felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: remove unneeded abi definition in abstraction.

Browse source
This commit is contained in:
Alexandre Pujol 2024-02-11 13:34:12 +00:00
parent 7269ac6ca9
commit 804bde0172
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
25 changed files with 9 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/abstractions/app-launcher-root
View file

@ -3,8 +3,6 @@
# Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
@{bin}/* rPUx,
/usr/local/{s,}bin/* rPUx,

2
apparmor.d/abstractions/app-launcher-user
View file

@ -3,8 +3,6 @@
# Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
@{bin}/* rPUx,
/opt/*/** rPUx,
/usr/share/*/* rPUx,

2
apparmor.d/abstractions/apt-common
View file

@ -3,8 +3,6 @@
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
/usr/share/dpkg/cputable r,
/usr/share/dpkg/tupletable r,

2
apparmor.d/abstractions/chromium
View file

@ -12,8 +12,6 @@
# @{config_dirs} = @{user_config_dirs}/chromium
# @{cache_dirs} = @{user_cache_dirs}/chromium
abi <abi/3.0>,
include <abstractions/audio>
include <abstractions/dconf-write>
include <abstractions/desktop>

24
apparmor.d/abstractions/chromium-common
View file

@ -6,10 +6,7 @@
# This abstraction is for chromium based application. Chromium based browsers
# need to use abstractions/chromium instead.
abi <abi/3.0>,
# The following rules are needed only when the kernel.unprivileged_userns_clone option is set
# to "1".
# Only needed when kernel.unprivileged_userns_clone is set to "1"
capability sys_admin,
capability sys_chroot,
capability setuid,
@ -18,6 +15,14 @@
owner @{PROC}/@{pid}/gid_map w,
owner @{PROC}/@{pid}/uid_map w,
owner @{HOME}/.pki/ rw,
owner @{HOME}/.pki/nssdb/ rw,
owner @{HOME}/.pki/nssdb/pkcs11.txt rw,
owner @{HOME}/.pki/nssdb/{cert9,key4}.db rwk,
owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw,
owner @{user_share_dirs}/.org.chromium.Chromium.* rw,
/tmp/ r,
/var/tmp/ r,
owner /tmp/.org.chromium.Chromium.* rw,
@ -30,15 +35,4 @@
/dev/shm/ r,
owner /dev/shm/.org.chromium.Chromium.* rw,
owner @{user_share_dirs}/.org.chromium.Chromium.* rw,
# Should this be read-only? (##FIXME##)
# To remove the following error:
# Error initializing NSS with a persistent database
owner @{HOME}/.pki/ rw,
owner @{HOME}/.pki/nssdb/ rw,
owner @{HOME}/.pki/nssdb/pkcs11.txt rw,
owner @{HOME}/.pki/nssdb/{cert9,key4}.db rwk,
owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw,
include if exists <abstractions/chromium-common.d>

2
apparmor.d/abstractions/desktop
View file

@ -2,8 +2,6 @@
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <abstractions/fonts>
include <abstractions/freedesktop.org>
include <abstractions/gtk>

2
apparmor.d/abstractions/devices-usb
View file

@ -3,8 +3,6 @@
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
/dev/ r,
/dev/bus/usb/ r,
/dev/bus/usb/@{int}/ r,

2
apparmor.d/abstractions/disks-read
View file

@ -3,8 +3,6 @@
# Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
# The /sys/ entries probably should be tightened
/dev/ r,

2
apparmor.d/abstractions/disks-write
View file

@ -3,8 +3,6 @@
# Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
# The /sys/ entries probably should be tightened
/dev/ r,

2
apparmor.d/abstractions/flatpak-snap
View file

@ -4,8 +4,6 @@
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
# Flatpak
/var/lib/flatpak/exports/share/{,**} r,
/var/lib/flatpak/app/**/export/share/applications/{,*.desktop} r,

2
apparmor.d/abstractions/fontconfig-cache-read
View file

@ -3,8 +3,6 @@
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
# The fontconfig cache can be generated via the following command:
# $ fc-cache -f -v
# There's no need to give apps the ability to create cache for their own. Apps can generate the

2
apparmor.d/abstractions/fontconfig-cache-write
View file

@ -3,8 +3,6 @@
# Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
owner @{user_cache_dirs}/fontconfig/ rw,
owner @{user_cache_dirs}/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw,
owner @{user_cache_dirs}/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rwk,

2
apparmor.d/abstractions/fzf
View file

@ -3,8 +3,6 @@
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
owner @{HOME}/.fzf/{,**} r,
owner @{HOME}/.fzf.* r,

2
apparmor.d/abstractions/gnome-strict
View file

@ -2,8 +2,6 @@
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <abstractions/fonts>
include <abstractions/freedesktop.org>
include <abstractions/gtk>

2
apparmor.d/abstractions/graphics
View file

@ -2,8 +2,6 @@
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <abstractions/dri>
include <abstractions/mesa>
include <abstractions/nvidia-strict>

2
apparmor.d/abstractions/graphics-full
View file

@ -2,8 +2,6 @@
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <abstractions/graphics>
@{bin}/nvidia-modprobe Px -> nvidia_modprobe,

2
apparmor.d/abstractions/kde-strict
View file

@ -2,8 +2,6 @@
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <abstractions/fonts>
include <abstractions/freedesktop.org>
include <abstractions/qt5>

2
apparmor.d/abstractions/kde4
View file

@ -3,8 +3,6 @@
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
/usr/share/kde4/** r,
@{lib}/kde4/*.so mr,

2
apparmor.d/abstractions/nameservice-strict
View file

@ -3,8 +3,6 @@
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
@{etc_ro}/default/nss r,
@{etc_ro}/gai.conf r,
@{etc_ro}/group r,

3
apparmor.d/abstractions/nvidia-strict
View file

@ -2,9 +2,6 @@
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
/usr/share/nvidia/nvidia-application-profiles-* r,
/etc/nvidia/nvidia-application-profiles-* r,

2
apparmor.d/abstractions/qt5-shader-cache
View file

@ -3,8 +3,6 @@
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
owner @{user_cache_dirs}/ w,
owner @{user_cache_dirs}/qtshadercache/ rw,
owner @{user_cache_dirs}/qtshadercache/#@{int} rw,

2
apparmor.d/abstractions/thumbnails-cache-read
View file

@ -3,8 +3,6 @@
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
owner @{HOME}/thumbnails/ r,
owner @{HOME}/thumbnails/{large,normal}/ r,
owner @{HOME}/thumbnails/{large,normal}/@{hex}.png r,

2
apparmor.d/abstractions/thumbnails-cache-write
View file

@ -3,8 +3,6 @@
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
owner @{HOME}/thumbnails/ rw,
owner @{HOME}/thumbnails/{large,normal}/ rw,
owner @{HOME}/thumbnails/{large,normal}/#@{int} rw,

2
apparmor.d/abstractions/user-download-strict
View file

@ -3,8 +3,6 @@
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
owner @{HOME}/@{XDG_DESKTOP_DIR}/ w,
owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ w,

2
apparmor.d/abstractions/zsh
View file

@ -6,8 +6,6 @@
# This abstraction is only required when an interactive shell is started.
# Classic shell scripts do not need it.
abi <abi/3.0>,
@{lib}/@{multiarch}/zsh/@{int}/zsh/*.so mr,
/usr/share/zsh/{,**} r,