felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2023-12-08 18:01:39 +00:00
parent 52e52f06db
commit d81bce5559
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
32 changed files with 114 additions and 135 deletions
Download patch file Download diff file Expand all files Collapse all files

22
apparmor.d/groups/gnome/gjs-console
View file

@ -2,9 +2,10 @@
# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
# TODO: GNOME JavaScript interpreter. It's used to run extensions. Therefore,
# by default, some extension are confined under this profile. The resulting profile
# is quite broard. The architecture of this needs to be rethinked.
# TODO: GNOME JavaScript interpreter. It is used to run some gnome internal app
# as well as third party extensions. Therefore, by default, some extension are
# confined under this profile. The resulting profile is quite broad.
# This architecture needs to be rethinked.
abi <abi/3.0>,
@ -19,15 +20,12 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
include <abstractions/dconf-write>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/fonts>
include <abstractions/freedesktop.org>
include <abstractions/gtk>
include <abstractions/gnome-strict>
include <abstractions/mesa>
include <abstractions/nameservice-strict>
include <abstractions/opencl-nvidia>
include <abstractions/openssl>
include <abstractions/vulkan>
include <abstractions/wayland>
network netlink raw,
@ -72,9 +70,10 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
peer=(name=:*, label=gnome-shell),
@{exec_path} mr,
@{bin}/ r,
@{bin}/[a-z0-9]* rPUx,
@{lib}/** rPUx,
@{bin}/ r,
@{bin}/* rPUx,
@{lib}/** rPUx,
/usr/share/gnome-shell/extensions/gsconnect@andyholmes.github.io/{service/daemon.js,gsconnect-preferences} rPx,
@{user_share_dirs}/gnome-shell/extensions/gsconnect@andyholmes.github.io/{service/daemon.js,gsconnect-preferences} rPx,
@ -86,7 +85,6 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
/usr/share/gdm/greeter-dconf-defaults r,
/usr/share/gnome-shell/{,**} r,
/usr/share/icu/@{int}.@{int}/*.dat r,
/usr/share/X11/xkb/** r,
/var/lib/gdm{3,}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,
/var/lib/gdm{3,}/.cache/gstreamer-1.0/ rw,
@ -101,8 +99,6 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
owner @{user_cache_dirs}/gstreamer-1.0/ rw,
owner @{user_cache_dirs}/gstreamer-1.0/registry.*.bin{,.tmp@{rand6}} rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/stat r,