felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): add the dconf-write abstraction.

Browse source
This commit is contained in:
Alexandre Pujol 2022-06-09 21:55:55 +01:00
parent 583d7a15f0
commit 5d45b8e7a7
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
104 changed files with 124 additions and 371 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/profiles-a-f/arduino
View file

@ -10,6 +10,7 @@ include <tunables/global>
profile arduino @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/dconf-write>
include <abstractions/nameservice-strict>
include <abstractions/gtk>
include <abstractions/fonts>
@ -51,9 +52,6 @@ profile arduino @{exec_path} {
owner @{HOME}/.java/fonts/*/fcinfo[0-9]*.tmp rw,
owner @{HOME}/.java/fonts/*/fcinfo-*.properties rw,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/user rw,
/usr/share/arduino/{,**} r,
/usr/share/arduino-builder/{,**} r,

5
apparmor.d/profiles-a-f/atril
View file

@ -18,6 +18,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/atril{,-*}
profile atril @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>
include <abstractions/gtk>
include <abstractions/fonts>
include <abstractions/fontconfig-cache-read>
@ -52,10 +53,6 @@ profile atril @{exec_path} {
/usr/share/glib-2.0/schemas/gschemas.compiled r,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/mounts r,

5
apparmor.d/profiles-a-f/blueman
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/blueman-*
profile blueman @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dconf-write>
include <abstractions/python>
include <abstractions/fonts>
include <abstractions/fontconfig-cache-read>
@ -63,10 +64,6 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
owner @{PROC}/@{pid}/mounts r,
@{PROC}/@{pids}/cmdline r,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/dev/tty rw,

6
apparmor.d/profiles-a-f/cawbird
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/cawbird
profile cawbird @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>
include <abstractions/gtk>
include <abstractions/fonts>
include <abstractions/fontconfig-cache-read>
@ -42,11 +43,6 @@ profile cawbird @{exec_path} {
/usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r,
# This is needed as cawbird stores its settings in the dconf database.
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
/var/lib/dbus/machine-id r,
/etc/machine-id r,

6
apparmor.d/profiles-a-f/czkawka-gui
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/czkawka_gui
profile czkawka-gui @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>
include <abstractions/gtk>
include <abstractions/fonts>
include <abstractions/fontconfig-cache-read>
@ -38,11 +39,6 @@ profile czkawka-gui @{exec_path} {
/usr/share/glib-2.0/schemas/gschemas.compiled r,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
profile open {
include <abstractions/base>
include <abstractions/xdg-open>

5
apparmor.d/profiles-a-f/deltachat-desktop
View file

@ -16,6 +16,7 @@ include <tunables/global>
profile deltachat-desktop @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/dconf-write>
include <abstractions/gtk>
include <abstractions/fonts>
include <abstractions/fontconfig-cache-read>
@ -46,10 +47,6 @@ profile deltachat-desktop @{exec_path} {
owner @{HOME}/.config/DeltaChat/ rw,
owner @{HOME}/.config/DeltaChat/** rwk,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
owner /tmp/[0-9a-f]*/ rw,

5
apparmor.d/profiles-a-f/dino-im
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/dino-im
profile dino-im @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>
include <abstractions/gtk>
include <abstractions/fonts>
include <abstractions/fontconfig-cache-read>
@ -29,10 +30,6 @@ profile dino-im @{exec_path} {
/{usr/,}bin/gpgconf rCx -> gpg,
/{usr/,}bin/gpgsm rCx -> gpg,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ w,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{user_share_dirs}/dino/ rw,
owner @{user_share_dirs}/dino/** rwk,

5
apparmor.d/profiles-a-f/engrampa
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/engrampa
profile engrampa @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>
include <abstractions/gtk>
include <abstractions/fonts>
include <abstractions/fontconfig-cache-read>
@ -43,10 +44,6 @@ profile engrampa @{exec_path} {
/{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rCx -> open,
/{usr/,}bin/xdg-open rCx -> open,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{user_config_dirs}/engrampa/ rw,
/ r,

4
apparmor.d/profiles-a-f/evince
View file

@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/evince /{usr/,}bin/evinced
profile evince @{exec_path} {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/gnome>
include <abstractions/openssl>
include <abstractions/user-download-strict>
@ -33,8 +33,6 @@ profile evince @{exec_path} {
owner @{user_cache_dirs}/thumbnails/{,**} rw,
owner @{user_config_dirs}/evince/{,*} rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner /tmp/evince-*/{,**} rw,
/tmp/gtkprint* rw,
/tmp/*.pdf r,

5
apparmor.d/profiles-a-f/font-manager
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/font-manager
profile font-manager @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>
include <abstractions/gtk>
include <abstractions/fonts>
include <abstractions/fontconfig-cache-write>
@ -59,10 +60,6 @@ profile font-manager @{exec_path} {
@{sys}/firmware/acpi/pm_profile r,
@{sys}/fs/cgroup/{,**} r,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
# Silencer
owner /var/cache/fontconfig/ w,
deny /var/cache/fontconfig/ w,

5
apparmor.d/profiles-a-f/fwupdmgr
View file

@ -11,7 +11,7 @@ include <tunables/global>
profile fwupdmgr @{exec_path} flags=(attach_disconnected,complain) {
include <abstractions/base>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/nameservice-strict>
include <abstractions/openssl>
include <abstractions/ssl_certs>
@ -38,9 +38,6 @@ profile fwupdmgr @{exec_path} flags=(attach_disconnected,complain) {
owner @{user_cache_dirs}/fwupd/ rw,
owner @{user_cache_dirs}/fwupd/lvfs-metadata.xml.gz{,.*} rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{PROC}/@{pid}/fd/ r,
/dev/tty rw,