1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
# vim:syntax=apparmor
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2009 Novell/SUSE
# Copyright (C) 2009-2011 Canonical Ltd.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
# .ICEauthority files required for X authentication, per user
owner @{HOME}/.ICEauthority r,
# .Xauthority files required for X connections, per user
owner @{HOME}/.Xauthority r,
owner /{,var/}run/gdm{,3}/*/database r,
owner /{,var/}run/lightdm/authority/[0-9]* r,
owner /{,var/}run/lightdm/*/xauthority r,
owner /{,var/}run/user/*/gdm/Xauthority r,
# the unix socket to use to connect to the display
/tmp/.X11-unix/* w,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
/usr/include/X11/ r,
/usr/include/X11/** r,
# The X tree changes and is large -- grant read access to the whole thing
/usr/X11R6/** r,
/usr/share/X11/ r,
/usr/share/X11/** r,
/usr/X11R6/**.so* mr,
# EGL
/usr/lib/@{multiarch}/egl/*.so* mr,
# DRI
/usr/lib{,32,64}/dri/** mr,
/usr/lib/@{multiarch}/dri/** mr,
/usr/lib/fglrx/dri/** mr,
/dev/dri/** rw,
/etc/drirc r,
owner @{HOME}/.drirc r,
# Xcompose
owner @{HOME}/.XCompose r,
# mouse themes
/etc/X11/cursors/ r,
/etc/X11/cursors/** r,
|