feat(profile): general update.
This commit is contained in:
Alexandre Pujol
parent
4b61abf7ce
commit
8250e202a0
37 changed files with 67 additions and 53 deletions
|
|
@ -20,6 +20,7 @@ profile dbus-run-session @{exec_path} {
|
|||
@{bin}/gnome-session rix,
|
||||
@{bin}/gnome-shell rPx,
|
||||
@{bin}/gsettings rPx,
|
||||
@{bin}/startplasma-wayland rPUx,
|
||||
@{lib}/gnome-session-binary rPx,
|
||||
|
||||
# /usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||
|
|
|
|||
|
|
@ -15,8 +15,9 @@ profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/X-strict>
|
||||
|
||||
signal (receive) set=(term hup) peer=gdm*,
|
||||
signal (receive) set=(term hup kill) peer=@{systemd},
|
||||
signal (receive) set=(term hup kill) peer=dbus-daemon,
|
||||
signal (receive) set=(term hup kill) peer=gdm*,
|
||||
|
||||
dbus bind bus=accessibility name=org.a11y.atspi.Registry,
|
||||
|
||||
|
|
|
|||
|
|
@ -50,6 +50,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
/usr/share/pipewire/pipewire*.conf r,
|
||||
|
||||
/etc/gnutls/config r,
|
||||
/etc/pipewire/client.conf r,
|
||||
/etc/pipewire/pipewire-pulse.conf.d/{,*} r,
|
||||
/etc/pipewire/pipewire.conf r,
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ profile pipewire-media-session @{exec_path} {
|
|||
include <abstractions/dbus-strict>
|
||||
include <abstractions/devices-usb>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/video>
|
||||
|
||||
network bluetooth raw,
|
||||
network bluetooth seqpacket,
|
||||
|
|
@ -62,9 +63,7 @@ profile pipewire-media-session @{exec_path} {
|
|||
|
||||
@{run}/systemd/users/@{uid} r,
|
||||
|
||||
@{sys}/class/video4linux/ r,
|
||||
@{sys}/devices/**/sound/**/uevent r,
|
||||
@{sys}/devices/pci[0-9]*/**/modalias r,
|
||||
@{sys}/devices/pci[0-9]*/**/sound/**/pcm_class r,
|
||||
@{sys}/devices/pci[0-9]*/**/video4linux/video[0-9]*/uevent r,
|
||||
@{sys}/devices/system/node/ r,
|
||||
|
|
@ -72,7 +71,6 @@ profile pipewire-media-session @{exec_path} {
|
|||
|
||||
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
|
||||
|
||||
/dev/video@{int} rw,
|
||||
/dev/snd/ r,
|
||||
|
||||
include if exists <local/pipewire-media-session>
|
||||
|
|
|
|||
|
|
@ -134,6 +134,8 @@ profile xdg-desktop-portal-gnome @{exec_path} {
|
|||
|
||||
/usr/share/X11/xkb/{,**} r,
|
||||
|
||||
/etc/gnutls/config r,
|
||||
|
||||
/var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r,
|
||||
/var/lib/snapd/desktop/icons/{,**} r,
|
||||
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/flatpak rCx -> flatpak,
|
||||
@{bin}/flatpak rPUx,
|
||||
@{bin}/fusermount{,3} rCx -> fusermount,
|
||||
|
||||
/ r,
|
||||
|
|
@ -72,27 +72,6 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
|
|||
# file inherit
|
||||
owner /dev/tty@{int} rw,
|
||||
|
||||
profile flatpak {
|
||||
include <abstractions/base>
|
||||
|
||||
@{bin}/flatpak mr,
|
||||
|
||||
/ r,
|
||||
/etc/flatpak/remotes.d/{,*} r,
|
||||
|
||||
/var/lib/flatpak/{,**} rw,
|
||||
|
||||
owner @{user_cache_dirs}/flatpak/{,**} r,
|
||||
owner @{user_config_dirs}/user-dirs.dirs r,
|
||||
owner @{user_share_dirs}/flatpak/{,**} r,
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/xdg-document-portal_flatpak>
|
||||
}
|
||||
|
||||
profile fusermount {
|
||||
include <abstractions/base>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
|
|
|||
|
|
@ -49,6 +49,8 @@ profile evolution-addressbook-factory @{exec_path} {
|
|||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||
/usr/share/icu/@{int}.@{int}/*.dat r,
|
||||
|
||||
/etc/gnutls/config r,
|
||||
|
||||
owner @{user_share_dirs}/evolution/{,**} rwk,
|
||||
owner @{user_cache_dirs}/evolution/addressbook/{,**} rwk,
|
||||
|
||||
|
|
|
|||
|
|
@ -47,6 +47,8 @@ profile evolution-calendar-factory @{exec_path} {
|
|||
|
||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||
|
||||
/etc/gnutls/config r,
|
||||
|
||||
owner @{user_cache_dirs}/evolution/calendar/{,**} rwk,
|
||||
owner @{user_cache_dirs}/evolution/tasks/{,**} rwk,
|
||||
|
||||
|
|
|
|||
|
|
@ -50,6 +50,8 @@ profile evolution-source-registry @{exec_path} {
|
|||
|
||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||
|
||||
/etc/gnutls/config r,
|
||||
|
||||
owner @{user_cache_dirs}/evolution/{,**} rwk,
|
||||
owner @{user_config_dirs}/evolution/sources/{,*} rw,
|
||||
owner @{user_share_dirs}/evolution/{,**} r,
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ profile gdm-wayland-session @{exec_path} {
|
|||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/zsh>
|
||||
|
||||
