From 5a448cb39dda25ddf11ce446af10dda253613bc4 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sat, 17 May 2025 22:23:35 +0200 Subject: [PATCH] feat(profile): add initial profile for papers. --- apparmor.d/groups/gnome/papers | 51 ++++++++++++++++++++++++++++++++++ dists/flags/main.flags | 2 +- 2 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 apparmor.d/groups/gnome/papers diff --git a/apparmor.d/groups/gnome/papers b/apparmor.d/groups/gnome/papers new file mode 100644 index 000000000..ee829d8f3 --- /dev/null +++ b/apparmor.d/groups/gnome/papers @@ -0,0 +1,51 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2025 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/papers +profile papers @{exec_path} { + include + include + include + include + include + include + + #aa:dbus talk bus=session name=org.gtk.vfs label="gvfsd{,-*}" + + @{exec_path} mr, + + @{open_path} Cx -> open, + + /usr/share/poppler/{,**} r, + + owner @{user_share_dirs}/gvfs-metadata/{,*} r, + + owner @{tmp}/.goutputstream-@{rand6} rw, + owner @{tmp}/gtkprint_@{rand6} rw, + owner @{tmp}/gtkprint@{rand6} rw, + + @{run}/mount/utab r, + + owner @{PROC}/@{pid}/mountinfo r, + owner @{PROC}/@{pid}/stat r, + + profile open { + include + include + + @{browsers_path} Px, + @{help_path} Px, + @{bin}/papers Px, + + include if exists + } + + include if exists +} + +# vim:syntax=apparmor diff --git a/dists/flags/main.flags b/dists/flags/main.flags index bcebd472d..70d484953 100644 --- a/dists/flags/main.flags +++ b/dists/flags/main.flags @@ -257,7 +257,7 @@ nvidia-persistenced complain ollama attach_disconnected,complain os-prober attach_disconnected,complain pam_kwallet_init complain -pam-tmpdir-helper complain +papers complain passimd attach_disconnected,complain pkla-admin-identities complain pkla-check-authorization complain