feat(profile): update gnome profiles.
This commit is contained in:
Alexandre Pujol
parent
86202b0fbf
commit
eb84df319d
17 changed files with 83 additions and 50 deletions
|
|
@ -9,7 +9,7 @@ include <tunables/global>
|
||||||
@{exec_path} = @{lib}/xdg-desktop-portal-gnome
|
@{exec_path} = @{lib}/xdg-desktop-portal-gnome
|
||||||
profile xdg-desktop-portal-gnome @{exec_path} flags=(attach_disconnected) {
|
profile xdg-desktop-portal-gnome @{exec_path} flags=(attach_disconnected) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/bus-accessibility>
|
||||||
include <abstractions/bus-session>
|
include <abstractions/bus-session>
|
||||||
include <abstractions/bus-system>
|
include <abstractions/bus-system>
|
||||||
include <abstractions/bus/org.a11y>
|
include <abstractions/bus/org.a11y>
|
||||||
|
|
@ -17,6 +17,7 @@ profile xdg-desktop-portal-gnome @{exec_path} flags=(attach_disconnected) {
|
||||||
include <abstractions/bus/org.freedesktop.portal.Desktop>
|
include <abstractions/bus/org.freedesktop.portal.Desktop>
|
||||||
include <abstractions/bus/org.gnome.Shell.Introspect>
|
include <abstractions/bus/org.gnome.Shell.Introspect>
|
||||||
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
||||||
|
include <abstractions/consoles>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
include <abstractions/deny-sensitive-home>
|
include <abstractions/deny-sensitive-home>
|
||||||
include <abstractions/fontconfig-cache-write>
|
include <abstractions/fontconfig-cache-write>
|
||||||
|
|
@ -27,8 +28,8 @@ profile xdg-desktop-portal-gnome @{exec_path} flags=(attach_disconnected) {
|
||||||
|
|
||||||
network unix stream,
|
network unix stream,
|
||||||
|
|
||||||
signal (receive) set=term peer=gdm,
|
signal receive set=term peer=gdm,
|
||||||
signal (receive) set=(hup term) peer=gdm-session-worker,
|
signal receive set=(hup term) peer=gdm-session-worker,
|
||||||
|
|
||||||
#aa:dbus own bus=session name=org.freedesktop.impl.portal.desktop.gnome
|
#aa:dbus own bus=session name=org.freedesktop.impl.portal.desktop.gnome
|
||||||
#aa:dbus talk bus=session name=org.freedesktop.impl.portal path=/org/freedesktop/portal/desktop label=xdg-desktop-portal
|
#aa:dbus talk bus=session name=org.freedesktop.impl.portal path=/org/freedesktop/portal/desktop label=xdg-desktop-portal
|
||||||
|
|
@ -40,6 +41,11 @@ profile xdg-desktop-portal-gnome @{exec_path} flags=(attach_disconnected) {
|
||||||
member=RunningApplicationsChanged
|
member=RunningApplicationsChanged
|
||||||
peer=(name=org.freedesktop.DBus, label=xdg-desktop-portal),
|
peer=(name=org.freedesktop.DBus, label=xdg-desktop-portal),
|
||||||
|
|
||||||
|
dbus send bus=session path=/org/gtk/Notifications
|
||||||
|
interface=org.freedesktop.DBus.Properties
|
||||||
|
member=GetAll
|
||||||
|
peer=(name=:*, label=gnome-shell),
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/ r,
|
/ r,
|
||||||
|
|
@ -63,12 +69,16 @@ profile xdg-desktop-portal-gnome @{exec_path} flags=(attach_disconnected) {
|
||||||
|
|
||||||
owner @{tmp}/.goutputstream-@{rand6} rw,
|
owner @{tmp}/.goutputstream-@{rand6} rw,
|
||||||
owner @{tmp}/@{rand6} rw,
|
owner @{tmp}/@{rand6} rw,
|
||||||
|
owner @{tmp}/gtkprint_ppd_@{rand6} rw,
|
||||||
|
owner @{tmp}/gtkprint@{rand6} r,
|
||||||
|
owner @{tmp}/xdg-desktop-portal-gnome@{rand6} rw,
|
