felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(abs): minor improvement & cosmetic.

Browse source
This commit is contained in:
Alexandre Pujol 2025-06-01 15:48:38 +02:00
parent af82a9caa6
commit 8452eb44f1
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
11 changed files with 22 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/abstractions/app/kmod
View file

@ -7,9 +7,9 @@
include <abstractions/consoles>
@{bin}/kmod mr,
@{sbin}/depmod mr,
@{sbin}/insmod mr,
@{bin}/kmod mr,
@{sbin}/lsmod mr,
@{sbin}/modinfo mr,
@{sbin}/modprobe mr,

2
apparmor.d/abstractions/app/pager
View file

@ -12,7 +12,7 @@
capability dac_override,
capability dac_read_search,
signal (receive) set=(stop, cont, term, kill),
signal receive set=(stop, cont, term, kill),
@{bin}/ r,
@{pager_path} mrix,

4
apparmor.d/abstractions/app/sudo
View file

@ -3,7 +3,7 @@
# SPDX-License-Identifier: GPL-2.0-only
# LOGPROF-SUGGEST: no
# Minimal set of rules for sudo. Interactive sudo need more rules.
# Minimal set of rules for sudo.
abi <abi/4.0>,
@ -24,6 +24,8 @@
network netlink raw, # PAM
unix type=stream addr=@@{udbus}/bus/sudo/system,
#aa:dbus talk bus=system name=org.freedesktop.home1 label="@{p_systemd_homed}"
#aa:dbus talk bus=system name=org.freedesktop.login1 label="@{p_systemd_logind}"

6
apparmor.d/abstractions/base.d/complete
View file

@ -3,14 +3,16 @@
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
# Systemd: allow to receive any signal from the systemd profiles stack
signal receive peer=@{p_systemd},
signal receive peer=@{p_systemd_user},
# Allow to receive some signals from new well-known profiles
signal (receive) peer=btop,
signal (receive) peer=htop,
signal (receive) peer=sudo,
signal (receive) peer=top,
signal (receive) set=(cont,term,kill,stop) peer=systemd-shutdown,
signal (receive) set=(cont,term) peer=@{p_systemd_user},
signal (receive) set=(cont,term) peer=@{p_systemd},
signal (receive) set=(hup term) peer=login,
signal (receive) set=(hup) peer=xinit,
signal (receive) set=(term,kill) peer=gnome-shell,

2
apparmor.d/abstractions/bus/org.freedesktop.Avahi
View file

@ -9,7 +9,7 @@
dbus send bus=system path=/
interface=org.freedesktop.DBus.Peer
member=Ping
peer=(name=org.freedesktop.Avahi, label="@{p_avahi_daemon}"),
peer=(name=org.freedesktop.Avahi),
dbus send bus=system path=/
interface=org.freedesktop.Avahi.Server

7
apparmor.d/abstractions/consoles.d/complete Normal file
View file

@ -0,0 +1,7 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
/dev/tty@{u8} rw,
# vim:syntax=apparmor

2
apparmor.d/abstractions/freedesktop.org.d/complete
View file

@ -16,7 +16,7 @@
/opt/*/**.{desktop,png} r,
/etc/gnome/defaults.list r,
/etc/xfce4/defaults.list r,
/etc/xfce4/defaults.list r,
/var/lib/snapd/desktop/applications/{,**} r,
/var/lib/snapd/desktop/icons/{,**} r,

2
apparmor.d/abstractions/gnome.d/complete
View file

@ -6,7 +6,7 @@
dbus receive bus=session
interface=org.freedesktop.DBus.Introspectable
member=Introspect
member=Introspect
peer=(name=@{busname}, label=gnome-shell),
/var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r,

1
apparmor.d/abstractions/vulkan.d/complete
View file

@ -1,4 +1,5 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
/etc/glvnd/egl_vendor.d/{,*.json} r,

2
apparmor.d/abstractions/webkit
View file

@ -2,7 +2,7 @@
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
# Minimal set of rules for webkit UI.
# Minimal set of rules for webkit GTK UI.
abi <abi/4.0>,

1
apparmor.d/abstractions/zsh
View file

@ -12,6 +12,7 @@
/usr/local/share/zsh/{,**} r,
/usr/share/oh-my-zsh/{,**} r,
/usr/share/zsh-theme-*/{,**} r,
/usr/share/zsh/{,**} r,
/etc/zsh/* r,