felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: flatpak-app was too strict for some app.

Browse source 
See #314
This commit is contained in:
Alexandre Pujol 2024-04-25 13:26:11 +01:00
parent b3a5fb1ce5
commit e4c3f1f076
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
2 changed files with 7 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

10
apparmor.d/abstractions/common/app
View file

@ -14,7 +14,7 @@
include <abstractions/bus-system> include <abstractions/bus-system>
include <abstractions/bus/org.a11y> include <abstractions/bus/org.a11y>
include <abstractions/consoles> include <abstractions/consoles>
include <abstractions/deny-sensitive-home> # include <abstractions/deny-sensitive-home>
include <abstractions/desktop> include <abstractions/desktop>
include <abstractions/devices-usb> include <abstractions/devices-usb>
include <abstractions/disks-read> include <abstractions/disks-read>
@ -31,8 +31,7 @@
/usr/** r, /usr/** r,
/etc/** r, /etc/{,**} r,
/etc/shells rw,
/ r, / r,
/.* r, /.* r,
@ -77,12 +76,14 @@
@{PROC}/@{pid}/cgroup r, @{PROC}/@{pid}/cgroup r,
@{PROC}/@{pid}/cmdline r, @{PROC}/@{pid}/cmdline r,
@{PROC}/@{pid}/comm r, @{PROC}/@{pid}/comm r,
@{PROC}/@{pid}/fd/ r,
@{PROC}/@{pid}/mountinfo r, @{PROC}/@{pid}/mountinfo r,
@{PROC}/@{pid}/net/** r, @{PROC}/@{pid}/net/** r,
@{PROC}/@{pid}/smaps r, @{PROC}/@{pid}/smaps r,
@{PROC}/@{pid}/stat r, @{PROC}/@{pid}/stat r,
@{PROC}/@{pid}/statm r, @{PROC}/@{pid}/statm r,
@{PROC}/@{pid}/task/@{tid}/stat r, @{PROC}/@{pid}/task/@{tid}/stat r,
@{PROC}/@{pid}/task/@{tid}/status r,
@{PROC}/bus/pci/devices r, @{PROC}/bus/pci/devices r,
@{PROC}/driver/** r, @{PROC}/driver/** r,
@{PROC}/sys/fs/inotify/max_user_watches r, @{PROC}/sys/fs/inotify/max_user_watches r,
@ -92,8 +93,8 @@
@{PROC}/sys/kernel/yama/ptrace_scope r, @{PROC}/sys/kernel/yama/ptrace_scope r,
@{PROC}/uptime r, @{PROC}/uptime r,
@{PROC}/zoneinfo r, @{PROC}/zoneinfo r,
owner @{PROC}/@{pid}/clear_refs w,
owner @{PROC}/@{pid}/comm rw, owner @{PROC}/@{pid}/comm rw,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/fd/@{int} rw, owner @{PROC}/@{pid}/fd/@{int} rw,
owner @{PROC}/@{pid}/io r, owner @{PROC}/@{pid}/io r,
owner @{PROC}/@{pid}/net/if_inet6 r, owner @{PROC}/@{pid}/net/if_inet6 r,
@ -101,7 +102,6 @@
owner @{PROC}/@{pid}/statm r, owner @{PROC}/@{pid}/statm r,
owner @{PROC}/@{pid}/task/ r, owner @{PROC}/@{pid}/task/ r,
owner @{PROC}/@{pid}/task/@{tid}/comm rw, owner @{PROC}/@{pid}/task/@{tid}/comm rw,
owner @{PROC}/@{pid}/task/@{tid}/status r,
/dev/hidraw@{int} rw, /dev/hidraw@{int} rw,
/dev/input/ r, /dev/input/ r,

3
apparmor.d/profiles-a-f/flatpak-app
View file

@ -64,6 +64,7 @@ profile flatpak-app flags=(attach_disconnected,mediate_deleted) {
/usr/.ref rk, /usr/.ref rk,
/etc/**/ rw,
/etc/shells rw, /etc/shells rw,
/app/.ref k, /app/.ref k,
@ -76,7 +77,7 @@ profile flatpak-app flags=(attach_disconnected,mediate_deleted) {
@{run}/.userns r, @{run}/.userns r,
owner @{run}/flatpak/{,**} rk, owner @{run}/flatpak/{,**} rk,
owner @{run}/flatpak/app/*/*ipc* rw, owner @{run}/flatpak/app/** rw,
owner @{run}/flatpak/doc/** rw, owner @{run}/flatpak/doc/** rw,
owner @{run}/ld-so-cache-dir/* rw, owner @{run}/ld-so-cache-dir/* rw,
owner @{run}/user/@{uid}/*.kioworker.socket r, owner @{run}/user/@{uid}/*.kioworker.socket r,