feat(profile): improve opensuse integration.

See #208
roddhjav · Oct 20, 2023 · aa7fe16 · aa7fe16
1 parent 4276ede
commit aa7fe16
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 2 deletions.
diff --git a/apparmor.d/groups/kde/dolphin b/apparmor.d/groups/kde/dolphin
@@ -35,8 +35,9 @@ profile dolphin @{exec_path} {
   /usr/share/mime/ r,
 
   /etc/fstab r,
-  /etc/xdg/arkrc r,
   /etc/machine-id r,
+  /etc/xdg/arkrc r,
+  /etc/xdg/dolphinrc r,
 
   # Full access to user's data
   / r,

diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell
@@ -39,6 +39,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
   ptrace (read) peer=akonadi*,
   ptrace (read) peer=kalendarac,
   ptrace (read) peer=kded5,
+  ptrace (read) peer=kwin_x11,
   ptrace (read) peer=libreoffice*,
   ptrace (read) peer=pinentry-qt,
 

diff --git a/apparmor.d/profiles-a-f/aa-enforce b/apparmor.d/profiles-a-f/aa-enforce
@@ -24,7 +24,7 @@ profile aa-enforce @{exec_path} {
   /etc/apparmor/logprof.conf r,
   /etc/apparmor.d/{,**} rw,
 
-  /etc/inputrc r,
+  @{etc_ro}/inputrc r,
 
   owner /snap/core@{int}/@{int}/etc/apparmor.d/{,**} rw,
   owner /var/lib/snapd/apparmor/{,**} rw,

diff --git a/apparmor.d/profiles-g-l/git b/apparmor.d/profiles-g-l/git
@@ -80,6 +80,7 @@ profile git @{exec_path} {
   /usr/share/git{,-core}/{,**} r,
   /usr/share/terminfo/x/xterm-256color r,
 
+  /etc/gitconfig r,
   /etc/mailname r,
 
   owner @{user_projects_dirs}/   rw,

diff --git a/apparmor.d/profiles-g-l/host b/apparmor.d/profiles-g-l/host
@@ -13,6 +13,8 @@ profile host @{exec_path} {
   include <abstractions/nameservice-strict>
   include <abstractions/openssl>
 
+  capability ipc_lock,
+
   network inet dgram,
   network inet6 dgram,
   network inet stream,