From 4b24cc3b1df165306d5292fe924ac0bd7bb73584 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sat, 12 Apr 2025 22:50:49 +0200 Subject: [PATCH] feat(abs): fusermount: add mount, umount to fusermount. --- apparmor.d/abstractions/app/fusermount | 7 +++++++ apparmor.d/groups/freedesktop/xdg-document-portal | 6 ------ apparmor.d/groups/gvfs/gvfsd-fuse | 3 --- 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/apparmor.d/abstractions/app/fusermount b/apparmor.d/abstractions/app/fusermount index 659eee99d..a394e2528 100644 --- a/apparmor.d/abstractions/app/fusermount +++ b/apparmor.d/abstractions/app/fusermount @@ -17,8 +17,15 @@ @{bin}/fusermount{,3} mr, + @{bin}/mount rix, + @{bin}/umount rix, + @{etc_ro}/fuse{,3}.conf r, + @{run}/mount/utab r, + @{run}/mount/utab.* rwk, + + @{PROC}/@{pid}/mountinfo r, @{PROC}/@{pid}/mounts r, /dev/fuse rw, diff --git a/apparmor.d/groups/freedesktop/xdg-document-portal b/apparmor.d/groups/freedesktop/xdg-document-portal index de362990a..c56729248 100644 --- a/apparmor.d/groups/freedesktop/xdg-document-portal +++ b/apparmor.d/groups/freedesktop/xdg-document-portal @@ -77,14 +77,8 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) { unix (send receive) type=stream peer=(label=xdg-document-portal), - @{bin}/mount rix, - @{bin}/umount rix, - owner @{run}/user/@{uid}/doc/ rw, - @{run}/mount/utab r, - @{run}/mount/utab.* rwk, - include if exists } diff --git a/apparmor.d/groups/gvfs/gvfsd-fuse b/apparmor.d/groups/gvfs/gvfsd-fuse index bb19d5454..2695a1bf7 100644 --- a/apparmor.d/groups/gvfs/gvfsd-fuse +++ b/apparmor.d/groups/gvfs/gvfsd-fuse @@ -49,9 +49,6 @@ profile gvfsd-fuse @{exec_path} { unix (send,receive) type=stream addr=none peer=(label=gvfsd-fuse), - @{bin}/mount rix, - @{bin}/umount rix, - include if exists }