This is an automated email from the git hooks/post-receive script. smcv pushed a commit to branch quake in repository game-data-packager.
commit 43a5e794ad5d322f5cd9141844eb63980d5313ef Author: Simon McVittie <s...@debian.org> Date: Wed Jan 20 07:53:01 2016 +0000 quake4*: add experimental AppArmor profiles --- debian/apparmor.d/usr.lib.quake4.q4ded.x86 | 23 ++++++++ debian/apparmor.d/usr.lib.quake4.quake4.x86 | 83 +++++++++++++++++++++++++++++ debian/changelog | 1 + debian/control | 1 + debian/copyright | 7 ++- debian/quake4-server.install | 1 + debian/quake4.install | 1 + debian/rules | 5 ++ 8 files changed, 120 insertions(+), 2 deletions(-) diff --git a/debian/apparmor.d/usr.lib.quake4.q4ded.x86 b/debian/apparmor.d/usr.lib.quake4.q4ded.x86 new file mode 100644 index 0000000..0cb15cb --- /dev/null +++ b/debian/apparmor.d/usr.lib.quake4.q4ded.x86 @@ -0,0 +1,23 @@ +# Quake 4 dedicated server AppArmor profile +# Copyright © 2016 Simon McVittie +# Redistribution and use in source and compiled forms, with or without +# modification, are permitted under any circumstances. No warranty. + +#include <tunables/global> + +/usr/lib/quake4/q4ded.x86 flags=(complain) { + #include <abstractions/base> + #include <abstractions/nameservice> + + network inet dgram, + network inet stream, + network inet6 dgram, + network inet6 stream, + + /etc/quake4-server/** r, + /usr/lib/quake4/q4ded.x86 mr, + /usr/lib/quake4/* r, + /usr/share/games/quake4/** r, + owner @{HOME}/.quake4/** rwk, + owner /var/games/quake4-server/** rwk, +} diff --git a/debian/apparmor.d/usr.lib.quake4.quake4.x86 b/debian/apparmor.d/usr.lib.quake4.quake4.x86 new file mode 100644 index 0000000..efdb170 --- /dev/null +++ b/debian/apparmor.d/usr.lib.quake4.quake4.x86 @@ -0,0 +1,83 @@ +# Quake 4 client AppArmor profile +# Copyright © 2016 Simon McVittie +# Redistribution and use in source and compiled forms, with or without +# modification, are permitted under any circumstances. No warranty. + +#include <tunables/global> + +/usr/lib/quake4/quake4.x86 flags=(complain) { + #include <abstractions/X> + #include <abstractions/audio> + #include <abstractions/base> + #include <abstractions/nameservice> + #include <abstractions/nvidia> + #include <abstractions/private-files-strict> + + network inet dgram, + network inet stream, + network inet6 dgram, + network inet6 stream, + + /usr/lib/quake4/quake4.x86 mr, + /usr/lib/quake4/* r, + /usr/share/games/quake4/** r, + owner @{HOME}/.quake4/** rwk, + + # the audio and X abstractions don't allow mmapping these + /dev/dri/* m, + owner /{run,dev}/shm/pulse-shm* m, + + # udev device enumeration + /etc/udev/udev.conf r, + /run/udev/data/+pci:* r, + /sys/devices/pci[0-9]*/**/uevent r, + + /usr/bin/xdg-open Cxr -> xdgopen, + + profile xdgopen flags=(complain) { + #include <abstractions/base> + #include <abstractions/ubuntu-browsers> + #include <abstractions/ubuntu-helpers> + /usr/bin/xdg-open rm, + /{usr/,}bin/dash rmix, + } +} + +/usr/lib/quake4/quake4smp.x86 flags=(complain) { + #include <abstractions/X> + #include <abstractions/audio> + #include <abstractions/base> + #include <abstractions/nameservice> + #include <abstractions/nvidia> + #include <abstractions/private-files-strict> + + network inet dgram, + network inet stream, + network inet6 dgram, + network inet6 stream, + + /usr/lib/quake4/quake4smp.x86 mr, + /usr/lib/quake4/libSDL-1.2.id.so.0 mr, + /usr/lib/quake4/* r, + /usr/share/games/quake4/** r, + owner @{HOME}/.quake4/** rwk, + + # the audio and X abstractions don't allow mmapping these + /dev/dri/* m, + owner /{run,dev}/shm/pulse-shm* m, + + # udev device enumeration + /etc/udev/udev.conf r, + /run/udev/data/+pci:* r, + /sys/devices/pci[0-9]*/**/uevent r, + + /usr/bin/xdg-open Cxr -> xdgopen, + + profile xdgopen flags=(complain) { + #include <abstractions/base> + #include <abstractions/ubuntu-browsers> + #include <abstractions/ubuntu-helpers> + /usr/bin/xdg-open rm, + /{usr/,}bin/dash rmix, + } +} diff --git a/debian/changelog b/debian/changelog index 654ca5b..4ff796d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -24,6 +24,7 @@ quake (17) UNRELEASED; urgency=medium (<https://github.com/ValveSoftware/steam-for-linux/issues/3855>) * quake*.desktop: stop using Roman numerals, so they sort in the correct order + * quake4*: add experimental AppArmor profiles -- Simon McVittie <s...@debian.org> Thu, 10 Dec 2015 00:44:21 +0100 diff --git a/debian/control b/debian/control index 6665889..57c669b 100644 --- a/debian/control +++ b/debian/control @@ -7,6 +7,7 @@ Section: contrib/games Priority: optional Build-Depends: debhelper (>= 9), + dh-apparmor [i386], dh-systemd, imagemagick, inkscape, diff --git a/debian/copyright b/debian/copyright index 8c20cc4..9c891a9 100644 --- a/debian/copyright +++ b/debian/copyright @@ -26,8 +26,11 @@ Copyright: © 2015 Alexandre Detiste License: GPL-2+ -Files: quake1+2.svg -Copyright: © 2011 Simon McVittie +Files: + quake1+2.svg + debian/apparmor.d/* +Copyright: + © 2011-2016 Simon McVittie License: ikiwiki-basewiki Redistribution and use in source and compiled forms, with or without modification, are permitted under any circumstances. No warranty. diff --git a/debian/quake4-server.install b/debian/quake4-server.install index 308425c..b185375 100644 --- a/debian/quake4-server.install +++ b/debian/quake4-server.install @@ -1,3 +1,4 @@ README.quake4-data usr/share/doc/quake4-server build/quake4-dedicated usr/games debian/q4/server.cfg etc/quake4-server +debian/apparmor.d/usr.lib.quake4.q4ded.x86 etc/apparmor.d diff --git a/debian/quake4.install b/debian/quake4.install index 621bd4f..7d86e05 100644 --- a/debian/quake4.install +++ b/debian/quake4.install @@ -11,3 +11,4 @@ README.quake4-data usr/lib/quake4 need-data.sh usr/lib/quake4 confirm-binary-only.sh usr/lib/quake4 quake4.desktop usr/share/applications +debian/apparmor.d/usr.lib.quake4.quake4.x86 etc/apparmor.d diff --git a/debian/rules b/debian/rules index ade9d70..6066f55 100755 --- a/debian/rules +++ b/debian/rules @@ -6,6 +6,11 @@ override_dh_auto_build: dh_auto_build -- distro=$(shell dpkg-vendor --query Vendor) +override_dh_install-arch: + dh_install -a + dh_apparmor -pquake4 --profile-name=usr.lib.quake4.quake4.x86 + dh_apparmor -pquake4-server --profile-name=usr.lib.quake4.q4ded.x86 + override_dh_installinit: dh_installinit -pquake4-server --noscripts dh_installinit -petqw-server --noscripts -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-games/game-data-packager.git _______________________________________________ Pkg-games-commits mailing list Pkg-games-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-games-commits