Update profiles.
This commit is contained in:
Alexandre Pujol
parent
aa3c43c999
commit
94978242ff
15 changed files with 42 additions and 22 deletions
|
|
@ -11,9 +11,10 @@ profile ibus-x11 @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/base>
|
||||
include <abstractions/dri-common>
|
||||
include <abstractions/dri-enumerate>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/mesa>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/mesa>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ profile evolution-addressbook-factory @{exec_path} {
|
|||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
network netlink raw,
|
||||
|
||||
|
||||
@{exec_path} mr,
|
||||
@{exec_path}-subprocess rix,
|
||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||
|
|
|
|||
|
|
@ -21,10 +21,12 @@ profile gnome-contacts @{exec_path} {
|
|||
@{exec_path} mr,
|
||||
|
||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||
/usr/share/glvnd/egl_vendor.d/{,*.json} r,
|
||||
/usr/share/applications/{,*.desktop} r,
|
||||
|
||||
owner @{user_cache_dirs}/evolution/addressbook/{,**} r,
|
||||
owner @{user_cache_dirs}/gstreamer*/{,**} r,
|
||||
owner @{user_cache_dirs}/mesa_shader_cache/index rw,
|
||||
owner @{user_config_dirs}/gnome-contacts/{,**} rw,
|
||||
owner @{user_share_dirs}/folks/relationships.ini r,
|
||||
|
||||
|
|
@ -32,5 +34,9 @@ profile gnome-contacts @{exec_path} {
|
|||
owner @{run}/user/@{uid}/dconf/ rw,
|
||||
owner @{run}/user/@{uid}/dconf/user rw,
|
||||
|
||||
@{PROC}/sys/dev/i915/perf_stream_paranoid r,
|
||||
|
||||
/dev/ r,
|
||||
|
||||
include if exists <local/gnome-contacts>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
|
|||
/usr/share/X11/xkb/** r,
|
||||
|
||||
owner @{user_share_dirs}/event-sound-cache.tdb.* rwk,
|
||||
owner @{user_share_dirs}/recently-used.xbel{,.*} rw,
|
||||
|
||||
/var/lib/gdm/.config/pulse/client.conf r,
|
||||
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ profile tracker-extract @{exec_path} {
|
|||
/usr/share/applications/*.desktop r,
|
||||
/usr/share/mime/mime.cache r,
|
||||
|
||||
owner /tmp/tracker-extract-3-files.*/{,*} rw,
|
||||
owner @{user_cache_dirs}/tracker3/files/{,**} rwk,
|
||||
owner @{user_share_dirs}/gvfs-metadata/** r,
|
||||
|
||||
|
|
@ -36,8 +37,6 @@ profile tracker-extract @{exec_path} {
|
|||
owner @{run}/user/@{uid}/dconf/ rw,
|
||||
owner @{run}/user/@{uid}/dconf/user rw,
|
||||
|
||||
/tmp/tracker-extract-3-files.*/{,*} rw,
|
||||
|
||||
@{run}/udev/data/c236:* r,
|
||||
|
||||
include if exists <local/tracker-extract>
|
||||
|
|
|
|||
|
|
@ -32,9 +32,9 @@ profile tracker-miner @{exec_path} {
|
|||
owner @{user_config_dirs}/tracker3/{,**} rwk,
|
||||
owner @{user_cache_dirs}/tracker3/files/{,**} rwk,
|
||||
|
||||
@{PROC}/@{pid}/mountinfo r,
|
||||
@{PROC}/@{pid}/mounts r,
|
||||
@{PROC}/sys/fs/inotify/max_user_watches r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
@{PROC}/sys/fs/inotify/max_user_watches r,
|
||||
|
||||
include <abstractions/dconf>
|
||||
owner @{run}/user/@{uid}/dconf/ rw,
|
||||
|
|
|
|||
|
|
@ -13,12 +13,14 @@ profile gvfsd-mtp @{exec_path} {
|
|||
include <abstractions/base>
|
||||
include <abstractions/freedesktop.org>
|
||||
include <abstractions/devices-usb>
|
||||
include <abstractions/user-download-strict>
|
||||
|
||||
network netlink raw,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{HOME}/{,**} rw,
|
||||
owner @{MOUNTS}/*/{,**} rw,
|
||||
|
||||
owner @{run}/user/@{uid}/gvfsd/socket-* rw,
|
||||
|
||||
include <abstractions/dconf>
|
||||
|
|
|
|||
|
|
@ -67,6 +67,7 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
@{run}/NetworkManager/{,**} rw,
|
||||
@{run}/systemd/inhibit/[0-9]*.ref rw,
|
||||
@{run}/systemd/users/@{uid} r,
|
||||
@{run}/udev/data/n[0-9]* r,
|
||||
@{run}/udev/data/+rfkill:* r,
|
||||
@{run}/udev/data/+platform* r,
|
||||
|
|
|
|||
|
|
@ -51,5 +51,9 @@ profile bootctl @{exec_path} {
|
|||
owner @{PROC}/@{pid}/cgroup r,
|
||||
@{PROC}/sys/kernel/random/poolsize r,
|
||||
|
||||
# Silencer
|
||||
deny network inet6 stream,
|
||||
deny network inet stream,
|
||||
|
||||
include if exists <local/bootctl>
|
||||
}
|
||||
|
|
@ -19,4 +19,5 @@ profile systemd-ac-power @{exec_path} {
|
|||
@{sys}/devices/**/power_supply/{AC,BAT[0-9]*}/ r,
|
||||
@{sys}/devices/**/power_supply/{AC,BAT[0-9]*}/{type,online} r,
|
||||
|
||||
include if exists <local/systemd-ac-power>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,5 +19,9 @@ profile systemd-hwdb @{exec_path} {
|
|||
|
||||
owner @{PROC}/@{pid}/stat r,
|
||||
|
||||
# Silencer
|
||||
deny network inet6 stream,
|
||||
deny network inet stream,
|
||||
|
||||
include if exists <local/systemd-hwdb>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,5 +27,9 @@ profile systemd-sysctl @{exec_path} {
|
|||
|
||||
/etc/sysctl.conf r,
|
||||
|
||||
# Silencer
|
||||
deny network inet6 stream,
|
||||
deny network inet stream,
|
||||
|
||||
include if exists <local/systemd-sysctl>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ profile virtlogd @{exec_path} {
|
|||
/var/log/libvirt/qemu/*.log rw,
|
||||
|
||||
@{run}/virtlogd.pid rwk,
|
||||
@{run}/libvirt/common/system.token rwk,
|
||||
|
||||
@{sys}/devices/system/node/ r,
|
||||
@{sys}/devices/system/node/node[0-9]*/meminfo r,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue