felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

random tails

Browse source
This commit is contained in:
nobody43 2023-08-06 19:31:20 +00:00
parent a77a288cab
commit d49b6f7834
59 changed files with 108 additions and 108 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/abstractions/gstreamer
View file

@ -13,7 +13,7 @@
/etc/openni2/OpenNI.ini r,
owner @{HOME}/{.cache/,.}gstreamer-[0-9]*/ rw,
owner @{HOME}/{.cache/,.}gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
owner @{HOME}/{.cache/,.}gstreamer-[0-9]*/registry.*.bin{,.tmp@{rand6}} rw,
/tmp/ r,
/var/tmp/ r,
@ -46,4 +46,4 @@
/dev/bus/usb/ r,
/dev/dri/ r,
include if exists <abstractions/gstreamer.d>
include if exists <abstractions/gstreamer.d>

2
apparmor.d/groups/apps/calibre
View file

@ -135,7 +135,7 @@ profile calibre @{exec_path} {
owner @{user_cache_dirs}/qtshadercache/#@{int} rw,
owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw,
owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp@{rand6}} rw,
owner @{user_config_dirs}/qt5ct/{,**} r,

2
apparmor.d/groups/apt/apt-extracttemplates
View file

@ -25,7 +25,7 @@ profile apt-extracttemplates @{exec_path} {
owner /var/log/unattended-upgrades/unattended-upgrades-dpkg.log rw,
owner /tmp/*.{config,template}.?????? rw,
owner /tmp/*.{config,template}.@{rand6} rw,
owner @{PROC}/@{pid}/fd/ r,

2
apparmor.d/groups/browsers/chromium-wrapper
View file

@ -38,7 +38,7 @@ profile chromium-wrapper @{exec_path} {
owner @{HOME}/.xsession-errors w,
owner /tmp/chromiumargs.?????? rw,
owner /tmp/chromiumargs.@{rand6} rw,
owner /tmp/tmp.*/ rw,
owner /tmp/tmp.*/** rwk,

4
apparmor.d/groups/browsers/firefox
View file

@ -191,10 +191,10 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
owner @{user_config_dirs}/gtk-{3,4}.0/assets/*.svg r,
owner @{user_config_dirs}/ibus/bus/ r,
owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
owner @{user_config_dirs}/mimeapps.list{,.*} rw,
owner @{user_config_dirs}/mimeapps.list{,.@{rand6}} rw,
owner @{user_share_dirs}/ r,
owner @{user_share_dirs}/applications/userapp-Firefox-??????.desktop{,.??????} rw,
owner @{user_share_dirs}/applications/userapp-Firefox-@{rand6}.desktop{,.@{rand6}} rw,
owner @{user_share_dirs}/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml rw,
owner @{user_share_dirs}/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml.* rw,

2
apparmor.d/groups/browsers/firefox-glxtest
View file

@ -26,7 +26,7 @@ profile firefox-glxtest @{exec_path} {
owner /tmp/firefox/.parentlock rw,
owner @{run}/user/@{uid}/xauth_?????? r,
owner @{run}/user/@{uid}/xauth_@{rand6} r,
@{sys}/bus/pci/devices/ r,
@{sys}/devices/pci[0-9]*/**/class r,

4
apparmor.d/groups/browsers/firefox-kmozillahelper
View file

@ -40,11 +40,11 @@ profile firefox-kmozillahelper @{exec_path} {
owner @{user_config_dirs}/kmozillahelperrc r,
owner @{user_config_dirs}/kwinrc r,
owner @{run}/user/@{uid}/xauth_* rl,
owner @{run}/user/@{uid}/xauth_@{rand6} rl,
@{PROC}/sys/kernel/core_pattern r,
/dev/tty r,
include if exists <local/firefox-kmozillahelper>
}
}

6
apparmor.d/groups/freedesktop/accounts-daemon
View file

@ -60,8 +60,8 @@ profile accounts-daemon @{exec_path} flags=(attach_disconnected) {
/etc/default/locale r,
/etc/gdm{3,}/ r,
/etc/gdm{3,}/custom.conf{,.??????} rw,
/etc/gdm{3,}/daemon.conf{,.??????} rw,
/etc/gdm{3,}/custom.conf{,.@{rand6}} rw,
/etc/gdm{3,}/daemon.conf{,.@{rand6}} rw,
/etc/machine-id r,
/etc/shadow r,
/etc/shells r,
@ -84,7 +84,7 @@ profile accounts-daemon @{exec_path} flags=(attach_disconnected) {
# wtmp.d ?
/var/log/wtmp r,
owner /tmp/gnome-control-center-user-icon-?????? rw,
owner /tmp/gnome-control-center-user-icon-@{rand6} rw,
include if exists <local/accounts-daemon>
}

4
apparmor.d/groups/freedesktop/at-spi-bus-launcher
View file

@ -39,10 +39,10 @@ profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) {
owner @{HOME}/.Xauthority r,
owner @{HOME}/.xsession-errors w,
owner /tmp/runtime-*/xauth_?????? r,
owner /tmp/runtime-*/xauth_@{rand6} r,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{run}/user/@{uid}/xauth_?????? r,
owner @{run}/user/@{uid}/xauth_@{rand6} r,
/var/lib/lightdm/.Xauthority r,
/var/lib/gdm{3,}/.config/dconf/user r,

4
apparmor.d/groups/freedesktop/at-spi2-registryd
View file

@ -89,10 +89,10 @@ profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) {
owner @{HOME}/.Xauthority r,
owner @{HOME}/.xsession-errors w,
owner /tmp/runtime-*/xauth_?????? r,
owner /tmp/runtime-*/xauth_@{rand6} r,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{run}/user/@{uid}/xauth_?????? r,
owner @{run}/user/@{uid}/xauth_@{rand6} r,
owner /dev/tty[0-9]* rw,

2
apparmor.d/groups/freedesktop/dconf
View file

@ -22,7 +22,7 @@ profile dconf @{exec_path} flags=(attach_disconnected) {
/usr/share/gdm/dconf/{,**} r,
/var/lib/gdm{3,}/ r,
/var/lib/gdm{3,}/greeter-dconf-defaults{,.??????} rw,
/var/lib/gdm{3,}/greeter-dconf-defaults{,.@{rand6}} rw,
owner @{user_config_dirs}/dconf/ rw,
owner @{user_config_dirs}/dconf/user{,.*} rw,

2
apparmor.d/groups/freedesktop/pulseaudio
View file

@ -159,7 +159,7 @@ profile pulseaudio @{exec_path} {
owner /var/lib/lightdm/.config/pulse/cookie k,
/var/lib/gdm{3,}/.cache/gstreamer-1.0/ rw,
/var/lib/gdm{3,}/.cache/gstreamer-1.0/registry.*.bin{,.tmp*} rw,
/var/lib/gdm{3,}/.cache/gstreamer-1.0/registry.*.bin{,.tmp@{rand6}} rw,
owner @{user_config_dirs}/ w,
owner @{user_config_dirs}/pulse/{,**} rw,

4
apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
View file

@ -164,10 +164,10 @@ profile xdg-desktop-portal-gtk @{exec_path} {
owner @{HOME}/.icons/{,**} r,
owner @{HOME}/@{XDG_DATA_HOME}/ r,
owner /tmp/runtime-*/xauth_?????? r,
owner /tmp/runtime-*/xauth_@{rand6} r,
@{run}/mount/utab r,
@{run}/user/@{uid}/xauth_* rl,
@{run}/user/@{uid}/xauth_@{rand6} rl,
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,

2
apparmor.d/groups/freedesktop/xdg-desktop-portal-kde
View file

@ -45,7 +45,7 @@ profile xdg-desktop-portal-kde @{exec_path} {
owner @{user_config_dirs}/kwinrc r,
owner @{user_config_dirs}/xdg-desktop-portal-kderc r,
@{run}/user/@{uid}/xauth_* rl,
@{run}/user/@{uid}/xauth_@{rand6} rl,
@{PROC}/sys/kernel/core_pattern r,

2
apparmor.d/groups/freedesktop/xdg-user-dirs-update
View file

@ -50,7 +50,7 @@ profile xdg-user-dirs-update @{exec_path} {
owner @{HOME}/@{XDG_VIDEOS_DIR}/ w,
owner @{user_config_dirs}/user-dirs.dirs rw,
owner @{user_config_dirs}/user-dirs.dirs?????? rw,
owner @{user_config_dirs}/user-dirs.dirs@{rand6} rw,
owner @{user_config_dirs}/user-dirs.locale rw,
include if exists <local/xdg-user-dirs-update>

4
apparmor.d/groups/freedesktop/xprop
View file

@ -19,8 +19,8 @@ profile xprop @{exec_path} {
owner @{HOME}/.Xauthority r,
owner @{HOME}/.icons/default/index.theme r,
owner /tmp/runtime-*/xauth_?????? r,
owner @{run}/user/@{uid}/xauth_* rl,
owner /tmp/runtime-*/xauth_@{rand6} r,
owner @{run}/user/@{uid}/xauth_@{rand6} rl,
# file_inherit
owner /dev/tty[0-9]* rw,

4
apparmor.d/groups/freedesktop/xrdb
View file

@ -35,8 +35,8 @@ profile xrdb @{exec_path} {
owner /tmp/kcminit.* r,
owner /tmp/plasma-apply-lookandfeel.* r,
owner /tmp/runtime-*/xauth_?????? r,
owner /tmp/startplasma-x11.?????? r,
owner /tmp/runtime-*/xauth_@{rand6} r,
owner /tmp/startplasma-x11.@{rand6} r,
owner /tmp/xauth-[0-9]*-_[0-9] r,
@{run}/sddm/\{@{uuid}\} r,

