felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): finish using variable instead of [0-9].

Browse source
This commit is contained in:
Alexandre Pujol 2025-04-06 20:56:39 +02:00
parent 26d0797a07
commit 4c67b21bf3
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
26 changed files with 35 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/akonadi/akonadi_akonotes_resource
View file

@ -15,7 +15,7 @@ profile akonadi_akonotes_resource @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
owner @{user_config_dirs}/akonadi_akonotes_resource_[0-9]rc r, owner @{user_config_dirs}/akonadi_akonotes_resource_@{int}rc r,
owner @{user_config_dirs}/akonadi/ rw, owner @{user_config_dirs}/akonadi/ rw,
owner @{user_config_dirs}/akonadi/** rwlk -> @{user_config_dirs}/akonadi/**, owner @{user_config_dirs}/akonadi/** rwlk -> @{user_config_dirs}/akonadi/**,

2
apparmor.d/groups/akonadi/akonadi_contacts_resource
View file

@ -17,7 +17,7 @@ profile akonadi_contacts_resource @{exec_path} {
/usr/share/akonadi/plugins/serializer/{,*.desktop} r, /usr/share/akonadi/plugins/serializer/{,*.desktop} r,
owner @{user_config_dirs}/akonadi_contacts_resource_[0-9]rc r, owner @{user_config_dirs}/akonadi_contacts_resource_@{int}rc r,
owner @{user_config_dirs}/akonadi/ rw, owner @{user_config_dirs}/akonadi/ rw,
owner @{user_config_dirs}/akonadi/** rwlk -> @{user_config_dirs}/akonadi/**, owner @{user_config_dirs}/akonadi/** rwlk -> @{user_config_dirs}/akonadi/**,

4
apparmor.d/groups/akonadi/akonadi_ical_resource
View file

@ -15,9 +15,9 @@ profile akonadi_ical_resource @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
owner @{user_cache_dirs}/akonadi_ical_resource_[0-9]/{,*} rwl, owner @{user_cache_dirs}/akonadi_ical_resource_@{int}/{,*} rwl,
owner @{user_config_dirs}/akonadi_ical_resource_[0-9]rc rwl, owner @{user_config_dirs}/akonadi_ical_resource_@{int}rc rwl,
owner @{user_config_dirs}/akonadi/ rw, owner @{user_config_dirs}/akonadi/ rw,
owner @{user_config_dirs}/akonadi/** rwlk -> @{user_config_dirs}/akonadi/**, owner @{user_config_dirs}/akonadi/** rwlk -> @{user_config_dirs}/akonadi/**,

4
apparmor.d/groups/akonadi/akonadi_maildir_resource
View file

@ -19,11 +19,11 @@ profile akonadi_maildir_resource @{exec_path} {
owner @{user_mail_dirs}/{,**} rw, owner @{user_mail_dirs}/{,**} rw,
owner @{user_config_dirs}/akonadi_maildir_resource_[0-9]rc r, owner @{user_config_dirs}/akonadi_maildir_resource_@{int}rc r,
owner @{user_config_dirs}/akonadi/ rw, owner @{user_config_dirs}/akonadi/ rw,
owner @{user_config_dirs}/akonadi/** rwlk -> @{user_config_dirs}/akonadi/**, owner @{user_config_dirs}/akonadi/** rwlk -> @{user_config_dirs}/akonadi/**,
owner @{user_share_dirs}/akonadi_maildir_resource_[0-9]/{,**} rw, owner @{user_share_dirs}/akonadi_maildir_resource_@{int}/{,**} rw,
owner @{user_share_dirs}/akonadi/{,**} rwk, owner @{user_share_dirs}/akonadi/{,**} rwk,
owner @{user_share_dirs}/local-mail*/{,**} rw, owner @{user_share_dirs}/local-mail*/{,**} rw,

4
apparmor.d/groups/apt/apt-listbugs
View file

@ -23,7 +23,7 @@ profile apt-listbugs @{exec_path} {
network netlink raw, network netlink raw,
@{exec_path} r, @{exec_path} r,
@{bin}/ruby[0-9].@{int} rix, @{bin}/ruby@{int}.@{int} rix,
@{sh_path} rix, @{sh_path} rix,
@{bin}/logname rix, @{bin}/logname rix,
@ -34,7 +34,7 @@ profile apt-listbugs @{exec_path} {
# shared object file): ignored. # shared object file): ignored.
@{bin}/dpkg-query rpx, @{bin}/dpkg-query rpx,
/usr/local/lib/site_ruby/[0-9].[0-9].[0-9]/**.rb r, /usr/local/lib/site_ruby/@{d}.@{d}.@{d}/**.rb r,
/usr/share/rubygems-integration/*/specifications/ r, /usr/share/rubygems-integration/*/specifications/ r,
/usr/share/rubygems-integration/*/specifications/*.gemspec rwk, /usr/share/rubygems-integration/*/specifications/*.gemspec rwk,

2
apparmor.d/groups/apt/apt-listbugs-migratepins
View file

@ -14,7 +14,7 @@ profile apt-listbugs-migratepins @{exec_path} {
include <abstractions/ruby> include <abstractions/ruby>
@{exec_path} r, @{exec_path} r,
@{bin}/ruby[0-9].@{int} rix, @{bin}/ruby@{int}.@{int} rix,
/usr/share/rubygems-integration/*/specifications/ r, /usr/share/rubygems-integration/*/specifications/ r,
/usr/share/rubygems-integration/*/specifications/*.gemspec rwk, /usr/share/rubygems-integration/*/specifications/*.gemspec rwk,

2
apparmor.d/groups/apt/apt-listbugs-prefclean
View file

@ -14,7 +14,7 @@ profile apt-listbugs-prefclean @{exec_path} {
include <abstractions/ruby> include <abstractions/ruby>
@{exec_path} r, @{exec_path} r,
@{bin}/ruby[0-9].@{int} rix, @{bin}/ruby@{int}.@{int} rix,
@{bin}/date rix, @{bin}/date rix,
@{bin}/cat rix, @{bin}/cat rix,

4
apparmor.d/groups/apt/aptitude
View file

@ -112,8 +112,8 @@ profile aptitude @{exec_path} flags=(complain) {
owner @{tmp}/aptitudebug.*/** rwk, owner @{tmp}/aptitudebug.*/** rwk,
/var/lib/apt-xapian-index/index r, /var/lib/apt-xapian-index/index r,
/var/cache/apt-xapian-index/index.[0-9]/*.glass r, /var/cache/apt-xapian-index/index.@{int}/*.glass r,
/var/cache/apt-xapian-index/index.[0-9]/iamglass r, /var/cache/apt-xapian-index/index.@{int}/iamglass r,
/var/lib/dpkg/** r, /var/lib/dpkg/** r,
/var/lib/dpkg/lock{,-frontend} rwk, /var/lib/dpkg/lock{,-frontend} rwk,

4
apparmor.d/groups/apt/synaptic
View file

@ -77,8 +77,8 @@ profile synaptic @{exec_path} {
/var/cache/apt/ r, /var/cache/apt/ r,
/var/cache/apt/** rwk, /var/cache/apt/** rwk,
/var/cache/apt-xapian-index/index.[0-9]/*.glass r, /var/cache/apt-xapian-index/index.@{int}/*.glass r,
/var/cache/apt-xapian-index/index.[0-9]/iamglass r, /var/cache/apt-xapian-index/index.@{int}/iamglass r,
/var/lib/apt-xapian-index/index r, /var/lib/apt-xapian-index/index r,
/var/lib/dpkg/** r, /var/lib/dpkg/** r,

4
apparmor.d/groups/filesystem/udisksd
View file

@ -126,8 +126,8 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
@{sys}/class/ r, @{sys}/class/ r,
@{sys}/class/nvme-subsystem/ r, @{sys}/class/nvme-subsystem/ r,
@{sys}/class/nvme/ r, @{sys}/class/nvme/ r,
@{sys}/devices/@{pci}/{ata,usb,mmc,virtio}[0-9]/{,**/}uevent w, @{sys}/devices/@{pci}/{ata,usb,mmc,virtio}@{int}/{,**/}uevent w,
@{sys}/devices/@{pci}/{ata,usb,mmc}[0-9]/{,**/}remove rw, @{sys}/devices/@{pci}/{ata,usb,mmc}@{int}/{,**/}remove rw,
@{sys}/devices/@{pci}/uevent rw, @{sys}/devices/@{pci}/uevent rw,
@{sys}/devices/**/net/*/ r, @{sys}/devices/**/net/*/ r,
@{sys}/devices/**/uevent r, @{sys}/devices/**/uevent r,

2
apparmor.d/groups/gnome/gsd-media-keys
View file

@ -79,7 +79,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/c13:@{int} r, # for /dev/input/* @{run}/udev/data/c13:@{int} r, # for /dev/input/*
@{run}/udev/data/c189:@{int} r, # For /dev/bus/usb/** @{run}/udev/data/c189:@{int} r, # For /dev/bus/usb/**
@{sys}/devices/**/usb[0-9]/{,**} r, @{sys}/devices/**/usb@{int}/{,**} r,
@{sys}/devices/@{pci}/sound/**/uevent r, @{sys}/devices/@{pci}/sound/**/uevent r,
@{sys}/devices/platform/**/uevent r, @{sys}/devices/platform/**/uevent r,
@{sys}/devices/virtual/**/uevent r, @{sys}/devices/virtual/**/uevent r,

2
apparmor.d/groups/network/iwd
View file

@ -29,7 +29,7 @@ profile iwd @{exec_path} {
/etc/iwd/{,**} r, /etc/iwd/{,**} r,
/var/lib/iwd/{,**} rw, /var/lib/iwd/{,**} rw,
@{sys}/devices/@{pci}/ieee80211/phy[0-9]/* r, @{sys}/devices/@{pci}/ieee80211/phy@{int}/* r,
@{sys}/devices/@{pci}/modalias r, @{sys}/devices/@{pci}/modalias r,
@{PROC}/sys/net/ipv{4,6}/conf/wlan@{int}/arp_* rw, @{PROC}/sys/net/ipv{4,6}/conf/wlan@{int}/arp_* rw,

4
apparmor.d/profiles-a-f/anyremote
View file

@ -81,8 +81,8 @@ profile anyremote @{exec_path} {
/usr/share/anyremote/cfg-data/Icons/common/*.png r, /usr/share/anyremote/cfg-data/Icons/common/*.png r,
/usr/share/ImageMagick-[0-9]/*.xml rw, /usr/share/ImageMagick-@{int}/*.xml rw,
/etc/ImageMagick-[0-9]/*.xml r, /etc/ImageMagick-@{int}/*.xml r,
owner @{HOME}/.anyRemote/*.png rw, owner @{HOME}/.anyRemote/*.png rw,
owner @{HOME}/.kde/share/apps/amarok/albumcovers/cache/* r, owner @{HOME}/.kde/share/apps/amarok/albumcovers/cache/* r,

