felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2022-07-18 23:57:25 +01:00
parent 2ec802d40d
commit 9692926752
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
13 changed files with 30 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/apt/apt
View file

@ -29,6 +29,8 @@ profile apt @{exec_path} flags=(attach_disconnected) {
signal (send) peer=apt-methods-*,
unix (receive, send) type=stream peer=(label=apt-esm-json-hook),
dbus send bus=system path=/org/freedesktop/PackageKit
interface=org.freedesktop.DBus.Introspectable
member=Introspect

6
apparmor.d/groups/apt/unattended-upgrade
View file

@ -34,11 +34,7 @@ profile unattended-upgrade @{exec_path} flags=(attach_disconnected) {
interface=org.freedesktop.login[0-9].Manager
member=Inhibit,
dbus receive bus=system path=/org/freedesktop/NetworkManager
interface=org.freedesktop.DBus.Properties
member=GetAll,
dbus receive bus=system path=/org/freedesktop/NetworkManager
dbus (send,receive) bus=system path=/org/freedesktop/NetworkManager
interface=org.freedesktop.DBus.Properties
member={PropertiesChanged,GetAll},

2
apparmor.d/groups/bus/dbus-daemon
View file

@ -46,6 +46,8 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) {
/{usr/,}lib/@{multiarch}/xfce4/xfconf/xfconfd rPUx,
/{usr/,}lib/@{multiarch}/tumbler-1/tumblerd rPUx,
/usr/share/org.gnome.Characters/org.gnome.Characters.BackgroundService rPx,
/etc/dbus-1/{,**} r,
/usr/share/dbus-1/{,**} r,

1
apparmor.d/groups/freedesktop/at-spi-bus-launcher
View file

@ -17,6 +17,7 @@ profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) {
signal (receive) set=(term hup kill) peer=dbus-daemon,
signal (receive) set=(term hup kill) peer=gdm*,
signal (receive) set=(term hup kill) peer=gnome-session-binary,
signal (send) set=(term hup kill) peer=dbus-daemon,
network inet stream,

2
apparmor.d/groups/freedesktop/geoclue
View file

@ -51,7 +51,7 @@ profile geoclue @{exec_path} flags=(attach_disconnected) {
dbus receive bus=system path=/org/freedesktop/NetworkManager
interface=org.freedesktop.NetworkManager
member={CheckPermissions,StateChanged},
member={CheckPermissions,StateChanged,PropertiesChanged},
dbus bind bus=system
name=org.freedesktop.GeoClue2,

3
apparmor.d/groups/gnome/gnome-session-binary
View file

@ -25,8 +25,9 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
network inet6 dgram,
network netlink raw,
signal (send) set=(term) peer=gsd-*,
signal (receive) set=(term, hup) peer=gdm*,
signal (send) set=(term) peer=at-spi-bus-launcher,
signal (send) set=(term) peer=gsd-*,
dbus send bus=system path=/org/freedesktop/login[0-9]
interface=org.freedesktop.login[0-9].Manager

2
apparmor.d/groups/gnome/gnome-shell
View file

@ -124,7 +124,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
/usr/share/gnome-shell/extensions/ding@rastersoft.com/ding.js rPx,
/opt/*/**/*.png r,
/snap/*/@{uid}/*.png r,
/snap/*/@{uid}/**.png r,
/usr/share/backgrounds/{,**} r,
/usr/share/dconf/profile/gdm r,
/usr/share/desktop-directories/{,*.directory} r,

11
apparmor.d/groups/gnome/gsd-color
View file

@ -18,18 +18,13 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
signal (receive) set=(term, hup) peer=gdm*,
dbus (send, receive) bus=system path=/org/freedesktop/ColorManager
interface=org.freedesktop.ColorManager,
dbus send bus=system path=/org/freedesktop/ColorManager{,/devices/xrandr_*}
interface=org.freedesktop.DBus.Properties
member=GetAll,
dbus send bus=system path=/org/freedesktop/ColorManager
interface=org.freedesktop.ColorManager
member={FindDeviceByProperty,GetDevices,CreateDevice},
dbus receive bus=system path=/org/freedesktop/ColorManager
interface=org.freedesktop.ColorManager
member={DeviceAdded,ProfileAdded},
@{exec_path} mr,
/usr/share/dconf/profile/gdm r,

2
apparmor.d/groups/ubuntu/apt-esm-json-hook
View file

@ -11,6 +11,8 @@ profile apt-esm-json-hook @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
unix (receive, send) type=stream peer=(label=apt),
@{exec_path} mr,
@{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,

1
apparmor.d/groups/ubuntu/software-properties-gtk
View file

@ -21,6 +21,7 @@ profile software-properties-gtk @{exec_path} {
/{usr/,}bin/aplay rPx,
/{usr/,}bin/apt-key rPx,
/{usr/,}bin/dpkg rPx -> child-dpkg,
/{usr/,}bin/ischroot rix,
/{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/ubuntu-advantage rPx,