Update profile from #25.
This commit is contained in:
Alexandre Pujol
parent
9ecc1aa240
commit
6294159d7a
28 changed files with 83 additions and 20 deletions
|
|
@ -47,6 +47,7 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{sys}/devices/virtual/tty/tty[0-9]*/active r,
|
||||
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
@{PROC}/@{pid}/cgroup r,
|
||||
@{PROC}/1/environ r,
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
|
|||
signal (send) set=hup peer=gsd-*,
|
||||
signal (send) set=hup peer=ibus-*,
|
||||
signal (send) set=hup peer=xwayland,
|
||||
signal (send) set=term peer=gdm-wayland-session,
|
||||
signal (send) set=term peer=gdm-*-session,
|
||||
|
||||
network netlink raw,
|
||||
|
||||
|
|
@ -43,13 +43,14 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
|
|||
/{usr/,}lib/gdm-x-session rPx,
|
||||
/etc/gdm/{Pre,Post}Session/Default rix,
|
||||
|
||||
/etc/motd r,
|
||||
/etc/motd.d/ r,
|
||||
/etc/shells r,
|
||||
/etc/locale.conf r,
|
||||
/etc/environment r,
|
||||
/etc/gdm/custom.conf r,
|
||||
/etc/locale.conf r,
|
||||
/etc/machine-id r,
|
||||
/etc/motd r,
|
||||
/etc/motd.d/ r,
|
||||
/etc/security/limits.d/{,*.conf} r,
|
||||
/etc/shells r,
|
||||
|
||||
/usr/share/gdm/gdm.schemas r,
|
||||
/usr/share/wayland-sessions/*.desktop r,
|
||||
|
|
|
|||
|
|
@ -10,6 +10,9 @@ include <tunables/global>
|
|||
profile gdm-x-session @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
|
||||
signal (receive) set=term peer=gdm*,
|
||||
signal (send) set=term peer=unconfined,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}bin/Xorg rUx,
|
||||
|
|
@ -18,7 +21,9 @@ profile gdm-x-session @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
/etc/gdm/custom.conf r,
|
||||
/usr/share/gdm/gdm.schemas r,
|
||||
|
||||
/var/lib/gdm/.cache/gdm/Xauthority rw,
|
||||
/var/lib/gdm/.cache/gdm/ rw,
|
||||
|
||||
owner @{run}/user/@{uid}/gdm/ w,
|
||||
owner @{run}/user/@{uid}/gdm/Xauthority rw,
|
||||
|
|
|
|||
|
|
@ -21,6 +21,10 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
/{usr/,}bin/{,z,ba,da}sh rix,
|
||||
/{usr/,}bin/env rix,
|
||||
/{usr/,}bin/grep rix,
|
||||
/{usr/,}bin/mkdir rix,
|
||||
/{usr/,}bin/touch rix,
|
||||
/{usr/,}bin/gsettings rix,
|
||||
/{usr/,}bin/xdg-user-dirs-gtk-update rix,
|
||||
/{usr/,}lib/gnome-session-check-accelerated rix,
|
||||
/{usr/,}lib/gnome-session-check-accelerated-gl-helper rix,
|
||||
|
|
@ -42,14 +46,17 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
|||
/usr/share/applications/org.gnome.Shell.desktop r,
|
||||
/usr/share/gdm/greeter-dconf-defaults r,
|
||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||
/usr/share/glvnd/egl_vendor.d/ r,
|
||||
/usr/share/gnome-session/hardware-compatibility r,
|
||||
/usr/share/gnome-session/sessions/*.session r,
|
||||
/usr/share/icons/{,**} r,
|
||||
/usr/share/X11/xkb/{,**} r,
|
||||
|
||||
/var/lib/gdm/.cache/mesa_shader_cache/index rw,
|
||||
/var/lib/gdm/.config/gnome-session/ rw,
|
||||
/var/lib/gdm/.config/gnome-session/saved-session/ rw,
|
||||
|
||||
owner @{user_config_dirs}/gnome-session/ rw,
|
||||
owner @{user_config_dirs}/gnome-session/saved-session/ r,
|
||||
