2013-10-17 14:18:08 +02:00
|
|
|
# Last Modified: Thu Oct 17 14:07:52 2013
|
2012-07-16 22:21:24 +02:00
|
|
|
#include <tunables/global>
|
|
|
|
|
|
2013-10-30 19:53:00 +01:00
|
|
|
/usr/lib/colord (attach_disconnected) {
|
2012-07-16 22:21:24 +02:00
|
|
|
#include <abstractions/base>
|
|
|
|
|
#include <abstractions/nameservice>
|
|
|
|
|
|
2015-10-07 20:54:56 +02:00
|
|
|
capability dac_override,
|
2012-07-16 22:21:24 +02:00
|
|
|
|
|
|
|
|
deny /usr/share/gvfs/remote-volume-monitors/ r,
|
|
|
|
|
deny /usr/share/gvfs/remote-volume-monitors/afc.monitor r,
|
|
|
|
|
deny /usr/share/gvfs/remote-volume-monitors/udisks2.monitor r,
|
|
|
|
|
|
2014-12-23 22:09:58 +01:00
|
|
|
/dev/ r,
|
|
|
|
|
/dev/bus/usb/ r,
|
|
|
|
|
/dev/bus/usb/[0-9]*/[0-9]* rw,
|
2012-07-16 22:21:24 +02:00
|
|
|
/etc/colord.conf r,
|
|
|
|
|
/etc/fstab r,
|
2014-10-14 20:38:46 +02:00
|
|
|
/etc/udev/hwdb.bin r,
|
2012-07-16 22:21:24 +02:00
|
|
|
/etc/udev/udev.conf r,
|
2014-12-23 22:09:58 +01:00
|
|
|
/proc/*/fd/ r,
|
|
|
|
|
/proc/*/mountinfo r,
|
2012-07-16 22:21:24 +02:00
|
|
|
/proc/*/mounts r,
|
2013-02-18 09:30:23 +01:00
|
|
|
/proc/*/cgroup r,
|
2013-10-30 19:53:00 +01:00
|
|
|
/proc/*/cmdline r, # not only @{pid}, bnc#846301
|
|
|
|
|
/run/systemd/sessions/[0-9]* r,
|
2014-08-22 13:04:16 +02:00
|
|
|
/run/systemd/sessions/c[0-9]* r,
|
2012-07-16 22:21:24 +02:00
|
|
|
/run/udev/data/* r,
|
2014-12-23 22:09:58 +01:00
|
|
|
/run/udev/queue.bin r,
|
2012-07-16 22:21:24 +02:00
|
|
|
/sys/bus/ r,
|
|
|
|
|
/sys/bus/usb/devices/ r,
|
|
|
|
|
/sys/class/ r,
|
2013-10-17 14:18:08 +02:00
|
|
|
/sys/class/drm/ r,
|
2013-02-18 09:30:23 +01:00
|
|
|
/sys/class/video4linux/** r,
|
2013-02-18 22:15:52 +01:00
|
|
|
/sys/class/video4linux/ r,
|
2012-07-16 22:21:24 +02:00
|
|
|
/sys/devices/** r,
|
2014-12-23 22:09:58 +01:00
|
|
|
/usr/bin/spotread ix, # inherit colord profile, needed to support USB colorimeter not natively supported by colord
|
2012-07-16 22:21:24 +02:00
|
|
|
/usr/lib/colord mr,
|
2013-10-17 14:18:08 +02:00
|
|
|
/usr/local/share/mime/** r,
|
2012-07-16 22:21:24 +02:00
|
|
|
/usr/share/color/**/ r,
|
|
|
|
|
/usr/share/color/icc/** r,
|
|
|
|
|
/usr/share/dbus-1/interfaces/org.freedesktop.ColorManager.Device.xml r,
|
|
|
|
|
/usr/share/dbus-1/interfaces/org.freedesktop.ColorManager.Profile.xml r,
|
|
|
|
|
/usr/share/dbus-1/interfaces/org.freedesktop.ColorManager.Sensor.xml r,
|
|
|
|
|
/usr/share/dbus-1/interfaces/org.freedesktop.ColorManager.xml r,
|
|
|
|
|
/usr/share/gvfs/remote-volume-monitors/gphoto2.monitor r,
|
|
|
|
|
/usr/share/locale-bundle/**.mo r,
|
2013-01-11 12:33:48 +01:00
|
|
|
/usr/share/mime/** r,
|
2012-07-16 22:21:24 +02:00
|
|
|
/var/lib/color/icc/ r,
|
2017-03-11 22:31:16 +01:00
|
|
|
/var/lib/colord/.cache/ rw,
|
|
|
|
|
/var/lib/colord/.cache/** rw,
|
2012-07-16 22:21:24 +02:00
|
|
|
/var/lib/colord/mapping.db rwk,
|
|
|
|
|
/var/lib/colord/mapping.db-journal rw,
|
|
|
|
|
/var/lib/colord/storage.db rwk,
|
|
|
|
|
/var/lib/colord/storage.db-journal rw,
|
2013-02-18 09:30:23 +01:00
|
|
|
|
|
|
|
|
@{HOME}/.local/share/icc/*.icc r,
|
2013-02-18 22:15:52 +01:00
|
|
|
@{HOME}/.local/share/color/icc/*.icc r,
|
2013-10-30 19:53:00 +01:00
|
|
|
/var/lib/gdm/.local/share/icc/*.icc r,
|
2012-07-16 22:21:24 +02:00
|
|
|
}
|
