# apparmor.d - Full set of apparmor profiles # Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only # Instead of allowing the run of all software in @{bin}/, @{lib} the purpose of # this abstraction is to list all GUI program that can open resources. # Ultimatelly, only sandbox manager program like bwrap, snap, flatpak, firejail # should be present here. Until this day, this profile will be a controlled mess. # Sandbox managers @{bin}/bwrap rPUx, @{bin}/firejail rPUx, @{bin}/flatpak rPUx, @{bin}/snap rPUx, # Files explorer @{bin}/nautilus rPx, # Browsers @{brave_path} rPx, @{chrome_path} rPx, @{chromium_path} rPx, @{firefox_path} rPx, @{opera_path} rPx, # Text editors @{bin}/code rPUx, @{bin}/gedit rPUx, @{bin}/gnome-text-editor rPUx, /usr/share/code/{bin/,}code rPUx, # Others @{bin}/*{F,f}oliate rPUx, @{bin}/blueman-tray rPx, @{bin}/discord{,-ptb} rPx, @{bin}/draw.io rPUx, @{bin}/dropbox rPx, @{bin}/element-desktop rPx, @{bin}/engrampa rPx, @{bin}/eog rPUx, @{bin}/evince rPx, @{bin}/extension-manager rPx, @{bin}/file-roller rPUx, @{bin}/filezilla rPx, @{bin}/flameshot rPx, @{bin}/flatpak rPUx, @{bin}/geany rPx, @{bin}/gimp* rPUx, @{bin}/gnome-calculator rPUx, @{bin}/gnome-disk-image-mounter rPx, @{bin}/gnome-disks rPx, @{bin}/gwenview rPUx, @{bin}/kgx rPx, @{bin}/okular rPx, @{bin}/qbittorrent rPx, @{bin}/qpdfview rPx, @{bin}/smplayer rPx, @{bin}/spacefm rPx, @{bin}/steam-runtime rPUx, @{bin}/teams rPUx, @{bin}/telegram-desktop rPx, @{bin}/thunderbird rPx, @{bin}/transmission-gtk rPx, @{bin}/viewnior rPUx, @{bin}/vlc rPUx, @{bin}/xarchiver rPx, @{bin}/xbrlapi rPx, @{bin}/yelp rPUx, @{lib}/libreoffice/program/{soffice{,.bin},oosplash} rPUx, include if exists