feat(profile): general update.
This commit is contained in:
Alexandre Pujol
parent
2e127ace4b
commit
ae71b323c2
29 changed files with 80 additions and 40 deletions
|
|
@ -17,6 +17,13 @@ profile nvidia-settings @{exec_path} {
|
|||
|
||||
/usr/share/pixmaps/{,**} r,
|
||||
|
||||
owner @{HOME}/.nvidia-settings-rc rw,
|
||||
|
||||
@{sys}/bus/pci/devices/ r,
|
||||
@{sys}/devices/@{pci}/config r,
|
||||
|
||||
@{PROC}/devices r,
|
||||
|
||||
include if exists <local/nvidia-settings>
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -29,7 +29,6 @@ profile pass @{exec_path} {
|
|||
@{bin}/mkdir rix,
|
||||
@{bin}/mktemp rix,
|
||||
@{bin}/mv rix,
|
||||
@{bin}/pkill rix,
|
||||
@{bin}/rm rix,
|
||||
@{bin}/rmdir rix,
|
||||
@{bin}/sed rix,
|
||||
|
|
@ -44,10 +43,11 @@ profile pass @{exec_path} {
|
|||
@{bin}/which rix,
|
||||
|
||||
@{bin}/git rCx -> git,
|
||||
@{lib}/git{,-core}/git rCx -> git,
|
||||
@{bin}/gpg{2,} rCx -> gpg,
|
||||
@{bin}/pkill rCx -> pkill,
|
||||
@{bin}/qdbus rCx -> qdbus,
|
||||
@{bin}/vim{,.*} rCx -> editor,
|
||||
@{lib}/git{,-core}/git rCx -> git,
|
||||
@{bin}/wl-{copy,paste} rPx,
|
||||
@{bin}/xclip rPx,
|
||||
|
||||
|
|
@ -72,6 +72,21 @@ profile pass @{exec_path} {
|
|||
|
||||
/dev/tty rw,
|
||||
|
||||
profile pkill {
|
||||
include <abstractions/base>
|
||||
|
||||
capability sys_ptrace,
|
||||
|
||||
ptrace read,
|
||||
|
||||
@{bin}/pkill mr,
|
||||
|
||||
@{PROC}/@{pid}/cgroup r,
|
||||
@{PROC}/tty/drivers r,
|
||||
|
||||
include if exists <local/pass_pkill>
|
||||
}
|
||||
|
||||
profile editor {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
|
|
|||
|
|
@ -16,6 +16,8 @@ profile pcscd @{exec_path} {
|
|||
|
||||
network netlink raw,
|
||||
|
||||
ptrace (read) peer=veracrypt,
|
||||
ptrace (read) peer=@{p_systemd_user},
|
||||
ptrace (read) peer=gsd-smartcard,
|
||||
ptrace (read) peer=pkcs11-register,
|
||||
ptrace (read) peer=rngd,
|
||||
|
|
@ -24,9 +26,7 @@ profile pcscd @{exec_path} {
|
|||
@{exec_path} mr,
|
||||
|
||||
/etc/libccid_Info.plist r,
|
||||
/etc/reader.conf.d/ r,
|
||||
/etc/reader.conf.d/libccidtwin r,
|
||||
/etc/reader.conf.d/reader.conf r,
|
||||
/etc/reader.conf.d/{,**} r,
|
||||
|
||||
owner @{run}/pcscd/{,pcscd.pid} rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -21,10 +21,9 @@ profile qemu-ga @{exec_path} {
|
|||
|
||||
ptrace (read) peer=@{p_systemd},
|
||||
|
||||
dbus send bus=system path=/org/freedesktop/login1
|
||||
interface=org.freedesktop.login1.Manager
|
||||
member={ScheduleShutdown,SetWallMessage}
|
||||
peer=(name=org.freedesktop.login1, label=systemd-logind),
|
||||
unix type=stream addr=@@{hex16}/bus/shutdown/system,
|
||||
|
||||
#aa:dbus talk bus=system name=org.freedesktop.login1 label=systemd-logind
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue