X (2063B)
- # vim:syntax=apparmor
- # ------------------------------------------------------------------
- #
- # Copyright (C) 2002-2009 Novell/SUSE
- # Copyright (C) 2009-2011 Canonical Ltd.
- #
- # This program is free software; you can redistribute it and/or
- # modify it under the terms of version 2 of the GNU General Public
- # License published by the Free Software Foundation.
- #
- # ------------------------------------------------------------------
- abi <abi/3.0>,
- include <abstractions/dri-common>
- # .ICEauthority files required for X authentication, per user
- owner @{HOME}/.ICEauthority r,
- owner @{run}/user/*/ICEauthority r,
- # .Xauthority files required for X connections, per user
- owner @{HOME}/.Xauthority r,
- owner @{HOME}/.local/share/sddm/.Xauthority r,
- owner @{run}/gdm{,3}/*/database r,
- owner @{run}/lightdm/authority/[0-9]* r,
- owner @{run}/lightdm/*/xauthority r,
- owner @{run}/user/*/gdm/Xauthority r,
- owner @{run}/user/*/X11/Xauthority r,
- owner @{run}/user/*/xauth_* r,
- # the unix socket to use to connect to the display
- /tmp/.X11-unix/* rw,
- unix (connect, receive, send)
- type=stream
- peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
- unix (connect, receive, send)
- type=stream
- peer=(addr="@/tmp/.ICE-unix/[0-9]*"),
- /usr/include/X11/ r,
- /usr/include/X11/** r,
- # The X tree changes and is large -- grant read access to the whole thing
- /usr/X11R6/** r,
- /usr/share/X11/ r,
- /usr/share/X11/** r,
- /usr/X11R6/**.so* mr,
- # EGL
- /usr/lib/@{multiarch}/egl/*.so* mr,
- # Xcompose
- owner @{HOME}/.XCompose r,
- /var/cache/libx11/compose/* r,
- deny /var/cache/libx11/compose/* wlk,
- # mouse themes
- /etc/X11/cursors/ r,
- /etc/X11/cursors/** r,
- /usr/share/cursors/xorg-x11/ r,
- /usr/share/cursors/xorg-x11/** r,
- # Xwayland
- owner @{run}/user/*/.mutter-Xwaylandauth.* r,
- # Include additions to the abstraction
- include if exists <abstractions/X.d>