feat(profile): general update.

2024-07-15 23:12:39 +01:00 · 2024-07-15 23:12:39 +01:00 · 6cd01064ae
commit 6cd01064ae
parent 9b2470462f
27 changed files with 59 additions and 18 deletions
--- a/apparmor.d/profiles-s-z/snapd
+++ b/apparmor.d/profiles-s-z/snapd
@ -40,6 +40,7 @@ profile snapd @{exec_path} {
  network inet dgram,
  network inet6 dgram,
  network netlink raw,
+  network unix stream,

  mount fstype=squashfs /dev/loop@{int} -> /tmp/syscheck-mountpoint-@{int}/,
  umount /tmp/syscheck-mountpoint-@{int}/,
--- a/apparmor.d/profiles-s-z/spice-vdagent
+++ b/apparmor.d/profiles-s-z/spice-vdagent
@ -41,6 +41,9 @@ profile spice-vdagent @{exec_path} flags=(attach_disconnected) {

  @{run}/spice-vdagentd/spice-vdagent-sock rw,

+  @{sys}/devices/virtual/dmi/id/product_name r,
+  @{sys}/devices/virtual/dmi/id/sys_vendor r,
+
  owner @{PROC}/@{pids}/task/@{tid}/comm rw,

  owner /dev/tty@{int} rw,
--- a/apparmor.d/profiles-s-z/steam-gameoverlayui
+++ b/apparmor.d/profiles-s-z/steam-gameoverlayui
@ -18,6 +18,7 @@ profile steam-gameoverlayui @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/audio-client>
  include <abstractions/desktop>
+  include <abstractions/fontconfig-cache-write>
  include <abstractions/graphics>

  network inet stream,
--- a/apparmor.d/profiles-s-z/sudo
+++ b/apparmor.d/profiles-s-z/sudo
@ -35,6 +35,8 @@ profile sudo @{exec_path} flags=(attach_disconnected) {
  /opt/*/**                         PUx,
  /snap/snapd/@{int}@{bin}/snap    rPUx,

+  /etc/default/locale r,
+
        /var/db/sudo/lectured/ r,
  owner /var/db/sudo/lectured/@{uid} rw,
  owner /var/lib/extrausers/shadow r,
--- a/apparmor.d/profiles-s-z/update-ca-trust
+++ b/apparmor.d/profiles-s-z/update-ca-trust
@ -26,7 +26,7 @@ profile update-ca-trust @{exec_path} {

  /etc/ca-certificates/extracted/** rw,
  /etc/ssl/certs/{,*} rw,
-  /etc/ssl/certs/java/cacerts{,.*} w,
+  /etc/ssl/certs/java/** rw,

  /dev/tty rw,

--- a/apparmor.d/profiles-s-z/waybar
+++ b/apparmor.d/profiles-s-z/waybar
@ -7,7 +7,6 @@ abi <abi/3.0>,
 include <tunables/global>

@{exec_path} = @{bin}/waybar
-
 profile waybar @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/audio>