signal (receive) set=(hup) peer=@{systemd},
|
||||
signal (receive) set=term peer=gdm{,-session-worker},
|
||||
signal (send) set=(term) peer=dbus-run-session,
|
||||
signal (send) set=(term) peer=dbus-daemon,
|
||||
|
|
|
|||
|
|
@ -11,6 +11,10 @@ profile gnome-session-ctl @{exec_path} {
|
|||
include <abstractions/base>
|
||||
include <abstractions/dbus-session-strict>
|
||||
|
||||
signal (receive) set=(kill) peer=@{systemd},
|
||||
|
||||
unix (send, receive, connect) type=stream peer=(addr=@/tmp/dbus-????????, label=dbus-daemon),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/systemd[0-9]*
|
||||
interface=org.freedesktop.systemd[0-9]*.Manager
|
||||
member={StartUnit,StopUnit}
|
||||
|
|
@ -21,12 +25,10 @@ profile gnome-session-ctl @{exec_path} {
|
|||
member=Initialized
|
||||
peer=(name=org.gnome.SessionManager, label=gnome-session-binary),
|
||||
|
||||
unix (send, receive, connect) type=stream peer=(addr=@/tmp/dbus-????????, label=dbus-daemon),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{run}/user/@{uid}/gnome-session-leader-fifo r,
|
||||
@{run}/user/@{uid}/systemd/notify rw,
|
||||
owner @{run}/user/@{uid}/gnome-session-leader-fifo r,
|
||||
|
||||
include if exists <local/gnome-session-ctl>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -468,7 +468,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
|||
@{lib}/* rPUx,
|
||||
@{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rix,
|
||||
|
||||
/usr/share/gnome-shell/extensions/ding@rastersoft.com/ding.js rPx,
|
||||
/usr/share/gnome-shell/extensions/ding@rastersoft.com/{,*/}ding.js rPx,
|
||||
|
||||
/opt/*/**/*.png r,
|
||||
/snap/*/@{uid}/**.png r,
|
||||
|
|
@ -500,6 +500,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
/.flatpak-info r,
|
||||
/etc/fstab r,
|
||||
/etc/gnutls/config r,
|
||||
/etc/pipewire/client.conf.d/{,**} r,
|
||||
/etc/timezone r,
|
||||
/etc/udev/hwdb.bin r,
|
||||
|
|
|
|||
|
|
@ -53,6 +53,7 @@ profile gnome-software @{exec_path} {
|
|||
|
||||
/etc/appstream.conf r,
|
||||
/etc/flatpak/remotes.d/{,**} r,
|
||||
/etc/gnutls/config r,
|
||||
/etc/PackageKit/Vendor.conf r,
|
||||
/etc/pulse/client.conf r,
|
||||
|
||||
|
|
|
|||
|
|
@ -65,6 +65,8 @@ profile goa-daemon @{exec_path} {
|
|||
|
||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||
|
||||
/etc/gnutls/config r,
|
||||
|
||||
/var/lib/gdm{3,}/.config/dconf/user r,
|
||||
|
||||
owner @{user_config_dirs}/goa-1.0/ rw,
|
||||
|
|
|
|||
|
|
@ -79,8 +79,9 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) {
|
|||
@{exec_path} mr,
|
||||
@{lib}/gsd-printer rPx,
|
||||
|
||||
/etc/machine-id r,
|
||||
/etc/cups/client.conf r,
|
||||
/etc/gnutls/config r,
|
||||
/etc/machine-id r,
|
||||
|
||||
@{run}/cups/cups.sock rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -52,6 +52,8 @@ profile gsd-printer @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
/etc/gnutls/config r,
|
||||
|
||||
owner /tmp/[a-z0-9]* rw,
|
||||
|
||||
owner @{PROC}/@{pid}/cgroup r,
|
||||
|
|
|
|||
|
|
@ -27,6 +27,8 @@ profile mutter-x11-frames @{exec_path} {
|
|||
/usr/share/dconf/profile/gdm r,
|
||||
/usr/share/gdm/greeter-dconf-defaults r,
|
||||
|
||||
/etc/gnutls/config r,
|
||||
|
||||
/var/lib/gdm{3,}/.config/dconf/user r,
|
||||
/var/lib/gdm{3,}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,
|
||||
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/deny-sensitive-home>
|
||||
include <abstractions/disks-read>
|
||||
include <abstractions/freedesktop.org>
|
||||
include <abstractions/gstreamer>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/private-files-strict>
|
||||
include <abstractions/private-files>
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ profile gvfsd-http @{exec_path} {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
/etc/gnutls/config r,
|
||||
|
||||
owner @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw,
|
||||
|
||||
@{PROC}/sys/net/ipv{4,6}/conf/all/disable_ipv{4,6} r,
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) {
|
|||
@{sys}/class/wwan/ r,
|
||||
|
||||
@{sys}/devices/**/uevent r,
|
||||
@{sys}/devices/pci[0-9]*/**/revision r,
|
||||
@{sys}/devices/@{pci}/revision r,
|
||||
@{sys}/devices/virtual/net/*/ r,
|
||||
@{sys}/devices/virtual/tty/*/ r,
|
||||
|
||||
|
|
|
|||
|
|
@ -118,6 +118,7 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
/ r,
|
||||
/etc/ r,
|
||||
/etc/gnutls/config r,
|
||||
/etc/iproute2/* r,
|
||||
/etc/machine-id r,
|
||||
/etc/network/interfaces r,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue