felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2024-10-01 17:43:54 +01:00
parent 21e8456383
commit 8730c09b96
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
47 changed files with 146 additions and 118 deletions
Download patch file Download diff file Expand all files Collapse all files

9
apparmor.d/groups/gnome/gdm-generate-config
View file

@ -23,7 +23,7 @@ profile gdm-generate-config @{exec_path} {
@{sh_path} rix,
@{bin}/dconf rix,
@{bin}/install rix,
@{bin}/pgrep rCx -> pgrep,
@{bin}/pgrep rix,
@{bin}/pkill rix,
@{bin}/setpriv rix,
@{bin}/setsid rix,
@ -46,13 +46,6 @@ profile gdm-generate-config @{exec_path} {
@{PROC}/@{pid}/stat r,
@{PROC}/uptime r,
profile pgrep {
include <abstractions/base>
include <abstractions/app/pgrep>
include if exists <local/gdm-generate-config_pgrep>
}
include if exists <local/gdm-generate-config>
}

2
apparmor.d/groups/gnome/gio-launch-desktop
View file

@ -23,6 +23,8 @@ profile gio-launch-desktop @{exec_path} flags=(attach_disconnected) {
include <abstractions/gnome-strict>
include <abstractions/nameservice-strict>
include <abstractions/trash-strict>
include <abstractions/user-read-strict>
include <abstractions/user-write-strict>
@{exec_path} mr,

2
apparmor.d/groups/gnome/gnome-clocks
View file

@ -13,6 +13,8 @@ profile gnome-clocks @{exec_path} {
include <abstractions/bus-accessibility>
include <abstractions/bus-session>
include <abstractions/bus/org.a11y>
include <abstractions/bus/org.freedesktop.portal.Desktop>
include <abstractions/bus/org.gtk.vfs.MountTracker>
include <abstractions/common/gnome>
include <abstractions/gstreamer>
include <abstractions/nameservice-strict>

10
apparmor.d/groups/gnome/gnome-shell
View file

@ -163,6 +163,10 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
member=Introspect
peer=(name=org.freedesktop.DBus, label=dbus-session),
dbus send bus=session path=/org/gnome/*/SearchProvider
interface=org.gnome.Shell.SearchProvider2
peer=(name=@{busname}),
@{exec_path} mr,
@{bin}/unzip rix,
@ -280,7 +284,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
owner @{run}/user/@{uid}/snap.snap*/wayland-cursor-shared-* rw,
owner @{run}/user/@{uid}/systemd/notify rw,
owner /dev/shm/.org.chromium.Chromium.@{rand6} r,
owner /dev/shm/.org.chromium.Chromium.@{rand6} rw,
owner /dev/shm/wayland.mozilla.ipc.@{int} rw,
/tmp/.X@{int}-lock rw,
@ -343,6 +347,8 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/session.slice/cpu.max r,
@{PROC}/ r,
@{PROC}/@{pid}/attr/current r,
@{PROC}/@{pid}/cgroup r,
@{PROC}/@{pid}/cmdline r,
@{PROC}/@{pid}/net/* r,
@{PROC}/1/cgroup r,
@ -350,8 +356,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
@{PROC}/sys/kernel/osrelease r,
@{PROC}/sys/net/ipv{4,6}/conf/all/disable_ipv{4,6} r,
@{PROC}/vmstat r,
owner @{PROC}/@{pid}/attr/current r,
owner @{PROC}/@{pid}/cgroup r,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/fdinfo/@{int} r,
owner @{PROC}/@{pid}/mountinfo r,

1
apparmor.d/groups/gnome/yelp
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{bin}/yelp @{bin}/gnome-help
profile yelp @{exec_path} {
include <abstractions/base>
include <abstractions/audio-client>
include <abstractions/bus-accessibility>
include <abstractions/bus/org.a11y>
include <abstractions/common/gnome>