fix(profile): add deny-sensitive-home abstraction.

2022-10-01 19:18:54 +01:00 · 2022-10-01 19:18:54 +01:00 · d0a8030af8
commit d0a8030af8
parent 8a55eb8330
3 changed files with 38 additions and 0 deletions
--- a/apparmor.d/groups/gnome/nautilus
+++ b/apparmor.d/groups/gnome/nautilus
@ -58,6 +58,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
  owner /tmp/{,**} rw,

  # Silence non user's data
+  include <abstractions/deny-sensitive-home>
  deny /boot/{,**} r,
  deny /opt/{,**} r,
  deny /root/{,**} r,
--- a/apparmor.d/groups/gnome/tracker-miner
+++ b/apparmor.d/groups/gnome/tracker-miner
@ -12,6 +12,7 @@ profile tracker-miner @{exec_path} {
  include <abstractions/dbus-session-strict>
  include <abstractions/dbus-strict>
  include <abstractions/dconf-write>
+  include <abstractions/deny-sensitive-home>
  include <abstractions/disks-read>
  include <abstractions/freedesktop.org>
  include <abstractions/nameservice-strict>