felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2024-03-15 16:07:53 +00:00
parent 9f3be7a96d
commit cf4e47f10f
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
22 changed files with 75 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/groups/kde/konsole
View file

@ -30,6 +30,7 @@ profile konsole @{exec_path} flags=(attach_disconnected) {
/usr/share/color-schemes/{,**} r,
/usr/share/kf6/{,**} r,
/usr/share/knotifications{5,6}/konsole.notifyrc r,
/usr/share/knotifications{5,6}/plasma_workspace.notifyrc r,
/usr/share/konsole/{,**} r,
/usr/share/sounds/** r,
@ -49,7 +50,8 @@ profile konsole @{exec_path} flags=(attach_disconnected) {
owner @{user_cache_dirs}/icon-cache.kcache rw,
owner @{user_share_dirs}/konsole/{,**} rwlk,
owner @{user_share_dirs}/konsole/ rw,
owner @{user_share_dirs}/konsole/** rwlk,
owner /tmp/#@{int} rw,
owner /tmp/konsole.@{rand6} rw,

6
apparmor.d/groups/kde/plasmashell
View file

@ -31,6 +31,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
include <abstractions/nameservice-strict>
include <abstractions/qt5-shader-cache>
include <abstractions/recent-documents-write>
include <abstractions/ssl_certs>
include <abstractions/thumbnails-cache-read>
# userns,
@ -39,6 +40,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
network inet6 dgram,
network inet stream,
network inet6 stream,
network netlink dgram,
network netlink raw,
ptrace (read) peer=akonadi*,
@ -114,6 +116,8 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
owner @{user_cache_dirs}/plasma-svgelements{,.@{rand6}} rwlk -> @{user_cache_dirs}/#@{int},
owner @{user_cache_dirs}/plasmashell/ rw,
owner @{user_cache_dirs}/plasmashell/** rwkl -> @{user_cache_dirs}/plasmashell/**,
owner @{user_cache_dirs}/org.kde.*/ rw,
owner @{user_cache_dirs}/org.kde.*/** rwlk,
owner @{user_config_dirs}/{KDE,kde.org}/ rw,
owner @{user_config_dirs}/{KDE,kde.org}/** rwkl -> @{user_config_dirs}/{KDE,kde.org}/#@{int},
@ -160,6 +164,8 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
owner @{user_share_dirs}/plasma/plasmoids/{,**} r,
owner @{user_share_dirs}/plasmashell/** rwkl -> @{user_share_dirs}/plasmashell/**,
owner @{user_share_dirs}/user-places.xbel{,*} rwl,
owner @{user_share_dirs}/libkunitconversion/ rw,
owner @{user_share_dirs}/libkunitconversion/** rwlk,
/tmp/.mount_nextcl@{rand6}/{,*} r,
owner /tmp/#@{int} rw,

1
apparmor.d/groups/kde/utempter
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/{,@{multiarch}/}utempter/utempter
profile utempter @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/nameservice-strict>
include <abstractions/wutmp>