diff --git a/apparmor.d/abstractions/app/sudo b/apparmor.d/abstractions/app/sudo index 333cbddbd..1286b1571 100644 --- a/apparmor.d/abstractions/app/sudo +++ b/apparmor.d/abstractions/app/sudo @@ -24,8 +24,8 @@ network netlink raw, # PAM - #aa:dbus talk bus=system name=org.freedesktop.home1 label=systemd-homed - #aa:dbus talk bus=system name=org.freedesktop.login1 label=systemd-logind + #aa:dbus talk bus=system name=org.freedesktop.home1 label="@{p_systemd_homed}" + #aa:dbus talk bus=system name=org.freedesktop.login1 label="@{p_systemd_logind}" dbus (send receive) bus=session path=/org/freedesktop/systemd1 interface=org.freedesktop.systemd.Manager diff --git a/apparmor.d/abstractions/base.d/complete b/apparmor.d/abstractions/base.d/complete index 230e0c9d5..06b413342 100644 --- a/apparmor.d/abstractions/base.d/complete +++ b/apparmor.d/abstractions/base.d/complete @@ -18,7 +18,7 @@ signal (receive) set=(term,kill) peer=openbox, signal (receive) set=(term,kill) peer=su, - ptrace (readby) peer=systemd-coredump, + ptrace (readby) peer=@{p_systemd_coredump}, @{etc_rw}/localtime r, /etc/locale.conf r, diff --git a/apparmor.d/abstractions/bus/net.hadess.PowerProfiles b/apparmor.d/abstractions/bus/net.hadess.PowerProfiles index 63f224c42..7e7560992 100644 --- a/apparmor.d/abstractions/bus/net.hadess.PowerProfiles +++ b/apparmor.d/abstractions/bus/net.hadess.PowerProfiles @@ -4,7 +4,7 @@ abi , - #aa:dbus common bus=system name=net.hadess.PowerProfiles label=power-profiles-daemon + #aa:dbus common bus=system name=net.hadess.PowerProfiles label="@{p_power_profiles_daemon}" include if exists diff --git a/apparmor.d/abstractions/bus/net.reactivated.Fprint b/apparmor.d/abstractions/bus/net.reactivated.Fprint index 2f3660082..0241fc889 100644 --- a/apparmor.d/abstractions/bus/net.reactivated.Fprint +++ b/apparmor.d/abstractions/bus/net.reactivated.Fprint @@ -4,12 +4,12 @@ abi , - #aa:dbus common bus=system name=net.reactivated.Fprint label=fprintd + #aa:dbus common bus=system name=net.reactivated.Fprint label="@{p_fprintd}" dbus send bus=system path=/net/reactivated/Fprint/Manager interface=net.reactivated.Fprint.Manager member={GetDevices,GetDefaultDevice} - peer=(name="@{busname}", label=fprintd), + peer=(name="@{busname}", label="@{p_fprintd}"), dbus send bus=system path=/net/reactivated/Fprint/Manager interface=net.reactivated.Fprint.Manager @@ -19,7 +19,7 @@ dbus send bus=system path=/net/reactivated/Fprint/Manager interface=net.reactivated.Fprint.Manager member={GetDevices,GetDefaultDevice} - peer=(name=net.reactivated.Fprint, label=fprintd), + peer=(name=net.reactivated.Fprint, label="@{p_fprintd}"), include if exists diff --git a/apparmor.d/abstractions/bus/org.a11y b/apparmor.d/abstractions/bus/org.a11y index 018109a62..ef0e15707 100644 --- a/apparmor.d/abstractions/bus/org.a11y +++ b/apparmor.d/abstractions/bus/org.a11y @@ -9,27 +9,27 @@ dbus receive bus=accessibility path=/org/a11y/atspi/registry interface=org.a11y.atspi.Registry member=EventListenerDeregistered - peer=(name="@{busname}", label=at-spi2-registryd), + peer=(name="@{busname}", label="@{p_at_spi2_registryd}"), dbus send bus=accessibility path=/org/a11y/atspi/registry interface=org.a11y.atspi.Registry member=GetRegisteredEvents - peer=(name=org.a11y.atspi.Registry, label=at-spi2-registryd), + peer=(name=org.a11y.atspi.Registry, label="@{p_at_spi2_registryd}"), dbus send bus=accessibility path=/org/a11y/atspi/registry/deviceeventcontroller interface=org.a11y.atspi.DeviceEventController member={GetKeystrokeListeners,GetDeviceEventListeners} - peer=(name=org.a11y.atspi.Registry, label=at-spi2-registryd), + peer=(name=org.a11y.atspi.Registry, label="@{p_at_spi2_registryd}"), dbus receive bus=accessibility path=/org/a11y/atspi/accessible/root interface=org.freedesktop.DBus.Properties member=Set - peer=(name="@{busname}", label=at-spi2-registryd), + peer=(name="@{busname}", label="@{p_at_spi2_registryd}"), dbus send bus=accessibility path=/org/a11y/atspi/accessible/root interface=org.a11y.atspi.Socket member=Embed - peer=(name=org.a11y.atspi.Registry, label=at-spi2-registryd), + peer=(name=org.a11y.atspi.Registry, label="@{p_at_spi2_registryd}"), # Session bus diff --git a/apparmor.d/abstractions/bus/org.bluez b/apparmor.d/abstractions/bus/org.bluez index 296965691..201d3998c 100644 --- a/apparmor.d/abstractions/bus/org.bluez +++ b/apparmor.d/abstractions/bus/org.bluez @@ -4,37 +4,37 @@ abi , - #aa:dbus common bus=system name=org.bluez label=bluetoothd + #aa:dbus common bus=system