update apparmor profiles

parent 41ea56a2
......@@ -29,7 +29,7 @@ profile adequate @{exec_path} flags=(complain) {
# Think what to do about this (#FIXME#)
/usr/share/debconf/frontend rPx,
#/usr/share/debconf/frontend rCx -> debconf-frontend,
#/usr/share/debconf/frontend rCx -> frontend,
/{usr/,}bin/pkg-config rCx -> pkg-config,
/{usr/,}bin/dpkg rPx -> child-dpkg,
......@@ -71,7 +71,7 @@ profile adequate @{exec_path} flags=(complain) {
}
profile debconf-frontend flags=(complain) {
profile frontend flags=(complain) {
#include <abstractions/base>
#include <abstractions/consoles>
#include <abstractions/perl>
......
......@@ -28,6 +28,7 @@ profile chromium-chromium @{exec_path} {
#include <abstractions/user-download-strict>
#include <abstractions/thumbnails-cache-write>
#include <abstractions/nameservice-strict>
#include <abstractions/dconf-deny>
capability sys_nice,
......
......@@ -23,9 +23,10 @@ profile debconf-apt-progress @{exec_path} flags=(complain) {
# Think what to do about this (#FIXME#)
/usr/share/debconf/frontend rPx,
#/usr/share/debconf/frontend rCx -> debconf-frontend,
#/usr/share/debconf/frontend rCx -> frontend,
profile debconf-frontend flags=(complain) {
profile frontend flags=(complain) {
#include <abstractions/base>
#include <abstractions/consoles>
#include <abstractions/perl>
......
......@@ -16,6 +16,8 @@ profile dpkg-split @{exec_path} flags=(complain) {
#include <abstractions/base>
#include <abstractions/consoles>
capability dac_read_search,
@{exec_path} mr,
/{usr/,}bin/dpkg-deb rPx,
......
......@@ -29,16 +29,30 @@ profile firefox-crashreporter @{exec_path} {
/{usr/,}bin/mv rix,
owner "@{MOZ_HOMEDIR}/firefox/Crash Reports/{,**}" rw,
owner "@{MOZ_HOMEDIR}/firefox/Crash Reports/crashreporter.ini" rw,
owner "@{MOZ_HOMEDIR}/firefox/Crash Reports/submit.log" rw,
owner "@{MOZ_HOMEDIR}/firefox/Crash Reports/events/[0-9a-f]*" rw,
owner "@{MOZ_HOMEDIR}/firefox/Crash Reports/pending/[0-9a-f]*.{dmp,extra}" rw,
owner @{MOZ_HOMEDIR}/firefox/*.*/minidumps/{,**} rw,
owner @{MOZ_HOMEDIR}/firefox/*.*/minidumps/[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*.{dmp,extra} rw,
owner @{MOZ_HOMEDIR}/firefox/*.*/crashes/{,**} rw,
owner @{MOZ_HOMEDIR}/firefox/*.*/crashes/events/[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw,
/tmp/ r,
owner /tmp/[0-9a-f]*.{dmp,extra} rw,
owner /tmp/firefox/.parentlock w,
/var/tmp/ r,
/etc/passwd r,
owner /dev/shm/org.mozilla.ipc.[0-9]*.[0-9]* r,
# file_inherit
owner @{HOME}/.xsession-errors w,
owner @{HOME}/.local/share/sddm/{xorg,wayland}-session.log w,
#include <local/firefox-crashreporter>
}
......@@ -11,6 +11,10 @@
#include <tunables/global>
@{MOZ_LIBDIR} = /{usr/,}lib/firefox
@{MOZ_HOMEDIR} = @{HOME}/.mozilla
@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla
@{exec_path} = /{usr/,}lib/firefox/minidump-analyzer
profile firefox-minidump-analyzer @{exec_path} {
#include <abstractions/base>
......@@ -18,10 +22,20 @@ profile firefox-minidump-analyzer @{exec_path} {
@{exec_path} mr,
owner /tmp/[0-9a-f]*.{dmp,extra} rw,
owner /tmp/firefox/.parentlock w,
owner "@{MOZ_HOMEDIR}/firefox/Crash Reports/" rw,
owner "@{MOZ_HOMEDIR}/firefox/Crash Reports/pending/" rw,
owner "@{MOZ_HOMEDIR}/firefox/Crash Reports/pending/[0-9a-f]*.{dmp,extra}" rw,
owner @{MOZ_HOMEDIR}/firefox/*.*/minidumps/ rw,
owner @{MOZ_HOMEDIR}/firefox/*.*/minidumps/[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*.{dmp,extra} rw,
owner /dev/shm/org.mozilla.ipc.[0-9]*.[0-9]* r,
owner "@{HOME}/.mozilla/firefox/Crash Reports/" rw,
owner "@{HOME}/.mozilla/firefox/Crash Reports/pending/" rw,
owner "@{HOME}/.mozilla/firefox/Crash Reports/pending/[0-9a-f]*.{dmp,extra}" rw,
# file_inherit
owner @{HOME}/.xsession-errors w,
owner @{HOME}/.local/share/sddm/{xorg,wayland}-session.log w,
#include <local/firefox-minidump-analyzer>
}
......@@ -22,10 +22,10 @@ profile linux-check-removal @{exec_path} flags=(complain) {
# Think what to do about this (#FIXME#)
/usr/share/debconf/frontend rPx,
#/usr/share/debconf/frontend rCx -> debconf-frontend,
#/usr/share/debconf/frontend rCx -> frontend,
profile debconf-frontend flags=(complain) {
profile frontend flags=(complain) {
#include <abstractions/base>
#include <abstractions/consoles>
#include <abstractions/perl>
......
......@@ -8,3 +8,6 @@
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
# file_inherit
owner /dev/log-xsession w,
......@@ -8,3 +8,6 @@
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
# file_inherit
owner /dev/log-xsession w,
......@@ -24,14 +24,14 @@ profile pam-auth-update @{exec_path} flags=(complain) {
# Think what to do about this (#FIXME#)
/usr/share/debconf/frontend rPx,
#/usr/share/debconf/frontend rCx -> debconf-frontend,
#/usr/share/debconf/frontend rCx -> frontend,
/etc/pam.d/* rw,
/var/lib/pam/* rw,
/usr/share/pam{,-configs}/{,*} r,
profile debconf-frontend flags=(complain) {
profile frontend flags=(complain) {
#include <abstractions/base>
#include <abstractions/consoles>
#include <abstractions/perl>
......
......@@ -35,7 +35,7 @@ profile sddm @{exec_path} {
ptrace (trace) [email protected]{profile_name},
signal (send) set=(kill, term) peer=xorg-xorg,
signal (send) set=(kill, term) peer=xorg,
@{exec_path} mr,
......
......@@ -27,7 +27,7 @@ profile tasksel @{exec_path} flags=(complain) {
# Think what to do about this (#FIXME#)
/usr/share/debconf/frontend rPx,
#/usr/share/debconf/frontend rCx -> debconf-frontend,
#/usr/share/debconf/frontend rCx -> frontend,
/{usr/,}bin/dpkg-query rPx,
/{usr/,}bin/apt-cache rPx,
......@@ -49,7 +49,7 @@ profile tasksel @{exec_path} flags=(complain) {
}
profile debconf-frontend flags=(complain) {
profile frontend flags=(complain) {
#include <abstractions/base>
#include <abstractions/consoles>
#include <abstractions/perl>
......
......@@ -46,7 +46,7 @@ profile ucf @{exec_path} flags=(complain) {
# Think what to do about this (#FIXME#)
/usr/share/debconf/frontend rPx,
#/usr/share/debconf/frontend rCx -> debconf-frontend,
#/usr/share/debconf/frontend rCx -> frontend,
/etc/ucf.conf r,
/var/lib/ucf/** rw,
......@@ -69,7 +69,7 @@ profile ucf @{exec_path} flags=(complain) {
}
profile debconf-frontend flags=(complain) {
profile frontend flags=(complain) {
#include <abstractions/base>
#include <abstractions/consoles>
#include <abstractions/perl>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment