Merge branch 'main' of github.com:roddhjav/apparmor.d
* 'main' of github.com:roddhjav/apparmor.d: Reorganise based on type Add XDG_GAMES_DIR Add missing `user_games_dirs` and reorganise alphabetically add config dirs complete browsers fix lynx profile use strict abstraction add preview tools
This commit is contained in:
Alexandre Pujol
commit
d21af8246b
8 changed files with 166 additions and 33 deletions
27
apparmor.d/profiles-a-f/elinks
Normal file
27
apparmor.d/profiles-a-f/elinks
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 valoq <valoq@mailbox.org>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/elinks
|
||||
profile elinks @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/ssl_certs>
|
||||
include <abstractions/user-download-strict>
|
||||
include <abstractions/user-read-strict>
|
||||
|
||||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
network inet stream,
|
||||
network inet6 stream,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{user_config_dirs}/elinks/{,**} rw,
|
||||
|
||||
include if exists <local/elinks>
|
||||
}
|
||||
17
apparmor.d/profiles-a-f/ffmpegthumbnailer
Normal file
17
apparmor.d/profiles-a-f/ffmpegthumbnailer
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 valoq <valoq@mailbox.org>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/ffmpegthumbnailer
|
||||
profile ffmpegthumbnailer @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/user-write-strict>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
include if exists <local/ffmpegthumbnailer>
|
||||
}
|
||||
17
apparmor.d/profiles-g-l/img2txt
Normal file
17
apparmor.d/profiles-g-l/img2txt
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 valoq <valoq@mailbox.org>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/img2txt
|
||||
profile img2txt @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/user-read-strict>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
include if exists <local/img2txt>
|
||||
}
|
||||
|
|
@ -13,6 +13,8 @@ profile lynx @{exec_path} {
|
|||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/wutmp>
|
||||
include <abstractions/ssl_certs>
|
||||
include <abstractions/user-download-strict>
|
||||
include <abstractions/user-read-strict>
|
||||
|
||||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
|
|
@ -20,20 +22,19 @@ profile lynx @{exec_path} {
|
|||
network inet6 stream,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/etc/lynx/{,*} r,
|
||||
|
||||
@{sh_path} rix,
|
||||
|
||||
/usr/share/terminfo/{,**} r,
|
||||
/usr/share/doc/lynx-common/** r,
|
||||
|
||||
/etc/mime.types r,
|
||||
|
||||
@{sh_path} rix,
|
||||
/etc/lynx.cfg r,
|
||||
/etc/lynx.lss r,
|
||||
/etc/lynx/{,**} r,
|
||||
/etc/mailcap r,
|
||||
/etc/mime.types r,
|
||||
|
||||
owner @{tmp}/lynxXXXX*/ rw,
|
||||
owner @{tmp}/lynxXXXX*/*TMP.html{,.gz} rw,
|
||||
|
||||
owner @{HOME}/ r,
|
||||
|
||||
include if exists <local/lynx>
|
||||
}
|
||||
|
|
|
|||
17
apparmor.d/profiles-m-r/odt2txt
Normal file
17
apparmor.d/profiles-m-r/odt2txt
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 valoq <valoq@mailbox.org>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/odt2txt
|
||||
profile odt2txt @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/user-write-strict>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
include if exists <local/odt2txt>
|
||||
}
|
||||
19
apparmor.d/profiles-m-r/pdftotext
Normal file
19
apparmor.d/profiles-m-r/pdftotext
Normal file
|
|
@ -0,0 +1,19 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 valoq <valoq@mailbox.org>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/pdftotext
|
||||
profile pdftotext @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/user-write-strict>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/poppler/{,**} r,
|
||||
|
||||
include if exists <local/pdftotext>
|
||||
}
|
||||
33
apparmor.d/profiles-s-z/w3m
Normal file
33
apparmor.d/profiles-s-z/w3m
Normal file
|
|
@ -0,0 +1,33 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 valoq <valoq@mailbox.org>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/w3m
|
||||
profile w3m @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/ssl_certs>
|
||||
include <abstractions/user-download-strict>
|
||||
include <abstractions/user-read-strict>
|
||||
|
||||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
network inet stream,
|
||||
network inet6 stream,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/terminfo/{,**} r,
|
||||
|
||||
/etc/w3m/{,**} r,
|
||||
owner @{HOME}/.w3m/{,**} r,
|
||||
owner @{user_config_dirs}/w3m/{,**} r,
|
||||
|
||||
owner /tmp/@{rand6}/{,**} rw,
|
||||
|
||||
include if exists <local/w3m>
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue