feat(profile): general update.

2024-02-28 17:17:20 +00:00 · 2024-02-28 17:17:20 +00:00 · 555b5e3c3f
commit 555b5e3c3f
parent 1c999ca921
43 changed files with 142 additions and 124 deletions
--- a/apparmor.d/groups/freedesktop/colord
+++ b/apparmor.d/groups/freedesktop/colord
@ -17,6 +17,8 @@ profile colord @{exec_path} flags=(attach_disconnected) {
  include <abstractions/nameservice-strict>
  include <abstractions/openssl>

+  network inet dgram,
+  network inet6 dgram,
  network netlink raw,

  # dbus: own bus=system name=org.freedesktop.ColorManager
@ -61,6 +63,9 @@ profile colord @{exec_path} flags=(attach_disconnected) {
  @{sys}/devices/@{pci}/uevent r,
  @{sys}/devices/virtual/dmi/id/{sys_vendor,product_version,product_name} r,

+        @{PROC}/sys/dev/parport/ r,
+        @{PROC}/sys/dev/parport/parport@{int}/base-addr r,
+        @{PROC}/sys/dev/parport/parport@{int}/irq r,
        @{PROC}/@{pids}/cgroup r,
        @{PROC}/@{pids}/cmdline r,
  owner @{PROC}/@{pid}/fd/ r,
--- a/apparmor.d/groups/freedesktop/upowerd
+++ b/apparmor.d/groups/freedesktop/upowerd
@ -30,6 +30,7 @@ profile upowerd @{exec_path} flags=(attach_disconnected) {
  @{run}/udev/data/ r,
  @{run}/udev/data/+acpi:* r,             # for acpi
  @{run}/udev/data/+hid:* r,              # for HID-Compliant Keyboard
+  @{run}/udev/data/+i2c:* r,
  @{run}/udev/data/+input:input@{int} r,  # for mouse, keyboard, touchpad
  @{run}/udev/data/+pci:* r,
  @{run}/udev/data/+platform:* r,
--- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome
+++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome
@ -18,14 +18,11 @@ profile xdg-desktop-portal-gnome @{exec_path} {
  include <abstractions/bus/org.gtk.vfs.MountTracker>
  include <abstractions/dconf-write>
  include <abstractions/deny-sensitive-home>
-  include <abstractions/dri>
  include <abstractions/fontconfig-cache-write>
  include <abstractions/gnome-strict>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
  include <abstractions/nameservice-strict>
-  include <abstractions/nvidia>
  include <abstractions/user-download>
-  include <abstractions/vulkan>

  network unix stream,

@ -68,6 +65,7 @@ profile xdg-desktop-portal-gnome @{exec_path} {
  @{bin}/* r,

  /usr/share/dconf/profile/gdm r,
+  /usr/share/thumbnailers/{,**} r,

  /var/lib/gdm{3,}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rw,
  /var/lib/gdm{3,}/greeter-dconf-defaults r,
@ -75,6 +73,9 @@ profile xdg-desktop-portal-gnome @{exec_path} {

  owner @{HOME}/*/{,**} rw,

+  owner /tmp/.goutputstream-@{rand6} rw,
+  owner /tmp/@{rand6} rw,
+
  @{run}/mount/utab r,

  owner @{PROC}/@{pid}/ r,
--- a/apparmor.d/groups/freedesktop/xdg-mime
+++ b/apparmor.d/groups/freedesktop/xdg-mime
@ -23,6 +23,7 @@ profile xdg-mime @{exec_path} flags=(attach_disconnected) {
  @{bin}/head       rix,
  @{bin}/mv         rix,
  @{bin}/readlink   rix,
+  @{bin}/realpath   rix,
  @{bin}/sed        rix,
  @{bin}/tr         rix,
  @{bin}/uname      rix,