felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): cleanup log from well known programs.

Browse source
This commit is contained in:
Alexandre Pujol 2025-08-17 17:20:08 +02:00
parent 4dba131fb3
commit ba16e3c340
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
4 changed files with 20 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
apparmor.d/groups/freedesktop/xdg-mime
View file

@ -59,6 +59,12 @@ profile xdg-mime @{exec_path} flags=(attach_disconnected) {
/dev/tty rw,
# file_inherit
deny /opt/*/** r,
deny owner @{user_config_dirs}/*/** rw,
deny owner @{tmp}/.org.chromium.Chromium.@{rand6} rw,
deny owner /dev/shm/.org.chromium.Chromium.@{rand6} rw,
profile bus flags=(complain) {
include <abstractions/base>
include <abstractions/app/bus>

5
apparmor.d/groups/utils/blkid
View file

@ -34,8 +34,6 @@ profile blkid @{exec_path} flags=(attach_disconnected) {
@{run}/blkid/blkid.tab{,-@{rand6}} rw,
@{run}/blkid/blkid.tab.old rwl -> @{run}/blkid/blkid.tab,
@{run}/cloud-init/ds-identify.log w, # file_inherit
@{PROC}/@{pid}/mounts r,
@{PROC}/partitions r,
@{PROC}/swaps r,
@ -47,6 +45,9 @@ profile blkid @{exec_path} flags=(attach_disconnected) {
owner /dev/tty@{int} rw,
# file_inherit
deny @{run}/cloud-init/ds-identify.log w,
include if exists <local/blkid>
}

4
apparmor.d/groups/utils/lspci
View file

@ -45,7 +45,9 @@ profile lspci @{exec_path} flags=(attach_disconnected) {
@{PROC}/cmdline r,
@{PROC}/ioports r,
deny @{user_share_dirs}/gvfs-metadata/* r,
# file_inherit
deny owner @{user_share_dirs}/gvfs-metadata/* r,
deny owner @{user_cache_dirs}/*/** rw,
include if exists <local/lspci>
}