diff --git a/apparmor.d/abstractions/common/app b/apparmor.d/abstractions/common/app index 3c22d0cbc..ed2ab9529 100644 --- a/apparmor.d/abstractions/common/app +++ b/apparmor.d/abstractions/common/app @@ -14,7 +14,7 @@ include include include - include + # include include include include @@ -31,8 +31,7 @@ /usr/** r, - /etc/** r, - /etc/shells rw, + /etc/{,**} r, / r, /.* r, @@ -77,12 +76,14 @@ @{PROC}/@{pid}/cgroup r, @{PROC}/@{pid}/cmdline r, @{PROC}/@{pid}/comm r, + @{PROC}/@{pid}/fd/ r, @{PROC}/@{pid}/mountinfo r, @{PROC}/@{pid}/net/** r, @{PROC}/@{pid}/smaps r, @{PROC}/@{pid}/stat r, @{PROC}/@{pid}/statm r, @{PROC}/@{pid}/task/@{tid}/stat r, + @{PROC}/@{pid}/task/@{tid}/status r, @{PROC}/bus/pci/devices r, @{PROC}/driver/** r, @{PROC}/sys/fs/inotify/max_user_watches r, @@ -92,8 +93,8 @@ @{PROC}/sys/kernel/yama/ptrace_scope r, @{PROC}/uptime r, @{PROC}/zoneinfo r, + owner @{PROC}/@{pid}/clear_refs w, owner @{PROC}/@{pid}/comm rw, - owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/@{int} rw, owner @{PROC}/@{pid}/io r, owner @{PROC}/@{pid}/net/if_inet6 r, @@ -101,7 +102,6 @@ owner @{PROC}/@{pid}/statm r, owner @{PROC}/@{pid}/task/ r, owner @{PROC}/@{pid}/task/@{tid}/comm rw, - owner @{PROC}/@{pid}/task/@{tid}/status r, /dev/hidraw@{int} rw, /dev/input/ r, diff --git a/apparmor.d/profiles-a-f/flatpak-app b/apparmor.d/profiles-a-f/flatpak-app index ed7768c40..9a7d25573 100644 --- a/apparmor.d/profiles-a-f/flatpak-app +++ b/apparmor.d/profiles-a-f/flatpak-app @@ -64,6 +64,7 @@ profile flatpak-app flags=(attach_disconnected,mediate_deleted) { /usr/.ref rk, + /etc/**/ rw, /etc/shells rw, /app/.ref k, @@ -76,7 +77,7 @@ profile flatpak-app flags=(attach_disconnected,mediate_deleted) { @{run}/.userns r, owner @{run}/flatpak/{,**} rk, - owner @{run}/flatpak/app/*/*ipc* rw, + owner @{run}/flatpak/app/** rw, owner @{run}/flatpak/doc/** rw, owner @{run}/ld-so-cache-dir/* rw, owner @{run}/user/@{uid}/*.kioworker.socket r,