felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2024-10-01 17:43:54 +01:00
parent 21e8456383
commit 8730c09b96
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
47 changed files with 146 additions and 118 deletions
Download patch file Download diff file Expand all files Collapse all files

14
apparmor.d/profiles-g-l/gajim
View file

@ -100,15 +100,16 @@ profile gajim @{exec_path} {
@{bin}/{,@{multiarch}-}ld.bfd rix,
@{lib}/gcc/@{multiarch}/@{int}/collect2 rix,
owner @{tmp}/cc* rw,
owner @{tmp}/tmp* rw,
/etc/debian_version r,
/media/ccache/*/** rw,
owner @{tmp}/cc* rw,
owner @{tmp}/tmp* rw,
owner @{run}/user/@{uid}/ccache-tmp/ rw,
/etc/debian_version r,
include if exists <local/gajim_ccache>
}
profile gpg {
@ -121,8 +122,8 @@ profile gajim @{exec_path} {
@{bin}/gpg-agent rix,
@{lib}/{,gnupg/}scdaemon rix,
owner @{run}/user/@{uid}/gnupg/d.*/ rw,
owner @{run}/user/@{uid}/gnupg/d.*/S.gpg-agent{,.extra,.browser,.ssh} w,
owner @{run}/user/@{uid}/gnupg/d.@{rand}/ rw,
owner @{run}/user/@{uid}/gnupg/d.@{rand}/S.gpg-agent{,.extra,.browser,.ssh} w,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
@ -134,6 +135,7 @@ profile gajim @{exec_path} {
@{PROC}/@{pid}/fd/ r,
@{PROC}/@{pid}/task/@{tid}/comm rw,
include if exists <local/gajim_gpg>
}
include if exists <local/gajim>

1
apparmor.d/profiles-g-l/gio-querymodules
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{bin}/gio-querymodules
profile gio-querymodules @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/consoles>
capability dac_read_search,
capability mknod,

3
apparmor.d/profiles-g-l/keepassxc
View file

@ -18,7 +18,6 @@ profile keepassxc @{exec_path} {
include <abstractions/fontconfig-cache-read>
include <abstractions/graphics>
include <abstractions/nameservice-strict>
include <abstractions/qt5>
include <abstractions/qt5-compose-cache-write>
include <abstractions/qt5-settings-write>
include <abstractions/ssl_certs>
@ -93,7 +92,7 @@ profile keepassxc @{exec_path} {
/dev/shm/#@{int} rw,
/dev/tty rw,
/dev/urandom rw,
/dev/urandom w,
owner /dev/tty@{int} rw,
# Silencer