refractor(abs): move common and app abstraction to their own abstractions subfolder.
As the number of abstraction is increasing, it is valuable to separate "base" abstractions to programs specific ones.
This commit is contained in:
Alexandre Pujol
parent
92f83d9e8d
commit
b88b8b8c26
158 changed files with 226 additions and 198 deletions
40
apparmor.d/abstractions/common/chromium
Normal file
40
apparmor.d/abstractions/common/chromium
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2022 Mikhail Morfikov
|
||||
# Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
# This abstraction is for chromium based application. Chromium based browsers
|
||||
# need to use abstractions/chromium instead.
|
||||
|
||||
# userns,
|
||||
|
||||
# Only needed when kernel.unprivileged_userns_clone is set to "1"
|
||||
capability sys_admin,
|
||||
capability sys_chroot,
|
||||
capability setuid,
|
||||
capability setgid,
|
||||
owner @{PROC}/@{pid}/setgroups w,
|
||||
owner @{PROC}/@{pid}/gid_map w,
|
||||
owner @{PROC}/@{pid}/uid_map w,
|
||||
|
||||
owner @{HOME}/.pki/ rw,
|
||||
owner @{HOME}/.pki/nssdb/ rw,
|
||||
owner @{HOME}/.pki/nssdb/pkcs11.txt rw,
|
||||
owner @{HOME}/.pki/nssdb/{cert9,key4}.db rwk,
|
||||
owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw,
|
||||
|
||||
owner @{user_share_dirs}/.org.chromium.Chromium.* rw,
|
||||
|
||||
/tmp/ r,
|
||||
/var/tmp/ r,
|
||||
owner /tmp/.org.chromium.Chromium.* rw,
|
||||
owner /tmp/.org.chromium.Chromium.*/{,**} rw,
|
||||
owner /tmp/scoped_dir*/ rw,
|
||||
owner /tmp/scoped_dir*/SingletonCookie w,
|
||||
owner /tmp/scoped_dir*/SingletonSocket w,
|
||||
owner /tmp/scoped_dir*/SS w,
|
||||
|
||||
/dev/shm/ r,
|
||||
owner /dev/shm/.org.chromium.Chromium.* rw,
|
||||
|
||||
include if exists <abstractions/common/chromium.d>
|
||||
Loading…
Add table
Add a link
Reference in a new issue