name=org.bluez label="@{p_bluetoothd}" dbus receive bus=system path=/ interface=org.freedesktop.DBus.ObjectManager member=InterfacesRemoved - peer=(name="{@{busname},org.bluez}", label=bluetoothd), + peer=(name="{@{busname},org.bluez}", label="@{p_bluetoothd}"), dbus send bus=system path=/ interface=org.freedesktop.DBus.ObjectManager member=GetManagedObjects - peer=(name="{@{busname},org.bluez}", label=bluetoothd), + peer=(name="{@{busname},org.bluez}", label="@{p_bluetoothd}"), dbus send bus=system path=/org/bluez interface=org.bluez.AgentManager@{int} member={RegisterAgent,RequestDefaultAgent,UnregisterAgent} - peer=(name=org.bluez, label=bluetoothd), + peer=(name=org.bluez, label="@{p_bluetoothd}"), dbus send bus=system path=/org/bluez interface=org.bluez.ProfileManager@{int} member=RegisterProfile - peer=(name=org.bluez, label=bluetoothd), + peer=(name=org.bluez, label="@{p_bluetoothd}"), dbus send bus=system path=/org/bluez/hci@{int} interface=org.bluez.BatteryProviderManager@{int} member=RegisterProfile - peer=(name=org.bluez, label=bluetoothd), + peer=(name=org.bluez, label="@{p_bluetoothd}"), dbus send bus=system path=/org/bluez/hci@{int} interface=org.bluez.Media@{int} member=RegisterApplication - peer=(name=org.bluez, label=bluetoothd), + peer=(name=org.bluez, label="@{p_bluetoothd}"), include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Accounts b/apparmor.d/abstractions/bus/org.freedesktop.Accounts index 2ad151c45..d15288d46 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Accounts +++ b/apparmor.d/abstractions/bus/org.freedesktop.Accounts @@ -4,27 +4,27 @@ abi , - #aa:dbus common bus=system name=org.freedesktop.Accounts label=accounts-daemon + #aa:dbus common bus=system name=org.freedesktop.Accounts label="@{p_accounts_daemon}" dbus send bus=system path=/org/freedesktop/Accounts interface=org.freedesktop.Accounts member={FindUserByName,ListCachedUsers} - peer=(name="@{busname}", label=accounts-daemon), + peer=(name="@{busname}", label="@{p_accounts_daemon}"), dbus receive bus=system path=/org/freedesktop/Accounts/User@{uid} interface=org.freedesktop.Accounts.User member=*Changed - peer=(name="@{busname}", label=accounts-daemon), + peer=(name="@{busname}", label="@{p_accounts_daemon}"), dbus receive bus=system path=/org/freedesktop/Accounts interface=org.freedesktop.Accounts member=UserAdded - peer=(name="@{busname}", label=accounts-daemon), + peer=(name="@{busname}", label="@{p_accounts_daemon}"), dbus receive bus=system path=/org/freedesktop/Accounts/User@{uid} interface=org.freedesktop.DBus.Properties member=*Changed - peer=(name="@{busname}", label=accounts-daemon), + peer=(name="@{busname}", label="@{p_accounts_daemon}"), include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Avahi b/apparmor.d/abstractions/bus/org.freedesktop.Avahi index e3128f984..38e05f48c 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Avahi +++ b/apparmor.d/abstractions/bus/org.freedesktop.Avahi @@ -4,27 +4,27 @@ abi , - #aa:dbus common bus=system name=org.freedesktop.Avahi label=avahi-daemon + #aa:dbus common bus=system name=org.freedesktop.Avahi label="@{p_avahi_daemon}" dbus send bus=system path=/ interface=org.freedesktop.DBus.Peer member=Ping - peer=(name=org.freedesktop.Avahi, label=avahi-daemon), + peer=(name=org.freedesktop.Avahi, label="@{p_avahi_daemon}"), dbus send bus=system path=/ interface=org.freedesktop.Avahi.Server member={GetAPIVersion,GetState,Service*New} - peer=(name=org.freedesktop.Avahi, label=avahi-daemon), + peer=(name=org.freedesktop.Avahi, label="@{p_avahi_daemon}"), dbus send bus=system path=/Client@{int}/ServiceBrowser@{int} interface=org.freedesktop.Avahi.ServiceBrowser member=Free - peer=(name=org.freedesktop.Avahi, label=avahi-daemon), + peer=(name=org.freedesktop.Avahi, label="@{p_avahi_daemon}"), dbus receive bus=system path=/Client@{int}/ServiceBrowser@{int} interface=org.freedesktop.Avahi.ServiceBrowser member={ItemNew,AllForNow,CacheExhausted} - peer=(name="@{busname}", label=avahi-daemon), + peer=(name="@{busname}", label="@{p_avahi_daemon}"), include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ColorManager b/apparmor.d/abstractions/bus/org.freedesktop.ColorManager index 27776b776..3a63d95dc 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.ColorManager +++ b/apparmor.d/abstractions/bus/org.freedesktop.ColorManager @@ -4,22 +4,22 @@ abi , - #aa:dbus common bus=system name=org.freedesktop.ColorManager label=colord + #aa:dbus common bus=system name=org.freedesktop.ColorManager label="@{p_colord}" dbus send bus=system path=/org/freedesktop/ColorManager interface=org.freedesktop.ColorManager member=GetDevices - peer=(name="@{busname}", label=colord), + peer=(name="@{busname}", label="@{p_colord}"), dbus send bus=system path=/org/freedesktop/ColorManager interface=org.freedesktop.ColorManager member=CreateDevice - peer=(name="@{busname}", label=colord), + peer=(name="@{busname}", label="@{p_colord}"), dbus receive bus=system path=/org/freedesktop/ColorManager interface=org.freedesktop.ColorManager member={DeviceAdded,DeviceRemoved} - peer=(name="@{busname}", label=colord), + peer=(name="@{busname}", label="@{p_colord}"), include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 b/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 index feaced7c3..9957c7b67 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 +++ b/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 @@ -4,26 +4,26 @@ abi , - #aa:dbus common bus=system name=org.freedesktop.GeoClue2 label=geoclue + #aa:dbus common bus=system name=org.freedesktop.GeoClue2 label="@{p_geoclue}" dbus send bus=system path=/org/freedesktop/GeoClue2/Agent interface=org.freedesktop.DBus.Properties member=PropertiesChanged - peer=(name=org.freedesktop.DBus, label=geoclue), + peer=(name=org.freedesktop.DBus, label="@{p_geoclue}"), dbus receive bus=system path=/org/freedesktop/GeoClue2/Agent interface=org.freedesktop.DBus.Properties member=GetAll - peer=(name="@{busname}", label=geoclue), + peer=(name="@{busname}", label="@{p_geoclue}"), dbus send bus=system path=/org/freedesktop/GeoClue2/Manager interface=org.freedesktop.DBus.Properties member=GetAll - peer=(name="@{busname}", label=geoclue), + peer=(name="@{busname}", label="@{p_geoclue}"), dbus send bus=system path=/org/freedesktop/GeoClue2/Manager interface=org.freedesktop.GeoClue2.Manager member=AddAgent - peer=(name="@{busname}", label=geoclue), + peer=(name="@{busname}", label="@{p_geoclue}"), include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 b/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 index 41e03f325..4f53ba497 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 @@ -4,17 +4,17 @@ abi , - #aa:dbus common bus=system name=org.freedesktop.ModemManager1 label=ModemManager + #aa:dbus common bus=system name=org.freedesktop.ModemManager1 label="@{p_ModemManager}" dbus send bus=system path=/org/freedesktop/ModemManager1 interface=org.freedesktop.DBus.ObjectManager member=GetManagedObjects - peer=(name=org.freedesktop.ModemManager1, label=ModemManager), + peer=(name=org.freedesktop.ModemManager1, label="@{p_ModemManager}"), dbus send bus=system path=/org/freedesktop/ModemManager1 interface=org.freedesktop.DBus.ObjectManager member=GetManagedObjects - peer=(name="@{busname}", label=ModemManager), + peer=(name="@{busname}", label="@{p_ModemManager}"), include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 b/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 index b770cdbb1..9dfab7481 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 @@ -4,22 +4,22 @@ abi , - #aa:dbus common bus=system name=org.freedesktop.PolicyKit1 label=polkitd + #aa:dbus common bus=system name=org.freedesktop.PolicyKit1 label="@{p_polkitd}" dbus receive bus=system path=/org/freedesktop/PolicyKit1/Authority interface=org.freedesktop.PolicyKit1.Authority member=Changed - peer=(name="@{busname}", label=polkitd), + peer=(name="@{busname}", label="@{p_polkitd}"), dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority interface=org.freedesktop.PolicyKit1.Authority member=CheckAuthorization - peer=(name=org.freedesktop.PolicyKit1, label=polkitd), + peer=(name=org.freedesktop.PolicyKit1, label="@{p_polkitd}"), dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority interface=org.freedesktop.PolicyKit1.Authority member=CheckAuthorization - peer=(name="@{busname}", label=polkitd), + peer=(name="@{busname}", label="@{p_polkitd}"), dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority interface=org.freedesktop.PolicyKit1.Authority member=CheckAuthorization diff --git a/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 b/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 index 0c6abbdbe..f66fdb20a 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 @@ -6,7 +6,7 @@ abi , - #aa:dbus common bus=system name=org.freedesktop.RealtimeKit1 label=rtkit-daemon + #aa:dbus common bus=system name=org.freedesktop.RealtimeKit1 label="@{p_rtkit_daemon}" dbus send bus=system path=/org/freedesktop/RealtimeKit1 interface=org.freedesktop.DBus.Properties member=Get @@ -15,12 +15,12 @@ dbus send bus=system path=/org/freedesktop/RealtimeKit1 interface=org.freedesktop.RealtimeKit1 member={MakeThreadHighPriority,MakeThreadRealtime} - peer=(name="{@{busname},org.freedesktop.RealtimeKit1}", label=rtkit-daemon), + peer=(name="{@{busname},org.freedesktop.RealtimeKit1}", label="@{p_rtkit_daemon}"), dbus send bus=system path=/org/freedesktop/RealtimeKit1 interface=org.freedesktop.RealtimeKit1 member={MakeThreadHighPriorityWithPID,MakeThreadRealtimeWithPID} - peer=(name="{@{busname},org.freedesktop.RealtimeKit1}", label=rtkit-daemon), + peer=(name="{@{busname},org.freedesktop.RealtimeKit1}", label="@{p_rtkit_daemon}"), include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.UPower b/apparmor.d/abstractions/bus/org.freedesktop.UPower index ec0a2b15b..69218b619 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.UPower +++ b/apparmor.d/abstractions/bus/org.freedesktop.UPower @@ -4,22 +4,22 @@ abi , - #aa:dbus common bus=system name=org.freedesktop.UPower label=upowerd + #aa:dbus common bus=system name=org.freedesktop.UPower label="@{p_upowerd}" dbus send bus=system path=/org/freedesktop/UPower interface=org.freedesktop.UPower member=EnumerateDevices - peer=(name="{@{busname},org.freedesktop.UPower}", label=upowerd), + peer=(name="{@{busname},org.freedesktop.UPower}", label="@{p_upowerd}"), dbus send bus=system path=/org/freedesktop/UPower interface=org.freedesktop.DBus.Properties member=GetDisplayDevice - peer=(name=org.freedesktop.UPower, label=upowerd), + peer=(name=org.freedesktop.UPower, label="@{p_upowerd}"), dbus receive bus=system path=/org/freedesktop/UPower interface=org.freedesktop.UPower member=DeviceAdded - peer=(name="{@{busname},org.freedesktop.UPower}", label=upowerd), + peer=(name="{@{busname},org.freedesktop.UPower}", label="@{p_upowerd}"), include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.UPower.PowerProfiles b/apparmor.d/abstractions/bus/org.freedesktop.UPower.PowerProfiles index 3d3980f81..45e88b103 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.UPower.PowerProfiles +++ b/apparmor.d/abstractions/bus/org.freedesktop.UPower.PowerProfiles @@ -4,7 +4,7 @@ abi , - #aa:dbus common bus=system name=org.freedesktop.UPower.PowerProfiles label=power-profiles-daemon + #aa:dbus common bus=system name=org.freedesktop.UPower.PowerProfiles label=@{p_power_profiles_daemon} include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.hostname1 b/apparmor.d/abstractions/bus/org.freedesktop.hostname1 index e6182bead..0a8d86be1 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.hostname1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.hostname1 @@ -4,7 +4,7 @@ abi , - #aa:dbus common bus=system name=org.freedesktop.hostname1 label=systemd-hostnamed + #aa:dbus common bus=system name=org.freedesktop.hostname1 label="@{p_systemd_hostnamed}" dbus send bus=system path=/org/freedesktop/hostname1 interface=org.freedesktop.DBus.Properties member=Get diff --git a/apparmor.d/abstractions/bus/org.freedesktop.locale1 b/apparmor.d/abstractions/bus/org.freedesktop.locale1 index 511a44dd6..1348c8a39 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.locale1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.locale1 @@ -4,7 +4,7 @@ abi , - #aa:dbus common bus=system name=org.freedesktop.locale1 label=systemd-localed + #aa:dbus common bus=system name=org.freedesktop.locale1 label="@{p_systemd_localed}" dbus send bus=system path=/org/freedesktop/locale1 interface=org.freedesktop.DBus.Properties member=GetAll diff --git a/apparmor.d/abstractions/bus/org.freedesktop.login1 b/apparmor.d/abstractions/bus/org.freedesktop.login1 index 7f9fc5fb7..ad368ed98 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.login1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.login1 @@ -4,22 +4,22 @@ abi , - #aa:dbus common bus=system name=org.freedesktop.login1 label=systemd-logind + #aa:dbus common bus=system name=org.freedesktop.login1 label="@{p_systemd_logind}" dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member={Inhibit,CanHibernate,CanHybridSleep,CanPowerOff,CanReboot,CanSuspend,CreateSession,GetSessionByPID} - peer=(name="{@{busname},org.freedesktop.login1}", label=systemd-logind), + peer=(name="{@{busname},org.freedesktop.login1}", label="@{p_systemd_logind}"), dbus receive bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member={SessionNew,SessionRemoved,UserNew,UserRemoved,SeatNew,PrepareFor*} - peer=(name="{@{busname},org.freedesktop.login1}", label=systemd-logind), + peer=(name="{@{busname},org.freedesktop.login1}", label="@{p_systemd_logind}"), dbus send bus=system path=/org/freedesktop/login1/session/* interface=org.freedesktop.login1.Session member=PauseDeviceComplete - peer=(name=org.freedesktop.login1, label=systemd-logind), + peer=(name=org.freedesktop.login1, label="@{p_systemd_logind}"), include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.login1.Session b/apparmor.d/abstractions/bus/org.freedesktop.login1.Session index 23ec52c8e..f60c69301 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.login1.Session +++ b/apparmor.d/abstractions/bus/org.freedesktop.login1.Session @@ -4,22 +4,22 @@ abi , - #aa:dbus common bus=system name=org.freedesktop.login1 label=systemd-logind + #aa:dbus common bus=system name=org.freedesktop.login1 label="@{p_systemd_logind}" dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=GetSession - peer=(name="@{busname}", label=systemd-logind), + peer=(name="@{busname}", label="@{p_systemd_logind}"), dbus send bus=system path=/org/freedesktop/login1/session/* interface=org.freedesktop.login1.Session member={ReleaseDevice,TakeControl,TakeDevice,SetBrightness,SetLockedHint,SetIdleHint} - peer=(name="{@{busname},org.freedesktop.login1}", label=systemd-logind), + peer=(name="{@{busname},org.freedesktop.login1}", label="@{p_systemd_logind}"), dbus receive bus=system path=/org/freedesktop/login1/session/* interface=org.freedesktop.login1.Session member={PauseDevice,Unlock} - peer=(name="{@{busname},org.freedesktop.login1}", label=systemd-logind), + peer=(name="{@{busname},org.freedesktop.login1}", label="@{p_systemd_logind}"), include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.network1 b/apparmor.d/abstractions/bus/org.freedesktop.network1 index be11a7ceb..7583a3e9d 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.network1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.network1 @@ -4,7 +4,7 @@ abi , - #aa:dbus common bus=system name=org.freedesktop.network1 label=systemd-networkd + #aa:dbus common bus=system name=org.freedesktop.network1 label="@{p_systemd_networkd}" include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.resolve1 b/apparmor.d/abstractions/bus/org.freedesktop.resolve1 index 8c7670382..e2c4b3886 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.resolve1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.resolve1 @@ -4,12 +4,12 @@ abi , - #aa:dbus common bus=system name=org.freedesktop.resolve1 label=systemd-resolved + #aa:dbus common bus=system name=org.freedesktop.resolve1 label="@{p_systemd_resolved}" dbus send bus=system path=/org/freedesktop/resolve1 interface=org.freedesktop.resolve1.Manager member={SetLink*,ResolveHostname} - peer=(name="{@{busname},org.freedesktop.resolve1}", label=systemd-resolved), + peer=(name="{@{busname},org.freedesktop.resolve1}", label="@{p_systemd_resolved}"), include if exists diff --git a/apparmor.d/abstractions/bus/org.freedesktop.timedate1 b/apparmor.d/abstractions/bus/org.freedesktop.timedate1 index 83f85c678..8f6118355 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.timedate1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.timedate1 @@ -4,7 +4,7 @@ abi , - #aa:dbus common bus=system name=org.freedesktop.timedate1 label=systemd-timedated + #aa:dbus common bus=system name=org.freedesktop.timedate1 label="@{p_systemd_timedated}" include if exists diff --git a/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 b/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 index ce572e9cd..6bfa6114b 100644 --- a/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 +++ b/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 @@ -4,12 +4,12 @@ abi , - #aa:dbus common bus=session name=org.gnome.ArchiveManager1 label=file-roller + #aa:dbus common bus=session name=org.gnome.ArchiveManager1 label="@{p_file_roller}" dbus send bus=session path=/org/gnome/ArchiveManager1 interface=org.gnome.ArchiveManager1 member=GetSupportedTypes - peer=(name="@{busname}", label=file-roller), + peer=(name="@{busname}", label="@{p_file_roller}"), include if exists diff --git a/apparmor.d/abstractions/mapping/login b/apparmor.d/abstractions/mapping/login index 54a8c1c7f..7ccc2d678 100644 --- a/apparmor.d/abstractions/mapping/login +++ b/apparmor.d/abstractions/mapping/login @@ -25,7 +25,7 @@ dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=ReleaseSession - peer=(name=org.freedesktop.login1, label=systemd-logind), + peer=(name=org.freedesktop.login1, label="@{p_systemd_logind}"), @{etc_ro}/security/group.conf