,
|
||||
|
|
@ -518,6 +518,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
|||
/.flatpak-info r,
|
||||
/etc/fstab r,
|
||||
/etc/udev/hwdb.bin r,
|
||||
/etc/pipewire/client.conf.d/{,**} r,
|
||||
/etc/xdg/menus/gnome-applications.menu r,
|
||||
|
||||
/var/lib/gdm{3,}/.cache/ w,
|
||||
|
|
@ -637,11 +638,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_cur_freq r,
|
||||
@{sys}/devices/virtual/net/*/statistics/{rx_bytes,tx_bytes} r,
|
||||
|
||||
owner @{PROC}/@{pid}/comm r,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
owner @{PROC}/@{pid}/task/@{pid}/cmdline r,
|
||||
@{PROC}/ r,
|
||||
@{PROC}/@{pid}/attr/current r,
|
||||
@{PROC}/@{pid}/cgroup r,
|
||||
|
|
@ -652,6 +648,12 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
|||
@{PROC}/1/cgroup r,
|
||||
@{PROC}/cmdline r,
|
||||
@{PROC}/sys/kernel/osrelease r,
|
||||
@{PROC}/sys/net/ipv{4,6}/conf/all/disable_ipv{4,6} r,
|
||||
owner @{PROC}/@{pid}/comm r,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
owner @{PROC}/@{pid}/task/@{pid}/cmdline r,
|
||||
|
||||
/dev/input/event[0-9]* rw,
|
||||
/dev/media[0-9]* rw,
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/deny-sensitive-home>
|
||||
include <abstractions/dri-enumerate>
|
||||
include <abstractions/gnome>
|
||||
include <abstractions/mesa>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/opencl-nvidia>
|
||||
include <abstractions/openssl>
|
||||
|
|
|
|||
|
|
@ -99,6 +99,7 @@ profile tracker-extract @{exec_path} {
|
|||
owner @{user_cache_dirs}/ w,
|
||||
owner @{user_cache_dirs}/tracker3/ w,
|
||||
owner @{user_cache_dirs}/tracker3/files/{,**} rwk,
|
||||
owner @{user_share_dirs}/gvfs-metadata/** r,
|
||||
|
||||
owner /tmp/tracker-extract-3-files.*/{,*} rw,
|
||||
|
||||
|
|
@ -116,8 +117,6 @@ profile tracker-extract @{exec_path} {
|
|||
/dev/dri/renderD128 rw,
|
||||
/dev/media[0-9]* r,
|
||||
/dev/video[0-9]* rw,
|
||||
|
||||
deny owner @{user_share_dirs}/gvfs-metadata/** r,
|
||||
|
||||
# file_inherit
|
||||
owner /dev/tty[0-9]* rw,
|
||||
|
|
|
|||
|
|
@ -105,8 +105,9 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) {
|
|||
owner @{MOUNTS}/{,**} r,
|
||||
owner /tmp/*/{,**} r,
|
||||
|
||||
owner @{user_config_dirs}/tracker3/{,**} rwk,
|
||||
owner @{user_cache_dirs}/tracker3/ rw,
|
||||
owner @{user_cache_dirs}/tracker3/files/{,**} rwk,
|
||||
owner @{user_config_dirs}/tracker3/{,**} rwk,
|
||||
|
||||
@{run}/blkid/blkid.tab r,
|
||||
@{run}/mount/utab r,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue