felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2023-09-12 22:59:07 +01:00
parent 6c397882ad
commit 6db83003c7
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
33 changed files with 98 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

1
apparmor.d/groups/gnome/gdm-wayland-session
View file

@ -70,6 +70,7 @@ profile gdm-wayland-session @{exec_path} {
/usr/share/gdm/gdm.schemas r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/im-config/{,**} r,
/usr/share/libdebuginfod-common/debuginfod.sh r,
/usr/share/xsessions/gnome.desktop r,
@{etc_ro}/profile.d/{,*} r,

4
apparmor.d/groups/gnome/gnome-software
View file

@ -46,7 +46,7 @@ profile gnome-software @{exec_path} {
/usr/share/app-info/{,**} r,
/usr/share/appdata/{,**} r,
/usr/share/metainfo/{,**} r,
/usr/share/swcatalog/xml/{,**} r,
/usr/share/swcatalog/{,**} r,
/usr/share/X11/xkb/{,**} r,
/usr/share/xml/iso-codes/{,**} r,
@ -110,6 +110,8 @@ profile gnome-software @{exec_path} {
@{PROC}/@{pids}/mounts r,
@{PROC}/sys/fs/pipe-max-size r,
@{PROC}/sys/kernel/random/boot_id r,
@{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/stat r,
/dev/fuse rw,

4
apparmor.d/groups/gnome/kgx
View file

@ -12,12 +12,15 @@ profile kgx @{exec_path} {
include <abstractions/consoles>
include <abstractions/dconf-write>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/fonts>
include <abstractions/freedesktop.org>
include <abstractions/gtk>
include <abstractions/mesa>
include <abstractions/nameservice-strict>
include <abstractions/nvidia>
include <abstractions/vulkan>
include <abstractions/X-strict>
capability sys_ptrace,
@ -38,7 +41,6 @@ profile kgx @{exec_path} {
@{lib}/gio-launch-desktop rPx -> child-open,
/usr/share/themes/{,**} r,
/usr/share/X11/xkb/{,**} r,
owner /tmp/#@{int} rw,

8
apparmor.d/groups/gnome/mutter-x11-frames
View file

@ -20,10 +20,16 @@ profile mutter-x11-frames @{exec_path} {
include <abstractions/nvidia>
include <abstractions/vulkan>
include <abstractions/wayland>
include <abstractions/X-strict>
@{exec_path} mr,
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} rw,
/usr/share/dconf/profile/gdm r,
/usr/share/gdm/greeter-dconf-defaults r,
/var/lib/gdm/.config/dconf/user r,
owner @{PROC}/@{pid}/cmdline r,
include if exists <local/mutter-x11-frames>
}

1
apparmor.d/groups/gnome/nautilus
View file

@ -98,6 +98,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
@{PROC}/@{pids}/net/wireless r,
@{PROC}/sys/dev/i915/perf_stream_paranoid r,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r,

10
apparmor.d/groups/gnome/tracker-extract
View file

@ -13,6 +13,7 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
include <abstractions/dconf-write>
include <abstractions/deny-sensitive-home>
include <abstractions/disks-read>
include <abstractions/dri-enumerate>
include <abstractions/fonts>
include <abstractions/freedesktop.org>
include <abstractions/gstreamer>
@ -82,6 +83,8 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
/usr/share/dconf/profile/gdm r,
/usr/share/drirc.d/{,*.conf} r,
/usr/share/gvfs/remote-volume-monitors/{,*} r,
/usr/share/hwdata/*.ids r,
/usr/share/ladspa/rdf/{,**} r,
/usr/share/mime/mime.cache r,
@ -89,15 +92,11 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
/usr/share/poppler/{,**} r,
/usr/share/tracker3-miners/{,**} r,
/usr/share/tracker3/{,**} r,
/usr/share/gvfs/remote-volume-monitors/{,*} r,
/etc/blkid.conf r,
/etc/fstab r,
/etc/libva.conf r,
# dri-common-strict
/usr/share/drirc.d/{,*.conf} r,
/var/lib/gdm{3,}/.cache/ rw,
/var/lib/gdm{3,}/.cache/tracker3/{,**} rw,
/var/lib/gdm{3,}/.cache/gstreamer-1.0/ rw,
@ -134,9 +133,6 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
@{run}/mount/utab r,
@{sys}/devices/pci[0-9]*/*/vendor r,
@{sys}/devices/pci[0-9]*/*/device r,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/task/@{tid}/comm rw,