search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
app-misc/xmind: bump version to 24.12.04124
[gentoo-zh.git] / sec-policy / apparmor-profile-deepinwine / files / opt.deepinwine6
blob1db9bdc7005c4d3e83745f00e2ff327a1e63eb2a
1 # vim:syntax=apparmor
2
3 abi <abi/3.0>,
4
5 include <tunables/global>
6 profile deepin-wine6 /opt/deepin-wine6-stable/bin/* {
7     include <abstractions/base>
8     include <abstractions/fonts>
9     include <abstractions/gnome>
10     include <abstractions/kde>
11     include <abstractions/nameservice>
12     include <abstractions/ssl_certs>
13     include <abstractions/user-tmp>
14     include <abstractions/private-files-strict>
15
16     network inet stream,
17     network inet6 stream,
18     @{PROC}/@{pid}/net/if_inet6 r,
19     @{PROC}/@{pid}/net/ipv6_route r,
20
21     /opt/deepin-wine6-stable/** rmix,
22
23     /etc/fstab r,
24     /usr/share/terminfo/** r,
25
26     /tmp/.wine-*/ rw,
27     /tmp/.wine-*/server-*/ rw,
28     /tmp/.wine-*/server-*/* rwmk,
29
30     owner @{HOME}/ r,
31     owner @{HOME}/.wine/ rw,
32     owner @{HOME}/.wine/** rwmk,
33     owner @{HOME}/.local/share/icons/hicolor/** rwk,
34     owner @{HOME}/.local/share/applications/** rwk,
35     owner @{HOME}/.config/menus/applications-merged/wine-* rwk,
36     owner @{HOME}/.local/share/desktop-directories/wine-* rwk,
37
38     # Mostly winemenubuilder stuff
39     deny /usr/bin/update-mime-database x,
40     deny /usr/bin/update-desktop-database x,
41     deny @{HOME}/.local/share/mime/** w,
42
43     # For winedbg
44     ##deny capability sys_ptrace,
45
46     # Hardware
47     /etc/udev/udev.conf r,
48     /run/udev/data/* r,
49     /run/udev/queue.bin r,
50     /sys/devices/pci** r,
51     /sys/devices/system/** r,
52     /dev r,
53     /dev/video* rw,
54     /dev/tty* rw,
55     /dev/pts/* r,
56     /dev/hidraw2 rw,
57
58     # For initial ~/.wine creation/updates only
59     / r,
60     /usr/share/wine/** r,
61     owner @{HOME}/.cache/ r,
62     owner @{HOME}/.cache/wine/ rwk,
63     owner @{HOME}/.cache/wine/** rwk,
64
65     # Actual apps/games
66     owner /proc/@{pid}/mounts r,
67     owner @{HOME}/.cups/ r,
68     /etc/machine-id r,
69     /mnt/iso/ r,
70     /mnt/iso/** r,
71
72     # Deepin wine
73     @{PROC}/uptime r,
74     /bin/dirname ix,
75     /bin/uname ix,
76     /usr/bin/ntlm_auth ix,
77     owner @{HOME}/.deepinwine/** mrwkl,
78     owner @{HOME}/Documents/** mrwkl,
79     owner @{HOME}/Downloads/** mrwkl,
80     owner @{HOME}/** r,
81     ##/sys/** r,
82     ##/dev/** r,
83     @{PROC}/@{pid}/** r,
84     /usr/share/fonts/** mrl,
85     ptrace (trace, tracedby) peer=deepin-wine6,
86     # Wechat
87     /opt/apps/com.qq.weixin.deepin/** rmix,
88     # Wecom (Wechat work)
89     /opt/apps/com.qq.weixin.work.deepin/** rmix,
90     # Site-specific additions and overrides. See local/README for details.
91     include if exists <local/deepin-wine6>
92 }
gentoo zh overlay