felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2024-10-01 20:17:13 +01:00
parent 460ac12bfb
commit af50944fb5
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
10 changed files with 23 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

9
apparmor.d/groups/gnome/nautilus
View file

@ -80,9 +80,12 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
@{MOUNTDIRS}/ r,
@{MOUNTS}/ r,
@{MOUNTS}/** rw,
owner @{HOME}/{,**} rw,
owner @{run}/user/@{uid}/{,**} rw,
owner @{tmp}/{,**} rw,
owner @{HOME}/ r,
owner @{HOME}/** rw,
owner @{run}/user/@{uid}/ r,
owner @{run}/user/@{uid}/** rw,
owner @{tmp}/ r,
owner @{tmp}/** rw,
# Silence non user's data
deny /boot/{,**} r,

4
apparmor.d/groups/gpg/gpg-connect-agent
View file

@ -18,8 +18,6 @@ profile gpg-connect-agent @{exec_path} {
/etc/inputrc r,
owner @{PROC}/@{pid}/fd/ r,
owner @{run}/user/@{uid}/gnupg/ w,
owner @{run}/user/@{uid}/gnupg/d.*/ rw,
@ -27,6 +25,8 @@ profile gpg-connect-agent @{exec_path} {
owner @{tmp}/tmp.*/.#lk0x@{hex}.*.@{pid}x rwl -> /tmp/*/.#lk0x@{hex}.*.@{pid},
owner @{tmp}/tmp.*/gnupg_spawn_agent_sentinel.lock rwl -> /tmp/*/.#lk0x@{hex}.*.@{pid},
owner @{PROC}/@{pid}/fd/ r,
include if exists <local/gpg-connect-agent>
}

2
apparmor.d/groups/gvfs/gvfsd-fuse
View file

@ -14,6 +14,8 @@ profile gvfsd-fuse @{exec_path} {
include <abstractions/bus/org.gtk.vfs.MountTracker>
include <abstractions/nameservice-strict>
capability sys_admin,
mount fstype={fuse,fuse.*} -> @{run}/user/@{uid}/gvfs/,
unix (send,receive) type=stream addr=none peer=(label=gvfsd-fuse//fusermount),

5
apparmor.d/groups/pacman/pacman-hook-mkinitcpio
View file

@ -37,9 +37,10 @@ profile pacman-hook-mkinitcpio @{exec_path} flags=(attach_disconnected) {
/ r,
/boot/ r,
/boot/vmlinuz-* rw,
/boot/initramfs-*.img rw,
/boot/efi/boot/boot*.efi rw,
/boot/initramfs-*-fallback.img rw,
/boot/initramfs-*.img rw,
/boot/vmlinuz-* rw,
/dev/tty rw,
owner /dev/pts/@{int} rw,

10
apparmor.d/groups/ubuntu/apport-gtk
View file

@ -79,12 +79,12 @@ profile apport-gtk @{exec_path} {
/var/crash/ rw,
owner /var/crash/*.@{uid}.{crash,upload} rw,
@{run}/snapd.socket rw,
@{run}/snapd.socket rw,
/tmp/[a-z0-9]* rw,
/tmp/apport_core_* rw,
/tmp/launchpadlib.cache.[a-z0-9]*/ rw,
/tmp/tmp[a-z0-9]*/{,**} rw,
owner @{tmp}/@{rand8} rw,
owner @{tmp}/apport_core_@{rand8} rw,
owner @{tmp}/launchpadlib.cache.@{rand8}/ rw,
owner @{tmp}/tmp@{rand8}/{,**} rw,
@{PROC}/ r,
@{PROC}/@{pids}/cmdline r,