||||||
|
|
||||||
@{run}/mount/utab r,
|
@{run}/mount/utab r,
|
||||||
|
|
||||||
owner @{PROC}/@{pid}/ r,
|
owner @{PROC}/@{pid}/ r,
|
||||||
owner @{PROC}/@{pid}/cmdline r,
|
owner @{PROC}/@{pid}/cmdline r,
|
||||||
owner @{PROC}/@{pid}/mountinfo r,
|
owner @{PROC}/@{pid}/mountinfo r,
|
||||||
|
owner @{PROC}/@{pid}/stat r,
|
||||||
owner @{PROC}/@{pid}/task/@{tid}/ r,
|
owner @{PROC}/@{pid}/task/@{tid}/ r,
|
||||||
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
|
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
|
||||||
owner @{PROC}/@{pid}/task/@{tid}/status r,
|
owner @{PROC}/@{pid}/task/@{tid}/status r,
|
||||||
|
|
|
||||||
|
|
@ -47,11 +47,6 @@ profile xdg-desktop-portal-gtk @{exec_path} flags=(attach_disconnected) {
|
||||||
member=GetAll
|
member=GetAll
|
||||||
peer=(name=:*, label=gnome-shell),
|
peer=(name=:*, label=gnome-shell),
|
||||||
|
|
||||||
dbus receive bus=session
|
|
||||||
interface=org.freedesktop.DBus.Introspectable
|
|
||||||
member=Introspect
|
|
||||||
peer=(name=:*, label=gnome-shell),
|
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/gdm/greeter-dconf-defaults r,
|
/usr/share/gdm/greeter-dconf-defaults r,
|
||||||
|
|
|
||||||
|
|
@ -9,9 +9,9 @@ include <tunables/global>
|
||||||
@{exec_path} = @{bin}/xdg-user-dirs-gtk-update
|
@{exec_path} = @{bin}/xdg-user-dirs-gtk-update
|
||||||
profile xdg-user-dirs-gtk-update @{exec_path} {
|
profile xdg-user-dirs-gtk-update @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
|
include <abstractions/bus-accessibility>
|
||||||
|
include <abstractions/bus-session>
|
||||||
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
||||||
include <abstractions/dbus-accessibility>
|
|
||||||
include <abstractions/dbus-session>
|
|
||||||
include <abstractions/gtk>
|
include <abstractions/gtk>
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
|
||||||
|
|
@ -14,12 +14,13 @@ include <tunables/global>
|
||||||
@{exec_path} = @{bin}/gjs-console
|
@{exec_path} = @{bin}/gjs-console
|
||||||
profile gjs-console @{exec_path} flags=(attach_disconnected) {
|
profile gjs-console @{exec_path} flags=(attach_disconnected) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/bus-accessibility>
|
||||||
include <abstractions/bus-session>
|
include <abstractions/bus-session>
|
||||||
include <abstractions/bus-system>
|
include <abstractions/bus-system>
|
||||||
include <abstractions/bus/org.freedesktop.portal.Desktop>
|
include <abstractions/bus/org.freedesktop.portal.Desktop>
|
||||||
include <abstractions/bus/org.gnome.Shell.Introspect>
|
include <abstractions/bus/org.gnome.Shell.Introspect>
|
||||||
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
||||||
|
include <abstractions/consoles>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
include <abstractions/fontconfig-cache-write>
|
include <abstractions/fontconfig-cache-write>
|
||||||
include <abstractions/gnome-strict>
|
include <abstractions/gnome-strict>
|
||||||
|
|
@ -28,7 +29,9 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
|
||||||
|
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
|
|
||||||
signal (receive) set=(term hup) peer=gdm*,
|
unix type=stream peer=(label=gnome-shell),
|
||||||
|
|
||||||
|
signal receive set=(term hup) peer=gdm*,
|
||||||
|
|
||||||
#aa:dbus own bus=session name=org.freedesktop.Notifications
|
#aa:dbus own bus=session name=org.freedesktop.Notifications
|
||||||
#aa:dbus own bus=session name=org.gnome.ScreenSaver
|
#aa:dbus own bus=session name=org.gnome.ScreenSaver
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,6 @@ profile gnome-characters @{exec_path} {
|
||||||
/usr/share/xml/iso-codes/{,**} r,
|
/usr/share/xml/iso-codes/{,**} r,
|
||||||
|
|
||||||
owner @{PROC}/@{pid}/mounts r,
|
owner @{PROC}/@{pid}/mounts r,
|
||||||
owner @{PROC}/@{pid}/status r,
|
|
||||||
owner @{PROC}/@{pid}/task/@{tid}/stat r,
|
owner @{PROC}/@{pid}/task/@{tid}/stat r,
|
||||||
|
|
||||||
include if exists <local/gnome-characters>
|
include if exists <local/gnome-characters>
|
||||||
|
|
|
||||||
|
|
@ -39,8 +39,12 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
|
||||||
#aa:dbus own bus=session name=org.bluez.obex.Agent1
|
#aa:dbus own bus=session name=org.bluez.obex.Agent1
|
||||||
|
|
||||||
#aa:dbus talk bus=session name=org.bluez.obex label=obexd
|
#aa:dbus talk bus=session name=org.bluez.obex label=obexd
|
||||||
|
#aa:dbus talk bus=session name=org.freedesktop.impl.portal.PermissionStore label=xdg-permission-store
|
||||||
#aa:dbus talk bus=session name=org.gnome.Mutter label=gnome-shell
|
#aa:dbus talk bus=session name=org.gnome.Mutter label=gnome-shell
|
||||||
|
#aa:dbus talk bus=session name=org.gnome.SessionManager label=gnome-session-binary
|
||||||
#aa:dbus talk bus=session name=org.gnome.SettingsDaemon.Color label=gsd-color
|
#aa:dbus talk bus=session name=org.gnome.SettingsDaemon.Color label=gsd-color
|
||||||
|
#aa:dbus talk bus=session name=org.gnome.SettingsDaemon.Power label=gsd-power
|
||||||
|
#aa:dbus talk bus=session name=org.gnome.SettingsDaemon.Rfkill label=gsd-rfkill
|
||||||
#aa:dbus talk bus=session name=org.gnome.Shell label=gnome-shell
|
#aa:dbus talk bus=session name=org.gnome.Shell label=gnome-shell
|
||||||
|
|
||||||
#aa:dbus talk bus=system name=com.ubuntu.WhoopsiePreferences label=whoopsie-preferences
|
#aa:dbus talk bus=system name=com.ubuntu.WhoopsiePreferences label=whoopsie-preferences
|
||||||
|
|
|
||||||
|
|
@ -65,9 +65,10 @@ profile gnome-extension-gsconnect @{exec_path} {
|
||||||
|
|
||||||
owner @{PROC}/@{pid}/mounts r,
|
owner @{PROC}/@{pid}/mounts r,
|
||||||
owner @{PROC}/@{pid}/stat r,
|
owner @{PROC}/@{pid}/stat r,
|
||||||
owner @{PROC}/@{pid}/status r,
|
|
||||||
owner @{PROC}/@{pid}/task/@{tid}/stat r,
|
owner @{PROC}/@{pid}/task/@{tid}/stat r,
|
||||||
|
|
||||||
|
deny @{user_share_dirs}/gvfs-metadata/* r,
|
||||||
|
|
||||||
include if exists <local/gnome-extension-gsconnect>
|
include if exists <local/gnome-extension-gsconnect>
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -60,6 +60,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
||||||
/usr/share/gdm/greeter/autostart/{,*.desktop} r,
|
/usr/share/gdm/greeter/autostart/{,*.desktop} r,
|
||||||
/usr/share/gnome-session/hardware-compatibility r,
|
/usr/share/gnome-session/hardware-compatibility r,
|
||||||
/usr/share/gnome-session/sessions/*.session r,
|
/usr/share/gnome-session/sessions/*.session r,
|
||||||
|
/usr/share/gnome-shell/extensions/ r,
|
||||||
/usr/share/gnome-shell/extensions/*/metadata.json r,
|
/usr/share/gnome-shell/extensions/*/metadata.json r,
|
||||||
/usr/share/gnome/autostart/{,*.desktop} r,
|
/usr/share/gnome/autostart/{,*.desktop} r,
|
||||||
|
|
||||||
|
|
@ -69,6 +70,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
|
||||||
owner @{gdm_config_dirs}/dconf/user rw,
|
owner @{gdm_config_dirs}/dconf/user rw,
|
||||||
owner @{gdm_config_dirs}/gnome-session/ rw,
|
owner @{gdm_config_dirs}/gnome-session/ rw,
|
||||||
owner @{gdm_config_dirs}/gnome-session/saved-session/ rw,
|
owner @{gdm_config_dirs}/gnome-session/saved-session/ rw,
|
||||||
|
owner @{gdm_config_dirs}/user-dirs.dirs r,
|
||||||
owner @{GDM_HOME}/greeter-dconf-defaults r,
|
owner @{GDM_HOME}/greeter-dconf-defaults r,
|
||||||
owner @{gdm_share_dirs}/applications/{,**} r,
|
owner @{gdm_share_dirs}/applications/{,**} r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -56,11 +56,11 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||||
network netlink raw,
|
network netlink raw,
|
||||||
network unix stream,
|
network unix stream,
|
||||||
|
|
||||||
ptrace (read),
|
ptrace read,
|
||||||
ptrace (readby) peer=pipewire,
|
ptrace readby peer=pipewire,
|
||||||
|
|
||||||
signal (receive) set=(term, hup) peer=gdm*,
|
signal receive set=(term, hup) peer=gdm*,
|
||||||
signal (send),
|
signal send,
|
||||||
|
|
||||||
unix (send,receive) type=stream addr=none peer=(label=gnome-extension-ding),
|
unix (send,receive) type=stream addr=none peer=(label=gnome-extension-ding),
|
||||||
unix (send,receive) type=stream addr=none peer=(label=xkbcomp),
|
unix (send,receive) type=stream addr=none peer=(label=xkbcomp),
|
||||||
|
|
@ -185,8 +185,8 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||||
/usr/share/gnome-shell/extensions/*/** rPUx,
|
/usr/share/gnome-shell/extensions/*/** rPUx,
|
||||||
|
|
||||||
/opt/**/share/icons/{,**} r,
|
/opt/**/share/icons/{,**} r,
|
||||||
/snap/*/@{uid}/**.png r,
|
/snap/*/@{uid}/**.@{image_ext} r,
|
||||||
/usr/share/**.{png,jpg,svg} r,
|
/usr/share/**.@{image_ext} r,
|
||||||
/usr/share/**/icons/{,**} r,
|
/usr/share/**/icons/{,**} r,
|
||||||
/usr/share/backgrounds/{,**} r,
|
/usr/share/backgrounds/{,**} r,
|
||||||
/usr/share/byobu/desktop/byobu* r,
|
/usr/share/byobu/desktop/byobu* r,
|
||||||
|
|
@ -241,25 +241,28 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||||
|
|
||||||
owner @{HOME}/.face r,
|
owner @{HOME}/.face r,
|
||||||
owner @{HOME}/.mozilla/firefox/firefox-mpris/{,*} r,
|
owner @{HOME}/.mozilla/firefox/firefox-mpris/{,*} r,
|
||||||
owner @{HOME}/.mozilla/native-messaging-hosts/ r,
|
owner @{HOME}/.mozilla/native-messaging-hosts/ rw,
|
||||||
owner @{HOME}/.mozilla/native-messaging-hosts/org.gnome.shell.extensions.gsconnect.json rw,
|
owner @{HOME}/.mozilla/native-messaging-hosts/org.gnome.shell.*.json{,.@{rand6}} rw,
|
||||||
owner @{HOME}/.mozilla/native-messaging-hosts/org.gnome.shell.extensions.gsconnect.json.@{rand6} rw,
|
|
||||||
owner @{HOME}/.tpm2_pkcs11/tpm2_pkcs11.sqlite3 rw,
|
owner @{HOME}/.tpm2_pkcs11/tpm2_pkcs11.sqlite3 rw,
|
||||||
owner @{HOME}/.var/app/**.{png,jpg,svg} r,
|
owner @{HOME}/.var/app/**.@{image_ext} r,
|
||||||
owner @{HOME}/.var/app/**/ r,
|
owner @{HOME}/.var/app/**/ r,
|
||||||
owner @{HOME}/@{XDG_SCREENSHOTS_DIR}/{,**} rw,
|
owner @{HOME}/@{XDG_SCREENSHOTS_DIR}/{,**} rw,
|
||||||
owner @{HOME}/@{XDG_WALLPAPERS_DIR}/{,**} rw,
|
owner @{HOME}/@{XDG_WALLPAPERS_DIR}/{,**} rw,
|
||||||
|
|
||||||
owner @{user_games_dirs}/**.{png,jpg,svg} r,
|
owner @{user_games_dirs}/**.@{image_ext} r,
|
||||||
owner @{user_music_dirs}/**.{png,jpg,svg} r,
|
owner @{user_music_dirs}/**.@{image_ext} r,
|
||||||
|
|
||||||
owner @{user_config_dirs}/.goutputstream{,-@{rand6}} rw,
|
owner @{user_config_dirs}/.goutputstream{,-@{rand6}} rw,
|
||||||
|
owner @{user_config_dirs}/**/NativeMessagingHosts/ rw,
|
||||||
|
owner @{user_config_dirs}/**/NativeMessagingHosts/org.gnome.shell.*.json{,.@{rand6}} rw,
|
||||||
owner @{user_config_dirs}/background r,
|
owner @{user_config_dirs}/background r,
|
||||||
owner @{user_config_dirs}/ibus/ w,
|
owner @{user_config_dirs}/ibus/ w,
|
||||||
owner @{user_config_dirs}/monitors.xml{,~} rwl,
|
owner @{user_config_dirs}/monitors.xml{,~} rwl,
|
||||||
owner @{user_config_dirs}/tiling-assistant/{,**} rw,
|
owner @{user_config_dirs}/tiling-assistant/{,**} rw,
|
||||||
|
|
||||||
owner @{user_share_dirs}/backgrounds/{,**} rw,
|
owner @{user_share_dirs}/backgrounds/{,**} rw,
|
||||||
|
owner @{user_share_dirs}/dbus-1/services/ r,
|
||||||
|
owner @{user_share_dirs}/dbus-1/services/org.gnome.shell.*.service{,.@{rand6}} rw,
|
||||||
owner @{user_share_dirs}/desktop-directories/{,**} r,
|
owner @{user_share_dirs}/desktop-directories/{,**} r,
|
||||||
owner @{user_share_dirs}/gnome-shell/{,**} rw,
|
owner @{user_share_dirs}/gnome-shell/{,**} rw,
|
||||||
owner @{user_share_dirs}/gnome-shell/extensions/{,**} r,
|
owner @{user_share_dirs}/gnome-shell/extensions/{,**} r,
|
||||||
|
|
@ -267,9 +270,9 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||||
owner @{user_share_dirs}/icc/ rw,
|
owner @{user_share_dirs}/icc/ rw,
|
||||||
owner @{user_share_dirs}/icc/.goutputstream-@{rand6} rw,
|
owner @{user_share_dirs}/icc/.goutputstream-@{rand6} rw,
|
||||||
owner @{user_share_dirs}/icc/edid-@{hex32}.icc rw,
|
owner @{user_share_dirs}/icc/edid-@{hex32}.icc rw,
|
||||||
|
owner @{user_share_dirs}/icons/**/org.gnome.shell.*.svg{,.@{rand6}} w,
|
||||||
|
|
||||||
owner @{user_share_dirs}/applications/org.gnome.Shell.Extensions.GSConnect{,.Preferences}.desktop rw,
|
owner @{user_share_dirs}/applications/org.gnome.Shell.*.desktop{,.@{rand6}} rw,
|
||||||
owner @{user_share_dirs}/applications/org.gnome.Shell.Extensions.GSConnect{,.Preferences}.desktop.@{rand6} w,
|
|
||||||
owner @{user_cache_dirs}/evolution/addressbook/*/PHOTO-* r,
|
owner @{user_cache_dirs}/evolution/addressbook/*/PHOTO-* r,
|
||||||
owner @{user_cache_dirs}/gnome-boxes/*.png r,
|
owner @{user_cache_dirs}/gnome-boxes/*.png r,
|
||||||
owner @{user_cache_dirs}/gnome-photos/{,**} r,
|
owner @{user_cache_dirs}/gnome-photos/{,**} r,
|
||||||
|
|
|
||||||
|
|
@ -45,10 +45,10 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
|
||||||
owner @{GDM_HOME}/greeter-dconf-defaults r,
|
owner @{GDM_HOME}/greeter-dconf-defaults r,
|
||||||
owner @{gdm_config_dirs}/dconf/user r,
|
owner @{gdm_config_dirs}/dconf/user r,
|
||||||
owner @{gdm_share_dirs}/icc/ rw,
|
owner @{gdm_share_dirs}/icc/ rw,
|
||||||
owner @{gdm_share_dirs}/icc/edid-*.icc rw,
|
owner @{gdm_share_dirs}/icc/edid-@{hex32}icc rw,
|
||||||
|
|
||||||
owner @{user_share_dirs}/icc/ rw,
|
owner @{user_share_dirs}/icc/ rw,
|
||||||
owner @{user_share_dirs}/icc/edid-*.icc rw,
|
owner @{user_share_dirs}/icc/edid-@{hex32}.icc rw,
|
||||||
|
|
||||||
include if exists <local/gsd-color>
|
include if exists <local/gsd-color>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,7 @@ profile gsd-xsettings @{exec_path} {
|
||||||
include <abstractions/bus/org.gnome.Mutter.DisplayConfig>
|
include <abstractions/bus/org.gnome.Mutter.DisplayConfig>
|
||||||
include <abstractions/bus/org.gnome.SessionManager>
|
include <abstractions/bus/org.gnome.SessionManager>
|
||||||
include <abstractions/bus/org.gnome.Shell.Introspect>
|
include <abstractions/bus/org.gnome.Shell.Introspect>
|
||||||
|
include <abstractions/bus/org.gtk.vfs.Daemon>
|
||||||
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
include <abstractions/fontconfig-cache-read>
|
include <abstractions/fontconfig-cache-read>
|
||||||
|
|
@ -33,16 +34,19 @@ profile gsd-xsettings @{exec_path} {
|
||||||
#aa:dbus own bus=session name=org.gnome.SettingsDaemon.XSettings
|
#aa:dbus own bus=session name=org.gnome.SettingsDaemon.XSettings
|
||||||
#aa:dbus own bus=session name=org.gtk.Settings
|
#aa:dbus own bus=session name=org.gtk.Settings
|
||||||
|
|
||||||
|
#aa:dbus talk bus=session name=org.gnome.Mutter.X11 label=gnome-shell
|
||||||
|
|
||||||
dbus send bus=system path=/org/freedesktop/Accounts/User@{uid}
|
dbus send bus=system path=/org/freedesktop/Accounts/User@{uid}
|
||||||
interface=org.freedesktop.Accounts.User
|
interface=org.freedesktop.Accounts.User
|
||||||
member=SetInputSources
|
member=SetInputSources
|
||||||
peer=(name=:*, label="@{p_accounts_daemon}"),
|
peer=(name=:*, label="@{p_accounts_daemon}"),
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
@{sh_path} mr,
|
||||||
|
|
||||||
@{bin}/cat rix,
|
@{bin}/cat rix,
|
||||||
@{bin}/sed rix,
|
@{bin}/sed rix,
|
||||||
@{bin}/which rix,
|
@{bin}/which{,.debianutils} rix,
|
||||||
|
|
||||||
@{bin}/busctl rPx,
|
@{bin}/busctl rPx,
|
||||||
@{bin}/pactl rPx,
|
@{bin}/pactl rPx,
|
||||||
|
|
|
||||||
|
|
@ -9,14 +9,20 @@ include <tunables/global>
|
||||||
@{exec_path} = @{bin}/loupe
|
@{exec_path} = @{bin}/loupe
|
||||||
profile loupe @{exec_path} flags=(attach_disconnected) {
|
profile loupe @{exec_path} flags=(attach_disconnected) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
|
include <abstractions/bus-accessibility>
|
||||||
|
include <abstractions/bus-session>
|
||||||
|
include <abstractions/bus-system>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
include <abstractions/gnome-strict>
|
include <abstractions/gnome-strict>
|
||||||
include <abstractions/graphics>
|
include <abstractions/graphics>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
|
include <abstractions/thumbnails-cache-write>
|
||||||
include <abstractions/trash-strict>
|
include <abstractions/trash-strict>
|
||||||
include <abstractions/user-read-strict>
|
include <abstractions/user-read-strict>
|
||||||
include <abstractions/user-write-strict>
|
include <abstractions/user-write-strict>
|
||||||
|
|
||||||
|
unix type=stream peer=(label=loupe//bwrap),
|
||||||
|
|
||||||
signal send set=kill peer=loupe//bwrap,
|
signal send set=kill peer=loupe//bwrap,
|
||||||
|
|
||||||
#aa:dbus talk bus=session name=org.gtk.vfs label="gvfsd{,-*}"
|
#aa:dbus talk bus=session name=org.gtk.vfs label="gvfsd{,-*}"
|
||||||
|
|
@ -38,6 +44,7 @@ profile loupe @{exec_path} flags=(attach_disconnected) {
|
||||||
owner @{user_cache_dirs}/glycin/{,**} rw,
|
owner @{user_cache_dirs}/glycin/{,**} rw,
|
||||||
|
|
||||||
@{run}/mount/utab r,
|
@{run}/mount/utab r,
|
||||||
|
owner @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw,
|
||||||
|
|
||||||
@{sys}/fs/cgroup/user.slice/cpu.max r,
|
@{sys}/fs/cgroup/user.slice/cpu.max r,
|
||||||
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/cpu.max r,
|
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/cpu.max r,
|
||||||
|
|
@ -56,6 +63,8 @@ profile loupe @{exec_path} flags=(attach_disconnected) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/common/bwrap>
|
include <abstractions/common/bwrap>
|
||||||
|
|
||||||
|
unix type=stream peer=(label=loupe),
|
||||||
|
|
||||||
signal receive set=kill peer=loupe,
|
signal receive set=kill peer=loupe,
|
||||||
|
|
||||||
@{bin}/bwrap mr,
|
@{bin}/bwrap mr,
|
||||||
|
|
|
||||||
|
|
@ -28,13 +28,21 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
|
||||||
|
|
||||||
mqueue r type=posix /,
|
mqueue r type=posix /,
|
||||||
|
|
||||||
|
unix type=stream peer=(label=gnome-shell),
|
||||||
|
|
||||||
#aa:dbus own bus=session name=org.freedesktop.FileManager1
|
#aa:dbus own bus=session name=org.freedesktop.FileManager1
|
||||||
#aa:dbus own bus=session name=org.gnome.Nautilus interface+="org.gtk.{Application,Actions}"
|
#aa:dbus own bus=session name=org.gnome.Nautilus interface+="org.gtk.{Application,Actions}"
|
||||||
#aa:dbus own bus=session name=org.gnome.Nautilus.SearchProvider interface+=org.gnome.Shell.SearchProvider2
|
#aa:dbus own bus=session name=org.gnome.Nautilus.SearchProvider interface+=org.gnome.Shell.SearchProvider2
|
||||||
|
|
||||||
|
#aa:dbus talk bus=session name=org.gnome.Settings label=gnome-control-center
|
||||||
#aa:dbus talk bus=session name=org.gtk.MountOperationHandler label=gnome-shell
|
#aa:dbus talk bus=session name=org.gtk.MountOperationHandler label=gnome-shell
|
||||||
#aa:dbus talk bus=session name=org.gtk.vfs label="gvfsd{,-*}"
|
|
||||||
#aa:dbus talk bus=session name=org.gtk.Notifications label=gnome-shell
|
#aa:dbus talk bus=session name=org.gtk.Notifications label=gnome-shell
|
||||||
|
#aa:dbus talk bus=session name=org.gtk.vfs label="gvfsd{,-*}"
|
||||||
|
|
||||||
|
dbus send bus=session path=/org/gnome/Mutter/ServiceChannel
|
||||||
|
interface=org.gnome.Mutter.ServiceChannel
|
||||||
|
member=OpenWaylandServiceConnection
|
||||||
|
peer=(name=@{busname}, label=gnome-shell),
|
||||||
|
|
||||||
dbus (send, receive) bus=session path=/org/gtk/Application/CommandLine
|
dbus (send, receive) bus=session path=/org/gtk/Application/CommandLine
|
||||||
interface=org.gtk.private.CommandLine
|
interface=org.gtk.private.CommandLine
|
||||||
|
|
|
||||||
|
|
@ -28,6 +28,8 @@ profile ptyxis @{exec_path} {
|
||||||
owner @{user_share_dirs}/org.gnome.Ptyxis/ rw,
|
owner @{user_share_dirs}/org.gnome.Ptyxis/ rw,
|
||||||
owner @{user_share_dirs}/org.gnome.Ptyxis/** rwlk -> @{user_share_dirs}/org.gnome.Ptyxis/**,
|
owner @{user_share_dirs}/org.gnome.Ptyxis/** rwlk -> @{user_share_dirs}/org.gnome.Ptyxis/**,
|
||||||
|
|
||||||
|
owner /tmp/#@{int} w,
|
||||||
|
|
||||||
/dev/ptmx rw,
|
/dev/ptmx rw,
|
||||||
|
|
||||||
include if exists <local/ptyxis>
|
include if exists <local/ptyxis>
