felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): ensure nautilus can access root files.

Browse source
This commit is contained in:
Alexandre Pujol 2025-08-19 22:58:46 +02:00
parent c806ec44eb
commit f3d209e42a
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
1 changed files with 9 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

17
apparmor.d/groups/gvfs/gvfsd-admin
View file

@ -22,14 +22,15 @@ profile gvfsd-admin @{exec_path} {
/usr/share/mime/mime.cache r,
@{MOUNTS}/{,**} rw,
@{run}/mount/utab r,
@{run}/user/@{uid}/gvfsd/socket-@{rand8} rw,
@{PROC}/@{pid}/fdinfo/@{int} r,
@{PROC}/@{pid}/mountinfo r,
@{PROC}/@{pid}/stat r,
#aa:lint ignore=too-wide
# Full access to system's data, but no write access to sensitive system directories
/ r,
/*/ r,
/*/** rw,
deny @{sys}/** w,
deny @{PROC}/** w,
deny @{efi}/** w,
deny /dev/** w,
include if exists <local/gvfsd-admin>
}