# apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include @{exec_path} = @{bin}/gnome-session profile gnome-session @{exec_path} { include include include include @{exec_path} mrix, @{shells_path} rix, @{bin}/cat rix, @{bin}/find rix, @{bin}/gettext rix, @{bin}/gettext.sh r, @{bin}/grep rix, @{bin}/head rix, @{bin}/id rix, @{bin}/locale rix, @{bin}/locale-check rix, @{bin}/manpath rix, @{bin}/readlink rix, @{bin}/realpath rix, @{bin}/run-parts rix, @{bin}/sed rix, @{bin}/tput rix, @{bin}/tr rix, @{bin}/tty rix, @{bin}/uname rix, @{bin}/xargs rix, @{bin}/dpkg-query rpx, @{bin}/flatpak rCx -> flatpak, @{bin}/gsettings rPx, @{lib}/gnome-session-binary rPx, /usr/share/im-config/{,**} r, /usr/share/libdebuginfod-common/debuginfod.sh r, /usr/share/xsessions/gnome.desktop r, @{etc_ro}/profile.d/{,*} r, /etc/debuginfod/{,*} r, /etc/default/im-config r, /etc/manpath.config r, /etc/shells r, /etc/sysconfig/console r, /etc/sysconfig/displaymanager r, /etc/sysconfig/language r, /etc/sysconfig/mail r, /etc/sysconfig/proxy r, /etc/sysconfig/windowmanager r, /etc/X11/xinit/xinputrc r, /etc/X11/Xsession.d/*im-config_launch r, owner @{HOME}/ r, owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/loginuid r, /dev/tty@{int} rw, profile flatpak { include include @{bin}/flatpak mr, /dev/tty@{int} rw, include if exists } include if exists } # vim:syntax=apparmor