felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): define more xdg variables.

Browse source
This commit is contained in:
Alexandre Pujol 2022-06-26 17:32:12 +01:00
parent b3a28da5e5
commit e087349662
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
35 changed files with 103 additions and 128 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/groups/gpg/gpg
View file

@ -30,8 +30,8 @@ profile gpg @{exec_path} {
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
owner @{HOME}/@{XDG_PROJECTS_DIR}/**/gnupg/ rw,
owner @{HOME}/@{XDG_PROJECTS_DIR}/**/gnupg/** rwkl -> @{HOME}/@{XDG_PROJECTS_DIR}/**/gnupg/**,
owner @{user_projects_dirs}/**/gnupg/ rw,
owner @{user_projects_dirs}/**/gnupg/** rwkl -> @{user_projects_dirs}/**/gnupg/**,
owner /var/lib/*/gnupg/ rw,
owner /var/lib/*/gnupg/** rwkl -> /var/lib/*/gnupg/**,

12
apparmor.d/groups/gpg/gpg-agent
View file

@ -36,12 +36,12 @@ profile gpg-agent @{exec_path} {
owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
owner @{MOUNTS}/{,/*}/@{XDG_GPG_DIR}/sshcontrol r,
owner @{HOME}/@{XDG_PROJECTS_DIR}/**/{.,}gnupg/ rw,
owner @{HOME}/@{XDG_PROJECTS_DIR}/**/{.,}gnupg/gpg-agent.conf r,
owner @{HOME}/@{XDG_PROJECTS_DIR}/**/{.,}gnupg/private-keys-v1.d/ rw,
owner @{HOME}/@{XDG_PROJECTS_DIR}/**/{.,}gnupg/private-keys-v1.d/[0-9A-F]*.key rw,
owner @{HOME}/@{XDG_PROJECTS_DIR}/**/{.,}gnupg/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
owner @{HOME}/@{XDG_PROJECTS_DIR}/**/{.,}gnupg/sshcontrol r,
owner @{user_projects_dirs}/**/{.,}gnupg/ rw,
owner @{user_projects_dirs}/**/{.,}gnupg/gpg-agent.conf r,
owner @{user_projects_dirs}/**/{.,}gnupg/private-keys-v1.d/ rw,
owner @{user_projects_dirs}/**/{.,}gnupg/private-keys-v1.d/[0-9A-F]*.key rw,
owner @{user_projects_dirs}/**/{.,}gnupg/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
owner @{user_projects_dirs}/**/{.,}gnupg/sshcontrol r,
owner @{run}/user/@{uid}/gnupg/ rw,
owner @{run}/user/@{uid}/gnupg/gpg-agent.conf r,

2
apparmor.d/groups/gpg/gpgconf
View file

@ -24,7 +24,7 @@ profile gpgconf @{exec_path} {
/{usr/,}bin/pinentry-* rPx,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
owner @{HOME}/@{XDG_PROJECTS_DIR}/**/gnupg/** rwkl -> @{HOME}/@{XDG_PROJECTS_DIR}/**/gnupg/**,
owner @{user_projects_dirs}/**/gnupg/** rwkl -> @{user_projects_dirs}/**/gnupg/**,
owner @{PROC}/@{pid}/task/@{tid}/stat rw,
owner @{PROC}/@{pid}/task/@{tid}/comm rw,

2
apparmor.d/groups/gpg/gpgsm
View file

@ -16,7 +16,7 @@ profile gpgsm @{exec_path} {
deny /usr/bin/.gnupg/ w,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
owner @{HOME}/@{XDG_PROJECTS_DIR}/**/gnupg/** rwkl -> @{HOME}/@{XDG_PROJECTS_DIR}/**,
owner @{user_projects_dirs}/**/gnupg/** rwkl -> @{user_projects_dirs}/**,
owner /var/lib/*/.gnupg/** rwkl -> /var/lib/*/.gnupg/**,