feat(abs): add the pager app abstaction.
This commit is contained in:
Alexandre Pujol
parent
2c880ba220
commit
f033e69811
6 changed files with 41 additions and 74 deletions
37
apparmor.d/abstractions/app/pager
Normal file
37
apparmor.d/abstractions/app/pager
Normal file
|
|
@ -0,0 +1,37 @@
|
||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
# LOGPROF-SUGGEST: no
|
||||||
|
|
||||||
|
# Minimal set of rules for pagers.
|
||||||
|
|
||||||
|
abi <abi/4.0>,
|
||||||
|
|
||||||
|
include <abstractions/consoles>
|
||||||
|
|
||||||
|
capability dac_override,
|
||||||
|
capability dac_read_search,
|
||||||
|
|
||||||
|
signal (receive) set=(stop, cont, term, kill),
|
||||||
|
|
||||||
|
@{bin}/ r,
|
||||||
|
@{pager_path} mrix,
|
||||||
|
|
||||||
|
@{system_share_dirs}/terminfo/{,**} r,
|
||||||
|
/usr/share/file/misc/** r,
|
||||||
|
/usr/share/nvim/{,**} r,
|
||||||
|
|
||||||
|
@{HOME}/.lesshst r,
|
||||||
|
|
||||||
|
owner @{HOME}/ r,
|
||||||
|
owner @{HOME}/.lesshs* rw,
|
||||||
|
owner @{HOME}/.terminfo/@{int}/* r,
|
||||||
|
owner @{user_cache_dirs}/lesshs* rw,
|
||||||
|
owner @{user_state_dirs}/ r,
|
||||||
|
owner @{user_state_dirs}/lesshs* rw,
|
||||||
|
|
||||||
|
/dev/tty@{int} rw,
|
||||||
|
|
||||||
|
include if exists <abstractions/app/pager.d>
|
||||||
|
|
||||||
|
# vim:syntax=apparmor
|
||||||
|
|
@ -172,18 +172,7 @@ profile apt @{exec_path} flags=(attach_disconnected) {
|
||||||
|
|
||||||
profile pager {
|
profile pager {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/app/pager>
|
||||||
|
|
||||||
capability dac_read_search,
|
|
||||||
|
|
||||||
@{bin}/ r,
|
|
||||||
@{sh_path} rix,
|
|
||||||
@{pager_path} rmix,
|
|
||||||
@{bin}/which rix,
|
|
||||||
|
|
||||||
/root/ r, # For shell pwd
|
|
||||||
|
|
||||||
owner @{HOME}/.less* rw,
|
|
||||||
|
|
||||||
owner @{tmp}/apt-changelog-*/ r,
|
owner @{tmp}/apt-changelog-*/ r,
|
||||||
owner @{tmp}/apt-changelog-*/*.changelog r,
|
owner @{tmp}/apt-changelog-*/*.changelog r,
|
||||||
|
|
|
||||||
|
|
@ -59,23 +59,8 @@ profile apt-listchanges @{exec_path} {
|
||||||
|
|
||||||
profile pager {
|
profile pager {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/app/pager>
|
||||||
|
|
||||||
capability dac_read_search,
|
|
||||||
#capability sys_tty_config,
|
|
||||||
|
|
||||||
@{pager_path} mrix,
|
|
||||||
|
|
||||||
@{bin}/ r,
|
|
||||||
@{sh_path} rix,
|
|
||||||
@{bin}/which rix,
|
|
||||||
|
|
||||||
owner @{HOME}/.less* rw,
|
|
||||||
|
|
||||||
# For shell pwd
|
|
||||||
/root/ r,
|
|
||||||
|
|
||||||
/tmp/ r,
|
|
||||||
owner @{tmp}/apt-listchanges-tmp*.txt r,
|
owner @{tmp}/apt-listchanges-tmp*.txt r,
|
||||||
|
|
||||||
include if exists <local/apt-listchanges_pager>
|
include if exists <local/apt-listchanges_pager>
|
||||||
|
|
|
||||||
|
|
@ -171,17 +171,8 @@ profile aptitude @{exec_path} flags=(complain) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/consoles>
|
||||||
|
|
||||||
@{bin}/ r,
|
|
||||||
@{editor_path} mrix,
|
|
||||||
@{sh_path} rix,
|
|
||||||
@{bin}/which rix,
|
|
||||||
|
|
||||||
owner @{HOME}/.less* rw,
|
|
||||||
owner @{tmp}/aptitude-*.@{pid}:*/aptitude-download-* rw,
|
owner @{tmp}/aptitude-*.@{pid}:*/aptitude-download-* rw,
|
||||||
|
|
||||||
# For shell pwd
|
|
||||||
/root/ r,
|
|
||||||
|
|
||||||
include if exists <local/aptitude_pager>
|
include if exists <local/aptitude_pager>
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -15,30 +15,7 @@ include <tunables/global>
|
||||||
|
|
||||||
profile child-pager flags=(attach_disconnected) {
|
profile child-pager flags=(attach_disconnected) {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/app/pager>
|
||||||
|
|
||||||
capability dac_override,
|
|
||||||
capability dac_read_search,
|
|
||||||
|
|
||||||
signal (receive) set=(stop, cont, term, kill),
|
|
||||||
|
|
||||||
@{bin}/ r,
|
|
||||||
@{pager_path} mr,
|
|
||||||
|
|
||||||
@{system_share_dirs}/terminfo/{,**} r,
|
|
||||||
/usr/share/file/misc/** r,
|
|
||||||
/usr/share/nvim/{,**} r,
|
|
||||||
|
|
||||||
@{HOME}/.lesshst r,
|
|
||||||
|
|
||||||
owner @{HOME}/ r,
|
|
||||||
owner @{HOME}/.lesshs* rw,
|
|
||||||
owner @{HOME}/.terminfo/@{int}/* r,
|
|
||||||
owner @{user_cache_dirs}/lesshs* rw,
|
|
||||||
owner @{user_state_dirs}/ r,
|
|
||||||
owner @{user_state_dirs}/lesshs* rw,
|
|
||||||
|
|
||||||
/dev/tty@{int} rw,
|
|
||||||
|
|
||||||
include if exists <local/child-pager>
|
include if exists <local/child-pager>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -115,19 +115,7 @@ profile mutt @{exec_path} {
|
||||||
|
|
||||||
profile pager {
|
profile pager {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
include <abstractions/consoles>
|
include <abstractions/app/pager>
|
||||||
|
|
||||||
@{pager_path} mr,
|
|
||||||
|
|
||||||
/usr/share/terminfo/** r,
|
|
||||||
/usr/share/file/misc/magic.mgc r,
|
|
||||||
|
|
||||||
owner @{HOME}/ r,
|
|
||||||
owner @{HOME}/.lesshs* rw,
|
|
||||||
owner @{HOME}/.terminfo/@{int}/* r,
|
|
||||||
owner @{user_cache_dirs}/lesshs* rw,
|
|
||||||
owner @{user_state_dirs}/ r,
|
|
||||||
owner @{user_state_dirs}/lesshs* rw,
|
|
||||||
|
|
||||||
# This is the file that holds the message
|
# This is the file that holds the message
|
||||||
owner /{var/,}tmp/mutt* rw,
|
owner /{var/,}tmp/mutt* rw,
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue