From 8978da04a6410c067645605c6cc7f2cb86359e53 Mon Sep 17 00:00:00 2001 From: Roman Beslik Date: Sat, 5 Oct 2024 11:17:15 +0300 Subject: [PATCH] ABI 4; document directories; amule//shell was deleted --- apparmor.d/profiles-a-f/alc | 7 ++----- apparmor.d/profiles-a-f/alcc | 4 ++-- apparmor.d/profiles-a-f/amule | 22 ++++------------------ apparmor.d/profiles-a-f/cas | 2 +- apparmor.d/profiles-a-f/ed2k | 2 +- apparmor.d/profiles-a-f/fileview | 4 ++-- 6 files changed, 12 insertions(+), 29 deletions(-) diff --git a/apparmor.d/profiles-a-f/alc b/apparmor.d/profiles-a-f/alc index a7dcbba6c..232f83860 100644 --- a/apparmor.d/profiles-a-f/alc +++ b/apparmor.d/profiles-a-f/alc @@ -2,7 +2,7 @@ # Copyright (C) 2024 Roman Beslik # SPDX-License-Identifier: GPL-2.0-only -abi , +abi , include @@ -11,12 +11,9 @@ profile alc @{exec_path} { include include include - include - include @{exec_path} mr, - - @{user_documents_dirs}/{,**} rw, + @{user_torrents_dirs}/{,**} rw, include if exists } diff --git a/apparmor.d/profiles-a-f/alcc b/apparmor.d/profiles-a-f/alcc index 71f34d550..c1e7d0602 100644 --- a/apparmor.d/profiles-a-f/alcc +++ b/apparmor.d/profiles-a-f/alcc @@ -2,7 +2,7 @@ # Copyright (C) 2024 Roman Beslik # SPDX-License-Identifier: GPL-2.0-only -abi , +abi , include @@ -10,9 +10,9 @@ include profile alcc @{exec_path} { include include - include @{exec_path} mr, + @{user_torrents_dirs}/{,**} r, include if exists } diff --git a/apparmor.d/profiles-a-f/amule b/apparmor.d/profiles-a-f/amule index 166f7e89d..b54e62022 100644 --- a/apparmor.d/profiles-a-f/amule +++ b/apparmor.d/profiles-a-f/amule @@ -2,7 +2,7 @@ # Copyright (C) 2024 Roman Beslik # SPDX-License-Identifier: GPL-2.0-only -abi , +abi , include @@ -19,7 +19,6 @@ profile amule @{exec_path} { network inet6 stream, network netlink raw, - @{sh_path} Cx -> shell, # Previewing files isn't allowed # because aMule opens viewers directly instead of via `xdg-open`. @@ -28,26 +27,13 @@ profile amule @{exec_path} { # @{open_path} rPx -> child-open, @{exec_path} mr, + @{bin}/uname rPx, + @{sh_path} rix, @{system_share_dirs}/amule/{,**} r, owner @{HOME}/.aMule/{,**} rwk, + @{user_torrents_dirs}/{,**} rw, include if exists - - profile shell flags=(attach_disconnected) { - include - - network inet dgram, - network inet stream, - network inet6 dgram, - network inet6 stream, - - @{bin}/uname rPx, - - @{sh_path} mr, - - deny /dev/tty rw, - deny @{HOME}/.aMule/{,**} rw, # file_inherit - } } # vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cas b/apparmor.d/profiles-a-f/cas index d269870f6..d843801ba 100644 --- a/apparmor.d/profiles-a-f/cas +++ b/apparmor.d/profiles-a-f/cas @@ -2,7 +2,7 @@ # Copyright (C) 2024 Roman Beslik # SPDX-License-Identifier: GPL-2.0-only -abi , +abi , include diff --git a/apparmor.d/profiles-a-f/ed2k b/apparmor.d/profiles-a-f/ed2k index 8da00da2a..f92e3b74d 100644 --- a/apparmor.d/profiles-a-f/ed2k +++ b/apparmor.d/profiles-a-f/ed2k @@ -2,7 +2,7 @@ # Copyright (C) 2024 Roman Beslik # SPDX-License-Identifier: GPL-2.0-only -abi , +abi , include diff --git a/apparmor.d/profiles-a-f/fileview b/apparmor.d/profiles-a-f/fileview index 438528a5d..9237f2a98 100644 --- a/apparmor.d/profiles-a-f/fileview +++ b/apparmor.d/profiles-a-f/fileview @@ -2,7 +2,7 @@ # Copyright (C) 2024 Roman Beslik # SPDX-License-Identifier: GPL-2.0-only -abi , +abi , include @@ -18,7 +18,7 @@ profile fileview @{exec_path} { # The following directories are those that users likely want to read. # However, this program is usable without the permissions below. owner @{HOME}/.aMule/{,**} r, - @{user_documents_dirs}/{,**} r, + @{user_torrents_dirs}/{,**} r, include if exists }