felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): add the X-strict abstraction.

Browse source
This commit is contained in:
Alexandre Pujol 2022-06-09 22:45:14 +01:00
parent 5d45b8e7a7
commit f53550525e
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
5 changed files with 34 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

7
apparmor.d/groups/freedesktop/pulseaudio
View file

@ -20,14 +20,12 @@ profile pulseaudio @{exec_path} {
include <abstractions/gstreamer>
include <abstractions/hosts_access>
include <abstractions/nameservice-strict>
include <abstractions/X-strict>
ptrace (trace) peer=@{profile_name},
signal (receive) peer=pacmd,
unix (send receive connect) type=stream peer=(addr=@/tmp/.X11-unix/*),
unix (send receive connect) type=stream peer=(addr=@/tmp/.ICE-unix/*),
network inet stream,
network inet6 stream,
network netlink raw,
@ -120,9 +118,6 @@ profile pulseaudio @{exec_path} {
owner @{user_cache_dirs}/gstreamer-1.0/registry.x86_64.bin r,
owner @{run}/user/@{uid}/ rw,
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.* r,
owner @{run}/user/@{uid}/gdm{[1-9],}/Xauthority r,
owner @{run}/user/@{uid}/ICEauthority r,
owner @{run}/user/@{uid}/pulse/{,*} rw,
owner @{run}/user/@{uid}/pulse/*.lock k,
owner @{run}/user/@{uid}/systemd/notify rw,