[iortcw] 05/06: Sync AppArmor profile with ioquake3
Simon McVittie
smcv at debian.org
Sat Nov 5 22:48:08 UTC 2016
This is an automated email from the git hooks/post-receive script.
smcv pushed a commit to branch debian/master
in repository iortcw.
commit edd3c7fb16b5b0ab177adeb10a1a604f6aae1671
Author: Simon McVittie <smcv at debian.org>
Date: Sat Nov 5 22:33:20 2016 +0000
Sync AppArmor profile with ioquake3
- allow readdir() in data directories
- allow inspecting direct rendering devices (GPUs)
- allow use of Wayland shared memory buffers
- allow zenity to read GLib schemas
---
debian/apparmor.d/usr.lib.rtcw | 12 ++++++++++--
debian/apparmor.d/usr.lib.rtcw.iowolfded | 4 ++--
debian/changelog | 1 +
3 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/debian/apparmor.d/usr.lib.rtcw b/debian/apparmor.d/usr.lib.rtcw
index 6ce2e63..624be52 100644
--- a/debian/apparmor.d/usr.lib.rtcw
+++ b/debian/apparmor.d/usr.lib.rtcw
@@ -20,9 +20,9 @@
network inet6 stream,
/etc/rtcw-server/** r,
- /usr/lib/rtcw/** mr,
+ /usr/lib/rtcw/{,**} mr,
/usr/lib/rtcw/iowolf{mp,sp}* mrix,
- /usr/share/games/rtcw/** r,
+ /usr/share/games/rtcw/{,**} r,
/usr/share/icons/** r,
owner @{HOME}/.wolf/{,**} rwk,
@@ -41,13 +41,18 @@
/run/udev/data/** r,
/sys/bus/ r,
/sys/class/ r,
+ /sys/class/drm/ r,
/sys/class/input/ r,
/sys/class/sound/ r,
+ /sys/devices/**/drm/** r,
/sys/devices/**/input/** r,
/sys/devices/**/sound/**/input*/** r,
/sys/devices/**/sound/timer/uevent r,
/sys/devices/pci*/**/uevent r,
+ # Shared memory buffers used in Wayland
+ owner /run/user/*/{mesa,mutter,sdl,weston,xwayland}-shared-* rw,
+
profile popup (complain) {
#include <abstractions/X>
#include <abstractions/base>
@@ -58,9 +63,12 @@
/usr/bin/kdialog mr,
/usr/bin/xmessage mr,
/usr/bin/zenity mr,
+ /usr/share/glib-2.0/schemas/** r,
/usr/share/themes/** r,
/usr/share/zenity/** r,
owner @{HOME}/.config/gtk-3.0/settings.ini r,
+
+ owner /run/user/*/{mesa,mutter,sdl,weston,xwayland}-shared-* rw,
}
# Site-specific additions and overrides. See local/README for details.
diff --git a/debian/apparmor.d/usr.lib.rtcw.iowolfded b/debian/apparmor.d/usr.lib.rtcw.iowolfded
index b3754f1..2e94e25 100644
--- a/debian/apparmor.d/usr.lib.rtcw.iowolfded
+++ b/debian/apparmor.d/usr.lib.rtcw.iowolfded
@@ -17,8 +17,8 @@
network inet6 stream,
/etc/rtcw-server/** r,
- /usr/lib/rtcw/** mr,
- /usr/share/games/rtcw/** r,
+ /usr/lib/rtcw/{,**} mr,
+ /usr/share/games/rtcw/{,**} r,
owner @{HOME}/.wolf/{,**} rwk,
owner /var/games/rtcw-server/** rwk,
diff --git a/debian/changelog b/debian/changelog
index dcbbeb3..b5c646d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,7 @@ iortcw (1.42d+dfsg1-5) UNRELEASED; urgency=medium
* Use upstream's copyfiles (install) target instead of reimplementing it
* Write generated scripts directly into debian/tmp/usr/games
* Add missing dependency on lsb-base, detected by lintian
+ * Sync AppArmor profile with ioquake3
-- Simon McVittie <smcv at debian.org> Thu, 22 Sep 2016 09:16:38 +0100
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-games/iortcw.git
More information about the Pkg-games-commits
mailing list