4
apparmor.d/groups/freedesktop/xsetroot
View file

@ -24,8 +24,8 @@ profile xsetroot @{exec_path} {
owner @{user_share_dirs}/sddm/xorg-session.log w,
@{run}/sddm/\{@{uuid}\} r,
@{run}/user/@{uid}/xauth_* rl,
@{run}/sddm/xauth_?????? r,
@{run}/user/@{uid}/xauth_@{rand6} rl,
@{run}/sddm/xauth_@{rand6} r,
include if exists <local/xsetroot>
}

2
apparmor.d/groups/freedesktop/xwayland
View file

@ -38,7 +38,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
owner /tmp/server-[0-9]*.xkm rwk,
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} rw,
owner @{run}/user/@{uid}/xwayland-shared-?????? rw,
owner @{run}/user/@{uid}/xwayland-shared-@{rand6} rw,
@{sys}/bus/pci/devices/ r,

2
apparmor.d/groups/gnome/gdm-runtime-config
View file

@ -13,7 +13,7 @@ profile gdm-runtime-config @{exec_path} {
@{exec_path} mr,
@{run}/gdm{3,}/ rw,
@{run}/gdm{3,}/custom.conf* rw,
@{run}/gdm{3,}/custom.conf{,@{rand6}} rw,
include if exists <local/gdm-runtime-config>
}

2
apparmor.d/groups/gnome/gdm-xsession
View file

@ -54,7 +54,7 @@ profile gdm-xsession @{exec_path} {
/etc/default/im-config r,
/etc/X11/{,**} r,
owner /tmp/gdm{3,}-config-err-?????? rw,
owner /tmp/gdm{3,}-config-err-@{rand6} rw,
# file_inherit
/dev/tty[0-9]* rw,

4
apparmor.d/groups/gnome/gjs-console
View file

@ -89,7 +89,7 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
/var/lib/gdm{3,}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,
/var/lib/gdm{3,}/.cache/gstreamer-1.0/ rw,
/var/lib/gdm{3,}/.cache/gstreamer-1.0/registry.*.bin{,.tmp*} rw,
/var/lib/gdm{3,}/.cache/gstreamer-1.0/registry.*.bin{,.tmp@{rand6}} rw,
/var/lib/gdm{3,}/.config/dconf/user r,
/var/lib/gdm{3,}/greeter-dconf-defaults r,
@ -98,7 +98,7 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
owner @{user_share_dirs}/gnome-shell/extensions/{,**} r,
owner @{user_cache_dirs}/gstreamer-1.0/ rw,
owner @{user_cache_dirs}/gstreamer-1.0/registry.*.bin{,.tmp*} rw,
owner @{user_cache_dirs}/gstreamer-1.0/registry.*.bin{,.tmp@{rand6}} rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,

6
apparmor.d/groups/gnome/gnome-control-center
View file

@ -137,8 +137,8 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
owner @{user_config_dirs}/gnome-control-center/{,**} rw,
owner @{user_config_dirs}/ibus/bus/ r,
owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
owner @{user_config_dirs}/mimeapps.list* rw,
owner @{user_config_dirs}/rygel.conf{,.??????} rw,
owner @{user_config_dirs}/mimeapps.list{,.@{rand6}} rw,
owner @{user_config_dirs}/rygel.conf{,.@{rand6}} rw,
owner @{user_share_dirs}/backgrounds/{,**} rw,
owner @{user_share_dirs}/icc/{,edid-*} r,
owner @{user_share_dirs}/sounds/__custom/{,*} rw,
@ -146,7 +146,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
owner @{user_share_dirs}/webkitgtk/databases/indexeddb/* rw,
owner @{user_share_dirs}/webkitgtk/localstorage/{,**} rwk,
owner @{user_share_dirs}/gnome-remote-desktop/ w,
owner @{user_share_dirs}/gnome-remote-desktop/rdp-tls.{crt,key}{.??????,} rw,
owner @{user_share_dirs}/gnome-remote-desktop/rdp-tls.{crt,key}{,.@{rand6}} rw,
owner @{run}/user/@{uid}/gnome-shell-disable-extensions w,
owner @{run}/user/@{uid}/gnome-control-center-region-needs-restart w,

2
apparmor.d/groups/gnome/gnome-session-binary
View file

@ -214,7 +214,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
/var/lib/flatpak/exports/share/mime/mime.cache r,
/var/lib/snapd/desktop/applications/{,mimeinfo.cache} r,
owner /tmp/dirs-?????? rw,
owner /tmp/dirs-@{rand6} rw,
owner @{user_config_dirs}/autostart/{,*.desktop} r,
owner @{user_config_dirs}/gnome-session/ rw,

2
apparmor.d/groups/gnome/gnome-shell
View file

@ -517,7 +517,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
/var/lib/gdm{3,}/.cache/event-sound-cache.tdb.@{md5}.x86_64-pc-linux-gnu rwk,
/var/lib/gdm{3,}/.cache/fontconfig/{,*} rwl,
/var/lib/gdm{3,}/.cache/gstreamer-[0-9]*/ rw,
/var/lib/gdm{3,}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
/var/lib/gdm{3,}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp@{rand6}} rw,
/var/lib/gdm{3,}/.cache/libgweather/ r,
/var/lib/gdm{3,}/.cache/mesa_shader_cache/ rw,
/var/lib/gdm{3,}/.cache/mesa_shader_cache/@{h}@{h}/ rw,

4
apparmor.d/groups/gnome/tracker-extract
View file

@ -83,10 +83,10 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
/var/lib/gdm{3,}/.cache/ rw,
/var/lib/gdm{3,}/.cache/tracker3/{,**} rw,
/var/lib/gdm{3,}/.cache/gstreamer-1.0/ rw,
/var/lib/gdm{3,}/.cache/gstreamer-1.0/registry.*.bin{,.tmp*} rw,
/var/lib/gdm{3,}/.cache/gstreamer-1.0/registry.*.bin{,.tmp@{rand6}} rw,
/var/lib/gdm{3,}/greeter-dconf-defaults r,
/var/lib/lightdm/.cache/gstreamer-1.0/registry.*.bin{,.tmp??????} r,
/var/lib/lightdm/.cache/gstreamer-1.0/registry.*.bin{,.tmp@{rand6}} r,
/var/lib/flatpak/exports/share/applications/mimeinfo.cache r,
/var/lib/flatpak/exports/share/mime/mime.cache r,

2
apparmor.d/groups/gnome/tracker-miner
View file

@ -88,7 +88,7 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) {
/var/lib/lightdm/.config/dconf/user r,
/var/lib/lightdm/.cache/tracker3/files/meta.db{,-wal} rwk,
/var/lib/lightdm/.cache/tracker3/files/no-need-mtime-check.txt{,.??????} rw,
/var/lib/lightdm/.cache/tracker3/files/no-need-mtime-check.txt{,.@{rand6}} rw,
owner /var/tmp/etilqs_@{hex} rw,

4
apparmor.d/groups/kde/drkonqi
View file

@ -22,9 +22,9 @@ profile drkonqi @{exec_path} {
/usr/share/drkonqi/{,**} r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
@{run}/user/@{uid}/xauth_* rl,
@{run}/user/@{uid}/xauth_@{rand6} rl,
/dev/tty r,
include if exists <local/drkonqi>
}
}

2
apparmor.d/groups/kde/gmenudbusmenuproxy
View file

@ -24,7 +24,7 @@ profile gmenudbusmenuproxy @{exec_path} {
owner @{HOME}/.gtkrc-2.0 rw,
owner @{user_config_dirs}/gtk-{2,3}.0/#@{int} rw,
owner @{user_config_dirs}/gtk-{2,3}.0/settings.ini{,.??????} rwl,
owner @{user_config_dirs}/gtk-{2,3}.0/settings.ini{,.@{rand6}} rwl,
owner @{user_config_dirs}/gtk-{2,3}.0/settings.ini.lock rwk,
@{PROC}/sys/kernel/random/boot_id r,

2
apparmor.d/groups/kde/kaccess
View file

@ -38,7 +38,7 @@ profile kaccess @{exec_path} {
owner @{user_share_dirs}/mime/generic-icons r,
owner @{run}/user/@{uid}/xauth_?????? r,
owner @{run}/user/@{uid}/xauth_@{rand6} r,
@{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,

4
apparmor.d/groups/kde/kalendarac
View file

@ -37,13 +37,13 @@ profile kalendarac @{exec_path} {
owner @{user_config_dirs}/emaildefaults r,
owner @{user_config_dirs}/emailidentities r,
owner @{user_config_dirs}/kalendaracrc rw,
owner @{user_config_dirs}/kalendaracrc.?????? rwl,
owner @{user_config_dirs}/kalendaracrc.@{rand6} rwl,
owner @{user_config_dirs}/kalendaracrc.lock rwk,
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
owner @{user_config_dirs}/kdeglobals r,
owner @{user_config_dirs}/kmail2rc r,
@{run}/user/@{uid}/xauth_* rl,
@{run}/user/@{uid}/xauth_@{rand6} rl,
@{PROC}/sys/kernel/core_pattern r,

10
apparmor.d/groups/kde/kcminit
View file

@ -28,8 +28,8 @@ profile kcminit @{exec_path} {
owner @{HOME}/.Xdefaults r,
owner @{user_config_dirs}/#@{int} rw,
owner @{user_config_dirs}/gtkrc-2.0{,.??????} rwl,
owner @{user_config_dirs}/gtkrc{,.??????} rwl,
owner @{user_config_dirs}/gtkrc-2.0{,.@{rand6}} rwl,
owner @{user_config_dirs}/gtkrc{,.@{rand6}} rwl,
owner @{user_config_dirs}/kcminputrc r,
owner @{user_config_dirs}/kdedefaults/kcminputrc r,
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
@ -39,12 +39,12 @@ profile kcminit @{exec_path} {
owner @{user_config_dirs}/kwinrc r,
owner @{user_config_dirs}/touchpadrc r,
owner @{user_config_dirs}/Trolltech.conf.lock rwk,
owner @{user_config_dirs}/Trolltech.conf{,.??????} rwl,
owner @{user_config_dirs}/Trolltech.conf{,.@{rand6}} rwl,
owner /tmp/kcminit.?????? rwl,
owner /tmp/kcminit.@{rand6} rwl,
owner /tmp/#@{int} rw,
@{run}/user/@{uid}/xauth_* rl,
@{run}/user/@{uid}/xauth_@{rand6} rl,
@{PROC}/sys/kernel/random/boot_id r,

2
apparmor.d/groups/kde/kconf_update
View file

@ -39,7 +39,7 @@ profile kconf_update @{exec_path} {
owner @{user_config_dirs}/kdeglobals* rwl,
owner /tmp/#@{int} rw,
owner /tmp/kconf_update.?????? rw,
owner /tmp/kconf_update.@{rand6} rw,
include if exists <local/kconf_update>
}

2
apparmor.d/groups/kde/kded5
View file

@ -98,7 +98,7 @@ profile kded5 @{exec_path} {
owner @{run}/user/@{uid}/#@{int} rw,
owner @{run}/user/@{uid}/kded5*kioworker.socket rwl,
owner /tmp/plasma-csd-generator.??????/{,**} rw,
owner /tmp/plasma-csd-generator.@{rand6}/{,**} rw,
@{PROC}/@{pids}/cmdline/ r,
@{PROC}/@{pids}/fd/ r,

4
apparmor.d/groups/kde/kioslave5
View file

@ -59,7 +59,7 @@ profile kioslave5 @{exec_path} {
owner @{run}/user/@{uid}/#@{int} rw,
owner @{run}/user/@{uid}/kio_desktop*kioworker.socket rwl,
owner @{run}/user/@{uid}/xauth_* rl,
owner @{run}/user/@{uid}/xauth_@{rand6} rl,
@{PROC}/sys/kernel/core_pattern r,
owner @{PROC}/@{pid}/mountinfo r,
@ -68,4 +68,4 @@ profile kioslave5 @{exec_path} {
/dev/tty r,
include if exists <local/kioslave5>
}
}

2
apparmor.d/groups/kde/kscreenlocker-greet
View file

@ -71,7 +71,7 @@ profile kscreenlocker-greet @{exec_path} {
owner @{user_cache_dirs}/plasma_theme_*.kcache rw,
owner @{user_cache_dirs}/plasma-svgelements-default_v* r,
owner @{user_cache_dirs}/plasma-svgelements.lock rwk,
owner @{user_cache_dirs}/plasma-svgelements{,.??????} rwl,
owner @{user_cache_dirs}/plasma-svgelements{,.@{rand6}} rwl,
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/@{hex} rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{int},
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{int} rw,
owner @{user_cache_dirs}/qtshadercache/ rw,

8
apparmor.d/groups/kde/ksmserver
View file

@ -44,7 +44,7 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) {
/etc/xdg/kwinrc r,
/etc/xdg/menus/ r,
owner @{HOME}/?????? rw,
owner @{HOME}/@{rand6} rw,
owner @{HOME}/.Xauthority rw,
owner @{user_cache_dirs}/#@{int} rw,
@ -56,18 +56,18 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) {
owner @{user_config_dirs}/kdedefaults/* r,
owner @{user_config_dirs}/kdeglobals r,
owner @{user_config_dirs}/kscreenlockerrc r,
owner @{user_config_dirs}/ksmserverrc.?????? rwl,
owner @{user_config_dirs}/ksmserverrc.@{rand6} rwl,
owner @{user_config_dirs}/ksmserverrc r,
owner @{user_config_dirs}/#@{int} rw,
owner @{user_config_dirs}/ksmserverrc.lock rwk,
owner @{user_config_dirs}/kwinrc r,
owner @{user_config_dirs}/session/*_[0-9]*_[0-9]*_[0-9]* rw,
owner /tmp/?????? rw,
owner /tmp/@{rand6} rw,
@{run}/systemd/inhibit/[0-9]*.ref rw,
owner @{run}/user/@{uid}/KSMserver__[0-9] rw,
owner @{run}/user/@{uid}/xauth_* rl,
owner @{run}/user/@{uid}/xauth_@{rand6} rl,
@{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,

2
apparmor.d/groups/kde/kwalletd5
View file

@ -60,7 +60,7 @@ profile kwalletd5 @{exec_path} {
owner @{user_share_dirs}/kwalletd/#@{int} rw,
owner /tmp/kwalletd5.* rw,
owner /tmp/runtime-*/xauth_?????? r,
owner /tmp/runtime-*/xauth_@{rand6} r,
@{PROC}/sys/kernel/core_pattern r,
owner @{PROC}/@{pid}/cmdline r,

8
apparmor.d/groups/kde/kwin_x11
View file

@ -53,7 +53,7 @@ profile kwin_x11 @{exec_path} {
owner @{user_cache_dirs}/plasmarc r,
owner @{user_cache_dirs}/plasma_theme_*.kcache rw,
owner @{user_cache_dirs}/plasma-svgelements.lock rwk,
owner @{user_cache_dirs}/plasma-svgelements{,.??????} rwl,
owner @{user_cache_dirs}/plasma-svgelements{,.@{rand6}} rwl,
owner @{user_cache_dirs}/qtshadercache-*/@{hex} r,
owner @{user_cache_dirs}/session/#@{int} rw,
@ -62,17 +62,17 @@ profile kwin_x11 @{exec_path} {
owner @{user_config_dirs}/kdedefaults/* r,
owner @{user_config_dirs}/kdeglobals r,
owner @{user_config_dirs}/kwinrc.lock rwk,
owner @{user_config_dirs}/kwinrc{,.??????} rwl,
owner @{user_config_dirs}/kwinrc{,.@{rand6}} rwl,
owner @{user_config_dirs}/kwinrulesrc r,
owner @{user_config_dirs}/kxkbrc r,
owner @{user_config_dirs}/session/kwin_* rwk,
owner @{user_config_dirs}/plasmarc r,
owner /tmp/#@{int} rw,
owner /tmp/kwin.?????? rwl,
owner /tmp/kwin.@{rand6} rwl,
owner @{run}/user/@{uid}/kcrash_[0-9]* rw,
owner @{run}/user/@{uid}/xauth_* rl,
owner @{run}/user/@{uid}/xauth_@{rand6} rl,
@{sys}/devices/system/node/ r,
@{sys}/devices/system/node/node[0-9]*/meminfo r,

6
apparmor.d/groups/kde/plasmashell
View file

@ -97,7 +97,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
owner @{user_cache_dirs}/ksycoca5_* rl,
owner @{user_cache_dirs}/org.kde.dirmodel-qml.kcache rw,
owner @{user_cache_dirs}/plasma_theme_*.kcache rw,
owner @{user_cache_dirs}/plasma-svgelements.?????? rwlk,
owner @{user_cache_dirs}/plasma-svgelements.@{rand6} rwlk,
owner @{user_cache_dirs}/plasma-svgelements.lock rwk,
owner @{user_cache_dirs}/plasma-svgelements* rwl,
owner @{user_cache_dirs}/plasmashell/qmlcache/{,**} rwl,
@ -138,7 +138,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
owner @{user_share_dirs}/kpeople/persondb rwk,
owner @{user_share_dirs}/kpeoplevcard/ r,
owner @{user_share_dirs}/krunnerstaterc rwl,
owner @{user_share_dirs}/krunnerstaterc.?????? rwl,
owner @{user_share_dirs}/krunnerstaterc.@{rand6} rwl,
owner @{user_share_dirs}/krunnerstaterc.lock rwk,
owner @{user_share_dirs}/ktp/cache.db rwk,
owner @{user_share_dirs}/plasma_icons/*.desktop r,
@ -147,7 +147,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
owner @{run}/user/@{uid}/#@{int} rw,
owner @{run}/user/@{uid}/kdesud_:1 w,
owner @{run}/user/@{uid}/plasmashell??????.[0-9].kioworker.socket rwl,
owner @{run}/user/@{uid}/plasmashell@{rand6}.[0-9].kioworker.socket rwl,
owner @{run}/user/@{uid}/gvfs/ r,
owner @{run}/user/@{uid}/pulse/ rw,

6
apparmor.d/groups/kde/sddm
View file

@ -125,14 +125,14 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
owner /tmp/*/{,s} rw,
owner /tmp/#@{int} rw,
owner /tmp/sddm-auth* rw,
owner /tmp/xauth_?????? rw,
owner /tmp/xauth_@{rand6} rw,
@{run}/faillock/[a-zA-z0-9]* rwk,
@{run}/sddm.pid rw,
@{run}/sddm/\{@{uuid}\} rw,
@{run}/sddm/xauth_?????? rwl,
@{run}/sddm/xauth_@{rand6} rwl,
@{run}/systemd/sessions/*.ref rw,
@{run}/user/@{uid}/xauth_?????? rwl,
@{run}/user/@{uid}/xauth_@{rand6} rwl,
owner @{run}/sddm/ rw,
owner @{run}/user/@{uid}/#@{int} rw,
owner @{run}/user/@{uid}/kwallet5.socket rw,

2
apparmor.d/groups/kde/sddm-greeter
View file

@ -68,7 +68,7 @@ profile sddm-greeter @{exec_path} {
owner @{HOME}/.glvnd* mrw,
owner /tmp/runtime-sddm/ rw,
owner /tmp/xauth_?????? rw,
owner /tmp/xauth_@{rand6} rw,
owner @{run}/sddm/{,*} rw,

4
apparmor.d/groups/kde/startplasma-x11
View file

@ -63,9 +63,9 @@ profile startplasma-x11 @{exec_path} {
owner @{user_share_dirs}/sddm/xorg-session.log rw,
owner /tmp/#@{int} rw,
owner /tmp/startplasma-x11.?????? rwl,
owner /tmp/startplasma-x11.@{rand6} rwl,
@{run}/user/@{uid}/xauth_* rl,
@{run}/user/@{uid}/xauth_@{rand6} rl,
@{PROC}/sys/kernel/core_pattern r,
@{PROC}/sys/kernel/random/boot_id r,

4
apparmor.d/groups/kde/xdm-xsession
View file

@ -82,7 +82,7 @@ profile xdm-xsession @{exec_path} {
owner @{run}/user/@{uid}/gnupg/private-keys-v1.d/@{hex}.key rw,
owner @{run}/user/@{uid}/gnupg/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
owner @{run}/user/@{uid}/gnupg/sshcontrol r,
@{run}/user/@{uid}/xauth_* rl,
@{run}/user/@{uid}/xauth_@{rand6} rl,
owner /tmp/ssh-*/ rw,
owner /tmp/ssh-*/agent.* rw,
@ -106,4 +106,4 @@ profile xdm-xsession @{exec_path} {
}
include if exists <local/xdm-xsession>
}
}

4
apparmor.d/groups/kde/xembedsniproxy
View file

@ -17,7 +17,7 @@ profile xembedsniproxy @{exec_path} {
/usr/share/hwdata/*.ids r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
@{run}/user/@{uid}/xauth_* rl,
@{run}/user/@{uid}/xauth_@{rand6} rl,
include if exists <local/xembedsniproxy>
}
}

4
apparmor.d/groups/kde/xsettingsd
View file

@ -16,7 +16,7 @@ profile xsettingsd @{exec_path} {
owner @{user_config_dirs}/xsettingsd/{,**} rw,
owner @{run}/user/@{uid}/xauth_* rl,
owner @{run}/user/@{uid}/xauth_@{rand6} rl,
include if exists <local/xsettingsd>
}
}

2
apparmor.d/groups/pacman/pacman-hook-code
View file

@ -20,7 +20,7 @@ profile pacman-hook-code @{exec_path} {
@{bin}/sed rix,
@{lib}/code/product.json rw,
@{lib}/code/sed?????? rw,
@{lib}/code/sed@{rand6} rw,
/dev/tty rw,

2
apparmor.d/groups/systemd/systemd-hostnamed
View file

@ -42,7 +42,7 @@ profile systemd-hostnamed @{exec_path} flags=(attach_disconnected) {
@{etc_rw}/.#hostname* rw,
@{etc_rw}/hostname rw,
/etc/.#machine-info?????? rw,
/etc/.#machine-info@{rand6} rw,
/etc/machine-info rw,
@{run}/systemd/default-hostname rw,

2
apparmor.d/groups/systemd/systemd-remount-fs
View file

@ -27,7 +27,7 @@ profile systemd-remount-fs @{exec_path} {
@{run}/host/container-manager r,
@{run}/mount/utab rw,
@{run}/mount/utab.?????? rw,
@{run}/mount/utab.@{rand6} rw,
@{run}/mount/utab.lock rwk,
@{PROC}/ r,

2
apparmor.d/profiles-a-f/engrampa
View file

@ -118,7 +118,7 @@ profile engrampa @{exec_path} {
owner @{user_config_dirs}/ r,
owner @{user_config_dirs}/engrampa/ rw,
owner @{user_config_dirs}/mimeapps.list{,.*} rw,
owner @{user_config_dirs}/mimeapps.list{,.@{rand6}} rw,
owner @{user_share_dirs}/ r,

2
apparmor.d/profiles-a-f/exo-helper
View file

@ -36,7 +36,7 @@ profile exo-helper @{exec_path} {
owner @{user_share_dirs}/xfce4/helpers/*.desktop rw,
owner @{user_share_dirs}/xfce4/helpers/*.desktop.@{pid}.tmp rw,
owner @{user_config_dirs}/mimeapps.list{,.*} rw,
owner @{user_config_dirs}/mimeapps.list{,.@{rand6}} rw,
# Some missing icons
/usr/share/**.png r,

2
apparmor.d/profiles-g-l/gajim
View file

@ -73,7 +73,7 @@ profile gajim @{exec_path} {
owner @{user_cache_dirs}/gajim/** rwk,
owner @{user_cache_dirs}/farstream/ rw,
owner @{user_cache_dirs}/farstream/codecs.audio.x86_64.cache{,.tmp*} rw,
owner @{user_cache_dirs}/farstream/codecs.audio.x86_64.cache{,.tmp@{rand6}} rw,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mounts r,