2
apparmor.d/profiles-a-f/browserpass
View file

@ -22,7 +22,7 @@ profile browserpass @{exec_path} flags=(attach_disconnected) {
owner @{HOME}/.mozilla/firefox/@{rand8}.*/extensions/* r, owner @{HOME}/.mozilla/firefox/@{rand8}.*/extensions/* r,
owner @{user_cache_dirs}/mozilla/firefox/@{rand8}.*/startupCache/scriptCache-*.bin r, owner @{user_cache_dirs}/mozilla/firefox/@{rand8}.*/startupCache/scriptCache-*.bin r,
owner @{user_cache_dirs}/mozilla/firefox/@{rand8}.*/startupCache/startupCache.*.little r, owner @{user_cache_dirs}/mozilla/firefox/@{rand8}.*/startupCache/startupCache.*.little r,
owner @{user_cache_dirs}/mozilla/firefox/@{rand8}.*/safebrowsing-updating/google[0-9]/goog-phish-proto-@{int}.vlpset rw, owner @{user_cache_dirs}/mozilla/firefox/@{rand8}.*/safebrowsing-updating/google@{d}/goog-phish-proto-@{int}.vlpset rw,
owner @{tmp}/mozilla-temp-@{int} r, owner @{tmp}/mozilla-temp-@{int} r,
owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mountinfo r,

2
apparmor.d/profiles-a-f/conky
View file

@ -104,7 +104,7 @@ profile conky @{exec_path} {
deny ptrace (trace, read), deny ptrace (trace, read),
# Display the hard disk model name # Display the hard disk model name
@{sys}/devices/@{pci}/{usb,ata}[0-9]/**/model r, @{sys}/devices/@{pci}/{usb,ata}@{int}/**/model r,
@{sys}/block/{s,v}d[a-z]/device/model r, @{sys}/block/{s,v}d[a-z]/device/model r,
# Display the disk write/read speed # Display the disk write/read speed
@{PROC}/diskstats r, @{PROC}/diskstats r,

2
apparmor.d/profiles-a-f/ffmpeg
View file

@ -36,7 +36,7 @@ profile ffmpeg @{exec_path} {
owner @{tmp}/vidcutter/** rw, # TMP files for apps using ffmpeg owner @{tmp}/vidcutter/** rw, # TMP files for apps using ffmpeg
@{sys}/devices/system/node/ r, @{sys}/devices/system/node/ r,
@{sys}/devices/system/node/node[0-9]/meminfo r, @{sys}/devices/system/node/node@{int}/meminfo r,
include if exists <local/ffmpeg> include if exists <local/ffmpeg>
} }

2
apparmor.d/profiles-g-l/gitstatusd
View file

@ -6,7 +6,7 @@ abi <abi/4.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = /usr/share/zsh-theme-powerlevel[0-9]*k/gitstatus/usrbin/gitstatusd{,-*} @{exec_path} = /usr/share/zsh-theme-powerlevel@{int}k/gitstatus/usrbin/gitstatusd{,-*}
profile gitstatusd @{exec_path} { profile gitstatusd @{exec_path} {
include <abstractions/base> include <abstractions/base>

2
apparmor.d/profiles-g-l/hardinfo
View file

@ -40,7 +40,7 @@ profile hardinfo @{exec_path} {
@{bin}/perl rix, @{bin}/perl rix,
@{python_path} rix, @{python_path} rix,
@{bin}/route rix, @{bin}/route rix,
@{bin}/ruby[0-9].@{int} rix, @{bin}/ruby@{int}.@{int} rix,
@{bin}/strace rix, @{bin}/strace rix,
@{bin}/tr rix, @{bin}/tr rix,
@{bin}/valgrind{,.bin} rix, @{bin}/valgrind{,.bin} rix,

4
apparmor.d/profiles-g-l/i3lock-fancy
View file

@ -52,8 +52,8 @@ profile i3lock-fancy @{exec_path} {
@{bin}/import-im6.q16 mr, @{bin}/import-im6.q16 mr,
@{bin}/scrot mr, @{bin}/scrot mr,
/usr/share/ImageMagick-[0-9]/*.xml r, /usr/share/ImageMagick-@{int}/*.xml r,
/etc/ImageMagick-[0-9]/*.xml r, /etc/ImageMagick-@{int}/*.xml r,
owner @{HOME}/.Xauthority r, owner @{HOME}/.Xauthority r,

