felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2023-08-22 23:23:47 +01:00
parent 7273bde534
commit 96b8f96137
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
33 changed files with 185 additions and 131 deletions
Download patch file Download diff file Expand all files Collapse all files

40
apparmor.d/profiles-s-z/steam
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{steam_lib_dirs} = @{user_share_dirs}/Steam/ubuntu[0-9]*_{32,64}
@{lib_dirs} = @{user_share_dirs}/Steam/ubuntu@{int}_{32,64}
@{exec_path} = @{user_share_dirs}/Steam/steam.sh
profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain) {
include <abstractions/base>
@ -84,20 +84,20 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain)
@{bin}/zenity rix,
@{lib}/ld-linux.so* rix,
@{steam_lib_dirs}/*.so* mr,
@{steam_lib_dirs}/*driverquery rix,
@{steam_lib_dirs}/fossilize_replay rpx,
@{steam_lib_dirs}/gameoverlayui rpx,
@{steam_lib_dirs}/panorama/** rm,
@{steam_lib_dirs}/reaper rpx,
@{steam_lib_dirs}/steam rix,
@{steam_lib_dirs}/steam-runtime-heavy.sh rix,
@{steam_lib_dirs}/steam-runtime{,-heavy}/{amd64,i386}/usr/bin/* rix,
@{steam_lib_dirs}/steam-runtime{,-heavy}/{setup,run}.sh rix,
@{steam_lib_dirs}/steam-runtime/{usr/,}lib{exec,}/** mrix,
@{steam_lib_dirs}/steamwebhelper rix,
@{steam_lib_dirs}/steamwebhelper.sh rix,
@{steam_lib_dirs}/swiftshader/* rm,
@{lib_dirs}/*.so* mr,
@{lib_dirs}/*driverquery rix,
@{lib_dirs}/fossilize_replay rpx,
@{lib_dirs}/gameoverlayui rpx,
@{lib_dirs}/panorama/** rm,
@{lib_dirs}/reaper rpx,
@{lib_dirs}/steam rix,
@{lib_dirs}/steam-runtime-heavy.sh rix,
@{lib_dirs}/steam-runtime{,-heavy}/{amd64,i386}/usr/bin/* rix,
@{lib_dirs}/steam-runtime{,-heavy}/{setup,run}.sh rix,
@{lib_dirs}/steam-runtime/{usr/,}lib{exec,}/** mrix,
@{lib_dirs}/steamwebhelper rix,
@{lib_dirs}/steamwebhelper.sh rix,
@{lib_dirs}/swiftshader/* rm,
@{user_share_dirs}/Steam/config/widevine/linux-x64/libwidevinecdm.so mr,
@{user_share_dirs}/Steam/steamapps/common/SteamLinuxRuntime_soldier/*entry-point rpx,
@ -113,14 +113,14 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain)
/etc/machine-id r,
/var/lib/dbus/machine-id r,
@{bin}/ r,
@{lib}/ r,
/ r,
/{usr/,}{local/,} r,
/{usr/,}{local/,}share/ r,
@{lib}/ r,
/etc/ r,
/home/ r,
/run/ r,
/usr/bin/ r,
/var/ r,
owner @{HOME}/ r,
@ -149,18 +149,18 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain)
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner /dev/shm/#@{int} rw,
owner /dev/shm/fossilize-*-[0-9]*-[0-9]* rw,
owner /dev/shm/fossilize-*-@{int}-@{int} rw,
owner /dev/shm/u@{uid}-Shm_@{hex} rw,
owner /dev/shm/u@{uid}-ValveIPCSharedObj-Steam rwk,
owner /dev/shm/ValveIPCSHM_@{uid} rw,
owner /tmp/dumps/ rw,
owner /tmp/dumps/{assert,crash}_[0-9]*_[0-9]*.dmp rw,
owner /tmp/dumps/{assert,crash}_@{int}_@{int}.dmp rw,
owner /tmp/gdkpixbuf-xpm-tmp.[0-9A-Z]* rw,
owner /tmp/miles_image_* mrw,
owner /tmp/runtime-info.txt.* rwk,
owner /tmp/sh-thd.* rw,
owner /tmp/steam_chrome_shmem_uid@{uid}_spid[0-9]* rw,
owner /tmp/steam_chrome_shmem_uid@{uid}_spid@{int} rw,
@{run}/udev/data/+input* r, # for mouse, keyboard, touchpad
@{run}/udev/data/+sound* r,