# apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include @{exec_path} = @{bin}/localsearch @{lib}/localsearch-3 profile localsearch @{exec_path} flags=(attach_disconnected) { include include include include include include include include include include include include include include include network netlink raw, #aa:dbus own bus=session name=org.freedesktop.Tracker3.Miner.Files #aa:dbus own bus=session name=org.freedesktop.LocalSearch3 @{exec_path} mr, @{lib}/localsearch-extractor-3 ix, # nnp /usr/share/localsearch3/{,**} r, /usr/share/osinfo/{,**} r, /usr/share/poppler/{,**} r, # Allow to search user files owner @{HOME}/ r, owner @{HOME}/{,**} r, owner @{MOUNTS}/{,**} r, owner @{tmp}/*/{,**} r, owner @{user_cache_dirs}/tracker3/ rw, owner @{user_cache_dirs}/tracker3/files/ rw, owner @{user_cache_dirs}/tracker3/files/** rwk, owner @{tmp}/etilqs_@{sqlhex} rw, owner /var/tmp/etilqs_@{sqlhex} rw, @{run}/mount/utab r, @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511 @{PROC}/sys/fs/fanotify/max_user_marks r, @{PROC}/sys/fs/inotify/max_user_watches r, owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/task/@{tid}/comm rw, /dev/media@{int} rw, /dev/video@{int} rw, include if exists } # vim:syntax=apparmor