felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): initial dbus integration (no dbus rule yet).

Browse source
This commit is contained in:
Alexandre Pujol 2022-06-03 20:38:23 +01:00
parent aa606bbdc4
commit a6a72cd5c3
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
46 changed files with 64 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

1
apparmor.d/groups/gnome/evolution-addressbook-factory
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{libexec}/evolution-addressbook-factory
profile evolution-addressbook-factory @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/nameservice-strict>
include <abstractions/ssl_certs>

1
apparmor.d/groups/gnome/evolution-calendar-factory
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{libexec}/evolution-calendar-factory
profile evolution-calendar-factory @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/nameservice-strict>
include <abstractions/ssl_certs>

4
apparmor.d/groups/gnome/gdm
View file

@ -9,8 +9,10 @@ include <tunables/global>
@{exec_path} = /{usr/,}{s,}bin/gdm{3,}
profile gdm @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/wutmp>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/nameservice-strict>
include <abstractions/wutmp>
capability chown,
capability fsetid,

2
apparmor.d/groups/gnome/gdm-session-worker
View file

@ -10,6 +10,8 @@ include <tunables/global>
profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/authentication>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/nameservice-strict>
capability audit_write,

1
apparmor.d/groups/gnome/gnome-extension-ding
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /usr/share/gnome-shell/extensions/ding@rastersoft.com/ding.js
profile gnome-extension-ding @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/fonts>
include <abstractions/freedesktop.org>

1
apparmor.d/groups/gnome/gnome-keyring-daemon
View file

@ -10,6 +10,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/gnome-keyring-daemon
profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-strict>
include <abstractions/openssl>
capability ipc_lock,

1
apparmor.d/groups/gnome/gnome-session-binary
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{libexec}/gnome-session-binary
profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>

4
apparmor.d/groups/gnome/gnome-shell
View file

@ -11,6 +11,8 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/app-launcher-user>
include <abstractions/audio>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
@ -68,9 +70,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
/.flatpak-info r,
/etc/fstab r,
/etc/machine-id r,
/etc/xdg/menus/gnome-applications.menu r,
/var/lib/dbus/machine-id r,
/var/lib/gdm{3,}/.cache/ w,
/var/lib/gdm{3,}/.cache/mesa_shader_cache/ rw,

1
apparmor.d/groups/gnome/goa-daemon
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{libexec}/goa-daemon
profile goa-daemon @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/nameservice-strict>
include <abstractions/opencl>

1
apparmor.d/groups/gnome/gsd-color
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{libexec}/gsd-color
profile gsd-color @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/fontconfig-cache-read>
include <abstractions/fonts>

1
apparmor.d/groups/gnome/gsd-disk-utility-notify
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{libexec}/gsd-disk-utility-notify
profile gsd-disk-utility-notify @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-strict>
@{exec_path} mr,

1
apparmor.d/groups/gnome/gsd-keyboard
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{libexec}/gsd-keyboard
profile gsd-keyboard @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/fontconfig-cache-read>
include <abstractions/fonts>

1
apparmor.d/groups/gnome/gsd-media-keys
View file

@ -10,6 +10,7 @@ include <tunables/global>
profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/audio>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/fonts>
include <abstractions/gtk>

1
apparmor.d/groups/gnome/gsd-power
View file

@ -10,6 +10,7 @@ include <tunables/global>
profile gsd-power @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/audio>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/fonts>
include <abstractions/gtk>

1
apparmor.d/groups/gnome/gsd-print-notifications
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{libexec}/gsd-print-notifications
profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-strict>
include <abstractions/nameservice-strict>
network inet stream,

1
apparmor.d/groups/gnome/gsd-printer
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{libexec}/gsd-printer
profile gsd-printer @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-strict>
signal (receive) set=(term, hup) peer=gdm*,
signal (receive) set=(hup) peer=gsd-print-notifications,

1
apparmor.d/groups/gnome/gsd-rfkill
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{libexec}/gsd-rfkill
profile gsd-rfkill @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-strict>
signal (receive) set=(term, hup) peer=gdm*,

1
apparmor.d/groups/gnome/gsd-sharing
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{libexec}/gsd-sharing
profile gsd-sharing @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-strict>
include <abstractions/dconf>
signal (receive) set=(term, hup) peer=gdm*,

1
apparmor.d/groups/gnome/gsd-xsettings
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{libexec}/gsd-xsettings
profile gsd-xsettings @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>

2
apparmor.d/groups/gnome/tracker-miner
View file

@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{libexec}/tracker-miner-fs-{,control-}3
profile tracker-miner @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session-strict> # TODO: FIXME: See if we keep them like this.
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/disks-read>
include <abstractions/freedesktop.org>