r, @{etc_ro}/security/limits.conf r, diff --git a/apparmor.d/abstractions/mapping/sshd b/apparmor.d/abstractions/mapping/sshd index bb0064956..97f0b077e 100644 --- a/apparmor.d/abstractions/mapping/sshd +++ b/apparmor.d/abstractions/mapping/sshd @@ -28,7 +28,7 @@ network inet6 stream, network netlink raw, - signal receive set=exists peer=systemd-journald, + signal receive set=exists peer=@{p_systemd_journald}, signal receive set=hup peer=@{p_systemd}, unix bind type=stream addr=@@{udbus}/bus/sshd/system, @@ -36,7 +36,7 @@ dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member={CreateSession,ReleaseSession,CreateSessionWithPIDFD} - peer=(name=org.freedesktop.login1, label=systemd-logind), + peer=(name=org.freedesktop.login1, label="@{p_systemd_logind}"), /etc/motd r, /etc/locale.conf r, diff --git a/apparmor.d/groups/avahi/avahi-browse b/apparmor.d/groups/avahi/avahi-browse index 47c22d72d..3ac729baa 100644 --- a/apparmor.d/groups/avahi/avahi-browse +++ b/apparmor.d/groups/avahi/avahi-browse @@ -17,7 +17,7 @@ profile avahi-browse @{exec_path} { dbus receive bus=system path=/Client@{int}/ServiceTypeBrowser@{int} interface=org.freedesktop.Avahi.ServiceTypeBrowser member={ItemNew,AllForNow,CacheExhausted} - peer=(name=:*, label=avahi-daemon), + peer=(name=:*, label="@{p_avahi_daemon}"), @{exec_path} mr, diff --git a/apparmor.d/groups/avahi/avahi-resolve b/apparmor.d/groups/avahi/avahi-resolve index ff2cae183..1a66b4726 100644 --- a/apparmor.d/groups/avahi/avahi-resolve +++ b/apparmor.d/groups/avahi/avahi-resolve @@ -17,12 +17,12 @@ profile avahi-resolve @{exec_path} { dbus send bus=system path=/Client@{int}/AddressResolver@{int} interface=org.freedesktop.Avahi.AddressResolver member={Free,HostNameResolverNew} - peer=(name=:*, label=avahi-daemon), + peer=(name=:*, label="@{p_avahi_daemon}"), dbus receive bus=system path=/Client@{int}/AddressResolver@{int} interface=org.freedesktop.Avahi.AddressResolver member={Failure,Found} - peer=(name=:*, label=avahi-daemon), + peer=(name=:*, label="@{p_avahi_daemon}"), @{exec_path} mr, diff --git a/apparmor.d/groups/bluetooth/bluetoothctl b/apparmor.d/groups/bluetooth/bluetoothctl index e408b94b9..0b075581b 100644 --- a/apparmor.d/groups/bluetooth/bluetoothctl +++ b/apparmor.d/groups/bluetooth/bluetoothctl @@ -15,7 +15,7 @@ profile bluetoothctl @{exec_path} { network bluetooth raw, - #aa:dbus talk bus=system name=org.bluez label=bluetoothd + #aa:dbus talk bus=system name=org.bluez label="@{p_bluetoothd}" @{exec_path} mr, diff --git a/apparmor.d/groups/bluetooth/obexd b/apparmor.d/groups/bluetooth/obexd index 3da9b4f5d..5c1a7633e 100644 --- a/apparmor.d/groups/bluetooth/obexd +++ b/apparmor.d/groups/bluetooth/obexd @@ -22,7 +22,7 @@ profile obexd @{exec_path} { dbus receive bus=system path=/org/bluez/obex/@{uuid} interface=org.bluez.Profile1 member=Release - peer=(name=:*, label=bluetoothd), + peer=(name=:*, label="@{p_bluetoothd}"), @{exec_path} mr, diff --git a/apparmor.d/groups/bus/ibus-dconf b/apparmor.d/groups/bus/ibus-dconf index 6f66ec9b2..817d63175 100644 --- a/apparmor.d/groups/bus/ibus-dconf +++ b/apparmor.d/groups/bus/ibus-dconf @@ -15,6 +15,7 @@ profile ibus-dconf @{exec_path} flags=(attach_disconnected) { include include + signal receive set=kill peer=@{p_systemd_user}, signal receive set=term peer=ibus-daemon, dbus receive bus=session diff --git a/apparmor.d/groups/cups/cups-browsed b/apparmor.d/groups/cups/cups-browsed index f671ce6e9..78e7883cb 100644 --- a/apparmor.d/groups/cups/cups-browsed +++ b/apparmor.d/groups/cups/cups-browsed @@ -29,7 +29,7 @@ profile cups-browsed @{exec_path} { dbus receive bus=system path=/ interface=org.freedesktop.Avahi.Server member=StateChanged - peer=(name=:*, label=avahi-daemon), + peer=(name=:*, label="@{p_avahi_daemon}"), dbus receive bus=system path=/org/freedesktop/NetworkManager interface=org.freedesktop.NetworkManager diff --git a/apparmor.d/groups/filesystem/udisksd b/apparmor.d/groups/filesystem/udisksd index 7d4febb1f..1ff219bbe 100644 --- a/apparmor.d/groups/filesystem/udisksd +++ b/apparmor.d/groups/filesystem/udisksd @@ -65,8 +65,8 @@ profile udisksd @{exec_path} flags=(attach_disconnected) { signal receive set=int peer=@{p_systemd}, #aa:dbus own bus=system name=org.freedesktop.UDisks2 - #aa:dbus talk bus=system name=org.freedesktop.login1 label=systemd-logind - #aa:dbus talk bus=system name=org.freedesktop.PolicyKit1 label=polkitd + #aa:dbus talk bus=system name=org.freedesktop.login1 