felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2024-03-15 16:07:53 +00:00
parent 9f3be7a96d
commit cf4e47f10f
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
22 changed files with 75 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

6
apparmor.d/groups/freedesktop/pipewire
View file

@ -51,10 +51,12 @@ profile pipewire @{exec_path} flags=(attach_disconnected) {
owner @{user_config_dirs}/pipewire/pipewire-pulse.conf r,
owner @{user_config_dirs}/pipewire/pipewire.conf r,
owner /tmp/librnnoise-@{int}.so rm,
owner @{run}/user/@{uid}/pipewire-@{int}.lock rwk,
owner @{run}/user/@{uid}/pipewire-@{int}-manager.lock rwk,
owner @{run}/user/@{uid}/pipewire-@{int}.lock rwk,
owner @{run}/user/@{uid}/pulse/pid rw,
@{run}/udev/data/c81:@{int} r, # For video4linux
@{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511

10
apparmor.d/groups/freedesktop/pulseaudio
View file

@ -22,12 +22,10 @@ profile pulseaudio @{exec_path} {
include <abstractions/dconf-write>
include <abstractions/dri>
include <abstractions/fontconfig-cache-write>
include <abstractions/fonts>
include <abstractions/freedesktop.org>
include <abstractions/desktop>
include <abstractions/gstreamer>
include <abstractions/hosts_access>
include <abstractions/nameservice-strict>
include <abstractions/X-strict>
ptrace (trace) peer=@{profile_name},
@ -89,6 +87,8 @@ profile pulseaudio @{exec_path} {
/usr/share/ladspa/rdf/{,*} r,
/usr/share/pulseaudio/{,**} r,
/etc/pulse/{,**} r,
/var/lib/snapd/desktop/applications/ r,
# For GDM
@ -117,8 +117,8 @@ profile pulseaudio @{exec_path} {
owner @{user_cache_dirs}/gstreamer-1.0/registry.*.bin r,
owner @{run}/user/@{uid}/ rw,
owner @{run}/user/@{uid}/pulse/{,*} rw,
owner @{run}/user/@{uid}/pulse/*.lock k,
owner @{run}/user/@{uid}/pulse/ rw,
owner @{run}/user/@{uid}/pulse/** rwk,
owner @{run}/user/@{uid}/systemd/notify rw,
@{run}/systemd/users/@{uid} r,

2
apparmor.d/groups/freedesktop/xorg
View file

@ -36,7 +36,7 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
signal (receive) peer=sddm,
signal (receive) peer=xinit,
signal (receive) set=hup peer=gdm-session-worker,
signal (receive) set=term peer=gdm{,-x-session},
signal (receive) set=term peer=gdm{,-session},
unix (bind, listen) type=stream addr=@/tmp/.X11-unix/*,
unix (send, receive, accept) type=stream addr=@/tmp/.X11-unix/*, # all peers