felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): add the X-strict abstraction.

Browse source
This commit is contained in:
Alexandre Pujol 2022-06-09 22:45:14 +01:00
parent 5d45b8e7a7
commit f53550525e
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
5 changed files with 34 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

5
apparmor.d/groups/gnome/gnome-session-binary
View file

@ -17,6 +17,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
include <abstractions/gtk>
include <abstractions/mesa>
include <abstractions/nameservice-strict>
include <abstractions/X-strict>
network inet stream,
network inet6 stream,
@ -118,8 +119,6 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
owner @{user_share_dirs}/applications/mimeinfo.cache r,
owner @{user_share_dirs}/session_migration-ubuntu r,
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* r,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{run}/user/@{uid}/gnome-session-leader-fifo rw,
owner @{run}/user/@{uid}/ICEauthority{,-[a-z]} rwl,
owner @{run}/user/@{uid}/systemd/notify w,
@ -129,8 +128,6 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/sessions/*.ref rw,
@{run}/systemd/users/@{uid} r,
/tmp/.ICE-unix/[0-9]* rw,
@{sys}/devices/**/{vendor,device} r,
owner @{PROC}/@{pid}/loginuid r,