feat(profile): general update.

2023-11-26 21:24:40 +00:00 · 2023-11-26 21:24:40 +00:00 · 8250e202a0
commit 8250e202a0
parent 4b61abf7ce
37 changed files with 67 additions and 53 deletions
--- a/apparmor.d/profiles-a-f/apparmor_parser
+++ b/apparmor.d/profiles-a-f/apparmor_parser
@ -19,9 +19,10 @@ profile apparmor_parser @{exec_path} flags=(attach_disconnected) {

  @{lib_dirs}/snapd/apparmor.d/{,**} r,

-  /etc/apparmor/{,**} r,
  /etc/apparmor.d/{,**} r,
  /etc/apparmor.d/cache.d/{,**} rw,
+  /etc/apparmor/{,**} r,
+  /etc/apparmor/cache.d/{,**} rw,
  /etc/apparmor/earlypolicy/{,**} rw,

  /usr/share/apparmor-features/{,**} r,
--- a/apparmor.d/profiles-a-f/ffprobe
+++ b/apparmor.d/profiles-a-f/ffprobe
@ -20,7 +20,7 @@ profile ffprobe @{exec_path} {
  owner @{user_videos_dirs}/** rw,

  @{sys}/devices/system/node/ r,
-  @{sys}/devices/system/node/node[0-9]/meminfo r,
+  @{sys}/devices/system/node/node@{int}/meminfo r,

  include if exists <local/ffprobe>
 }
--- a/apparmor.d/profiles-a-f/flatpak-portal
+++ b/apparmor.d/profiles-a-f/flatpak-portal
@ -32,9 +32,8 @@ profile flatpak-portal @{exec_path} flags=(attach_disconnected) {
  owner @{user_config_dirs}/user-dirs.dirs r,
  owner @{user_share_dirs}/mime/mime.cache r,

-  owner @{run}/user/@{uid}/.flatpak/@{int}/bwrapinfo.json r,
-  owner @{run}/user/@{uid}/.flatpak/@{int}/info r,
-  owner @{run}/user/@{uid}/.flatpak/@{int}/pid r,
+  owner @{run}/user/@{uid}/.flatpak/@{int}/* r,
+  owner @{run}/user/@{uid}/.flatpak/@{int}-private/* r,

  include if exists <local/flatpak-portal>
 }
--- a/apparmor.d/profiles-a-f/flatpak-session-helper
+++ b/apparmor.d/profiles-a-f/flatpak-session-helper
@ -7,12 +7,14 @@ abi <abi/3.0>,
 include <tunables/global>

@{exec_path} = @{lib}/flatpak-session-helper
-profile flatpak-session-helper @{exec_path} {
+profile flatpak-session-helper @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
  include <abstractions/p11-kit>
  include <abstractions/ssl_certs>

+  signal (send) set=(int) peer=@{systemd},
+
  @{exec_path} mr,

  @{bin}/dbus-monitor           rPUx,
--- a/apparmor.d/profiles-a-f/fwupd
+++ b/apparmor.d/profiles-a-f/fwupd
@ -87,6 +87,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
  /usr/share/mime/mime.cache r,

  /etc/fwupd/{,**} rw,
+  /etc/gnutls/config r,
  /etc/lsb-release r,
  /etc/pki/fwupd-metadata/{,**} r,
  /etc/pki/fwupd/{,**} r,