felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
apparmor.d/apparmor.d/groups/steam/steam-game-proton
Alexandre Pujol b3da8d4be7
feat(profile): update steam profiles.
2025-04-26 17:23:30 +02:00

119 lines
4.6 KiB
Text
Raw Blame History

# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/4.0>,
include <tunables/global>
@{runtime_name} = sniper soldier
@{runtime} = SteamLinuxRuntime_@{runtime_name}
@{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation
@{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64}
@{runtime_dirs} = @{lib_dirs}/steam-runtime{,-sniper}
@{app_dirs} = @{share_dirs}/steamapps/common/
@{exec_path} = @{app_dirs}/@{runtime}/pressure-vessel/@{lib}/steam-runtime-tools-@{int}/srt-bwrap
profile steam-game-proton @{exec_path} flags=(attach_disconnected,complain) {
include <abstractions/base>
include <abstractions/common/bwrap>
include <abstractions/common/steam-game>
include <abstractions/python>
include <abstractions/wine>
capability dac_override,
capability dac_read_search,
network inet dgram,
network inet6 dgram,
network inet stream,
network inet6 stream,
network unix stream,
signal receive peer=steam,
unix,
@{exec_path} mr,
@{bin}/bwrap mrix,
@{sh_path} rix,
@{bin}/cat rix,
@{bin}/env rix,
@{bin}/chmod rix,
@{bin}/fc-match rix,
@{bin}/getopt rix,
@{bin}/gzip rix,
@{bin}/ldconfig rix,
@{bin}/ln rix,
@{bin}/localedef rix,
@{bin}/mkdir rix,
@{bin}/readlink rix,
@{bin}/rm rix,
@{bin}/steam-runtime-launcher-interface-@{int} rix,
@{bin}/steam-runtime-system-info rix,
@{bin}/steam-runtime-urlopen rix,
@{bin}/true rix,
@{python_path} rix,
@{open_path} rix,
@{lib_dirs}/** mr,
@{lib}/pressure-vessel/from-host/@{bin}/* rix,
@{lib}/pressure-vessel/from-host/@{lib}/** rix,
@{lib}/steam-runtime-tools-@{int}/@{multiarch}-* rix,
# TODO stack with steam ? rpx -> steam-game-proton&//steam,
@{runtime_dirs}/run.sh rix,
@{runtime_dirs}/@{arch}@{bin}/steam-runtime-identify-library-abi rix,
@{runtime_dirs}/@{arch}@{bin}/steam-runtime-launcher-interface-@{int} rix,
@{app_dirs}/SteamLinuxRuntime/var/steam-runtime/run.sh rix,
@{app_dirs}/SteamLinuxRuntime/var/steam-runtime/@{arch}@{bin}/steam-runtime-identify-library-abi rix,
@{app_dirs}/SteamLinuxRuntime/var/steam-runtime/@{arch}@{bin}/steam-runtime-launcher-interface-@{int} rix,
@{app_dirs}/** mrix,
@{run}/host/@{bin}/ldconfig rix,
@{run}/host/@{bin}/localedef rix,
@{run}/host/@{lib}/** mr,
@{share_dirs}/bin/d3ddriverquery64.exe mr,
@{share_dirs}/steamapps/compatdata/@{int}/pfx/** mr,
@{user_games_dirs}/** mr,
owner /bindfile@{rand6} rw,
owner /var/pressure-vessel/** rw,
owner /var/cache/ldconfig/aux-cache* rw,
owner "@{app_dirs}/Steamworks Shared/runasadmin.vdf" rw,
owner @{app_dirs}/@{runtime}/var/tmp-@{rand6}/usr/.ref rwk,
owner @{app_dirs}/SteamLinuxRuntime/var/steam-runtime/* rw,
owner @{app_dirs}/Proton*/** rwkl,
owner @{share_dirs}/*.dll r,
owner @{share_dirs}/bin/ r,
owner @{share_dirs}/installscriptevalutor_log.txt rw,
owner @{share_dirs}/legacycompat/ r,
owner @{share_dirs}/legacycompat/** mr,
owner @{share_dirs}/steamapps/compatdata/{,**} rwk,
owner @{tmp}/glx-icds-@{rand6}/{,**} w,
owner @{tmp}/pressure-vessel-*-@{rand6}/ rw,
owner @{tmp}/pressure-vessel-*-@{rand6}/** rwlk -> @{tmp}/pressure-vessel-*-@{rand6}/**,
owner @{tmp}/vdpau-drivers-@{rand6}/{,**} w,
@{run}/host/fonts/{,**} r,
@{run}/host/share/{,**} r,
@{run}/host/usr/{,**} r,
owner @{run}/pressure-vessel/{,**} r,
@{sys}/devices/system/node/node@{int}/cpumap r,
@{sys}/devices/system/node/online r,
@{PROC}/@{pids}/net/* r,
@{PROC}/sys/net/core/bpf_jit_enable r,
include if exists <local/steam-game-proton>
}
# vim:syntax=apparmor
Reference in a new issue View git blame Copy permalink