felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): add the dconf-write abstraction.

Browse source
This commit is contained in:
Alexandre Pujol 2022-06-09 21:55:55 +01:00
parent 583d7a15f0
commit 5d45b8e7a7
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
104 changed files with 124 additions and 371 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/profiles-s-z/system-config-printer
View file

@ -11,7 +11,7 @@ include <tunables/global>
@{exec_path} += /usr/share/system-config-printer/system-config-printer.py
profile system-config-printer @{exec_path} flags=(complain) {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/fontconfig-cache-read>
include <abstractions/fonts>
include <abstractions/freedesktop.org>
@ -42,8 +42,6 @@ profile system-config-printer @{exec_path} flags=(complain) {
owner @{HOME}/.cups/ rw,
owner @{HOME}/.cups/lpoptions rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner /tmp/* rw,
owner @{PROC}/@{pid}/fd/ r,

5
apparmor.d/profiles-s-z/udiskie
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/udiskie
profile udiskie @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>
include <abstractions/X>
include <abstractions/fonts>
include <abstractions/fontconfig-cache-read>
@ -37,10 +38,6 @@ profile udiskie @{exec_path} {
/usr/share/glib-2.0/schemas/gschemas.compiled r,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
# Allowed apps to open
/{usr/,}bin/spacefm rPx,

6
apparmor.d/profiles-s-z/utox
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/utox
profile utox @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>
include <abstractions/gtk>
include <abstractions/fonts>
include <abstractions/fontconfig-cache-read>
@ -39,11 +40,6 @@ profile utox @{exec_path} {
/usr/share/glib-2.0/schemas/gschemas.compiled r,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
profile open {
include <abstractions/base>
include <abstractions/xdg-open>

5
apparmor.d/profiles-s-z/vidcutter
View file

@ -34,6 +34,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/vidcutter
profile vidcutter @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>
include <abstractions/X>
include <abstractions/gtk>
include <abstractions/freedesktop.org>
@ -91,10 +92,6 @@ profile vidcutter @{exec_path} {
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{user_config_dirs}/qt5ct/{,**} r,
/usr/share/qt5ct/** r,

4
apparmor.d/profiles-s-z/virt-manager
View file

@ -12,7 +12,7 @@ include <tunables/global>
profile virt-manager @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/audio>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/devices-usb>
include <abstractions/fontconfig-cache-read>
include <abstractions/fonts>
@ -88,8 +88,6 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) {
owner @{HOME}/@{XDG_VM_DIR}/{,**} rw,
owner @{MOUNTS}/*/@{XDG_VM_DIR}/{,**} rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/libvirt/libvirtd.lock rwk,
@{run}/mount/utab r,
@{run}/udev/data/c51[0-9]:[0-9]* r,

5
apparmor.d/profiles-s-z/xarchiver
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/xarchiver
profile xarchiver @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>
include <abstractions/gtk>
include <abstractions/fonts>
include <abstractions/fontconfig-cache-read>
@ -42,10 +43,6 @@ profile xarchiver @{exec_path} {
/{usr/,}bin/xdg-open rCx -> open,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{user_config_dirs}/xarchiver/ rw,
owner @{user_config_dirs}/xarchiver/xarchiverrc{,.*} rw,