2
apparmor.d/profiles-g-l/labwc
View file

@ -58,7 +58,7 @@ profile labwc @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/sessions/* r,
@{run}/systemd/seats/seat[0-9]* r,
@{run}/user/@{uid}/wayland-[0-9].lock k,
@{run}/user/@{uid}/wayland-@{int}.lock k,
owner @{PROC}/@{pid}/fd/ r,

2
apparmor.d/profiles-m-r/packagekitd
View file

@ -173,4 +173,4 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) {
}
include if exists <local/packagekitd>
}
}

6
apparmor.d/profiles-m-r/pam/mappings
View file

@ -20,7 +20,7 @@
capability setuid,
/etc/default/su r,
@{etc_ro}/environment r,
@{HOMEDIRS}/.xauth* w,
@{HOMEDIRS}/.xauth@{rand6} w,
@{bin}/{,b,d,rb}ash Px -> default_user,
@{bin}/{c,k,tc,z}sh Px -> default_user,
}
@ -42,7 +42,7 @@
/etc/default/su r,
@{etc_ro}/environment r,
@{HOMEDIRS}/.xauth* w,
@{HOMEDIRS}/.xauth@{rand6} w,
}
@ -64,6 +64,6 @@
/etc/default/su r,
@{etc_ro}/environment r,
@{HOMEDIRS}/.xauth* w,
@{HOMEDIRS}/.xauth@{rand6} w,
}

2
apparmor.d/profiles-s-z/strawberry-tagreader
View file

@ -25,7 +25,7 @@ profile strawberry-tagreader @{exec_path} {
# file_inherit
owner @{HOME}/.xsession-errors w,
owner @{HOME}/.anyRemote/anyremote.stdout w,
owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp@{rand6}} rw,
include if exists <local/strawberry-tagreader>
}

2
apparmor.d/profiles-s-z/su
View file

@ -53,7 +53,7 @@ profile su @{exec_path} {
/etc/default/locale r,
/etc/shells r,
owner @{HOME}/.xauth?????? rw,
owner @{HOME}/.xauth@{rand6} rw,
owner @{PROC}/@{pids}/loginuid r,
owner @{PROC}/@{pids}/cgroup r,

16
apparmor.d/profiles-s-z/xauth
View file

@ -16,10 +16,10 @@ profile xauth @{exec_path} {
/Xauthority-c w,
owner @{HOME}/.xauth?????? rw,
owner @{HOME}/.xauth??????-c w,
owner @{HOME}/.xauth??????-l wl,
owner @{HOME}/.xauth??????-n rw,
owner @{HOME}/.xauth@{rand6} rw,
owner @{HOME}/.xauth@{rand6}-c w,
owner @{HOME}/.xauth@{rand6}-l wl,
owner @{HOME}/.xauth@{rand6}-n rw,
owner @{HOME}/.Xauthority-c w,
owner @{HOME}/.Xauthority-l wl -> @{HOME}/.Xauthority-c,
@ -31,11 +31,11 @@ profile xauth @{exec_path} {
owner /tmp/serverauth.*-n rw,
owner /tmp/serverauth.* rwl -> /tmp/serverauth.*-n,
owner /tmp/runtime-*/xauth_?????? r,
owner /tmp/runtime-*/xauth_@{rand6} r,
owner @{run}/user/@{uid}/xauth_?????? rw,
owner @{run}/user/@{uid}/xauth_??????-c w,
owner @{run}/user/@{uid}/xauth_??????-l wl,
owner @{run}/user/@{uid}/xauth_@{rand6} rw,
owner @{run}/user/@{uid}/xauth_@{rand6}-c w,
owner @{run}/user/@{uid}/xauth_@{rand6}-l wl,
include if exists <local/xauth>
}

10
apparmor.d/profiles-s-z/yadifad
View file

@ -24,15 +24,15 @@ profile yadifad @{exec_path} {
/etc/yadifa/yadifad.conf r,
/var/lib/yadifa/** r,
owner /var/lib/yadifa/ydf.?????? rw,
owner /var/lib/yadifa/keys/ydf.?????? rw,
owner /var/lib/yadifa/xfr/ydf.?????? rw,
owner /var/lib/yadifa/ydf.@{rand6} rw,
owner /var/lib/yadifa/keys/ydf.@{rand6} rw,
owner /var/lib/yadifa/xfr/ydf.@{rand6} rw,
/var/log/yadifa/*.log rw,
/var/log/yadifa/ydf.?????? rw,
/var/log/yadifa/ydf.@{rand6} rw,
owner @{run}/yadifa/yadifad.pid rwk,
owner @{run}/yadifa/ydf.?????? rw,
owner @{run}/yadifa/ydf.@{rand6} rw,
include if exists <local/yadifad>
}