| Server IP : 104.21.84.107 / Your IP : 104.23.197.209 Web Server : Apache/2.4.63 (Ubuntu) System : Linux adminpruebas-Virtual-Machine 6.14.0-37-generic #37-Ubuntu SMP PREEMPT_DYNAMIC Fri Nov 14 22:10:32 UTC 2025 x86_64 User : www-data ( 33) PHP Version : 8.4.5 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /etc/apparmor.d/ |
Upload File : |
# vim:syntax=apparmor
# Author: Daniel Richard G. <[email protected]>
# Related:
# https://bugs.launchpad.net/bugs/1292324
# https://github.com/canonical/lightdm/issues/18
abi <abi/4.0>,
include <tunables/global>
# Note: attach_disconnected appears necessary in rootless mode
profile Xorg /usr/lib/xorg/Xorg flags=(attach_disconnected, complain) {
include <abstractions/base>
include <abstractions/dbus-strict>
include <abstractions/fonts>
include <abstractions/mesa>
include <abstractions/nameservice>
include <abstractions/vulkan>
include <abstractions/X>
capability dac_override,
capability ipc_owner,
capability perfmon,
capability setgid,
capability setuid,
capability sys_admin,
capability sys_nice,
capability sys_rawio,
network netlink raw,
signal (receive) set=(hup, term),
signal (send) set=(usr1),
unix (accept, bind, listen, receive, send) type=stream addr="@/tmp/.X11-unix/X[0-9]*",
dbus (send)
bus=system
path=/org/freedesktop/login1
interface=org.freedesktop.login1.Manager
member=GetSessionByPID
peer=(name=org.freedesktop.login1),
dbus (send)
bus=system
path=/org/freedesktop/login1/session/*
interface=org.freedesktop.login1.Session
member={PauseDeviceComplete,ReleaseControl,ReleaseDevice,TakeControl,TakeDevice}
peer=(name=org.freedesktop.login1),
dbus (receive)
bus=system
path=/org/freedesktop/login1/session/*
interface=org.freedesktop.login1.Session
member=PauseDevice,
/{,usr/}bin/{bash,dash,sh} ix,
/usr/bin/xkbcomp ix,
@{PROC}/cmdline r,
@{PROC}/@{pid}/cmdline r,
@{PROC}/ioports r,
@{PROC}/mtrr rw,
@{sys}/**/ r,
@{sys}/devices/** r,
@{sys}/module/** r,
@{sys}/devices/pci*/**/backlight/*/brightness rw,
# Display managers
@{run}/user/@{uid}/gdm/* r,
@{run}/lightdm/** r,
@{run}/lxdm/* r,
@{run}/sddm/* r,
@{run}/slim.auth r,
/var/lib/wdm/** r,
/var/lib/xdm/** r,
@{run}/nvidia-xdriver-* rw, # TODO: double-check
@{run}/udev/data/** r,
/dev/dri/card[0-9]* r,
/dev/fb0 rw,
/dev/input/event* rw,
/dev/tty[0-9]* rw,
/dev/vga_arbiter rw,
/etc/X11/** r,
owner /tmp/.tX[0-9]*-lock rw,
owner /tmp/.X[0-9]*-lock wl,
owner /tmp/serverauth.* r, # startx(1)
owner /tmp/server-[0-9]*.xkm rw,
/usr/lib/xorg/modules/ r,
/usr/lib/xorg/modules/** mr,
/usr/share/** r,
owner /var/lib/xkb/** rw,
owner /var/log/Xorg.pid-[1-9]*.log rw,
owner /var/log/Xorg.[0-9]*.log{,.old} rw,
# Rootless mode (gdm3, startx)
owner @{HOME}/.local/ w,
owner @{HOME}/.local/share/ w,
owner @{HOME}/.local/share/xorg/ w,
owner @{HOME}/.local/share/xorg/Xorg.pid-[1-9]*.log rw,
owner @{HOME}/.local/share/xorg/Xorg.[0-9]*.log{,.old} rw,
owner /var/lib/gdm*/.cache/mesa_shader_cache/ rw,
owner /var/lib/gdm*/.cache/mesa_shader_cache/** rwk,
owner /var/lib/gdm*/.local/share/xorg/Xorg.pid-[1-9]*.log rw,
owner /var/lib/gdm*/.local/share/xorg/Xorg.[0-9]*.log{,.old} rw,
# When running without a kernel mode-setting (KMS) driver, Xorg may need
# these additional permissions. DO NOT enable these unless necessary!
#nokms#/dev/mem rw,
#nokms#@{sys}/devices/pci[0-9]*/*/*/resource[0-9] w,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/Xorg>
}