mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 14:25:52 +00:00
Code Issues Releases Wiki Activity

Add support for local additions to abstractions

Browse Source 
Local policy may want to extend or override abstractions, so add support for including local updates to them.

Acked-by: Christian Boltz <apparmor@cboltz.de>
Acked-by: intrigeri <intrigeri@boum.org>
Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
Matthew Garrett
2019-01-24 03:03:11 -08:00
committed by John Johansen
parent b0bacba9db
commit d9ab83281b
94 changed files with 282 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
profiles/apparmor.d/abstractions/X
View File

@@ -52,3 +52,6 @@
# mouse themes
/etc/X11/cursors/ r,
/etc/X11/cursors/** r,
# Include additions to the abstraction
#include if exists <abstractions/X.d>

3
profiles/apparmor.d/abstractions/apache2-common
View File

@@ -32,3 +32,6 @@
# OCSP stapling
/{var/,}run/lock/apache2/stapling-cache* rw,
# Include additions to the abstraction
#include if exists <abstractions/apache2-common.d>

3
profiles/apparmor.d/abstractions/aspell
View File

@@ -11,3 +11,6 @@
/usr/share/aspell/ r,
/usr/share/aspell/* r,
/var/lib/aspell/* r,
# Include additions to the abstraction
#include if exists <abstractions/aspell.d>

3
profiles/apparmor.d/abstractions/audio
View File

@@ -76,3 +76,6 @@ owner @{HOME}/.local/share/openal/hrtf/{,**} r,
# wildmidi
/etc/wildmidi/wildmidi.cfg r,
# Include additions to the abstraction
#include if exists <abstractions/audio.d>

3
profiles/apparmor.d/abstractions/authentication
View File

@@ -49,3 +49,6 @@
# p11-kit (PKCS#11 modules configuration)
#include <abstractions/p11-kit>
# Include additions to the abstraction
#include if exists <abstractions/authentication.d>

3
profiles/apparmor.d/abstractions/base
View File

@@ -161,3 +161,6 @@
# new-style encrypted $HOME
owner @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,
# Include additions to the abstraction
#include if exists <abstractions/base.d>

3
profiles/apparmor.d/abstractions/bash
View File

@@ -42,3 +42,6 @@
/etc/DIR_COLORS r,
/{usr/,}bin/ls mix,
/usr/bin/dircolors mix,
# Include additions to the abstraction
#include if exists <abstractions/bash.d>

3
profiles/apparmor.d/abstractions/consoles
View File

@@ -21,3 +21,6 @@
/dev/pts/[0-9]* rw,
/dev/pts/ r,
# Include additions to the abstraction
#include if exists <abstractions/consoles.d>

3
profiles/apparmor.d/abstractions/cups-client
View File

@@ -16,3 +16,6 @@
# client should be able to read user-specified cups configuration
owner @{HOME}/.cups/client.conf r,
owner @{HOME}/.cups/lpoptions r,
# Include additions to the abstraction
#include if exists <abstractions/cups-client.d>

3
profiles/apparmor.d/abstractions/dbus
View File

@@ -14,3 +14,6 @@
#include <abstractions/dbus-strict>
dbus bus=system,
# Include additions to the abstraction
#include if exists <abstractions/dbus.d>

3
profiles/apparmor.d/abstractions/dbus-accessibility
View File

@@ -14,3 +14,6 @@
#include <abstractions/dbus-accessibility-strict>
dbus bus=accessibility,
# Include additions to the abstraction
#include if exists <abstractions/dbus-accessibility.d>

3
profiles/apparmor.d/abstractions/dbus-accessibility-strict
View File

@@ -15,3 +15,6 @@
interface=org.freedesktop.DBus
member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
peer=(name=org.freedesktop.DBus),
# Include additions to the abstraction
#include if exists <abstractions/dbus-accessibility-strict.d>

3
profiles/apparmor.d/abstractions/dbus-session
View File

@@ -15,3 +15,6 @@
#include <abstractions/dbus-session-strict>
/usr/bin/dbus-launch ix,
dbus bus=session,
# Include additions to the abstraction
#include if exists <abstractions/dbus-session.d>

3
profiles/apparmor.d/abstractions/dbus-session-strict
View File

@@ -26,3 +26,6 @@
interface=org.freedesktop.DBus
member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
peer=(name=org.freedesktop.DBus),
# Include additions to the abstraction
#include if exists <abstractions/dbus-session-strict.d>

3
profiles/apparmor.d/abstractions/dbus-strict
View File

@@ -17,3 +17,6 @@
interface=org.freedesktop.DBus
member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
peer=(name=org.freedesktop.DBus),
# Include additions to the abstraction
#include if exists <abstractions/dbus-strict.d>

3
profiles/apparmor.d/abstractions/dconf
View File

@@ -6,3 +6,6 @@
/etc/dconf/** r,
owner /{,var/}run/user/*/dconf/user r,
owner @{HOME}/.config/dconf/user r,
# Include additions to the abstraction
#include if exists <abstractions/dconf.d>

3
profiles/apparmor.d/abstractions/dovecot-common
View File

@@ -17,3 +17,6 @@
signal receive peer=dovecot,
/{var/,}run/dovecot/config rw,
# Include additions to the abstraction
#include if exists <abstractions/dovecot-common.d>

3
profiles/apparmor.d/abstractions/dri-common
View File

@@ -10,3 +10,6 @@
/etc/drirc r,
owner @{HOME}/.drirc r,
# Include additions to the abstraction
#include if exists <abstractions/dri-common.d>

3
profiles/apparmor.d/abstractions/dri-enumerate
View File

@@ -6,3 +6,6 @@
@{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
# Include additions to the abstraction
#include if exists <abstractions/dri-enumerate.d>

3
profiles/apparmor.d/abstractions/enchant
View File

@@ -54,3 +54,6 @@
# per-user dictionaries
owner @{HOME}/.config/enchant/ rw,
owner @{HOME}/.config/enchant/* rwk,
# Include additions to the abstraction
#include if exists <abstractions/enchant.d>

3
profiles/apparmor.d/abstractions/fcitx
View File

@@ -11,3 +11,6 @@
#include <abstractions/fcitx-strict>
dbus bus=fcitx,
# Include additions to the abstraction
#include if exists <abstractions/fcitx.d>

3
profiles/apparmor.d/abstractions/fcitx-strict
View File

@@ -19,3 +19,6 @@
peer=(name=org.freedesktop.DBus),
owner @{HOME}/.config/fcitx/dbus/* r,
# Include additions to the abstraction
#include if exists <abstractions/fcitx-strict.d>

3
profiles/apparmor.d/abstractions/fonts
View File

@@ -59,3 +59,6 @@
# data files for LibThai
/usr/share/libthai/thbrk.tri r,
# Include additions to the abstraction
#include if exists <abstractions/fonts.d>

3
profiles/apparmor.d/abstractions/freedesktop.org
View File

@@ -26,3 +26,6 @@
owner @{user_share_dirs}/applications/{**,} r,
owner @{user_share_dirs}/icons/{**,} r,
owner @{user_share_dirs}/mime/{**,} r,
# Include additions to the abstraction
#include if exists <abstractions/freedesktop.org.d>

3
profiles/apparmor.d/abstractions/gnome
View File

@@ -102,3 +102,6 @@
unix (send, receive, connect)
type=stream
peer=(addr="@/dbus-vfs-daemon/socket-*"),
# Include additions to the abstraction
#include if exists <abstractions/gnome.d>

3
profiles/apparmor.d/abstractions/gnupg
View File

@@ -9,3 +9,6 @@
owner @{HOME}/.gnupg/secring.gpg r,
owner @{HOME}/.gnupg/so/*.x86_64 mr,
owner @{HOME}/.gnupg/trustdb.gpg rw,
# Include additions to the abstraction
#include if exists <abstractions/gnupg.d>

3
profiles/apparmor.d/abstractions/ibus
View File

@@ -13,3 +13,6 @@
owner @{HOME}/.config/ibus/ r,
owner @{HOME}/.config/ibus/bus/ rw,
owner @{HOME}/.config/ibus/bus/* rw,
# Include additions to the abstraction
#include if exists <abstractions/ibus.d>

3
profiles/apparmor.d/abstractions/kde
View File

@@ -73,3 +73,6 @@ owner @{HOME}/.config/trashrc r, # Used by KFileWidget
/usr/lib/@{multiarch}/qt4/lib*/lib*so* mr,
/usr/lib/@{multiarch}/qt4/plugins/** mr,
/usr/share/qt4/** r,
# Include additions to the abstraction
#include if exists <abstractions/kde.d>

3
profiles/apparmor.d/abstractions/kde-globals-write
View File

@@ -8,3 +8,6 @@
owner @{HOME}/.config/kdeglobals.?????? rwl -> @{HOME}/.config/#[0-9]*,
owner @{HOME}/.config/kdeglobals.lock rwk,
# Include additions to the abstraction
#include if exists <abstractions/kde-globals-write.d>

3
profiles/apparmor.d/abstractions/kde-icon-cache-write
View File

@@ -5,3 +5,6 @@
owner @{HOME}/.cache/icon-cache.kcache rw, # for KIconLoader
# Include additions to the abstraction
#include if exists <abstractions/kde-icon-cache-write.d>

3
profiles/apparmor.d/abstractions/kde-language-write
View File

@@ -10,3 +10,6 @@
owner @{HOME}/.config/klanguageoverridesrc.?????? rwl -> @{HOME}/.config/#[0-9]*,
owner @{HOME}/.config/klanguageoverridesrc.lock rwk,
# Include additions to the abstraction
#include if exists <abstractions/kde-language-write.d>

3
profiles/apparmor.d/abstractions/kerberosclient
View File

@@ -30,3 +30,6 @@
# credential caches
/tmp/krb5cc* r,
# Include additions to the abstraction
#include if exists <abstractions/kerberosclient.d>

3
profiles/apparmor.d/abstractions/ldapclient
View File

@@ -22,3 +22,6 @@
/{,var/}run/nslcd/socket rw,
#include <abstractions/ssl_certs>
# Include additions to the abstraction
#include if exists <abstractions/ldapclient.d>

3
profiles/apparmor.d/abstractions/libpam-systemd
View File

@@ -17,3 +17,6 @@
path=/org/freedesktop/login1
interface=org.freedesktop.login1.Manager
member={CreateSession,ReleaseSession},
# Include additions to the abstraction
#include if exists <abstractions/libpam-systemd.d>

3
profiles/apparmor.d/abstractions/likewise
View File

@@ -11,3 +11,6 @@
/tmp/.lwidentity/pipe rw,
/var/lib/likewise-open/lwidentity_privileged/pipe rw,
# Include additions to the abstraction
#include if exists <abstractions/likewise.d>

3
profiles/apparmor.d/abstractions/mdns
View File

@@ -11,3 +11,6 @@
# mdnsd
/etc/nss_mdns.conf r,
/{,var/}run/mdnsd w,
# Include additions to the abstraction
#include if exists <abstractions/mdns.d>

3
profiles/apparmor.d/abstractions/mesa
View File

@@ -12,3 +12,6 @@
owner @{HOME}/.cache/mesa_shader_cache/??/ w,
owner @{HOME}/.cache/mesa_shader_cache/??/* rwk,
# Include additions to the abstraction
#include if exists <abstractions/mesa.d>

3
profiles/apparmor.d/abstractions/mir
View File

@@ -15,3 +15,6 @@
/usr/lib/@{multiarch}/mir/**/*.so* mr,
# unprivileged mir socket for clients
# Include additions to the abstraction
#include if exists <abstractions/mir.d>

3
profiles/apparmor.d/abstractions/mozc
View File

@@ -10,3 +10,6 @@
# ------------------------------------------------------------------
unix (connect, receive, send) type=stream peer=(addr="@tmp/.mozc.*"),
# Include additions to the abstraction
#include if exists <abstractions/mozc.d>

3
profiles/apparmor.d/abstractions/mysql
View File

@@ -13,3 +13,6 @@
/{var/,}run/mysql{,d}/mysql{,d}.sock rw,
/usr/share/{mysql,mysql-community-server,mariadb}/charsets/ r,
/usr/share/{mysql,mysql-community-server,mariadb}/charsets/*.xml r,
# Include additions to the abstraction
#include if exists <abstractions/mysql.d>

3
profiles/apparmor.d/abstractions/nameservice
View File

@@ -99,3 +99,6 @@
# interface details
@{PROC}/@{pid}/net/route r,
# Include additions to the abstraction
#include if exists <abstractions/nameservice.d>

3
profiles/apparmor.d/abstractions/nis
View File

@@ -13,3 +13,6 @@
# portmapper may ask root processes to do nis/ldap at low ports
capability net_bind_service,
# Include additions to the abstraction
#include if exists <abstractions/nis.d>

3
profiles/apparmor.d/abstractions/nvidia
View File

@@ -26,3 +26,6 @@
owner @{HOME}/.nv/GLCache/** rwk,
unix (send, receive) type=dgram peer=(addr="@nvidia[0-9a-f]*"),
# Include additions to the abstraction
#include if exists <abstractions/nvidia.d>

3
profiles/apparmor.d/abstractions/opencl
View File

@@ -7,3 +7,6 @@
#include <abstractions/opencl-nvidia>
#include <abstractions/opencl-pocl>
# Include additions to the abstraction
#include if exists <abstractions/opencl.d>

3
profiles/apparmor.d/abstractions/opencl-common
View File

@@ -8,3 +8,6 @@
@{sys}/devices/system/node/ r, # for clGetPlatformIDs() from libOpenCL.so
@{sys}/devices/system/node/node[0-9]*/meminfo r, # for clGetPlatformIDs() from libOpenCL.so
# Include additions to the abstraction
#include if exists <abstractions/opencl-common.d>

3
profiles/apparmor.d/abstractions/opencl-intel
View File

@@ -15,3 +15,6 @@
@{sys}/devices/pci[0-9]*/**/{class,config,resource,revision} r, # libcl.so -> libdrm_intel.so -> libpciaccess.so (move to dri-enumerate ?)
/usr/lib/@{multiarch}/beignet/** r,
# Include additions to the abstraction
#include if exists <abstractions/opencl-intel.d>

3
profiles/apparmor.d/abstractions/opencl-mesa
View File

@@ -18,3 +18,6 @@
owner @{HOME}/.cache/mesa_shader_cache/{,**} rw, # libMesaOpenCL.so -> pipe_nouveau.so
# Include additions to the abstraction
#include if exists <abstractions/opencl-mesa.d>

3
profiles/apparmor.d/abstractions/opencl-nvidia
View File

@@ -28,3 +28,6 @@
owner @{HOME}/.nv/ComputeCache/** rw,
owner @{HOME}/.nv/ComputeCache/index rwk,
# Include additions to the abstraction
#include if exists <abstractions/opencl-nvidia.d>

3
profiles/apparmor.d/abstractions/opencl-pocl
View File

@@ -74,3 +74,6 @@
owner @{HOME}/.cache/pocl/kcache/*/*/*/*/*.so{,.o} rw,
}
# Include additions to the abstraction
#include if exists <abstractions/opencl-pocl.d>

3
profiles/apparmor.d/abstractions/openssl
View File

@@ -12,3 +12,6 @@
/usr/share/ssl/openssl.cnf r,
@{PROC}/sys/crypto/fips_enabled r,
# Include additions to the abstraction
#include if exists <abstractions/openssl.d>

3
profiles/apparmor.d/abstractions/orbit2
View File

@@ -3,3 +3,6 @@
# system library
/usr/lib/orbit-2.0/*.so mr,
# Include additions to the abstraction
#include if exists <abstractions/orbit2.d>

3
profiles/apparmor.d/abstractions/p11-kit
View File

@@ -25,3 +25,6 @@
# p11-kit also supports reading user configuration from ~/.pkcs11 depending
# on how /etc/pkcs11/pkcs11.conf is configured. This should generally not be
# included in this abstraction.
# Include additions to the abstraction
#include if exists <abstractions/p11-kit.d>

3
profiles/apparmor.d/abstractions/perl
View File

@@ -21,3 +21,6 @@
/usr/share/perl/** r,
/usr/share/perl5/** r,
/etc/perl/** r,
# Include additions to the abstraction
#include if exists <abstractions/perl.d>

3
profiles/apparmor.d/abstractions/php
View File

@@ -37,3 +37,6 @@
# Zend opcache
/tmp/.ZendSem.* rwlk,
# Include additions to the abstraction
#include if exists <abstractions/php.d>

3
profiles/apparmor.d/abstractions/php5
View File

@@ -1,3 +1,6 @@
#backwards compatibility include, actual abstraction moved from php5 to php
#include <abstractions/php>
# Include additions to the abstraction
#include if exists <abstractions/php5.d>

3
profiles/apparmor.d/abstractions/postfix-common
View File

@@ -35,3 +35,6 @@
/var/spool/postfix/lib/@{multiarch}/lib*.so* mr,
/etc/postfix/dynamicmaps.cf.d/ r,
Include additions to the abstraction
#include if exists <abstractions/postfix-common.d>

3
profiles/apparmor.d/abstractions/private-files
View File

@@ -45,3 +45,6 @@
deny @{HOME}/.zshenv mrk,
audit deny @{HOME}/.zshenv wl,
# Include additions to the abstraction
#include if exists <abstractions/private-files.d>

3
profiles/apparmor.d/abstractions/private-files-strict
View File

@@ -23,3 +23,6 @@
audit deny @{HOME}/.kde{,4}/share/apps/kmail{,2}/{,**} mrwkl,
audit deny @{HOME}/.kde{,4}/share/apps/kwallet/{,**} mrwkl,
# Include additions to the abstraction
#include if exists <abstractions/private-files-strict.d>

3
profiles/apparmor.d/abstractions/python
View File

@@ -35,3 +35,6 @@
# python build configuration and headers
/usr/include/python{2.[4-7],3.[0-9]}*/pyconfig.h r,
# Include additions to the abstraction
#include if exists <abstractions/python.d>

3
profiles/apparmor.d/abstractions/qt5
View File

@@ -19,3 +19,6 @@
owner @{HOME}/.config/QtProject.conf r, # common settings for QFileDialog, etc (application might need write access)
owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* r, # for "platforminputcontexts" plugins
# Include additions to the abstraction
#include if exists <abstractions/qt5.d>

3
profiles/apparmor.d/abstractions/qt5-compose-cache-write
View File

@@ -6,3 +6,6 @@
owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* rwl -> @{HOME}/.cache/#[0-9]*[0-9],
owner @{HOME}/.cache/#[0-9]*[0-9] rw, # QSaveFile (anonymous shared memory)
# Include additions to the abstraction
#include if exists <abstractions/qt5-compose-cache-write.d>

3
profiles/apparmor.d/abstractions/qt5-settings-write
View File

@@ -9,3 +9,6 @@
owner @{HOME}/.config/QtProject.conf.?????? rwl -> @{HOME}/.config/#[0-9]*[0-9],
owner @{HOME}/.config/QtProject.conf.lock rwk,
# Include additions to the abstraction
#include if exists <abstractions/qt5-settings-write.d>

3
profiles/apparmor.d/abstractions/recent-documents-write
View File

@@ -8,3 +8,6 @@
owner @{HOME}/.local/share/RecentDocuments/*.desktop rwl -> @{HOME}/.local/share/RecentDocuments/#[0-9]*,
owner @{HOME}/.local/share/RecentDocuments/*.lock rwk,
# Include additions to the abstraction
#include if exists <abstractions/recent-documents-write.d>

3
profiles/apparmor.d/abstractions/ruby
View File

@@ -19,3 +19,6 @@
/usr/lib{,32,64}/ruby/gems/1.[89]{.[0-9],}/ r,
/usr/lib{,32,64}/ruby/gems/1.[89]{.[0-9],}/** r,
# Include additions to the abstraction
#include if exists <abstractions/ruby.d>

3
profiles/apparmor.d/abstractions/samba
View File

@@ -25,3 +25,6 @@
# required for clustering
/var/lib/ctdb/** rwk,
# Include additions to the abstraction
#include if exists <abstractions/samba.d>

3
profiles/apparmor.d/abstractions/smbpass
View File

@@ -11,3 +11,6 @@
# libpam-smbpass/pam_smbpass.so permissions
/var/lib/samba/*.[lt]db rwk,
# Include additions to the abstraction
#include if exists <abstractions/smbpass.d>

3
profiles/apparmor.d/abstractions/ssl_certs
View File

@@ -38,3 +38,6 @@
/etc/letsencrypt/archive/*/cert*.pem r,
/etc/letsencrypt/archive/*/chain*.pem r,
/etc/letsencrypt/archive/*/fullchain*.pem r,
# Include additions to the abstraction
#include if exists <abstractions/ssl_certs.d>

3
profiles/apparmor.d/abstractions/ssl_keys
View File

@@ -26,3 +26,6 @@
# certbot / letsencrypt
/etc/letsencrypt/archive/*/privkey*.pem r,
# Include additions to the abstraction
#include if exists <abstractions/ssl_keys.d>

3
profiles/apparmor.d/abstractions/svn-repositories
View File

@@ -50,3 +50,6 @@
/tmp/apr* rwl,
/var/tmp/apr* rwl,
/tmp/report*.tmp rwl,
# Include additions to the abstraction
#include if exists <abstractions/svn-repositories.d>

3
profiles/apparmor.d/abstractions/ubuntu-bittorrent-clients
View File

@@ -15,3 +15,6 @@
/usr/bin/ktorrent Cxr -> sanitized_helper,
/usr/bin/qbittorrent Cxr -> sanitized_helper,
/usr/bin/transmission{,-gtk,-qt,-cli} Cxr -> sanitized_helper,
# Include additions to the abstraction
#include if exists <abstractions/ubuntu-bittorrent-clients.d>

3
profiles/apparmor.d/abstractions/ubuntu-console-browsers
View File

@@ -16,3 +16,6 @@
/usr/bin/netrik Cx -> sanitized_helper,
/usr/bin/w3m Cx -> sanitized_helper,
# Include additions to the abstraction
#include if exists <abstractions/ubuntu-console-browsers.d>

3
profiles/apparmor.d/abstractions/ubuntu-console-email
View File

@@ -16,3 +16,6 @@
/usr/bin/elmo Cx -> sanitized_helper,
/usr/bin/mutt Cx -> sanitized_helper,
# Include additions to the abstraction
#include if exists <abstractions/ubuntu-console-email.d>

3
profiles/apparmor.d/abstractions/ubuntu-email
View File

@@ -22,3 +22,6 @@
/usr/bin/thunderbird Cx -> sanitized_helper, # used by gio-launch-desktop
/usr/lib/thunderbird*/thunderbird{,.sh,-bin} Cx -> sanitized_helper,
# Include additions to the abstraction
#include if exists <abstractions/ubuntu-email.d>

3
profiles/apparmor.d/abstractions/ubuntu-feed-readers
View File

@@ -8,3 +8,6 @@
/usr/bin/akregator Cxr -> sanitized_helper,
/usr/bin/liferea-add-feed Cxr -> sanitized_helper,
# Include additions to the abstraction
#include if exists <abstractions/ubuntu-feed-readers.d>

3
profiles/apparmor.d/abstractions/ubuntu-gnome-terminal
View File

@@ -8,3 +8,6 @@
# do not use ux or PUx here. Use at a minimum ix
/usr/bin/gnome-terminal ix,
# Include additions to the abstraction
#include if exists <abstractions/ubuntu-gnome-terminal.d>

3
profiles/apparmor.d/abstractions/ubuntu-konsole
View File

@@ -15,3 +15,6 @@
# do not use ux or Ux here. Use at a minimum ix
/usr/bin/konsole ix,
# Include additions to the abstraction
#include if exists <abstractions/ubuntu-konsole.d>

3
profiles/apparmor.d/abstractions/ubuntu-media-players
View File

@@ -58,3 +58,6 @@
/etc/gnashpluginrc r,
owner @{HOME}/.gnash/ rw,
owner @{HOME}/.gnash/** rw,
# Include additions to the abstraction
#include if exists <abstractions/ubuntu-media-players.d>

3
profiles/apparmor.d/abstractions/ubuntu-unity7-base
View File

@@ -98,3 +98,6 @@
# Deny potentially dangerous access
#
deny dbus bus=session path=/com/canonical/[Uu]nity/[Dd]ebug**,
# Include additions to the abstraction
#include if exists <abstractions/ubuntu-unity7-base.d>

3
profiles/apparmor.d/abstractions/ubuntu-unity7-launcher
View File

@@ -5,3 +5,6 @@
bus=session
interface="com.canonical.Unity.LauncherEntry"
member="Update",
# Include additions to the abstraction
#include if exists <abstractions/ubuntu-unity7-launcher.d>

3
profiles/apparmor.d/abstractions/ubuntu-unity7-messaging
View File

@@ -5,3 +5,6 @@
dbus (receive, send)
bus=session
path="/com/canonical/indicator/messages/*",
# Include additions to the abstraction
#include if exists <abstractions/ubuntu-unity7-messaging.d>

3
profiles/apparmor.d/abstractions/ubuntu-xterm
View File

@@ -11,3 +11,6 @@
# do not use ux or Ux here. Use at a minimum ix
/usr/bin/xterm ix,
# Include additions to the abstraction
#include if exists <abstractions/ubuntu-xterm.d>

3
profiles/apparmor.d/abstractions/user-download
View File

@@ -22,3 +22,6 @@
owner @{HOME}/@{XDG_DOWNLOAD_DIR}/* rwl,
owner "@{HOME}/My Downloads/" r,
owner "@{HOME}/My Downloads/**" rwl,
# Include additions to the abstraction
#include if exists <abstractions/user-download.d>

3
profiles/apparmor.d/abstractions/user-mail
View File

@@ -21,3 +21,6 @@
owner @{HOME}/.forward r,
owner @{HOME}/Maildir/ r,
owner @{HOME}/Maildir/** rwl,
# Include additions to the abstraction
#include if exists <abstractions/user-mail.d>

3
profiles/apparmor.d/abstractions/user-manpages
View File

@@ -22,3 +22,6 @@
/usr/local/share/man/man?/** r,
/usr/{share,X11R6,local,kerberos}/man/** r,
/usr/man/** r,
# Include additions to the abstraction
#include if exists <abstractions/user-manpages.d>

3
profiles/apparmor.d/abstractions/user-tmp
View File

@@ -18,3 +18,6 @@
/var/tmp/ rw,
owner /tmp/** rwkl,
/tmp/ rw,
# Include additions to the abstraction
#include if exists <abstractions/user-tmp.d>

3
profiles/apparmor.d/abstractions/user-write
View File

@@ -19,3 +19,6 @@
owner @{HOME}/@{XDG_DESKTOP_DIR}/** rwl,
owner @{HOME}/@{XDG_DOCUMENTS_DIR}/** rwl,
owner @{HOME}/@{XDG_PUBLICSHARE_DIR}/** rwl,
# Include additions to the abstraction
#include if exists <abstractions/user-write.d>

3
profiles/apparmor.d/abstractions/video
View File

@@ -4,3 +4,6 @@
# System devices
@{sys}/class/video4linux r,
@{sys}/class/video4linux/** r,
# Include additions to the abstraction
#include if exists <abstractions/video.d>

3
profiles/apparmor.d/abstractions/vulkan
View File

@@ -12,3 +12,6 @@
# User files
owner @{HOME}/.local/share/vulkan/implicit_layer.d/{,*.json} r,
# Include additions to the abstraction
#include if exists <abstractions/vulkan.d>

3
profiles/apparmor.d/abstractions/wayland
View File

@@ -11,3 +11,6 @@
owner /run/user/*/wayland-[0-9]* rw,
owner /run/user/*/{mesa,mutter,sdl,wayland-cursor,weston,xwayland}-shared-* rw,
# Include additions to the abstraction
#include if exists <abstractions/wayland.d>

3
profiles/apparmor.d/abstractions/web-data
View File

@@ -23,3 +23,6 @@
/var/www/html/ r,
/var/www/html/** r,
# Include additions to the abstraction
#include if exists <abstractions/web-data.d>

3
profiles/apparmor.d/abstractions/winbind
View File

@@ -19,3 +19,6 @@
/usr/lib*/samba/lowcase.dat r,
/usr/share/samba/codepages/{lowcase,upcase,valid}.dat r,
# Include additions to the abstraction
#include if exists <abstractions/winbind.d>

3
profiles/apparmor.d/abstractions/wutmp
View File

@@ -14,3 +14,6 @@
/var/log/lastlog rwk,
/var/log/wtmp wk,
/{,var/}run/utmp rwk,
# Include additions to the abstraction
#include if exists <abstractions/wutmp.d>

3
profiles/apparmor.d/abstractions/xad
View File

@@ -23,3 +23,6 @@
/var/opt/novell/nici/* r,
/var/opt/novell/nici/*/ r,
/var/opt/novell/nici/*/* rw,
# Include additions to the abstraction
#include if exists <abstractions/xad.d>

3
profiles/apparmor.d/abstractions/xdg-desktop
View File

@@ -22,3 +22,6 @@
# fallbacks
/usr/share/ r,
/usr/local/share/ r,
# Include additions to the abstraction
#include if exists <abstractions/xdg-desktop.d>