feat(profile): cleanup mount dir access.

see #412
2024-07-14 18:08:45 +01:00 · 2024-07-14 18:08:45 +01:00 · 85ccc46e44
commit 85ccc46e44
parent 68da315ac2
4 changed files with 14 additions and 3 deletions
--- a/apparmor.d/profiles-s-z/totem
+++ b/apparmor.d/profiles-s-z/totem
@ -35,6 +35,9 @@ profile totem @{exec_path} flags=(attach_disconnected) {
  /usr/share/grilo-plugins/{,**} r,
  /usr/share/thumbnailers/{,**} r,

+  owner @{HOME}/ r,
+  owner @{MOUNTS}/ r,
+
  owner @{user_music_dirs}/{,**} rw,
  owner @{user_pictures_dirs}/{,**} rw,
  owner @{user_torrents_dirs}/{,**} rw,
@ -50,6 +53,8 @@ profile totem @{exec_path} flags=(attach_disconnected) {
  owner @{run}/user/@{uid}/gvfs/smb-share:server=*,share=**/ r,
  owner @{run}/user/@{uid}/gvfs/smb-share:server=*,share=** r,

+  @{run}/mount/utab r,
+
  owner @{PROC}/@{pid}/mountinfo r,
  owner @{PROC}/@{pid}/task/@{tid}/comm w,