Home Explore Help
Register Sign In
iikb
/
tails
Watch 2
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: natal2016
Branches Tags
tails
/
config
/
chroot_local-patches
/
apparmor-adjust-totem-profile.diff

apparmor-adjust-totem-profile.diff 3.2 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 
  1. --- a/etc/apparmor.d.orig/abstractions/totem	2014-08-28 15:51:48.000000000 +0000
    2. 

  2. +++ b/etc/apparmor.d/abstractions/totem	2016-12-04 16:46:57.160470997 +0000
    3. 

  3. @@ -30,6 +30,19 @@
    4. 

  4.  
    5. 

  5.    /usr/lib/@{multiarch}/gstreamer[0-9].[0-9]/gstreamer-[0-9].[0-9]/gst-plugin-scanner Cix -> gst_plugin_scanner,
    6. 

  6.  
    7. 

  7. -  owner @{HOME}/.cache/tracker/meta.db k,
    8. 

  8. -  owner @{HOME}/.cache/tracker/meta.db-shm k,
    9. 

  9. -  owner @{HOME}/.local/share/grilo-plugins/*.db k,
    10. 

  10. +  owner @{HOME}/.cache/gstreamer-[0-9]*.[0-9]*/ rw,
    11. 

  11. +  owner @{HOME}/.cache/gstreamer-[0-9]*.[0-9]*/registry.*.bin rw,
    12. 

  12. +  owner @{HOME}/.cache/gstreamer-[0-9]*.[0-9]*/registry.*.bin.tmp* rw,
    13. 

  13. +  owner @{HOME}/.cache/thumbnails/** rw,
    14. 

  14. +  owner @{HOME}/.cache/totem/** rwk,
    15. 

  15. +  owner @{HOME}/.cache/totem-* rwk,
    16. 

  16. +  owner @{HOME}/.cache/tracker/db-locale.txt r,
    17. 

  17. +  owner @{HOME}/.cache/tracker/meta.db{,-shm,-journal,-wal} rwk,
    18. 

  18. +  owner @{HOME}/.cache/tracker/ontologies.gvdb r,
    19. 

  19. +  owner @{HOME}/.config/totem/ rwk,
    20. 

  20. +  owner @{HOME}/.config/totem/** rwk,
    21. 

  21. +  owner @{HOME}/.local/share/grilo-plugins/ rwk,
    22. 

  22. +  owner @{HOME}/.local/share/grilo-plugins/*.db{,-shm,-journal,-wal} rwk,
    23. 

  23. +  owner @{HOME}/.local/share/gvfs-metadata/** r,
    24. 

  24. +  owner @{HOME}/.local/share/totem/ rwk,
    25. 

  25. + 
    26. 

  26. diff -Naur etc/apparmor.d.orig/usr.bin.totem etc/apparmor.d/usr.bin.totem
    27. 

  27. --- a/etc/apparmor.d.orig/usr.bin.totem	2015-11-14 13:39:59.000000000 +0000
    28. 

  28. +++ b/etc/apparmor.d/usr.bin.totem	2016-12-04 16:52:51.944799445 +0000
    29. 

  29. @@ -6,19 +6,24 @@
    30. 

  30.  /usr/bin/totem {
    31. 

  31.    #include <abstractions/audio>
    32. 

  32.    #include <abstractions/dconf>
    33. 

  33. +  #include <abstractions/ibus>
    34. 

  34.    #include <abstractions/python>
    35. 

  35.    #include <abstractions/totem>
    36. 

  36.  
    37. 

  37. +  # We wrap Totem to run it with torsocks
    38. 

  38. +  /etc/tor/torsocks.conf r,
    39. 

  39. +
    40. 

  40.    # Maybe in an abstraction?
    41. 

  41.    /usr/include/**/pyconfig.h r,
    42. 

  42.  
    43. 

  43.    /usr/bin/totem r,
    44. 

  44.    /dev/sr* r,
    45. 

  45.  
    46. 

  46. -  # Allow read and write on anything in @{HOME}. Lenient, but
    47. 

  47. +  # Allow read and write on almost anything in @{HOME}. Lenient, but
    48. 

  48.    # private-files-strict is in effect.
    49. 

  49.    #include <abstractions/private-files-strict>
    50. 

  50. -  owner @{HOME}/** rw,
    51. 

  51. +  owner @{HOME}/[^.]*    rw,
    52. 

  52. +  owner @{HOME}/[^.]*/** rw,
    53. 

  53.  
    54. 

  54.    owner /{,var/}run/user/*/dconf/user w,
    55. 

  55.    owner /{,var/}run/user/*/at-spi2-*/   rw,
    56. 

  56. diff -Naur etc/apparmor.d.orig/usr.bin.totem-previewers etc/apparmor.d/usr.bin.totem-previewers
    57. 

  57. --- a/etc/apparmor.d.orig/usr.bin.totem-previewers	2014-10-14 23:22:57.000000000 +0000
    58. 

  58. +++ b/etc/apparmor.d/usr.bin.totem-previewers	2016-12-04 16:50:31.818740913 +0000
    59. 

  59. @@ -6,10 +6,11 @@
    60. 

  60.  /usr/bin/totem-video-thumbnailer {
    61. 

  61.    #include <abstractions/totem>
    62. 

  62.  
    63. 

  63. -  # Allow read on anything in @{HOME}. Lenient, but private-files-strict is in
    64. 

  64. +  # Allow read on almost anything in @{HOME}. Lenient, but private-files-strict is in
    65. 

  65.    # effect.
    66. 

  66.    #include <abstractions/private-files-strict>
    67. 

  67. -  owner @{HOME}/** r,
    68. 

  68. +  owner @{HOME}/[^.]*    rw,
    69. 

  69. +  owner @{HOME}/[^.]*/** rw,
    70. 

  70.  
    71. 

  71.    # Not needed by nautilus, but maybe other applications
    72. 

  72.    owner /**.[pP][nN][gG] w,
    73. 

  73. @@ -26,7 +27,8 @@
    74. 

  74.    # Allow read on anything in @{HOME}. Lenient, but private-files-strict is in
    75. 

  75.    # effect.
    76. 

  76.    #include <abstractions/private-files-strict>
    77. 

  77. -  owner @{HOME}/** r,
    78. 

  78. +  owner @{HOME}/[^.]*    rw,
    79. 

  79. +  owner @{HOME}/[^.]*/** rw,
    80. 

  80.  
    81. 

  81.    # Site-specific additions and overrides. See local/README for details.
    82. 

  82.    #include <local/usr.bin.totem-previewers>
    83. 

  83. 

  84.