felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Profile update.

Browse source
This commit is contained in:
Alexandre Pujol 2022-03-02 18:22:57 +00:00
parent 683da55bb9
commit 60cb62334b
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
12 changed files with 28 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

3
apparmor.d/groups/browsers/chromium-chromium
View file

@ -43,9 +43,10 @@ profile chromium-chromium @{exec_path} flags=(attach_disconnected) {
owner @{PROC}/@{pid}/uid_map w,
ptrace (trace) peer=@{profile_name},
ptrace (read) peer=xdg-settings,
ptrace (read) peer=browserpass,
ptrace (read) peer=keepassxc-proxy,
ptrace (read) peer=lsb_release,
ptrace (read) peer=xdg-settings,
signal (send) set=(term, kill) peer=keepassxc-proxy,
signal (receive) peer=chromium-chrome-crashpad-handler,

1
apparmor.d/groups/gnome/gjs-console
View file

@ -31,7 +31,6 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/glvnd/egl_vendor.d/{,*.json} r,
/usr/share/gnome-shell/{,**} r,
/usr/share/themes/*/gtk-3.0/{,**} r,
/usr/share/X11/xkb/** r,
/var/lib/gdm/.config/dconf/user r,

1
apparmor.d/groups/gnome/gnome-control-center
View file

@ -111,6 +111,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
@{PROC}/zoneinfo r,
/dev/ r,
/dev/media[0-9]* r,
/dev/video[0-9]* rw,
include if exists <local/gnome-control-center>

6
apparmor.d/groups/gnome/gsd-media-keys
View file

@ -20,9 +20,6 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
/etc/machine-id r,
/var/lib/dbus/machine-id r,
/usr/share/gdm/greeter-dconf-defaults r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/icons/{,**} r,
@ -30,6 +27,9 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
/usr/share/sounds/freedesktop/stereo/*.oga r,
/usr/share/X11/xkb/** r,
/etc/machine-id r,
/var/lib/dbus/machine-id r,
owner @{user_config_dirs}/pulse/ rw,
owner @{user_share_dirs}/ r,

5
apparmor.d/groups/gnome/nautilus
View file

@ -13,6 +13,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
include <abstractions/gnome>
include <abstractions/nameservice-strict>
include <abstractions/openssl>
include <abstractions/trash>
@{exec_path} mr,
/{usr/,}bin/{,ba,da}sh rix,
@ -27,11 +28,11 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
# Full access to user's data
/ r,
owner @{HOME}/{,**} rw,
owner @{MOUNTS}/{,**} r,
owner @{MOUNTS}/{,**} rw,
owner @{run}/user/@{uid}/{,**} rw,
owner /tmp/{,**} rw,
# Silencer for non user's data
# Silence non user's data
deny owner @{HOME}/@{XDG_VM_DIR}/{,**} rw,
deny /boot rw,
deny /opt rw,