feat(profile): general update.

2024-07-04 22:22:48 +01:00 · 2024-07-04 22:22:48 +01:00 · 62e18d04d7
commit 62e18d04d7
parent 8b8a81200a
14 changed files with 24 additions and 24 deletions
--- a/apparmor.d/profiles-s-z/steam
+++ b/apparmor.d/profiles-s-z/steam
@ -266,7 +266,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) {

    ptrace trace peer=steam//web,

-    signal receive set=kill peer=steam,
+    signal receive set=(cont kill term) peer=steam,

    unix receive type=stream,

--- a/apparmor.d/profiles-s-z/strawberry
+++ b/apparmor.d/profiles-s-z/strawberry
@ -40,6 +40,8 @@ profile strawberry @{exec_path} {

  @{open_path} rPx -> child-open-help,

+  /etc/fstab r,
+
  /var/lib/dbus/machine-id r,
  /etc/machine-id r,

@ -50,6 +52,7 @@ profile strawberry @{exec_path} {

  owner @{user_config_dirs}/strawberry/ rw,
  owner @{user_config_dirs}/strawberry/* rwkl -> @{user_config_dirs}/strawberry/#@{int},
+  owner @{user_config_dirs}/strawberryrc r,

  owner @{user_share_dirs}/strawberry/ rw,
  owner @{user_share_dirs}/strawberry/** rwk,
@ -65,6 +68,8 @@ profile strawberry @{exec_path} {
  owner @{tmp}/*= w,
  owner @{tmp}/#@{int} rw,
  owner @{tmp}/etilqs_@{hex16} rw,
+  owner @{tmp}/kdsingleapp-daemonspudguy-strawberry w,
+  owner @{tmp}/kdsingleapp-daemonspudguy-strawberry.lock rwk,
  owner @{tmp}/qipc_{systemsem,sharedmemory}_*[a-f0-9]* rw,
  owner @{tmp}/strawberry-cover-@{rand6}.jpg rwl -> @{tmp}/#@{int},
  owner @{tmp}/strawberry*[0-9] w,
--- a/apparmor.d/profiles-s-z/top
+++ b/apparmor.d/profiles-s-z/top
@ -19,9 +19,9 @@ profile top @{exec_path} flags=(attach_disconnected) {
  capability sys_nice,
  capability sys_ptrace,

-  signal (send),
+  signal send,

-  ptrace (read),
+  ptrace read,

  @{exec_path} mr,

--- a/apparmor.d/profiles-s-z/update-ca-trust
+++ b/apparmor.d/profiles-s-z/update-ca-trust
@ -24,10 +24,7 @@ profile update-ca-trust @{exec_path} {
  / r,
  /usr/share/p11-kit/modules/{,*} r,

-  /etc/ca-certificates/extracted/{tls,email,objsign}-ca-bundle.pem{,.*} w,
-  /etc/ca-certificates/extracted/ca-bundle.trust.crt{,.*} w,
-  /etc/ca-certificates/extracted/cadir/{,*} rw,
-  /etc/ca-certificates/extracted/edk2-cacerts.bin{,.*} w,
+  /etc/ca-certificates/extracted/** rw,
  /etc/ssl/certs/{,*} rw,
  /etc/ssl/certs/java/cacerts{,.*} w,

--- a/apparmor.d/profiles-s-z/wireplumber
+++ b/apparmor.d/profiles-s-z/wireplumber
@ -61,7 +61,7 @@ profile wireplumber @{exec_path} {
  @{sys}/bus/ r,
  @{sys}/bus/media/devices/ r,
  @{sys}/devices/@{pci}/video4linux/video@{int}/uevent r,
-  @{sys}/devices/**/device:*/**/path r,
+  @{sys}/devices/**/device:*/{,**/}path r,
  @{sys}/devices/**/sound/**/pcm_class r,
  @{sys}/devices/**/sound/**/uevent r,
  @{sys}/devices/system/node/ r,