mirror of
https://gitlab.com/apparmor/apparmor
synced 2025-08-22 01:57:43 +00:00
36d32a81a2
Mesa now needs ~/.cache/mesa_shader_cache_db/marker .
Chromium wants uid_map readable, /proc/$PID/smaps_rollup,
/sys/.../report_descriptor, and two XDG utilities used by the "Create
shortcut..." feature. Deny the latter for now, due to additional
permissions that would be needed and a questionable security trade-off
as a result.
Firefox wants a socket for its crash helper, product_{name,sku} from
DMI devices, and .sql files in its cache directory. It also wants
uevent from devices more broadly than currently allowed.