felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): cleanup mount dir access.

Browse source 
see #412
This commit is contained in:
Alexandre Pujol 2024-07-14 18:08:45 +01:00
parent 68da315ac2
commit 85ccc46e44
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
4 changed files with 14 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome
View file

@ -72,6 +72,7 @@ profile xdg-desktop-portal-gnome @{exec_path} flags=(attach_disconnected) {
owner @{HOME}/ r,
owner @{HOME}/*/{,**} rw,
owner @{MOUNTS}/ r,
owner @{tmp}/.goutputstream-@{rand6} rw,
owner @{tmp}/@{rand6} rw,

8
apparmor.d/groups/freedesktop/xdg-document-portal
View file

@ -42,7 +42,9 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
/ r,
owner /.flatpak-info r,
owner @{HOME}/** r,
owner @{HOME}/ r,
owner @{HOME}/*/{,**} rw,
owner @{MOUNTS}/ r,
owner @{user_share_dirs}/flatpak/db/documents r,
owner @{user_share_dirs}/Trash/files/** r,
@ -54,8 +56,8 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
owner @{PROC}/@{pid}/cgroup r,
owner @{PROC}/@{pid}/fd/ r,
/dev/fuse rw,
owner /dev/tty@{int} rw,
/dev/fuse rw,
owner /dev/tty@{int} rw,
profile fusermount {
include <abstractions/base>