felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: newly detected linter issues.

Browse source
This commit is contained in:
Alexandre Pujol 2025-07-21 23:08:55 +02:00
parent b64fcf3d85
commit e48dbfba5a
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
5 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

6
apparmor.d/abstractions/common/app
View file

@ -56,11 +56,11 @@
owner @{HOME}/.var/app/** rmix, owner @{HOME}/.var/app/** rmix,
owner @{HOME}/** rwmlk -> @{HOME}/**, owner @{HOME}/** rwmlk -> @{HOME}/**,
owner @{run}/user/@{uid}/ r, owner @{run}/user/@{uid}/ r,
owner @{run}/user/@{uid}/** rwlk -> @{run}/user/@{uid}/**, owner @{run}/user/@{uid}/** rwlk -> @{run}/user/@{uid}/**, #aa:lint ignore
owner @{user_games_dirs}/** rmix, owner @{user_games_dirs}/** rmix,
owner @{tmp}/** rmwk, owner @{tmp}/** rmwk, #aa:lint ignore
owner /dev/shm/** rwlk -> /dev/shm/**, owner /dev/shm/** rwlk -> /dev/shm/**, #aa:lint ignore
owner /var/cache/tmp/** rwlk -> /var/cache/tmp/**, owner /var/cache/tmp/** rwlk -> /var/cache/tmp/**,
owner /var/tmp/etilqs_@{sqlhex} rw, owner /var/tmp/etilqs_@{sqlhex} rw,

1
apparmor.d/groups/browsers/epiphany
View file

@ -51,7 +51,6 @@ profile epiphany @{exec_path} flags=(attach_disconnected) {
owner @{tmp}/WebKit-Media-@{rand6} rw, owner @{tmp}/WebKit-Media-@{rand6} rw,
@{sys}/devices/virtual/dmi/id/chassis_type r, @{sys}/devices/virtual/dmi/id/chassis_type r,
@{sys}/firmware/acpi/pm_profile r,
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/app-gnome-org.gnome.Epiphany-@{int}.scope/memory.* r, @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/app-gnome-org.gnome.Epiphany-@{int}.scope/memory.* r,
@{PROC}/@{pid}/cgroup r, @{PROC}/@{pid}/cgroup r,

2
apparmor.d/groups/gpg/scdaemon
View file

@ -25,7 +25,7 @@ profile scdaemon @{exec_path} {
owner /etc/pacman.d/gnupg/S.scdaemon rw, owner /etc/pacman.d/gnupg/S.scdaemon rw,
owner @{HOME}/@{XDG_GPG_DIR}/scdaemon.conf r, owner @{HOME}/@{XDG_GPG_DIR}/scdaemon.conf r,
owner @{HOME}/@{XDG_GPG_DIR}common.conf r, owner @{HOME}/@{XDG_GPG_DIR}/common.conf r,
owner @{HOME}/@{XDG_GPG_DIR}/reader_@{int}.status rw, owner @{HOME}/@{XDG_GPG_DIR}/reader_@{int}.status rw,
owner @{run}/user/@{uid}/gnupg/S.scdaemon rw, owner @{run}/user/@{uid}/gnupg/S.scdaemon rw,

2
apparmor.d/profiles-a-f/adequate
View file

@ -54,14 +54,12 @@ profile adequate @{exec_path} flags=(complain) {
@{bin}/* mr, @{bin}/* mr,
/usr/games/* mr, /usr/games/* mr,
@{lib}{,x}/** mr,
@{lib}/@{multiarch}/** mr, @{lib}/@{multiarch}/** mr,
/usr/share/** r, /usr/share/** r,
/opt/google/chrome{,-beta,-unstable}/google-chrome{,-beta,-unstable} mr, /opt/google/chrome{,-beta,-unstable}/google-chrome{,-beta,-unstable} mr,
@{lib}/@{multiarch}/ld-*.so rix, @{lib}/@{multiarch}/ld-*.so rix,
@{lib}{,x}32/ld-*.so rix,
include if exists <local/adequate_ldd> include if exists <local/adequate_ldd>
} }

3
apparmor.d/profiles-g-l/kernel-install
View file

@ -42,7 +42,10 @@ profile kernel-install @{exec_path} {
@{lib}/modules/*/modules.* w, @{lib}/modules/*/modules.* w,
/ r,
@{efi}/@{hex32}/** rw, @{efi}/@{hex32}/** rw,
@{efi}/loader/entries.srel r,
owner /boot/{vmlinuz,initrd.img}-* r, owner /boot/{vmlinuz,initrd.img}-* r,
owner /boot/[a-f0-9]*/*/ rw, owner /boot/[a-f0-9]*/*/ rw,