felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): smallupdate to gnome profiles.

Browse source
This commit is contained in:
Alexandre Pujol 2025-04-26 17:27:27 +02:00
parent b3da8d4be7
commit e15dfdc33e
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
4 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/gnome/gnome-control-center
View file

@ -35,8 +35,6 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
signal send set=kill peer=unconfined,
signal send set=kill peer=passwd,
unix (send, receive, connect) type=stream peer=(addr="@/home/*/.cache/ibus/dbus-????????", label=ibus-daemon),
#aa:dbus own bus=session name=org.gnome.Settings
#aa:dbus own bus=session name=org.bluez.obex.Agent1

1
apparmor.d/groups/gnome/gnome-shell
View file

@ -65,7 +65,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
unix (send,receive) type=stream addr=none peer=(label=gnome-extension-ding),
unix (send,receive) type=stream addr=none peer=(label=xkbcomp),
unix (send,receive) type=stream addr=none peer=(label=xwayland),
unix (send,receive, connect) type=stream peer=(addr="@/var/lib/gdm{3,}/.cache/ibus/dbus-????????", label=ibus-daemon),
# Owned by gnome-shell

2
apparmor.d/groups/gnome/localsearch
View file

@ -33,6 +33,7 @@ profile localsearch @{exec_path} flags=(attach_disconnected) {
@{lib}/localsearch-extractor-3 ix, # nnp
/usr/share/localsearch3/{,**} r,
/usr/share/osinfo/{,**} r,
/usr/share/poppler/{,**} r,
# Allow to search user files
@ -47,6 +48,7 @@ profile localsearch @{exec_path} flags=(attach_disconnected) {
owner /var/tmp/etilqs_@{hex15} rw,
owner /var/tmp/etilqs_@{hex16} rw,
owner @{tmp}/etilqs_@{hex12}@{h} rw,
owner @{tmp}/etilqs_@{hex12}@{hex2} rw,
owner @{tmp}/etilqs_@{hex15} rw,
owner @{tmp}/etilqs_@{hex16} rw,

3
apparmor.d/groups/gnome/loupe
View file

@ -42,6 +42,7 @@ profile loupe @{exec_path} flags=(attach_disconnected) {
owner @{PROC}/@{pid}/cgroup r,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/stat r,
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
deny @{user_share_dirs}/gvfs-metadata/* r,
@ -50,7 +51,7 @@ profile loupe @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/common/bwrap>
signal (receive) set=(kill) peer=loupe,
signal receive set=kill peer=loupe,
@{bin}/bwrap mr,
@{lib}/glycin-loaders/*/glycin-* rix,