From aa7fe16a20b66a9050c7421f4fd07f77ed2671e9 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol <alexandre@pujol.io> Date: Fri, 20 Oct 2023 23:50:26 +0100 Subject: [PATCH] feat(profile): improve opensuse integration. See #208 --- apparmor.d/groups/kde/dolphin | 3 ++- apparmor.d/groups/kde/plasmashell | 1 + apparmor.d/profiles-a-f/aa-enforce | 2 +- apparmor.d/profiles-g-l/git | 1 + apparmor.d/profiles-g-l/host | 2 ++ 5 files changed, 7 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/kde/dolphin b/apparmor.d/groups/kde/dolphin index c99127f33..83370adf4 100644 --- a/apparmor.d/groups/kde/dolphin +++ b/apparmor.d/groups/kde/dolphin @@ -35,8 +35,9 @@ profile dolphin @{exec_path} { /usr/share/mime/ r, /etc/fstab r, - /etc/xdg/arkrc r, /etc/machine-id r, + /etc/xdg/arkrc r, + /etc/xdg/dolphinrc r, # Full access to user's data / r, diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell index e5d3e44c0..f40406351 100644 --- a/apparmor.d/groups/kde/plasmashell +++ b/apparmor.d/groups/kde/plasmashell @@ -39,6 +39,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { ptrace (read) peer=akonadi*, ptrace (read) peer=kalendarac, ptrace (read) peer=kded5, + ptrace (read) peer=kwin_x11, ptrace (read) peer=libreoffice*, ptrace (read) peer=pinentry-qt, diff --git a/apparmor.d/profiles-a-f/aa-enforce b/apparmor.d/profiles-a-f/aa-enforce index 608505179..07222cf28 100644 --- a/apparmor.d/profiles-a-f/aa-enforce +++ b/apparmor.d/profiles-a-f/aa-enforce @@ -24,7 +24,7 @@ profile aa-enforce @{exec_path} { /etc/apparmor/logprof.conf r, /etc/apparmor.d/{,**} rw, - /etc/inputrc r, + @{etc_ro}/inputrc r, owner /snap/core@{int}/@{int}/etc/apparmor.d/{,**} rw, owner /var/lib/snapd/apparmor/{,**} rw, diff --git a/apparmor.d/profiles-g-l/git b/apparmor.d/profiles-g-l/git index 13b173be5..7e8323cde 100644 --- a/apparmor.d/profiles-g-l/git +++ b/apparmor.d/profiles-g-l/git @@ -80,6 +80,7 @@ profile git @{exec_path} { /usr/share/git{,-core}/{,**} r, /usr/share/terminfo/x/xterm-256color r, + /etc/gitconfig r, /etc/mailname r, owner @{user_projects_dirs}/ rw, diff --git a/apparmor.d/profiles-g-l/host b/apparmor.d/profiles-g-l/host index 124b29d2c..b1cb71c26 100644 --- a/apparmor.d/profiles-g-l/host +++ b/apparmor.d/profiles-g-l/host @@ -13,6 +13,8 @@ profile host @{exec_path} { include <abstractions/nameservice-strict> include <abstractions/openssl> + capability ipc_lock, + network inet dgram, network inet6 dgram, network inet stream,