feat(profiles): general update.

2022-10-14 22:17:27 +01:00 · 2022-10-14 22:17:27 +01:00 · b1950cbe91
commit b1950cbe91
parent 3c841e6d6a
10 changed files with 31 additions and 10 deletions
--- a/apparmor.d/profiles-a-f/appstreamcli
+++ b/apparmor.d/profiles-a-f/appstreamcli
@ -21,11 +21,13 @@ profile appstreamcli @{exec_path} flags=(complain) {
  /{usr/,}bin/gzip rix,
  /{usr/,}bin/tar  rix,

+  /usr/share/app-info/{,**} r,
  /usr/share/appdata/ r,
  /usr/share/applications/{,*.desktop} r,
  /usr/share/metainfo/ r,
  /usr/share/metainfo/*.{metainfo,appdata}.xml r,
  /usr/share/mime/mime.cache r,
+  /usr/share/swcatalog/{,**} r,

  /etc/appstream.conf r,

--- a/apparmor.d/profiles-a-f/flatpak-system-helper
+++ b/apparmor.d/profiles-a-f/flatpak-system-helper
@ -15,6 +15,7 @@ profile flatpak-system-helper @{exec_path} {

  capability chown,
  capability dac_override,
+  capability fowner,
  capability net_admin,
  capability setgid,
  capability setuid,
@ -33,17 +34,18 @@ profile flatpak-system-helper @{exec_path} {

  /etc/flatpak/{,**} r,

+  /usr/share/mime/mime.cache r,
  /usr/share/flatpak/triggers/ r,

  /var/lib/flatpak/{,**} rwkl,
  /var/tmp/flatpak-cache-*/{,**} rw,

-  owner /tmp/#[0-9]* rw, 
-  owner /tmp/ostree-gpg-*/ rw,
+  owner /{var/,}tmp/#[0-9]* rw, 
+  owner /{var/,}tmp/ostree-gpg-*/ rw,
  owner /tmp/ostree-gpg-*/** rwkl -> /tmp/ostree-gpg-*/**,

+        @{PROC}/@{pid}/stat r,
  owner @{PROC}/@{pid}/fd/ r,
-  owner @{PROC}/@{pid}/stat r,

  profile gpg {
    include <abstractions/base>