felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): initial integration with attached path.

Browse source 
The feature is not yet enabled.

See https://apparmor.pujol.io/development/internal/#re-attached-path
This commit is contained in:
Alexandre Pujol 2024-10-11 14:13:17 +01:00
parent 5bf8c6ef0f
commit 61a27bc336
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
85 changed files with 164 additions and 139 deletions
Download patch file Download diff file Expand all files Collapse all files

5
apparmor.d/groups/gnome/gsd-media-keys
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/gsd-media-keys
profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/attached/consoles>
include <abstractions/audio-client>
include <abstractions/bus-accessibility>
include <abstractions/bus-session>
@ -72,7 +73,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
owner @{user_share_dirs}/recently-used.xbel{,.*} rw,
@{run}/systemd/inhibit/@{int}.ref rw,
@{att}/@{run}/systemd/inhibit/@{int}.ref rw,
@{run}/udev/data/+sound:card@{int} r, # For sound card
@{run}/udev/data/c13:@{int} r, # for /dev/input/*
@ -86,8 +87,6 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
@{PROC}/1/cgroup r,
owner @{PROC}/@{pid}/cgroup r,
owner /dev/tty@{int} rw,
include if exists <local/gsd-media-keys>
}