2
apparmor.d/profiles-g-l/iw
View file

@ -21,7 +21,7 @@ profile iw @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{sys}/devices/@{pci}/ieee80211/phy[0-9]*/index r, @{sys}/devices/@{pci}/ieee80211/phy@{int}/index r,
# file_inherit # file_inherit
owner /dev/tty@{int} rw, owner /dev/tty@{int} rw,

2
apparmor.d/profiles-m-r/popularity-contest
View file

@ -41,7 +41,7 @@ profile popularity-contest @{exec_path} {
/var/lib/ r, /var/lib/ r,
/var/lib/dpkg/info/{,*.list} r, /var/lib/dpkg/info/{,*.list} r,
/var/log/ r, /var/log/ r,
/var/log/popularity-contest.[0-9]* w, /var/log/popularity-contest.@{int} w,
/var/log/popularity-contest.new w, /var/log/popularity-contest.new w,
owner @{tmp}/#@{int} rw, owner @{tmp}/#@{int} rw,

2
apparmor.d/profiles-m-r/qbittorrent
View file

@ -131,7 +131,7 @@ profile qbittorrent @{exec_path} {
@{python_path} r, @{python_path} r,
owner @{user_share_dirs}/{,data/}qBittorrent/nova[0-9]/{,**} rw, owner @{user_share_dirs}/{,data/}qBittorrent/nova@{int}/{,**} rw,
owner @{user_torrents_dirs}/** r, owner @{user_torrents_dirs}/** r,

4
apparmor.d/profiles-m-r/rfkill
View file

@ -15,8 +15,8 @@ profile rfkill @{exec_path} {
/dev/rfkill rw, /dev/rfkill rw,
@{sys}/devices/@{pci}/rfkill[0-9]/{name,type} r, @{sys}/devices/@{pci}/rfkill@{int}/{name,type} r,
@{sys}/devices/platform/**/rfkill/rfkill[0-9]/{name,type} r, @{sys}/devices/platform/**/rfkill/rfkill@{int}/{name,type} r,
include if exists <local/rfkill> include if exists <local/rfkill>
} }

2
apparmor.d/profiles-s-z/update-ca-certificates
View file

@ -45,7 +45,7 @@ profile update-ca-certificates @{exec_path} {
/etc/ca-certificates.conf r, /etc/ca-certificates.conf r,
/etc/ssl/certs/ca-certificates.crt{,.new} rw, /etc/ssl/certs/ca-certificates.crt{,.new} rw,
/etc/ssl/certs/*.pem rw, /etc/ssl/certs/*.pem rw,
/etc/ssl/certs/@{hex}.[0-9] rw, /etc/ssl/certs/@{hex}.@{d} rw,
/var/lib/ca-certificates/ rwk, /var/lib/ca-certificates/ rwk,
/var/lib/ca-certificates/** rw, /var/lib/ca-certificates/** rw,

2
apparmor.d/profiles-s-z/wpa-cli
View file

@ -21,7 +21,7 @@ profile wpa-cli @{exec_path} {
owner @{HOME}/.wpa_cli_history-@{int}.tmp rw, owner @{HOME}/.wpa_cli_history-@{int}.tmp rw,
owner @{run}/wpa_supplicant/ r, owner @{run}/wpa_supplicant/ r,
owner @{tmp}/wpa_ctrl_@{pid}-[0-9] rw, owner @{tmp}/wpa_ctrl_@{pid}-@{d} rw,
include if exists <local/wpa-cli> include if exists <local/wpa-cli>
} }

2
apparmor.d/profiles-s-z/wpa-gui
View file

@ -17,7 +17,7 @@ profile wpa-gui @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
owner @{tmp}/wpa_ctrl_@{pid}-[0-9] w, owner @{tmp}/wpa_ctrl_@{pid}-@{d} w,
owner /dev/shm/#@{int} rw, owner /dev/shm/#@{int} rw,
@{run}/wpa_supplicant/ r, @{run}/wpa_supplicant/ r,