[Apparmor-dev] a more useful abstractions/X
Kenny Graunke
kgraunke at novell.com
Fri Aug 31 17:09:09 MDT 2007
Hiya!
Attached is a suggested replacement for /etc/apparmor.d/abstractions/X. I
generated it on openSuSE 10.3beta2, based on the needs of xterm, xmag, and
gimp.
The old profile shipped with openSuSE 10.3beta2 just allowed blanket access
to /usr/X11R6, which is useless since that's empty these days. I noticed in
SVN there's one which allows access to anything in /usr/share/X11/**
and /usr/lib/X11/**...but none of the required shared libraries live there.
In fact, those folders seem to mostly have more application specific stuff.
Also...abstractions/gnome should probably include abstractions/X. :)
--Kenny
-------------- next part --------------
# $Id: X 90 2006-08-04 19:13:59Z seth_arnold $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
# .ICEauthority files required for X authentication, per user
@{HOME}/.ICEauthority r,
/tmp/.ICE-unix/* w,
# .Xauthority files required for X connections, per user
@{HOME}/.Xauthority r,
# the unix socket to use to connect to the display
/tmp/.X11-unix/* w,
# Misc
/usr/lib/X11/Xcms.txt r,
/usr/share/X11/XKeysymDB r,
# Cursors
/usr/share/icons/*/cursors/* r,
/usr/lib/libX11.so* mr,
/usr/lib/libXau.so* mr,
/usr/lib/libXcomposite.so* mr,
/usr/lib/libXcursor.so* mr,
/usr/lib/libXdamage.so* mr,
/usr/lib/libXext.so* mr,
/usr/lib/libXfixes.so* mr,
/usr/lib/libXi.so* mr,
/usr/lib/libXinerama.so* mr,
/usr/lib/libXrender.so* mr,
/usr/lib/libxcb.so* mr,
/usr/lib/libxcb-render.so* mr,
/usr/lib/libxcb-render-util.so* mr,
/usr/lib/libxcb-xlib.so* mr,
/usr/share/X11/locale/** r,
/var/cache/libx11/compose/* r,
More information about the Apparmor-dev
mailing list