felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Profiles update.

Browse source
This commit is contained in:
Alexandre Pujol 2022-02-27 12:18:10 +00:00
parent 64e5f3ec2a
commit 84e2a56eb9
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
15 changed files with 37 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

3
apparmor.d/profiles-s-z/udisksd
View file

@ -73,8 +73,9 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/fd/ r,
@{PROC}/swaps r,
@{PROC}/cmdline r,
@{PROC}/devices r,
@{PROC}/swaps r,
# To be able to initialize device-mapper disk devices
/dev/mapper/ r,

3
apparmor.d/profiles-s-z/xdg-desktop-portal
View file

@ -10,7 +10,7 @@ include <tunables/global>
profile xdg-desktop-portal @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>
include <abstractions/freedesktop.org.d>
include <abstractions/freedesktop.org>
capability sys_ptrace,
@ -23,7 +23,6 @@ profile xdg-desktop-portal @{exec_path} {
/{usr/,}lib/x r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/mime/mime.cache r,
/usr/share/pipewire/client.conf r,
/usr/share/xdg-desktop-portal/portals/{,*.portal} r,

2
apparmor.d/profiles-s-z/xdg-desktop-portal-gnome
View file

@ -11,11 +11,13 @@ profile xdg-desktop-portal-gnome @{exec_path} {
include <abstractions/base>
include <abstractions/fonts>
include <abstractions/freedesktop.org>
include <abstractions/gtk>
include <abstractions/user-download>
@{exec_path} mr,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/themes/{,**} r,
/usr/share/X11/xkb/{,**} r,
owner @{run}/user/@{uid}/wayland-cursor-shared-* rw,

8
apparmor.d/profiles-s-z/xorg
View file

@ -1,23 +1,19 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2017-2021 Mikhail Morfikov
# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/3.0>,
include <tunables/global>
# The attach_disconnected flag is needed when xserver is started via startx, or the mouse/keyboard
# won't work.
# operation="getattr" info="Failed name lookup - disconnected path" error=-13 profile="xorg"
# name="dev/dri/card*"
# operation="getattr" info="Failed name lookup - disconnected path" error=-13 profile="xorg"
# name="dev/input/event*"
@{exec_path} = /{usr/,}bin/X
@{exec_path} += /{usr/,}bin/Xorg
@{exec_path} += /{usr/,}lib/xorg/Xorg
profile xorg @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/opencl-intel>
include <abstractions/opencl-nvidia>
include <abstractions/vulkan>
include <abstractions/fonts>
include <abstractions/fontconfig-cache-read>