feat(abs): add pcscd

2025-09-14 00:09:16 +02:00 · 2025-09-14 00:09:16 +02:00 · 8e73353cc8
commit 8e73353cc8
parent 939a2b7f4b
7 changed files with 27 additions and 9 deletions
--- a/apparmor.d/groups/gnome/gsd-smartcard
+++ b/apparmor.d/groups/gnome/gsd-smartcard
@ -9,13 +9,14 @@ include <tunables/global>
@{exec_path} = @{lib}/gsd-smartcard
 profile gsd-smartcard @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/consoles>
  include <abstractions/bus-session>
  include <abstractions/bus/org.gnome.SessionManager>
+  include <abstractions/consoles>
  include <abstractions/dconf-write>
+  include <abstractions/gschemas>
  include <abstractions/nameservice-strict>
  include <abstractions/p11-kit>
-  include <abstractions/gschemas>
+  include <abstractions/pcscd>

  signal (receive) set=(term, hup) peer=gdm*,

@ -31,7 +32,6 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) {
  /usr/share/dconf/profile/gdm r,
  /usr/share/gdm/greeter-dconf-defaults r,

-  /etc/{,opensc/}opensc.conf r,
  /etc/tpm2-tss/* rk,

  /var/tmp/ r,
--- a/apparmor.d/groups/gnome/seahorse
+++ b/apparmor.d/groups/gnome/seahorse
@ -19,6 +19,7 @@ profile seahorse @{exec_path} {
  include <abstractions/dconf-write>
  include <abstractions/gnome-strict>
  include <abstractions/p11-kit>
+  include <abstractions/pcscd>
  include <abstractions/secrets-service>
  include <abstractions/ssl_certs>

@ -34,7 +35,6 @@ profile seahorse @{exec_path} {

  /etc/pki/trust/blocklist/ r,
  /etc/gcrypt/hwf.deny r,
-  /etc/{,opensc/}opensc.conf r,

  owner @{HOME}/@{XDG_SSH_DIR}/{,**} r,