feat(profile): general update.
This commit is contained in:
Alexandre Pujol
parent
da7747e0fe
commit
bed9545082
11 changed files with 43 additions and 33 deletions
|
|
@ -26,8 +26,8 @@ profile dpkg-split @{exec_path} {
|
|||
|
||||
/var/cache/apt/archives/*.deb r,
|
||||
|
||||
@{user_pkg_dirs}/** r,
|
||||
owner @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
|
||||
owner @{user_pkg_dirs}/** r,
|
||||
|
||||
include if exists <local/dpkg-split>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ include <tunables/global>
|
|||
profile dbus-session flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
unix (send receive) type=stream addr=none peer=(label=gnome-shell, addr=none),
|
||||
|
|
@ -62,7 +63,8 @@ profile dbus-session flags=(attach_disconnected) {
|
|||
owner @{PROC}/@{pid}/oom_score_adj r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
||||
/dev/ptmx rw,
|
||||
/dev/tty@{int} rw,
|
||||
|
||||
|
||||
include if exists <local/dbus-session>
|
||||
}
|
||||
|
|
@ -53,16 +53,19 @@ profile dbus-system flags=(attach_disconnected) {
|
|||
@{user_share_dirs}/icc/ r,
|
||||
@{user_share_dirs}/icc/edid-@{hex32}.icc r,
|
||||
|
||||
@{run}/systemd/users/@{int} r,
|
||||
@{run}/systemd/sessions/*.ref rw,
|
||||
@{run}/systemd/inhibit/*.ref rw,
|
||||
@{run}/systemd/notify w,
|
||||
@{run}/systemd/sessions/*.ref rw,
|
||||
@{run}/systemd/users/@{int} r,
|
||||
|
||||
@{sys}/kernel/security/apparmor/.access rw,
|
||||
@{sys}/kernel/security/apparmor/features/dbus/mask r,
|
||||
@{sys}/module/apparmor/parameters/enabled r,
|
||||
|
||||
@{PROC}/@{pid}/attr/apparmor/current r,
|
||||
@{PROC}/@{pid}/cmdline r,
|
||||
@{PROC}/@{pid}/environ r,
|
||||
@{PROC}/@{pid}/mounts r,
|
||||
@{PROC}/cmdline r,
|
||||
@{PROC}/sys/kernel/osrelease r,
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
|
|
|
|||
|
|
@ -268,6 +268,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
|||
owner @{user_cache_dirs}/gnome-boxes/*.png r,
|
||||
owner @{user_cache_dirs}/gnome-photos/{,**} r,
|
||||
owner @{user_cache_dirs}/gnome-screenshot/{,**} rw,
|
||||
owner @{user_cache_dirs}/gnome-software/icons/{,**} r,
|
||||
owner @{user_cache_dirs}/libgweather/{,**} rw,
|
||||
owner @{user_cache_dirs}/media-art/{,**} r,
|
||||
owner @{user_cache_dirs}/vlc/**/*.jpg r,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue