29 lines
1.1 KiB
Text
29 lines
1.1 KiB
Text
# apparmor.d - Full set of apparmor profiles
|
|
# Copyright (C) 2020-2022 Mikhail Morfikov
|
|
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
# Allow to receive some signals
|
|
signal (receive) peer=htop,
|
|
signal (receive) peer=sudo,
|
|
signal (receive) peer=top,
|
|
signal (receive) set=(cont,term,kill,stop) peer=systemd-shutdown,
|
|
signal (receive) set=(cont,term) peer=@{systemd_user},
|
|
signal (receive) set=(cont,term) peer=@{systemd},
|
|
signal (receive) set=(hup) peer=xinit,
|
|
signal (receive) set=(term,kill) peer=gnome-shell,
|
|
signal (receive) set=(term,kill) peer=gnome-system-monitor,
|
|
signal (receive) set=(term,kill) peer=openbox,
|
|
signal (receive) set=(term,kill) peer=su,
|
|
|
|
ptrace (readby) peer=systemd-coredump,
|
|
|
|
/usr/share/locale/ r,
|
|
|
|
@{etc_rw}/localtime r,
|
|
/etc/gnutls/config r,
|
|
/etc/locale.conf r,
|
|
|
|
@{sys}/devices/system/cpu/possible r,
|
|
|
|
deny /apparmor/.null rw,
|