felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

broader gdm

Browse source
This commit is contained in:
nobodysu 2022-09-05 04:14:08 +03:00 committed by Alex
parent d6d7dacb9e
commit cd646ea899
30 changed files with 71 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/freedesktop/at-spi-bus-launcher
View file

@ -38,7 +38,7 @@ profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) {
owner @{run}/user/@{uid}/gdm/Xauthority r,
/var/lib/lightdm/.Xauthority r,
/var/lib/gdm/.config/dconf/user r,
/var/lib/gdm{3,}/.config/dconf/user r,
/var/log/lightdm/seat[0-9]*-greeter.log w,

2
apparmor.d/groups/freedesktop/colord
View file

@ -52,7 +52,7 @@ profile colord @{exec_path} flags=(attach_disconnected) {
owner /var/lib/colord/{mapping,storage}.db{,-journal} rwk,
/var/lib/flatpak/exports/share/mime/mime.cache r,
/var/lib/gdm/.local/share/icc/edid-*.icc r,
/var/lib/gdm{3,}/.local/share/icc/edid-*.icc r,
@{user_share_dirs}/icc/edid-*.icc r,

6
apparmor.d/groups/freedesktop/dconf-service
View file

@ -23,9 +23,9 @@ profile dconf-service @{exec_path} flags=(attach_disconnected) {
owner @{user_cache_dirs}/ rw,
owner @{user_cache_dirs}/dconf/ rw,
owner @{user_cache_dirs}/dconf/user rw,
/var/lib/gdm/.config/dconf/ rw,
/var/lib/gdm/.config/dconf/user rw,
/var/lib/gdm/.config/dconf/user.* rw,
/var/lib/gdm{3,}/.config/dconf/ rw,
/var/lib/gdm{3,}/.config/dconf/user rw,
/var/lib/gdm{3,}/.config/dconf/user.* rw,
@{PROC}/cmdline r,

2
apparmor.d/groups/freedesktop/pipewire-media-session
View file

@ -41,7 +41,7 @@ profile pipewire-media-session @{exec_path} {
/etc/pipewire/*.conf r,
/etc/pipewire/media-session.d/*.conf r,
/var/lib/gdm/.local/state/pipewire/media-session.d/* rw,
/var/lib/gdm{3,}/.local/state/pipewire/media-session.d/* rw,
owner @{HOME}/.local/state/ rw,
owner @{HOME}/.local/state/pipewire/{,**} rw,

2
apparmor.d/groups/freedesktop/pipewire-pulse
View file

@ -30,7 +30,7 @@ profile pipewire-pulse @{exec_path} flags=(attach_disconnected) {
/usr/share/pipewire/client.conf r,
/usr/share/pipewire/pipewire-pulse.conf r,
/var/lib/gdm/.config/pulse/cookie rwk,
/var/lib/gdm{3,}/.config/pulse/cookie rwk,
owner @{run}/user/@{uid}/pulse/pid w,

20
apparmor.d/groups/freedesktop/xdg-user-dirs-update
View file

@ -15,16 +15,16 @@ profile xdg-user-dirs-update @{exec_path} {
/etc/xdg/user-dirs.conf r,
/etc/xdg/user-dirs.defaults r,
/var/lib/gdm/.config/user-dirs.dirs{,*} rw,
/var/lib/gdm/.config/user-dirs.locale rw,
/var/lib/gdm/@{XDG_DESKTOP_DIR}/ rw,
/var/lib/gdm/@{XDG_DOCUMENTS_DIR}/ rw,
/var/lib/gdm/@{XDG_DOWNLOAD_DIR}/ rw,
/var/lib/gdm/@{XDG_MUSIC_DIR}/ rw,
/var/lib/gdm/@{XDG_PICTURES_DIR}/ rw,
/var/lib/gdm/@{XDG_PUBLICSHARE_DIR}/ rw,
/var/lib/gdm/@{XDG_TEMPLATES_DIR}/ rw,
/var/lib/gdm/@{XDG_VIDEOS_DIR}/ rw,
/var/lib/gdm{3,}/.config/user-dirs.dirs{,*} rw,
/var/lib/gdm{3,}/.config/user-dirs.locale rw,
/var/lib/gdm{3,}/@{XDG_DESKTOP_DIR}/ rw,
/var/lib/gdm{3,}/@{XDG_DOCUMENTS_DIR}/ rw,
/var/lib/gdm{3,}/@{XDG_DOWNLOAD_DIR}/ rw,
/var/lib/gdm{3,}/@{XDG_MUSIC_DIR}/ rw,
/var/lib/gdm{3,}/@{XDG_PICTURES_DIR}/ rw,
/var/lib/gdm{3,}/@{XDG_PUBLICSHARE_DIR}/ rw,
/var/lib/gdm{3,}/@{XDG_TEMPLATES_DIR}/ rw,
/var/lib/gdm{3,}/@{XDG_VIDEOS_DIR}/ rw,
owner @{user_config_dirs}/user-dirs.dirs r,

2
apparmor.d/groups/freedesktop/xkbcomp
View file

@ -26,7 +26,7 @@ profile xkbcomp @{exec_path} flags=(attach_disconnected) {
owner @{user_share_dirs}/xorg/Xorg.[0-9].log w,
/var/lib/gdm/.local/share/xorg/Xorg.[0-9].log w,
/var/lib/gdm{3,}/.local/share/xorg/Xorg.[0-9].log w,
owner /var/log/lightdm/x-[0-9]*.log w,
owner /tmp/server-[0-9]*.xkm rwk,

6
apparmor.d/groups/freedesktop/xorg
View file

@ -11,7 +11,7 @@ include <tunables/global>
@{exec_path} += /{usr/,}bin/Xorg
@{exec_path} += /{usr/,}lib/Xorg{,.wrap}
@{exec_path} += /{usr/,}lib/xorg/Xorg{,.wrap}
profile xorg @{exec_path} flags=(attach_disconnected) {
profile xorg @{exec_path} flags=(attach_disconnected complain) {
include <abstractions/base>
include <abstractions/dbus-strict>
include <abstractions/fontconfig-cache-read>
@ -79,8 +79,8 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
owner /var/log/Xorg.[0-9].log{,.old} rw,
owner /var/log/Xorg.pid-@{pid}.log{,.old} rw,
/var/lib/gdm/.local/share/xorg/Xorg.[0-9].log{,.old} rw,
/var/lib/gdm/.local/share/xorg/Xorg.pid-@{pid}.log{,.old} rw,
/var/lib/gdm{3,}/.local/share/xorg/Xorg.[0-9].log{,.old} rw,
/var/lib/gdm{3,}/.local/share/xorg/Xorg.pid-@{pid}.log{,.old} rw,
@{run}/nvidia-xdriver-* rw,
@{run}/sddm/{,**} rw,