felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2023-02-05 00:03:20 +00:00
parent 53d1b7a3fd
commit a402200dbe
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
11 changed files with 31 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

1
apparmor.d/profiles-s-z/steam
View file

@ -210,6 +210,7 @@ profile steam @{exec_path} {
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
owner @{PROC}/@{pid}/task/@{tid}/status r,
/dev/hidraw[0-9]* rw,
/dev/input/ r,
/dev/input/event[0-9]* r,
/dev/tty rw,

2
apparmor.d/profiles-s-z/steam-game
View file

@ -94,10 +94,12 @@ profile steam-game @{exec_path} flags=(attach_disconnected) {
@{user_share_dirs}/Steam/bin/ r,
@{user_share_dirs}/Steam/bin/* mr,
@{user_share_dirs}/Steam/d3ddriverquery64.dxvk-cache rw,
@{user_share_dirs}/Steam/legacycompat/ r,
@{user_share_dirs}/Steam/legacycompat/** mr,
@{user_share_dirs}/Steam/linux{32,64}/ r,
@{user_share_dirs}/Steam/linux{32,64}/**.so* mr,
@{user_share_dirs}/Steam/standalone_installscript_progress_[0-9]*.vdf rw,
@{user_share_dirs}/Steam/steamapps/common/*/* mr,
@{user_share_dirs}/Steam/steamapps/common/Proton*/ r,
@{user_share_dirs}/Steam/steamapps/common/Proton*/files/bin/* mrix,

2
apparmor.d/profiles-s-z/steam-gameoverlayui
View file

@ -36,7 +36,7 @@ profile steam-gameoverlayui @{exec_path} {
owner @{user_share_dirs}/Steam/config/DialogConfigOverlay*.vdf rw,
owner @{user_share_dirs}/Steam/public/* rk,
owner @{user_share_dirs}/Steam/resource/{,**} rk,
owner @{user_share_dirs}/Steam/ubuntu[0-9]*_{32,64}/fontconfig/{,**} rw,
owner @{user_share_dirs}/Steam/ubuntu[0-9]*_{32,64}/fontconfig/{,**} rwl,
owner @{user_share_dirs}/Steam/userdata/[0-9]*/{,**} rk,
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* rw,

9
apparmor.d/profiles-s-z/sudo
View file

@ -64,18 +64,19 @@ profile sudo @{exec_path} {
/var/db/sudo/lectured/ r,
/var/lib/sudo/lectured/ r,
/var/lib/sudo/ts/ rw,
/var/lib/sudo/ts/* rwk,
/var/log/sudo.log wk,
owner /var/lib/sudo/lectured/* rw,
owner @{HOME}/.sudo_as_admin_successful rw,
owner @{HOME}/.xsession-errors w,
# For timestampdir
@{run}/faillock/{,*} rwk,
@{run}/resolvconf/resolv.conf r,
owner @{run}/sudo/ rw,
owner @{run}/sudo/ts/ rw,
owner @{run}/sudo/ts/* rwk,
@{run}/faillock/{,*} rwk,
@{run}/resolvconf/resolv.conf r,
@{PROC}/@{pids}/cgroup r,
@{PROC}/@{pids}/fd/ r,
@ -83,9 +84,9 @@ profile sudo @{exec_path} {
@{PROC}/1/limits r,
@{PROC}/sys/kernel/seccomp/actions_avail r,
owner /dev/tty[0-9]* rw,
/dev/ r, # interactive login
/dev/ptmx rw,
owner /dev/tty[0-9]* rw,
deny @{user_share_dirs}/gvfs-metadata/* r,

2
apparmor.d/profiles-s-z/swtpm
View file

@ -11,6 +11,8 @@ profile swtpm @{exec_path} {
include <abstractions/base>
include <abstractions/openssl>
signal (receive) set=(term) peer=libvirtd,
@{exec_path} mr,
/var/lib/libvirt/swtpm/@{uuid}/tpm2/.lock wk,