Profiles update.

2022-03-17 14:01:50 +00:00 · 2022-03-17 14:01:50 +00:00 · 4ff371e739
commit 4ff371e739
parent bb0847f5df
22 changed files with 67 additions and 33 deletions
--- a/apparmor.d/groups/gnome/evolution-alarm-notify
+++ b/apparmor.d/groups/gnome/evolution-alarm-notify
@ -12,6 +12,7 @@ profile evolution-alarm-notify @{exec_path} {
  include <abstractions/fontconfig-cache-read>
  include <abstractions/gnome>
  include <abstractions/nameservice-strict>
+  include <abstractions/opencl>
  include <abstractions/openssl>

  @{exec_path} mr,
--- a/apparmor.d/groups/gnome/gjs-console
+++ b/apparmor.d/groups/gnome/gjs-console
@ -57,6 +57,8 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
        @{run}/user/@{uid}/wayland-cursor-shared-* rw,

  @{sys}/devices/pci[0-9]*/**/drm/ r,
+  @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/**/id r,
+  @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/gt_*_mhz r,

  /dev/ r,
  /dev/tty rw,
--- a/apparmor.d/groups/gnome/gnome-calendar
+++ b/apparmor.d/groups/gnome/gnome-calendar
@ -11,6 +11,7 @@ profile gnome-calendar @{exec_path} {
  include <abstractions/base>
  include <abstractions/gnome>
  include <abstractions/nameservice-strict>
+  include <abstractions/opencl>
  include <abstractions/openssl>
  include <abstractions/p11-kit>
  include <abstractions/ssl_certs>
--- a/apparmor.d/groups/gnome/gnome-contacts-search-provider
+++ b/apparmor.d/groups/gnome/gnome-contacts-search-provider
@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}lib/gnome-contacts-search-provider
 profile gnome-contacts-search-provider @{exec_path} {
  include <abstractions/base>
+  include <abstractions/opencl>
  include <abstractions/openssl>

  signal (send) set=(term) peer=unconfined,
--- a/apparmor.d/groups/gnome/goa-daemon
+++ b/apparmor.d/groups/gnome/goa-daemon
@ -10,6 +10,7 @@ include <tunables/global>
 profile goa-daemon @{exec_path} {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
+  include <abstractions/opencl>
  include <abstractions/openssl>
  include <abstractions/p11-kit>
  include <abstractions/ssl_certs>
--- a/apparmor.d/groups/gnome/gsd-xsettings
+++ b/apparmor.d/groups/gnome/gsd-xsettings
@ -15,6 +15,7 @@ profile gsd-xsettings @{exec_path} {
  include <abstractions/fonts>
  include <abstractions/gtk>
  include <abstractions/nameservice-strict>
+  include <abstractions/opencl>

  network inet stream,
  network inet6 stream,
--- a/apparmor.d/groups/gnome/nautilus
+++ b/apparmor.d/groups/gnome/nautilus
@ -28,6 +28,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {

  # Full access to user's data
  / r,
+  /home/ r,
  owner @{HOME}/{,**} rw,
  owner @{MOUNTS}/{,**} rw,
  owner @{run}/user/@{uid}/{,**} rw,
@ -46,7 +47,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {

  owner @{PROC}/@{pid}/fd/ r,
  owner @{PROC}/@{pid}/mountinfo r,
-  owner @{PROC}/@{pid}/net/wireless r,
+        @{PROC}/@{pids}/net/wireless r,

  @{run}/mount/utab r,
  @{run}/systemd/userdb/ r,