felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): improve ubuntu compatibility.

Browse source
This commit is contained in:
Alexandre Pujol 2022-06-13 22:04:12 +01:00
parent 0cbcbb29a4
commit d998b1dd6e
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
29 changed files with 109 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/freedesktop/plymouth-set-default-theme
View file

@ -16,5 +16,7 @@ profile plymouth-set-default-theme @{exec_path} {
/{usr/,}bin/grep rix,
/{usr/,}bin/plymouth rPx,
/etc/plymouth/{,*} r,
include if exists <local/plymouth-set-default-theme>
}

4
apparmor.d/groups/freedesktop/xdg-document-portal
View file

@ -12,6 +12,8 @@ profile xdg-document-portal @{exec_path} {
ptrace (read) peer=xdg-desktop-portal,
unix (send receive) type=stream peer=(label=xdg-document-portal//fusermount),
@{exec_path} mr,
/{usr/,}bin/flatpak rCx -> flatpak,
@ -57,6 +59,8 @@ profile xdg-document-portal @{exec_path} {
capability sys_admin,
capability dac_read_search,
unix (send receive) type=stream peer=(label=xdg-document-portal),
# network inet stream,
# network inet6 stream,

2
apparmor.d/groups/freedesktop/xkbcomp
View file

@ -12,6 +12,8 @@ profile xkbcomp @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
unix (send,receive) type=stream addr=none peer=(label=gnome-shell),
unix (send,receive) type=stream addr=none peer=(label=xwayland),
@{exec_path} mr,

2
apparmor.d/groups/freedesktop/xorg
View file

@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/X
@{exec_path} += /{usr/,}bin/Xorg
@{exec_path} += /{usr/,}lib/Xorg{,.wrap}
@{exec_path} += /{usr/,}lib/xorg/Xorg
@{exec_path} += /{usr/,}lib/xorg/Xorg{,.wrap}
profile xorg @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/fontconfig-cache-read>

1
apparmor.d/groups/freedesktop/xrdb
View file

@ -18,6 +18,7 @@ profile xrdb @{exec_path} {
/{usr/,}bin/{,@{multiarch}-}cpp-[0-9]* rix,
/{usr/,}lib/gcc/@{multiarch}/[0-9]*/cc1 rix,
/{usr/,}lib/llvm-[0-9]*/bin/clang rix,
/usr/include/stdc-predef.h r,
/etc/X11/Xresources/x11-common r,

3
apparmor.d/groups/freedesktop/xwayland
View file

@ -19,7 +19,8 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
signal (receive) set=(term hup) peer=gdm*,
signal (receive) set=(term hup) peer=gnome-shell,
unix (receive, send) type=stream addr="@/tmp/.X11-unix/X[0-9]*",
unix (send,receive) type=stream addr="@/tmp/.X11-unix/X[0-9]*",
unix (send,receive) type=stream addr=none peer=(label=gnome-shell),
@{exec_path} mrix,