feat(profile): general update.
This commit is contained in:
Alexandre Pujol
parent
21e8456383
commit
8730c09b96
47 changed files with 146 additions and 118 deletions
|
|
@ -30,5 +30,4 @@ profile signal-desktop-chrome-sandbox @{exec_path} {
|
|||
include if exists <local/signal-desktop-chrome-sandbox>
|
||||
}
|
||||
|
||||
|
||||
# vim:syntax=apparmor
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ profile snapd @{exec_path} {
|
|||
capability dac_read_search,
|
||||
capability fowner,
|
||||
capability fsetid,
|
||||
capability mac_admin,
|
||||
capability net_admin,
|
||||
capability setgid,
|
||||
capability setuid,
|
||||
|
|
@ -153,6 +154,7 @@ profile snapd @{exec_path} {
|
|||
@{sys}/fs/cgroup/user.slice/ r,
|
||||
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/{,**/} r,
|
||||
@{sys}/kernel/kexec_loaded r,
|
||||
@{sys}/kernel/security/apparmor/.notify r,
|
||||
@{sys}/kernel/security/apparmor/features/{,**} r,
|
||||
@{sys}/kernel/security/apparmor/profiles r,
|
||||
|
||||
|
|
|
|||
|
|
@ -247,6 +247,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
|||
include <abstractions/base>
|
||||
include <abstractions/audio-client>
|
||||
include <abstractions/common/bwrap>
|
||||
include <abstractions/common/chromium>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/desktop>
|
||||
include <abstractions/fontconfig-cache-write>
|
||||
|
|
@ -254,6 +255,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
|||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/video>
|
||||
|
||||
capability dac_override,
|
||||
capability dac_read_search,
|
||||
capability sys_chroot,
|
||||
|
||||
|
|
@ -304,12 +306,6 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
|||
owner /var/cache/ldconfig/aux-cache* rw,
|
||||
owner /var/pressure-vessel/ldso/* rw,
|
||||
|
||||
owner @{HOME}/.pki/ rw,
|
||||
owner @{HOME}/.pki/nssdb/ rw,
|
||||
owner @{HOME}/.pki/nssdb/{cert9,key4}.db rwk,
|
||||
owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw,
|
||||
owner @{HOME}/.pki/nssdb/pkcs11.txt rw,
|
||||
|
||||
owner @{lib_dirs}/.cef-* wk,
|
||||
|
||||
owner @{share_dirs}/{,**} r,
|
||||
|
|
@ -320,14 +316,12 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
|||
|
||||
@{tmp}/ r,
|
||||
owner @{tmp}/#@{int} rw,
|
||||
owner @{tmp}/.org.chromium.Chromium.@{rand6} rw,
|
||||
owner @{tmp}/dumps/ rw,
|
||||
owner @{tmp}/dumps/** rwk,
|
||||
owner @{tmp}/pressure-vessel-*-@{rand6}/ rw,
|
||||
owner @{tmp}/pressure-vessel-*-@{rand6}/** rwlk -> @{tmp}/pressure-vessel-*-@{rand6}/**,
|
||||
owner @{tmp}/steam_chrome_shmem_uid@{uid}_spid@{int} rw,
|
||||
|
||||
owner /dev/shm/.org.chromium.Chromium.@{rand6} rw,
|
||||
owner /dev/shm/u@{uid}-Shm_@{hex4}@{h} rw,
|
||||
owner /dev/shm/u@{uid}-Shm_@{hex6} rw,
|
||||
owner /dev/shm/u@{uid}-Shm_@{hex6}@{h} rw,
|
||||
|
|
@ -389,7 +383,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
|||
|
||||
owner @{share_dirs}/ r,
|
||||
|
||||
@{PROC}/@{pid}/cgroup r,
|
||||
@{PROC}/1/cgroup r,
|
||||
|
||||
include if exists <local/steam_check>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ profile steam-game-proton @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/common/steam-game>
|
||||
include <abstractions/python>
|
||||
|
||||
capability dac_override,
|
||||
capability dac_read_search,
|
||||
|
||||
network inet dgram,
|
||||
|
|
|
|||
|
|
@ -41,9 +41,7 @@ profile steam-runtime @{exec_path} flags=(attach_disconnected) {
|
|||
@{app_dirs}/@{runtime}/*entry-point rmix,
|
||||
@{app_dirs}/@{runtime}/pressure-vessel/@{bin}/pressure-vessel-* rix,
|
||||
@{app_dirs}/@{runtime}/pressure-vessel/@{lib}/** mr,
|
||||
@{app_dirs}/@{runtime}/pressure-vessel/@{lib}/steam-runtime-tools-@{int}/@{multiarch}-capsule-capture-libs rix,
|
||||
@{app_dirs}/@{runtime}/pressure-vessel/@{lib}/steam-runtime-tools-@{int}/@{multiarch}-detect-* rix,
|
||||
@{app_dirs}/@{runtime}/pressure-vessel/@{lib}/steam-runtime-tools-@{int}/@{multiarch}-inspect-library rix,
|
||||
@{app_dirs}/@{runtime}/pressure-vessel/@{lib}/steam-runtime-tools-@{int}/@{multiarch}-* rix,
|
||||
@{app_dirs}/@{runtime}/pressure-vessel/@{lib}/steam-runtime-tools-@{int}/srt-bwrap rpx -> steam-game-proton,
|
||||
@{app_dirs}/@{runtime}/run rix,
|
||||
@{bin}/bwrap rpx -> steam-game-proton,
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ profile steam-runtime-steam-remote @{exec_path} flags=(complain) {
|
|||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{runtime_dirs}/** rm,
|
||||
@{runtime_dirs}/** mr,
|
||||
|
||||
owner @{HOME}/.steam/steam.pipe rw,
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue