felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): cleanup common desktop files.

Browse source
This commit is contained in:
Alexandre Pujol 2024-03-21 23:28:57 +00:00
parent 0d16d4fdab
commit 87db46113c
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
13 changed files with 18 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/freedesktop/pulseaudio
View file

@ -89,8 +89,6 @@ profile pulseaudio @{exec_path} {
/etc/pulse/{,**} r,
/var/lib/snapd/desktop/applications/ r,
owner @{desktop_cache_dirs}/gstreamer-1.0/ rw,
owner @{desktop_cache_dirs}/gstreamer-1.0/registry.*.bin{,.tmp@{rand6}} rw,
owner @{desktop_config_dirs}/dconf/user r,

17
apparmor.d/groups/freedesktop/update-desktop-database
View file

@ -11,26 +11,19 @@ include <tunables/global>
profile update-desktop-database @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/freedesktop.org>
capability dac_override,
capability dac_read_search,
@{exec_path} mr,
/usr/share/{,ubuntu/}applications/{,**/} r,
/usr/share/{,ubuntu/}applications/**.desktop r,
/usr/share/{,ubuntu/}applications/.mimeinfo.cache.* rw,
/usr/share/{,ubuntu/}applications/mimeinfo.cache w,
@{system_share_dirs}/*ubuntu/applications/.mimeinfo.cache.* rw,
@{system_share_dirs}/*ubuntu/applications/mimeinfo.cache w,
/usr/share/*/*.desktop r,
@{system_share_dirs}/applications/.mimeinfo.cache.* rw,
@{system_share_dirs}/applications/mimeinfo.cache w,
/var/lib/flatpak/{app/**/,}export{s,}/share/applications/{,**/} r,
/var/lib/flatpak/{app/**/,}export{s,}/share/applications/**.desktop r,
/var/lib/flatpak/{app/**/,}export{s,}/share/applications/.mimeinfo.cache.* rw,
/var/lib/flatpak/{app/**/,}export{s,}/share/applications/mimeinfo.cache w,
/var/lib/snapd/desktop/applications/{,**/} r,
/var/lib/snapd/desktop/applications/**.desktop r,
/var/lib/snapd/desktop/applications/.mimeinfo.cache.* rw,
/var/lib/snapd/desktop/applications/mimeinfo.cache w,

10
apparmor.d/groups/freedesktop/xdg-settings
View file

@ -11,6 +11,7 @@ include <tunables/global>
profile xdg-settings @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/freedesktop.org>
@{exec_path} r,
@ -41,15 +42,6 @@ profile xdg-settings @{exec_path} {
/etc/machine-id r,
/var/lib/dbus/machine-id r,
/var/lib/flatpak/exports/share/applications/{,*} r,
/var/lib/snapd/desktop/applications/{,*} r,
# freedesktop.org-strict
/usr/{,local/}share/applications/{,*} r,
/usr/{,local/}share/ubuntu/applications/ r,
owner @{user_share_dirs}/applications/ r,
owner @{user_share_dirs}/applications/*.desktop r,
owner @{HOME}/ r,
owner @{HOME}/.Xauthority r,