felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add new read abstraction

Browse source
This commit is contained in:
valoq 2024-02-06 21:51:52 +01:00
parent 968da5518b
commit ca05b649ca
No known key found for this signature in database
GPG key ID: 19F09A0FB865CBD8
2 changed files with 35 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

29
apparmor.d/abstractions/user-read
View file

@ -1,27 +1,12 @@
# apparmor.d - Full set of apparmor profiles apparmor.d - Full set of apparmor profiles
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only # SPDX-License-Identifier: GPL-2.0-only
# This abstraction gives read access on all defined user directories. It should # This abstraction provides safe read access to all directories
# only be used if access to **ALL** folders is required. # that commonly include user owned files as referenced by the
# filesystem hierarchy standard. Hidden files in $HOME are excluded
owner @{HOME}/@{XDG_WALLPAPERS_DIR}/{,**} r, owner @{HOME}/ r,
owner @{HOME}/@{XDG_SCREENSHOTS_DIR}/{,**} r, owner @{HOME}/[^.]** r,
owner @{MOUNTS}/@{XDG_SCREENSHOTS_DIR}/{,**} r, owner @{MOUNTDIRS}/{,**} r,
owner @{MOUNTS}/@{XDG_WALLPAPERS_DIR}/{,**} r,
owner @{user_books_dirs}/{,**} r,
owner @{user_documents_dirs}/{,**} r,
owner @{user_games_dirs}/{,**} r,
owner @{user_music_dirs}/{,**} r,
owner @{user_pictures_dirs}/{,**} r,
owner @{user_projects_dirs}/{,**} r,
owner @{user_publicshare_dirs}/{,**} r,
owner @{user_sync_dirs}/{,**} r,
owner @{user_templates_dirs}/{,**} r,
owner @{user_torrents_dirs}/{,**} r,
owner @{user_videos_dirs}/{,**} r,
owner @{user_vm_dirs}/{,**} r,
owner @{user_work_dirs}/{,**} r,
include if exists <abstractions/user-read.d> include if exists <abstractions/user-read.d>

27
apparmor.d/abstractions/user-xdg-read Normal file
View file

@ -0,0 +1,27 @@
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
# This abstraction gives read access on all defined user directories. It should
# only be used if access to **ALL** folders is required.
owner @{HOME}/@{XDG_WALLPAPERS_DIR}/{,**} r,
owner @{HOME}/@{XDG_SCREENSHOTS_DIR}/{,**} r,
owner @{MOUNTS}/@{XDG_SCREENSHOTS_DIR}/{,**} r,
owner @{MOUNTS}/@{XDG_WALLPAPERS_DIR}/{,**} r,
owner @{user_books_dirs}/{,**} r,
owner @{user_documents_dirs}/{,**} r,
owner @{user_games_dirs}/{,**} r,
owner @{user_music_dirs}/{,**} r,
owner @{user_pictures_dirs}/{,**} r,
owner @{user_projects_dirs}/{,**} r,
owner @{user_publicshare_dirs}/{,**} r,
owner @{user_sync_dirs}/{,**} r,
owner @{user_templates_dirs}/{,**} r,
owner @{user_torrents_dirs}/{,**} r,
owner @{user_videos_dirs}/{,**} r,
owner @{user_vm_dirs}/{,**} r,
owner @{user_work_dirs}/{,**} r,
include if exists <abstractions/user-read.d>