Profiles update.
This commit is contained in:
Alexandre Pujol
parent
fd1dce916d
commit
ea366754d7
16 changed files with 77 additions and 15 deletions
|
|
@ -26,6 +26,7 @@ profile chromium-chromium @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/thumbnails-cache-read>
|
||||
include <abstractions/user-download-strict>
|
||||
include <abstractions/user-read>
|
||||
include <abstractions/vulkan>
|
||||
|
||||
capability sys_ptrace,
|
||||
|
||||
|
|
@ -128,6 +129,7 @@ profile chromium-chromium @{exec_path} flags=(attach_disconnected) {
|
|||
owner @{PROC}/@{pid}/mounts r,
|
||||
@{PROC}/sys/fs/inotify/max_user_watches r,
|
||||
owner @{PROC}/@{pids}/clear_refs w,
|
||||
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
|
||||
|
||||
@{run}/udev/data/* r,
|
||||
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ profile bluetoothd @{exec_path} {
|
|||
|
||||
@{sys}/devices/virtual/dmi/id/chassis_type r,
|
||||
@{sys}/devices/platform/**/rfkill/**/name r,
|
||||
@{sys}/devices/pci[0-9]*/**/usb[0-9]/**/uevent r,
|
||||
@{sys}/devices/pci[0-9]*/**/usb[0-9]/**/bluetooth/**/{uevent,name} r,
|
||||
|
||||
/var/lib/bluetooth/{,**} rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -83,6 +83,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
|
|||
@{run}/udev/data/c13:[0-9]* r, # for /dev/input/*
|
||||
@{run}/udev/data/c235:[0-9]* r,
|
||||
@{run}/udev/data/c236:[0-9]* r,
|
||||
@{run}/udev/data/c50[0-9]:[0-9]* r,
|
||||
@{run}/udev/data/c51[0-9]:[0-9]* r,
|
||||
@{run}/udev/data/n[0-9]* r,
|
||||
|
||||
|
|
|
|||
|
|
@ -14,6 +14,12 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
|||
include <abstractions/gtk>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
network inet stream,
|
||||
network inet6 stream,
|
||||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
network netlink raw,
|
||||
|
||||
signal (send) set=(term) peer=gsd-*,
|
||||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
|
||||
|
|
|
|||
|
|
@ -176,6 +176,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
# file_inherit
|
||||
/dev/tty[0-9]* rw,
|
||||
owner /dev/shm/wayland.mozilla.ipc.[0-9]* rw,
|
||||
|
||||
include if exists <local/gnome-shell>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ profile gnome-shell-hotplug-sniffer @{exec_path} {
|
|||
/usr/share/mime/mime.cache r,
|
||||
|
||||
owner @{MOUNTS}/*/ r,
|
||||
owner @{MOUNTS}/**/ r,
|
||||
owner @{MOUNTS}/** r,
|
||||
|
||||
include if exists <local/gnome-shell-hotplug-sniffer>
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}lib/gnome-terminal-server
|
||||
profile gnome-terminal-server @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/dconf>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/freedesktop.org>
|
||||
|
|
@ -31,10 +32,12 @@ profile gnome-terminal-server @{exec_path} {
|
|||
owner @{run}/user/@{uid}/dconf/user rw,
|
||||
owner @{run}/user/@{uid}/gdm/Xauthority r,
|
||||
|
||||
owner /tmp/#[0-9]* rw,
|
||||
|
||||
@{PROC}/@{pids}/cmdline r,
|
||||
@{PROC}/@{pids}/cgroup r,
|
||||
|
||||
/dev/ptmx rw,
|
||||
owner /dev/pts/[0-9]* rw,
|
||||
/dev/ptmx rw,
|
||||
|
||||
include if exists <local/gnome-terminal-server>
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue