felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): general update.

Browse source
This commit is contained in:
Alexandre Pujol 2022-05-07 11:42:18 +01:00
parent 6aadd82293
commit da1b3e1f1c
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
26 changed files with 114 additions and 126 deletions
Download patch file Download diff file Expand all files Collapse all files

1
apparmor.d/profiles-s-z/scrcpy
View file

@ -13,6 +13,7 @@ profile scrcpy @{exec_path} {
include <abstractions/dri-enumerate>
include <abstractions/mesa>
include <abstractions/opencl>
include <abstractions/vulkan>
network inet stream,
network inet6 stream,

1
apparmor.d/profiles-s-z/swtpm_setup
View file

@ -22,6 +22,7 @@ profile swtpm_setup @{exec_path} {
/var/lib/libvirt/swtpm/@{uuid}/tpm2/ r,
owner /tmp/swtpm_setup.certs.*/ w,
owner /tmp/swtpm_setup.certs.*/*.cert rw,
owner /tmp/.swtpm_setup.pidfile* rw,
@{run}/systemd/userdb/ r,

1
apparmor.d/profiles-s-z/virt-manager
View file

@ -102,6 +102,7 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) {
owner @{PROC}/@{pid}/fd/ r,
@{PROC}/@{pids}/net/route r,
/dev/media[0-9]* r,
/dev/video[0-9]* rw,
# Silence the noise

5
apparmor.d/profiles-s-z/xdg-desktop-portal
View file

@ -9,8 +9,9 @@ include <tunables/global>
@{exec_path} = @{libexec}/xdg-desktop-portal
profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/nameservice-strict>
include <abstractions/dconf>
include <abstractions/freedesktop.org>
include <abstractions/nameservice-strict>
capability sys_ptrace,
@ -40,8 +41,6 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
/var/lib/flatpak/exports/share/applications/{**,} r,
owner @{run}/user/@{uid}/.flatpak/{,*/*} r,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,

5
apparmor.d/profiles-s-z/xdg-desktop-portal-gnome
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{libexec}/xdg-desktop-portal-gnome
profile xdg-desktop-portal-gnome @{exec_path} {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/fonts>
include <abstractions/freedesktop.org>
include <abstractions/gtk>
@ -19,10 +20,8 @@ profile xdg-desktop-portal-gnome @{exec_path} {
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/X11/xkb/{,**} r,
owner @{run}/user/@{uid}/wayland-cursor-shared-* rw,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/wayland-cursor-shared-* rw,
include if exists <local/xdg-desktop-portal-gnome>
}

7
apparmor.d/profiles-s-z/xdg-desktop-portal-gtk
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = @{libexec}/xdg-desktop-portal-gtk
profile xdg-desktop-portal-gtk @{exec_path} {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/fontconfig-cache-write>
include <abstractions/fonts>
include <abstractions/freedesktop.org>
@ -27,12 +28,10 @@ profile xdg-desktop-portal-gtk @{exec_path} {
owner @{HOME}/ r,
owner @{HOME}/.* r,
owner @{HOME}/@{XDG_DATA_HOME}/ r,
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* rw,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/user rw,
@{run}/mount/utab r,
@{run}/mount/utab r,
owner @{PROC}/@{uid}/mountinfo r,