owner @{user_config_dirs}/gtk-3.0/bookmarks rw,
|
||||
owner @{user_config_dirs}/gtk-3.0/bookmarks.[0-9A-Z]* rw,
|
||||
|
|
|
|||
|
|
@ -63,21 +63,24 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
|||
/etc/machine-id r,
|
||||
/var/lib/dbus/machine-id r,
|
||||
|
||||
/var/lib/gdm/.config/ibus/ rw,
|
||||
/var/lib/gdm/.config/ibus/bus/ rw,
|
||||
/var/lib/gdm/.config/ibus/bus/[0-9a-f]*-unix-{,wayland-}[0-9] r,
|
||||
/var/lib/gdm/.config/pulse/ r,
|
||||
/var/lib/gdm/.config/pulse/client.conf r,
|
||||
/var/lib/gdm/.config/pulse/cookie rw,
|
||||
/var/lib/gdm/.local/share/gnome-shell/ rw,
|
||||
/var/lib/gdm/.local/share/applications/{,**} r,
|
||||
/var/lib/gdm/.local/share/gnome-shell/ rw,
|
||||
|
||||
owner @{HOME}/.mozilla/firefox/firefox-mpris/{,*} r,
|
||||
owner @{HOME}/@{XDG_MUSIC_DIR}/**/*.jpg r,
|
||||
owner @{HOME}/@{XDG_WALLPAPERS_DIR}/{,**} r,
|
||||
|
||||
owner @{user_config_dirs}/.goutputstream{,*} rw,
|
||||
owner @{user_config_dirs}/ibus/* r,
|
||||
owner @{user_config_dirs}/ibus/bus/{,[0-9a-f]*-unix-wayland-[0-9]} r,
|
||||
owner @{user_config_dirs}/ibus/ rw,
|
||||
owner @{user_config_dirs}/ibus/bus/ rw,
|
||||
owner @{user_config_dirs}/ibus/bus/[0-9a-f]*-unix-{,wayland-}[0-9] r,
|
||||
owner @{user_config_dirs}/monitors.xml{,~} rwl,
|
||||
/var/lib/gdm/.config/ibus/bus/{,[0-9a-f]*-unix-wayland-[0-9]} r,
|
||||
|
||||
owner @{user_share_dirs}/backgrounds/{,**} rw,
|
||||
owner @{user_share_dirs}/gnome-shell/{,**} rw,
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) {
|
|||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||
|
||||
owner @{user_cache_dirs}/thumbnails/{,**} rw,
|
||||
owner @{user_share_dirs}/applications/ rw,
|
||||
|
||||
include <abstractions/dconf>
|
||||
owner @{run}/user/@{uid}/dconf/ rw,
|
||||
|
|
|
|||
|
|
@ -22,6 +22,8 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) {
|
|||
/usr/share/icons/{,**} r,
|
||||
/usr/share/X11/xkb/** r,
|
||||
|
||||
owner @{user_share_dirs}/gnome-settings-daemon/ rw,
|
||||
|
||||
owner @{run}/user/@{uid}/gdm/Xauthority r,
|
||||
|
||||
include <abstractions/dconf>
|
||||
|
|
|
|||
|
|
@ -30,6 +30,8 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
|
|||
/usr/share/sounds/freedesktop/stereo/*.oga r,
|
||||
/usr/share/X11/xkb/** r,
|
||||
|
||||
owner @{user_config_dirs}/pulse/ rw,
|
||||
|
||||
owner @{user_share_dirs}/ r,
|
||||
owner @{user_share_dirs}/event-sound-cache.tdb.* rwk,
|
||||
owner @{user_share_dirs}/recently-used.xbel{,.*} rw,
|
||||
|
|
|
|||
|
|
@ -19,6 +19,8 @@ profile gsd-sound @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
/var/lib/gdm/.local/share/sounds/ rw,
|
||||
|
||||
owner @{user_share_dirs}/sounds/ rw,
|
||||
|
||||
include <abstractions/dconf>
|
||||
owner @{run}/user/@{uid}/dconf/ rw,
|
||||
owner @{run}/user/@{uid}/dconf/user rw,
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ profile gsd-xsettings @{exec_path} {
|
|||
/{usr/,}bin/xrdb rPx,
|
||||
|
||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||
/usr/share/gdm/greeter-dconf-defaults r,
|
||||
|
||||
/etc/xdg/Xwayland-session.d/ r,
|
||||
/etc/xdg/Xwayland-session.d/* rix,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue