felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: variour small fixes.

Browse source 
See #409
This commit is contained in:
Alexandre Pujol 2024-07-14 12:12:30 +01:00
parent bd1239b46a
commit 9c9f743e1e
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
10 changed files with 26 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
apparmor.d/groups/gnome/gio-launch-desktop
View file

@ -3,6 +3,11 @@
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
# TODO: Rethink this profile:
# - Access to gio from a profile is handled by child-open-*
# - Direct access should only be needed is some special context and it should not
# require access to that much resources.
abi <abi/3.0>,
include <tunables/global>

2
apparmor.d/groups/gnome/gsd-color
View file

@ -21,6 +21,8 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
include <abstractions/gnome-strict>
include <abstractions/nameservice-strict>
network inet stream,
signal (receive) set=(term, hup) peer=gdm*,
#aa:dbus own bus=session name=org.gnome.SettingsDaemon.Color

2
apparmor.d/groups/gnome/gsd-keyboard
View file

@ -21,6 +21,8 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) {
include <abstractions/gnome-strict>
include <abstractions/nameservice-strict>
network inet stream,
signal (receive) set=(term, hup) peer=gdm*,
#aa:dbus own bus=session name=org.gnome.SettingsDaemon.Keyboard

1
apparmor.d/groups/gnome/gsd-power
View file

@ -30,6 +30,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
include <abstractions/gnome-strict>
include <abstractions/nameservice-strict>
network inet stream,
network netlink raw,
signal (receive) set=(term, hup) peer=gdm*,

10
apparmor.d/groups/gnome/gsd-smartcard
View file

@ -31,13 +31,17 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) {
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/etc/{,opensc/}opensc.conf r,
owner @{GDM_HOME}/greeter-dconf-defaults r,
owner @{gdm_config_dirs}/dconf/user r,
/etc/tpm2-tss/* r,
/var/tmp/ r,
/tmp/ r,
owner @{GDM_HOME}/.tpm2_pkcs11/tpm2_pkcs11.sqlite3 rw,
owner @{GDM_HOME}/greeter-dconf-defaults r,
owner @{gdm_config_dirs}/dconf/user r,
owner @{HOME}/.tpm2_pkcs11/tpm2_pkcs11.sqlite3 rw,
owner /dev/tty@{int} rw,
include if exists <local/gsd-smartcard>