felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): minor update.

Browse source
This commit is contained in:
Alexandre Pujol 2025-04-13 20:38:14 +02:00
parent 405333b8b7
commit e9c652f387
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
6 changed files with 19 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

2
apparmor.d/groups/gnome/gnome-calculator-search-provider
View file

@ -23,6 +23,8 @@ profile gnome-calculator-search-provider @{exec_path} {
@{bin}/* rPUx, @{bin}/* rPUx,
owner @{user_cache_dirs}/gnome-calculator/* r,
owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/cmdline r,

5
apparmor.d/groups/pacman/pacman
View file

@ -149,11 +149,6 @@ profile pacman @{exec_path} flags=(attach_disconnected) {
/dev/tty@{int} rw, /dev/tty@{int} rw,
owner /dev/pts/@{int} rw, owner /dev/pts/@{int} rw,
# Silencer,
deny @{HOME}/ r,
deny @{HOME}/**/ r,
deny /tmp/ r,
profile gpg { profile gpg {
include <abstractions/base> include <abstractions/base>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>

4
apparmor.d/profiles-g-l/ghc-pkg
View file

@ -6,7 +6,7 @@ abi <abi/4.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = @{bin}/ghc-pkg{,-*} @{exec_path} = @{bin}/ghc-pkg{,-*} @{lib}/ghc-@{version}/bin/ghc-pkg-@{version}
profile ghc-pkg @{exec_path} { profile ghc-pkg @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/consoles> include <abstractions/consoles>
@ -26,6 +26,8 @@ profile ghc-pkg @{exec_path} {
@{sys}/devices/system/node/ r, @{sys}/devices/system/node/ r,
@{PROC}/@{pid}/task/@{tid}/comm rw,
include if exists <local/ghc-pkg> include if exists <local/ghc-pkg>
} }

3
apparmor.d/profiles-g-l/gimp
View file

@ -46,6 +46,9 @@ profile gimp @{exec_path} {
/etc/fstab r, /etc/fstab r,
/etc/gimp/{,**} r, /etc/gimp/{,**} r,
owner @{HOME}/@{XDG_SCREENSHOTS_DIR}/{,**} rw,
owner @{HOME}/@{XDG_WALLPAPERS_DIR}/{,**} rw,
owner @{user_documents_dirs}/{,**} rw, owner @{user_documents_dirs}/{,**} rw,
owner @{user_pictures_dirs}/{,**} rw, owner @{user_pictures_dirs}/{,**} rw,
owner @{user_work_dirs}/{,**} rw, owner @{user_work_dirs}/{,**} rw,

2
apparmor.d/profiles-g-l/gpartedbin
View file

@ -8,7 +8,7 @@ abi <abi/4.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = @{bin}/gpartedbin @{lib}/{,gparted/}gpartedbin @{exec_path} = @{bin}/gpartedbin @{lib}/{,gparted/}gpartedbin
profile gpartedbin @{exec_path} { profile gpartedbin @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/dconf-write> include <abstractions/dconf-write>
include <abstractions/desktop> include <abstractions/desktop>

13
apparmor.d/profiles-m-r/nvtop
View file

@ -44,14 +44,15 @@ profile nvtop @{exec_path} flags=(attach_disconnected) {
@{sys}/devices/system/node/node@{int}/cpumap r, @{sys}/devices/system/node/node@{int}/cpumap r,
@{PROC}/ r, @{PROC}/ r,
@{PROC}/@{pids}/ r, @{PROC}/@{pid}/ r,
@{PROC}/@{pids}/cmdline r, @{PROC}/@{pid}/cmdline r,
@{PROC}/@{pids}/fd/ r, @{PROC}/@{pid}/fd/ r,
@{PROC}/@{pids}/fdinfo/ r, @{PROC}/@{pid}/fdinfo/ r,
@{PROC}/@{pids}/fdinfo/@{int} r, @{PROC}/@{pid}/fdinfo/@{int} r,
@{PROC}/@{pids}/stat r, @{PROC}/@{pid}/stat r,
@{PROC}/devices r, @{PROC}/devices r,
@{PROC}/driver/nvidia/capabilities/mig/{config,monitor} r, @{PROC}/driver/nvidia/capabilities/mig/{config,monitor} r,
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
/dev/dri/ r, /dev/dri/ r,
/dev/nvidia-caps/ rw, /dev/nvidia-caps/ rw,