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,7 @@ profile ptyxis-agent @{exec_path} {
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||||
|
|
||||||
owner @{PROC}/@{pid}/cmdline r,
|
@{PROC}/@{pid}/cmdline r,
|
||||||
|
|
||||||
/dev/ptmx rw,
|
/dev/ptmx rw,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -13,14 +13,10 @@ profile gvfsd-dnssd @{exec_path} {
|
||||||
include <abstractions/bus-session>
|
include <abstractions/bus-session>
|
||||||
include <abstractions/bus-system>
|
include <abstractions/bus-system>
|
||||||
include <abstractions/bus/org.freedesktop.Avahi>
|
include <abstractions/bus/org.freedesktop.Avahi>
|
||||||
|
include <abstractions/bus/org.gtk.vfs.Daemon>
|
||||||
|
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
||||||
|
|
||||||
#aa:dbus own bus=session name=org.gtk.vfs.mountpoint_dnssd
|
#aa:dbus own bus=session name=org.gtk.vfs.mountpoint_dnssd
|
||||||
#aa:dbus talk bus=session name=org.gtk.vfs.MountTracker label=gvfsd
|
|
||||||
|
|
||||||
dbus receive bus=session path=/org/gtk/vfs/Daemon
|
|
||||||
interface=org.gtk.vfs.Daemon
|
|
||||||
member=GetConnection
|
|
||||||
peer=(name=:*, label=gvfsd-network),
|
|
||||||
|
|
||||||
dbus receive bus=session path=/org/gtk/vfs/mountable
|
dbus receive bus=session path=/org/gtk/vfs/mountable
|
||||||
interface=org.gtk.vfs.Mountable
|
interface=org.gtk.vfs.Mountable
|
||||||
|
|
@ -32,6 +28,11 @@ profile gvfsd-dnssd @{exec_path} {
|
||||||
member=Spawned
|
member=Spawned
|
||||||
peer=(name=:*, label=gvfsd),
|
peer=(name=:*, label=gvfsd),
|
||||||
|
|
||||||
|
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||||
|
interface=org.gtk.vfs.MountTracker
|
||||||
|
member={MountLocation,LookupMount,RegisterMount}
|
||||||
|
peer=(name="@{busname}", label=gvfsd),
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
owner @{run}/user/@{uid}/gvfsd/ rw,
|
owner @{run}/user/@{uid}/gvfsd/ rw,
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,8 @@ include <tunables/global>
|
||||||
profile gvfsd-network @{exec_path} {
|
profile gvfsd-network @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/bus-session>
|
include <abstractions/bus-session>
|
||||||
|
include <abstractions/bus/org.gtk.vfs.Daemon>
|
||||||
|
include <abstractions/bus/org.gtk.vfs.MountTracker>
|
||||||
include <abstractions/dconf-write>
|
include <abstractions/dconf-write>
|
||||||
|
|
||||||
#aa:dbus own bus=session name=org.gtk.vfs.mountpoint_@{int}
|
#aa:dbus own bus=session name=org.gtk.vfs.mountpoint_@{int}
|
||||||
|
|
@ -30,16 +32,6 @@ profile gvfsd-network @{exec_path} {
|
||||||
member={MountLocation,LookupMount,RegisterMount}
|
member={MountLocation,LookupMount,RegisterMount}
|
||||||
peer=(name="@{busname}", label=gvfsd),
|
peer=(name="@{busname}", label=gvfsd),
|
||||||
|
|
||||||
dbus send bus=session path=/org/gtk/vfs/Daemon
|
|
||||||
interface=org.gtk.vfs.Daemon
|
|
||||||
member=GetConnection
|
|
||||||
peer=(name="@{busname}", label=gvfsd-dnssd),
|
|
||||||
|
|
||||||
dbus receive bus=session path=/org/gtk/vfs/Daemon
|
|
||||||
interface=org.gtk.vfs.Daemon
|
|
||||||
member=GetConnection
|
|
||||||
peer=(name="@{busname}", label=gnome-control-center),
|
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
/usr/share/glib-2.0/schemas/gschemas.compiled r,
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue