From d8b4a633202a13a13c75779d1f40a99d6cc51dfb Mon Sep 17 00:00:00 2001 From: Vincent43 <31109921+Vincent43@users.noreply.github.com> Date: Sat, 17 Mar 2018 15:55:48 +0100 Subject: more apparmor deployment --- etc/ark.profile | 1 + etc/digikam.profile | 1 + etc/electron.profile | 1 + etc/kate.profile | 1 + etc/kodi.profile | 1 + etc/kwrite.profile | 1 + etc/libreoffice.profile | 1 + etc/okular.profile | 1 + etc/smplayer.profile | 1 + 9 files changed, 9 insertions(+) diff --git a/etc/ark.profile b/etc/ark.profile index 43c61f940..f3e366854 100644 --- a/etc/ark.profile +++ b/etc/ark.profile @@ -29,6 +29,7 @@ novideo protocol unix seccomp shell none +apparmor private-dev private-tmp diff --git a/etc/digikam.profile b/etc/digikam.profile index 5557e5457..179204036 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile @@ -28,6 +28,7 @@ protocol unix,inet,inet6,netlink seccomp # seccomp.keep fallocate,getrusage,openat,access,arch_prctl,bind,brk,chdir,chmod,clock_getres,clone,close,connect,dup2,dup3,eventfd2,execve,fadvise64,fcntl,fdatasync,flock,fstat,fstatfs,ftruncate,futex,getcwd,getdents,getegid,geteuid,getgid,getpeername,getpgrp,getpid,getppid,getrandom,getresgid,getresuid,getrlimit,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,mbind,memfd_create,mkdir,mmap,mprotect,msync,munmap,nanosleep,open,pipe,pipe2,poll,ppoll,prctl,pread64,pwrite64,read,readlink,readlinkat,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,rt_sigreturn,sched_getaffinity,sched_getparam,sched_get_priority_max,sched_get_priority_min,sched_getscheduler,sched_setscheduler,sched_yield,sendmsg,sendto,setgid,setresgid,setresuid,set_robust_list,setsid,setsockopt,set_tid_address,setuid,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,timerfd_create,umask,uname,unlink,wait4,waitid,write,writev,fchmod,fchown,unshare,exit,exit_group shell none +apparmor # private-bin program # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device diff --git a/etc/electron.profile b/etc/electron.profile index 91e5cd3df..2ff61914e 100644 --- a/etc/electron.profile +++ b/etc/electron.profile @@ -20,3 +20,4 @@ noroot notv protocol unix,inet,inet6,netlink seccomp +apparmor diff --git a/etc/kate.profile b/etc/kate.profile index 917be2b4c..d1cfef49b 100644 --- a/etc/kate.profile +++ b/etc/kate.profile @@ -35,6 +35,7 @@ protocol unix seccomp shell none tracelog +apparmor # private-bin kate private-dev diff --git a/etc/kodi.profile b/etc/kodi.profile index 06db44132..4eb2c9df1 100644 --- a/etc/kodi.profile +++ b/etc/kodi.profile @@ -21,6 +21,7 @@ protocol unix,inet,inet6,netlink seccomp shell none tracelog +apparmor private-dev private-tmp diff --git a/etc/kwrite.profile b/etc/kwrite.profile index 4fbb8aad4..386ef142c 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile @@ -36,6 +36,7 @@ protocol unix seccomp shell none tracelog +apparmor private-bin kwrite,kbuildsycoca4,kdeinit4 private-dev diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 220e0f02c..a67fafa30 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile @@ -28,6 +28,7 @@ protocol unix,inet,inet6 seccomp shell none tracelog +apparmor private-dev private-tmp diff --git a/etc/okular.profile b/etc/okular.profile index b26c3ab31..016316b29 100644 --- a/etc/okular.profile +++ b/etc/okular.profile @@ -40,6 +40,7 @@ protocol unix seccomp shell none tracelog +apparmor private-bin okular,kbuildsycoca4,kdeinit4,lpr private-dev diff --git a/etc/smplayer.profile b/etc/smplayer.profile index 8c68cda1e..d0180e185 100644 --- a/etc/smplayer.profile +++ b/etc/smplayer.profile @@ -23,6 +23,7 @@ noroot protocol unix,inet,inet6,netlink seccomp shell none +apparmor private-bin smplayer,smtube,mplayer,mpv private-dev -- cgit v1.2.3-54-g00ecf