felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): general minor update to profiles.

Browse source
This commit is contained in:
Alexandre Pujol 2025-07-18 00:19:29 +02:00
parent 83c04f5845
commit f694483444
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
10 changed files with 19 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

7
apparmor.d/profiles-a-f/alacarte
View file

@ -7,7 +7,7 @@ abi <abi/4.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = @{bin}/alacarte @{exec_path} = @{bin}/alacarte
profile alacarte @{exec_path} { profile alacarte @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/dconf-write> include <abstractions/dconf-write>
include <abstractions/desktop> include <abstractions/desktop>
@ -30,6 +30,11 @@ profile alacarte @{exec_path} {
owner @{tmp}/gdkpixbuf-xpm-tmp.@{rand6} rw, owner @{tmp}/gdkpixbuf-xpm-tmp.@{rand6} rw,
@{sys}/fs/cgroup/user.slice/cpu.max r,
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/cpu.max r,
@{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/cpu.max r,
owner @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/cpu.max r,
owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/cgroup r,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,

2
apparmor.d/profiles-a-f/birdtray
View file

@ -40,7 +40,7 @@ profile birdtray @{exec_path} {
owner @{HOME}/.thunderbird/*.*/{Imap,}Mail/**/*.msf r, owner @{HOME}/.thunderbird/*.*/{Imap,}Mail/**/*.msf r,
owner @{user_config_dirs}/ulduzsoft/ rw, owner @{user_config_dirs}/ulduzsoft/ rw,
owner @{user_config_dirs}/ulduzsoft/* rwkl -> /home/morfik/.config/ulduzsoft/*, owner @{user_config_dirs}/ulduzsoft/* rwkl -> @{user_config_dirs}/ulduzsoft/*,
owner @{user_config_dirs}/birdtray-config.json rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/birdtray-config.json rwl -> @{user_config_dirs}/#@{int},
owner @{user_config_dirs}/birdtray-config.json.* rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/birdtray-config.json.* rwl -> @{user_config_dirs}/#@{int},

4
apparmor.d/profiles-a-f/code-extension-git-askpass
View file

@ -6,7 +6,7 @@ abi <abi/4.0>,
include <tunables/global> include <tunables/global>
@{exec_path} = @{lib}/code/extensions/git/dist/askpass.sh @{exec_path} = @{lib}/code/extensions/git/dist/askpass.sh @{lib}/code/extensions/git/dist/ssh-askpass.sh
profile code-extension-git-askpass @{exec_path} { profile code-extension-git-askpass @{exec_path} {
include <abstractions/base> include <abstractions/base>
@ -23,7 +23,7 @@ profile code-extension-git-askpass @{exec_path} {
/usr/share/terminfo/** r, /usr/share/terminfo/** r,
owner @{tmp}/tmp.* rw, owner @{tmp}/tmp.@{rand10} rw,
/dev/tty rw, /dev/tty rw,

1
apparmor.d/profiles-a-f/dkms
View file

@ -32,6 +32,7 @@ profile dkms @{exec_path} flags=(attach_disconnected) {
@{bin}/g++ rix, @{bin}/g++ rix,
@{bin}/gcc rix, @{bin}/gcc rix,
@{bin}/getconf rix, @{bin}/getconf rix,
@{bin}/hostname rix,
@{bin}/kill rix, @{bin}/kill rix,
@{bin}/kmod rCx -> kmod, @{bin}/kmod rCx -> kmod,
@{bin}/ld rix, @{bin}/ld rix,

1
apparmor.d/profiles-g-l/git
View file

@ -133,6 +133,7 @@ profile git @{exec_path} flags=(attach_disconnected) {
@{bin}/ssh mr, @{bin}/ssh mr,
@{bin}/ksshaskpass ix, @{bin}/ksshaskpass ix,
@{lib}/code/extensions/git/dist/ssh-askpass.sh Px,
@{etc_ro}/ssh/ssh_config.d/{,*} r, @{etc_ro}/ssh/ssh_config.d/{,*} r,
@{etc_ro}/ssh/ssh_config r, @{etc_ro}/ssh/ssh_config r,

1
apparmor.d/profiles-m-r/needrestart-restart
View file

@ -13,6 +13,7 @@ profile needrestart-restart @{exec_path} {
@{exec_path} mr, @{exec_path} mr,
@{bin}/systemctl Cx -> systemctl, @{bin}/systemctl Cx -> systemctl,
@{sh_path} r,
/var/log/unattended-upgrades/unattended-upgrades-dpkg.log rw, /var/log/unattended-upgrades/unattended-upgrades-dpkg.log rw,

2
apparmor.d/profiles-m-r/pass
View file

@ -40,7 +40,7 @@ profile pass @{exec_path} {
@{bin}/tr ix, @{bin}/tr ix,
@{bin}/tree ix, @{bin}/tree ix,
@{bin}/tty ix, @{bin}/tty ix,
@{bin}/which{,.debianutils} ix, @{bin}/which{,.debianutils} rix,
@{bin}/git Cx -> git, @{bin}/git Cx -> git,
@{bin}/gpg{2,} Cx -> gpg, @{bin}/gpg{2,} Cx -> gpg,

2
apparmor.d/profiles-s-z/wechat
View file

@ -14,9 +14,9 @@ include <tunables/global>
@{exec_path} = @{lib_dirs}/wechat @{exec_path} = @{lib_dirs}/wechat
profile wechat @{exec_path} flags=(attach_disconnected) { profile wechat @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/consoles>
include <abstractions/audio-client> include <abstractions/audio-client>
include <abstractions/common/electron> include <abstractions/common/electron>
include <abstractions/consoles>
include <abstractions/fontconfig-cache-read> include <abstractions/fontconfig-cache-read>
network netlink raw, network netlink raw,

3
apparmor.d/profiles-s-z/wechat-appimage
View file

@ -14,10 +14,11 @@ include <tunables/global>
@{exec_path} = @{bin}/wechat @{lib_dirs}/wechat-appimage.Appimage /tmp/.mount_wechat??????/user/bin/wechat @{exec_path} = @{bin}/wechat @{lib_dirs}/wechat-appimage.Appimage /tmp/.mount_wechat??????/user/bin/wechat
profile wechat-appimage @{exec_path} flags=(attach_disconnected) { profile wechat-appimage @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/consoles>
include <abstractions/audio-client> include <abstractions/audio-client>
include <abstractions/common/electron> include <abstractions/common/electron>
include <abstractions/consoles>
include <abstractions/fontconfig-cache-read> include <abstractions/fontconfig-cache-read>
include <abstractions/path>
network netlink raw, network netlink raw,
network netlink dgram, network netlink dgram,

4
apparmor.d/profiles-s-z/wechat-universal
View file

@ -14,10 +14,10 @@ include <tunables/global>
@{exec_path} = @{bin}/wechat-universal @{lib_dirs}/wechat @{exec_path} = @{bin}/wechat-universal @{lib_dirs}/wechat
profile wechat-universal @{exec_path} flags=(attach_disconnected) { profile wechat-universal @{exec_path} flags=(attach_disconnected) {
include <abstractions/base> include <abstractions/base>
include <abstractions/consoles>
include <abstractions/audio-client> include <abstractions/audio-client>
include <abstractions/common/electron>
include <abstractions/common/bwrap> include <abstractions/common/bwrap>
include <abstractions/common/electron>
include <abstractions/consoles>
include <abstractions/fontconfig-cache-read> include <abstractions/fontconfig-cache-read>
network netlink raw, network netlink raw,