felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): start using new abstraction.

Browse source
This commit is contained in:
Alexandre Pujol 2023-12-19 23:29:15 +00:00
parent 9f49052529
commit b7140c9b2b
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
33 changed files with 44 additions and 196 deletions
Download patch file Download diff file Expand all files Collapse all files

3
apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome
View file

@ -18,8 +18,7 @@ profile xdg-desktop-portal-gnome @{exec_path} {
include <abstractions/bus/org.gtk.vfs.MountTracker>
include <abstractions/dconf-write>
include <abstractions/deny-sensitive-home>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/dri>
include <abstractions/fontconfig-cache-write>
include <abstractions/gnome-strict>
include <abstractions/mesa>

12
apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
View file

@ -21,18 +21,13 @@ profile xdg-desktop-portal-gtk @{exec_path} {
include <abstractions/bus/org.gnome.Shell.Introspect>
include <abstractions/bus/org.gtk.vfs.MountTracker>
include <abstractions/dconf-write>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/fontconfig-cache-write>
include <abstractions/fonts>
include <abstractions/freedesktop.org>
include <abstractions/gtk>
include <abstractions/mesa>
include <abstractions/gnome-strict>
include <abstractions/graphics>
include <abstractions/nameservice-strict>
include <abstractions/thumbnails-cache-read>
include <abstractions/user-download>
include <abstractions/user-write>
include <abstractions/wayland>
unix (send, receive, connect) type=stream peer=(addr="@/tmp/.X11-unix/*", label=gnome-shell),
@ -53,8 +48,6 @@ profile xdg-desktop-portal-gtk @{exec_path} {
@{exec_path} mr,
/usr/share/X11/xkb/{,**} r,
/ r,
owner /var/lib/xkb/server-@{int}.xkm rw,
@ -65,7 +58,6 @@ profile xdg-desktop-portal-gtk @{exec_path} {
owner @{HOME}/@{XDG_DATA_DIR}/ r,
owner /tmp/runtime-*/xauth_@{rand6} r,
owner /tmp/xauth_@{rand6} r,
@{run}/mount/utab r,
@{run}/user/@{uid}/xauth_@{rand6} rl,

6
apparmor.d/groups/freedesktop/xdg-desktop-portal-kde
View file

@ -9,13 +9,10 @@ include <tunables/global>
@{exec_path} = @{lib}/xdg-desktop-portal-kde
profile xdg-desktop-portal-kde @{exec_path} {
include <abstractions/base>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/freedesktop.org>
include <abstractions/mesa>
include <abstractions/graphics>
include <abstractions/nameservice-strict>
include <abstractions/qt5>
include <abstractions/vulkan>
network inet dgram,
network inet6 dgram,
@ -27,7 +24,6 @@ profile xdg-desktop-portal-kde @{exec_path} {
/usr/share/hwdata/pnp.ids r,
/usr/share/icu/@{int}.@{int}/*.dat r,
/usr/share/mime/{,**} r,
/usr/share/qt5/qtlogging.ini r,
/etc/xdg/kdeglobals r,

7
apparmor.d/groups/freedesktop/xorg
View file

@ -15,13 +15,10 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/bus-system>
include <abstractions/bus/org.freedesktop.login1.Session>
include <abstractions/desktop>
include <abstractions/fontconfig-cache-read>
include <abstractions/fonts>
include <abstractions/freedesktop.org>
include <abstractions/mesa>
include <abstractions/graphics>
include <abstractions/nameservice-strict>
include <abstractions/opencl>
include <abstractions/vulkan>
capability dac_override,
capability dac_read_search,

13
apparmor.d/groups/freedesktop/xwayland
View file

@ -9,12 +9,8 @@ include <tunables/global>
@{exec_path} = @{bin}/Xwayland
profile xwayland @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/mesa>
include <abstractions/nameservice-strict>
include <abstractions/opencl>
include <abstractions/vulkan>
include <abstractions/graphics>
include <abstractions/X-strict>
signal (receive) set=(term hup) peer=gdm*,
@ -29,10 +25,8 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
@{bin}/{,ba,da}sh rix,
@{bin}/xkbcomp rPx,
/usr/share/egl/{,**} r,
/usr/share/fonts/{,**} r,
/usr/share/ghostscript/fonts/{,**} r,
/usr/share/libdrm/*.ids r,
owner /var/lib/gdm{3,}/.cache/mesa_shader_cache/index rw,
@ -41,10 +35,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
owner @{run}/user/@{uid}/server-@{int}.xkm rw,
owner @{run}/user/@{uid}/xwayland-shared-@{rand6} rw,
@{sys}/bus/pci/devices/ r,
@{PROC}/@{pids}/cmdline r,
owner @{PROC}/@{pids}/comm r,
@{PROC}/@{pids}/cmdline r,
/dev/tty@{int} rw,
/dev/tty rw,