felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): deny gvfs-metadata when possible.

Browse source
This commit is contained in:
Alexandre Pujol 2022-09-24 17:59:20 +01:00
parent fcee586e9e
commit ae6cecde52
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
23 changed files with 42 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

5
apparmor.d/profiles-a-f/atril
View file

@ -73,9 +73,6 @@ profile atril @{exec_path} {
owner @{user_cache_dirs}/atril/{,**} rw,
owner @{user_share_dirs}/gvfs-metadata/home r,
owner @{user_share_dirs}/gvfs-metadata/home-*.log r,
owner /tmp/gtkprint_* rw,
owner /tmp/settings*.ini rw,
owner /tmp/settings*.ini.* rw,
@ -95,5 +92,7 @@ profile atril @{exec_path} {
owner /tmp/atril-@{pid}/*/content.opf rw,
owner /tmp/atril-@{pid}/*/META-INF/calibre_bookmarks.txt rw,
deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,
include if exists <local/atril>
}

4
apparmor.d/profiles-a-f/blueman
View file

@ -56,8 +56,6 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
owner @{user_cache_dirs}/obexd/ rw,
owner @{user_cache_dirs}/obexd/* rw,
owner @{user_share_dirs}/gvfs-metadata/{,*} r,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{PROC}/@{pid}/fd/ r,
@ -69,6 +67,8 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
/dev/shm/ r,
/dev/tty rw,
deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,
profile open {
include <abstractions/base>
include <abstractions/xdg-open>

3
apparmor.d/profiles-a-f/engrampa
View file

@ -117,7 +117,6 @@ profile engrampa @{exec_path} {
owner @{user_config_dirs}/mimeapps.list{,.*} rw,
owner @{user_share_dirs}/ r,
owner @{user_share_dirs}/gvfs-metadata/{,*} r,
/usr/share/engrampa/{,**} r,
@ -148,6 +147,8 @@ profile engrampa @{exec_path} {
# file_inherit
owner /dev/tty[0-9]* rw,
deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,
profile open {
include <abstractions/base>
include <abstractions/xdg-open>

2
apparmor.d/profiles-a-f/font-manager
View file

@ -47,7 +47,6 @@ profile font-manager @{exec_path} {
owner "@{user_share_dirs}/fonts/Google Fonts/**" rw,
owner @{user_share_dirs}/ r,
owner @{user_share_dirs}/gvfs-metadata/{,*} r,
@{sys}/devices/virtual/dmi/id/chassis_type r,
@{sys}/firmware/acpi/pm_profile r,
@ -63,6 +62,7 @@ profile font-manager @{exec_path} {
# Silencer
owner /var/cache/fontconfig/ w,
deny /var/cache/fontconfig/ w,
deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,
include if exists <local/font-manager>
}