felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): various improvement for Tumbleweed

Browse source 
fix #828
This commit is contained in:
Alexandre Pujol 2025-09-07 20:05:19 +02:00
parent 5fe9e0ee9e
commit a87449268b
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
5 changed files with 19 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/abstractions/kde-strict
View file

@ -46,7 +46,7 @@
owner @{user_config_dirs}/kdeglobals r,
owner @{user_config_dirs}/kwinrc r,
owner @{user_config_dirs}/session/ rw,
owner @{user_config_dirs}/session/*_@{hex}_@{int}_@{int} rwlk,
owner @{user_config_dirs}/session/*_* rwlk,
owner @{user_config_dirs}/session/#@{int} rw,
owner @{user_config_dirs}/trashrc r,

9
apparmor.d/groups/kde/dolphin
View file

@ -25,7 +25,11 @@ profile dolphin @{exec_path} {
network netlink raw,
signal (send) set=(term) peer=kioworker,
signal send set=hup peer=@{p_systemd},
signal send set=term peer=kioworker,
ptrace read peer=@{p_systemd},
ptrace read peer=okular,
@{exec_path} mr,
@ -109,10 +113,11 @@ profile dolphin @{exec_path} {
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/stat r,
@{sys}/devices/virtual/block/dm-@{int}/uevent r,
/dev/tty r,
/dev/tty rw,
include if exists <local/dolphin>
}

1
apparmor.d/groups/kde/kwin_x11
View file

@ -41,6 +41,7 @@ profile kwin_x11 @{exec_path} {
/usr/share/kwin-x11/{,**} r,
/usr/share/kwin/{,**} r,
/usr/share/plasma/desktoptheme/{,**} r,
/usr/share/sounds/*/stereo/*.oga r,
/etc/machine-id r,
/etc/xdg/plasmarc r,

5
apparmor.d/groups/kde/okular
View file

@ -23,6 +23,8 @@ profile okular @{exec_path} {
network netlink raw,
ptrace read peer=@{p_systemd},
signal send set=term peer=kioworker,
@{exec_path} mr,
@ -69,7 +71,7 @@ profile okular @{exec_path} {
owner @{user_state_dirs}/#@{int} rw,
owner @{user_state_dirs}/okularstaterc rw,
owner @{user_state_dirs}/okularstaterc.@{rand6} rwl -> @{user_state_dirs}/#@{int},
owner @{user_state_dirs}/okularstaterc.@{rand6} rwlk -> @{user_state_dirs}/#@{int},
owner @{user_state_dirs}/okularstaterc.lock rwk,
owner @{tmp}/#@{int} rw,
@ -82,6 +84,7 @@ profile okular @{exec_path} {
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/stat r,
profile gpg {
include <abstractions/base>

9
apparmor.d/profiles-g-l/libreoffice
View file

@ -78,21 +78,24 @@ profile libreoffice @{exec_path} {
/usr/share/mythes/{,**} r,
/usr/share/thumbnailers/{,**} r,
/etc/cups/ppd/*.ppd r,
/etc/java{,-}{,@{version}}-openjdk/{,**} r,
/etc/libreoffice/{,**} r,
/etc/paperspecs r,
/etc/papersize r,
/etc/paperspecs r,
/etc/xdg/* r,
/var/tmp/ r,
owner /var/spool/libreoffice/uno_packages/cache/stamp.sys w,
owner @{user_cache_dirs}/libreoffice/{,**} rw,
owner @{user_config_dirs}/kservicemenurc r,
owner @{user_config_dirs}/libreoffice/ rw,
owner @{user_config_dirs}/libreoffice/** rwk,
owner @{user_config_dirs}/soffice.*.lock rwk,
owner @{user_config_dirs}/plasma_workspace.notifyrc r,
owner @{user_config_dirs}/kservicemenurc r,
owner @{user_config_dirs}/soffice.*.lock rwk,
owner @{user_config_dirs}/soffice.binrc r,
owner @{user_share_dirs}/#@{int} rw,
owner @{user_share_dirs}/user-places.xbel r,