felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2024-10-01 17:43:54 +01:00
parent 21e8456383
commit 8730c09b96
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
47 changed files with 146 additions and 118 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/profiles-a-f/aa-enforce
View file

@ -33,7 +33,7 @@ profile aa-enforce @{exec_path} {
owner @{tmp}/@{rand8} rw,
owner @{tmp}/apparmor-bugreport-@{rand8}.txt rw,
@{PROC}/@{pid}/fd r,
@{PROC}/@{pid}/fd/ r,
include if exists <local/aa-enforce>
}

2
apparmor.d/profiles-a-f/aa-log
View file

@ -27,6 +27,8 @@ profile aa-log @{exec_path} {
/{run,var}/log/journal/ r,
/{run,var}/log/journal/@{hex32}/{,*} r,
@{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
/dev/tty@{int} rw,
include if exists <local/aa-log>

10
apparmor.d/profiles-a-f/aa-notify
View file

@ -18,17 +18,19 @@ profile aa-notify @{exec_path} {
capability setuid,
capability sys_ptrace,
ptrace (read),
ptrace read,
@{exec_path} mr,
@{bin}/ r,
/etc/apparmor/*.conf r,
/etc/inputrc r,
/usr/etc/inputrc.keys r,
/usr/share/terminfo/** r,
@{etc_ro}/inputrc r,
@{etc_ro}/inputrc.keys r,
/etc/apparmor.d/{,**} r,
/etc/apparmor/*.conf r,
/var/log/audit/audit.log r,
owner @{HOME}/.inputrc r,

3
apparmor.d/profiles-a-f/chronyd
View file

@ -36,7 +36,8 @@ profile chronyd @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
/etc/adjtime r,
/etc/chrony.* r,
/etc/chrony.conf r,
/etc/chrony.keys r,
/etc/chrony.d/{,*} r,
/etc/chrony/{,**} r,

11
apparmor.d/profiles-a-f/discord
View file

@ -38,14 +38,17 @@ profile discord @{exec_path} {
@{open_path} rPx -> child-open-strict,
/etc/lsb-release r,
owner @{user_videos_dirs}/{,**} rwl,
owner @{user_pictures_dirs}/{,**} rwl,
owner @{tmp}/net-export/ rw,
owner @{tmp}/discord.sock rw,
owner "@{tmp}/Discord Crashes/" rw,
owner @{config_dirs}/@{version}/modules/** m,
audit owner @{config_dirs}/*/modules/** rm,
owner "@{tmp}/Discord Crashes/" rw,
owner @{tmp}/.org.chromium.Chromium.@{rand6}/** rw,
owner @{tmp}/discord.sock rw,
owner @{tmp}/net-export/ rw,
owner @{run}/user/@{uid}/discord-ipc-@{int} rw,

4
apparmor.d/profiles-a-f/element-desktop
View file

@ -32,7 +32,9 @@ profile element-desktop @{exec_path} {
@{sh_path} r,
@{open_path} rPx -> child-open-strict,
@{bin}/xdg-settings rPx,
#aa:stack X xdg-settings
@{bin}/xdg-settings rPx -> element-desktop//&xdg-settings,
/usr/share/webapps/element/{,**} r,

2
apparmor.d/profiles-a-f/file-roller
View file

@ -38,6 +38,8 @@ profile file-roller @{exec_path} {
@{bin}/zstd rix,
@{lib}/p7zip/7z rix,
/ r,
@{run}/mount/utab r,
owner @{PROC}/@{pid}/mountinfo r,

2
apparmor.d/profiles-a-f/flatpak
View file

@ -95,7 +95,7 @@ profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain
/dev/tty rw,
/dev/tty@{int} rw,
deny @{user_share_dirs}/gvfs-metadata/* r,
deny owner @{user_share_dirs}/gvfs-metadata/* r,
profile gpg {
include <abstractions/base>

2
apparmor.d/profiles-a-f/flatpak-session-helper
View file

@ -39,6 +39,8 @@ profile flatpak-session-helper @{exec_path} flags=(attach_disconnected) {
/var/lib/flatpak/app/*/**/@{bin}/** rPx -> flatpak-app,
/var/lib/flatpak/app/*/**/@{lib}/** rPx -> flatpak-app,
owner @{user_config_dirs}/mimeapps.list w,
owner @{run}/user/@{uid}/.flatpak-helper/{,**} rw,
owner @{run}/user/@{uid}/.flatpak-helper/pkcs11-flatpak-@{int} rw,

3
apparmor.d/profiles-a-f/foliate
View file

@ -24,11 +24,14 @@ profile foliate @{exec_path} flags=(attach_disconnected) {
network inet6 stream,
network netlink raw,
#aa:dbus own bus=session name=com.github.johnfactotum.Foliate
@{exec_path} mr,
@{bin}/bwrap rix,
@{bin}/gjs-console rix,
@{bin}/xdg-dbus-proxy rix,
@{bin}/speech-dispatcher rPx,
@{lib}/{,@{multiarch}/}webkit{2,}gtk-*/WebKitNetworkProcess rix,
@{lib}/{,@{multiarch}/}webkit{2,}gtk-*/WebKitWebProcess rix,