label="@{p_systemd_logind}" + #aa:dbus talk bus=system name=org.freedesktop.PolicyKit1 label="@{p_polkitd}" @{exec_path} mr, diff --git a/apparmor.d/groups/flatpak/flatpak b/apparmor.d/groups/flatpak/flatpak index c958bd2cd..52e9e32ef 100644 --- a/apparmor.d/groups/flatpak/flatpak +++ b/apparmor.d/groups/flatpak/flatpak @@ -41,8 +41,8 @@ profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain signal send peer=flatpak-app, #aa:dbus talk bus=session name=org.freedesktop.Flatpak.SessionHelper label=flatpak-session-helper - #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon - #aa:dbus talk bus=system name=org.freedesktop.PolicyKit1 label=polkitd + #aa:dbus talk bus=system name=org.freedesktop.Accounts label="@{p_accounts_daemon}" + #aa:dbus talk bus=system name=org.freedesktop.PolicyKit1 label="@{p_polkitd}" dbus send bus=session path=/org/freedesktop/portal/documents interface=org.freedesktop.portal.Documents diff --git a/apparmor.d/groups/freedesktop/pulseaudio b/apparmor.d/groups/freedesktop/pulseaudio index 804020b7b..fab642571 100644 --- a/apparmor.d/groups/freedesktop/pulseaudio +++ b/apparmor.d/groups/freedesktop/pulseaudio @@ -50,12 +50,12 @@ profile pulseaudio @{exec_path} { dbus receive bus=system path=/Client@{int}/ServiceResolver@{int} interface=org.freedesktop.Avahi.ServiceResolver member=Found - peer=(name=:*, label=avahi-daemon), + peer=(name=:*, label="@{p_avahi_daemon}"), dbus receive bus=system path=/Client@{int}/ServiceBrowser@{int} interface=org.freedesktop.Avahi.ServiceBrowser member=ItemRemove - peer=(name=:*, label=avahi-daemon), + peer=(name=:*, label="@{p_avahi_daemon}"), dbus send bus=system path=/ interface=org.freedesktop.DBus.ObjectManager @@ -65,7 +65,7 @@ profile pulseaudio @{exec_path} { dbus send bus=system path=/Client@{int}/ServiceResolver@{int} interface=org.freedesktop.Avahi.ServiceResolver member={Found,Free} - peer=(name=org.freedesktop.Avahi, label=avahi-daemon), + peer=(name=org.freedesktop.Avahi, label="@{p_avahi_daemon}"), @{exec_path} mrix, diff --git a/apparmor.d/groups/freedesktop/upower b/apparmor.d/groups/freedesktop/upower index 931b47509..0f6f9abeb 100644 --- a/apparmor.d/groups/freedesktop/upower +++ b/apparmor.d/groups/freedesktop/upower @@ -13,7 +13,7 @@ profile upower @{exec_path} { include include - #aa:dbus own bus=system name=org.freedesktop.UPower label=upowerd + #aa:dbus own bus=system name=org.freedesktop.UPower label="@{p_upowerd}" @{exec_path} mr, diff --git a/apparmor.d/groups/freedesktop/xorg b/apparmor.d/groups/freedesktop/xorg index 00e277f1f..12c82aea3 100644 --- a/apparmor.d/groups/freedesktop/xorg +++ b/apparmor.d/groups/freedesktop/xorg @@ -48,7 +48,7 @@ profile xorg @{exec_path} flags=(attach_disconnected) { dbus send bus=system path=/org/freedesktop/login1/session/* interface=org.freedesktop.login1.Session member=ReleaseControl - peer=(name=org.freedesktop.login1, label=systemd-logind), + peer=(name=org.freedesktop.login1, label="@{p_systemd_logind}"), @{exec_path} mrix, diff --git a/apparmor.d/groups/gnome/gdm b/apparmor.d/groups/gnome/gdm index e35d165a2..435d055fa 100644 --- a/apparmor.d/groups/gnome/gdm +++ b/apparmor.d/groups/gnome/gdm @@ -34,8 +34,8 @@ profile gdm @{exec_path} flags=(attach_disconnected) { #aa:dbus own bus=system name=org.gnome.DisplayManager - #aa:dbus talk bus=system name=org.freedesktop.login1 label=systemd-logind - #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon + #aa:dbus talk bus=system name=org.freedesktop.login1 label="@{p_systemd_logind}" + #aa:dbus talk bus=system name=org.freedesktop.Accounts label="@{p_accounts_daemon}" @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gdm-session-worker b/apparmor.d/groups/gnome/gdm-session-worker index 1a05892b6..a5dac16fa 100644 --- a/apparmor.d/groups/gnome/gdm-session-worker +++ b/apparmor.d/groups/gnome/gdm-session-worker @@ -49,13 +49,13 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) { unix bind type=stream addr=@@{udbus}/bus/gdm-session-wor/system, - #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon - #aa:dbus talk bus=system name=org.freedesktop.home1 interface=org.freedesktop.home1.Manager label=systemd-homed + #aa:dbus talk bus=system name=org.freedesktop.Accounts label="@{p_accounts_daemon}" + #aa:dbus talk bus=system name=org.freedesktop.home1 interface=org.freedesktop.home1.Manager label="@{p_systemd_homed}" dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member={*Session,CreateSessionWithPIDFD} - peer=(name=org.freedesktop.login1, label=systemd-logind), + peer=(name=org.freedesktop.login1, label="@{p_systemd_logind}"), @{exec_path} mrix, diff --git a/apparmor.d/groups/gnome/gnome-calendar b/apparmor.d/groups/gnome/gnome-calendar index c81e591cf..235c0ce9e 100644 --- a/apparmor.d/groups/gnome/gnome-calendar +++ b/apparmor.d/groups/gnome/gnome-calendar @@ -32,7 +32,7 @@ profile gnome-calendar @{exec_path} { #aa:dbus talk bus=session name=org.gnome.evolution.dataserver.Sources@{int} label=evolution-source-registry #aa:dbus talk bus=session name=org.gnome.OnlineAccounts label=goa-daemon #aa:dbus talk bus=session name=org.gnome.SettingsDaemon.Color label=gsd-color - #aa:dbus talk bus=system name=org.freedesktop.GeoClue2 label=geoclue + #aa:dbus talk bus=system name=org.freedesktop.GeoClue2 label="@{p_geoclue}" dbus send bus=session path=/org/gnome/evolution/dataserver/SourceManager{,/**} interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/groups/gnome/gnome-control-center b/apparmor.d/groups/gnome/gnome-control-center index 1f0b6239e..1007d55e2 100644 --- a/apparmor.d/groups/gnome/gnome-control-center +++ b/apparmor.d/groups/gnome/gnome-control-center @@ -45,18 +45,18 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) { #aa:dbus talk bus=system name=com.ubuntu.WhoopsiePreferences label=whoopsie-preferences #aa:dbus talk bus=system name=net.hadess.SwitcherooControl label=switcheroo-control - #aa:dbus talk bus=system name=net.reactivated.Fprint.Manager label=fprintd - #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon + #aa:dbus talk bus=system name=net.reactivated.Fprint.Manager label="@{p_fprintd}" + #aa:dbus talk bus=system name=org.freedesktop.Accounts label="@{p_accounts_daemon}" #aa:dbus talk bus=system name=org.freedesktop.bolt1 label=boltd - #aa:dbus talk bus=system name=org.freedesktop.hostname1 label=systemd-hostnamed - #aa:dbus talk bus=system name=org.freedesktop.login1 label=systemd-logind - #aa:dbus talk bus=system name=org.freedesktop.ModemManager1 label=ModemManager + #aa:dbus talk bus=system name=org.freedesktop.hostname1 label="@{p_systemd_hostnamed}" + #aa:dbus talk bus=system name=org.freedesktop.login1 label="@{p_systemd_logind}" + #aa:dbus talk bus=system name=org.freedesktop.ModemManager1 label="@{p_ModemManager}" #aa:dbus talk bus=system name=org.freedesktop.NetworkManager label=NetworkManager - #aa:dbus talk bus=system name=org.freedesktop.PolicyKit1 label=polkitd + #aa:dbus talk bus=system name=org.freedesktop.PolicyKit1 label="@{p_polkitd}" #aa:dbus talk bus=system name=org.freedesktop.systemd1 label="@{p_systemd}" #aa:dbus talk bus=system name=org.freedesktop.UDisks2 label=udisksd - #aa:dbus talk bus=system name=org.freedesktop.UPower label=upowerd - #aa:dbus talk bus=system name=org.freedesktop.UPower.PowerProfiles label=power-profiles-daemon + #aa:dbus talk bus=system name=org.freedesktop.UPower label="@{p_upowerd}" + #aa:dbus talk bus=system name=org.freedesktop.UPower.PowerProfiles label=@{p_power_profiles_daemon} @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gnome-firmware b/apparmor.d/groups/gnome/gnome-firmware index af44afbec..706c16e87 100644 --- a/apparmor.d/groups/gnome/gnome-firmware +++ b/apparmor.d/groups/gnome/gnome-firmware @@ -20,8 +20,8 @@ profile gnome-firmware @{exec_path} { network inet6 stream, network netlink raw, - #aa:dbus talk bus=system name=org.freedesktop.fwupd label=fwupd path=/ - #aa:dbus talk bus=system name=org.freedesktop.login1 label=systemd-logind + #aa:dbus talk bus=system name=org.freedesktop.fwupd label="@{p_fwupd}" path=/ + #aa:dbus talk bus=system name=org.freedesktop.login1 label="@{p_systemd_logind}" @{exec_path} mr, @{open_path} rPx -> child-open-help, diff --git a/apparmor.d/groups/gnome/gnome-keyring-daemon b/apparmor.d/groups/gnome/gnome-keyring-daemon index c62175c85..37b3b7892 100644 --- a/apparmor.d/groups/gnome/gnome-keyring-daemon +++ b/apparmor.d/groups/gnome/gnome-keyring-daemon @@ -33,7 +33,7 @@ profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) { dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=GetSession - peer=(name=org.freedesktop.login1, label=systemd-logind), + peer=(name=org.freedesktop.login1, label="@{p_systemd_logind}"), @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary index 027a1ab96..dc9b6812e 100644 --- a/apparmor.d/groups/gnome/gnome-session-binary +++ b/apparmor.d/groups/gnome/gnome-session-binary @@ -32,7 +32,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { signal (send) set=(term) peer=gsd-*, #aa:dbus own bus=session name=org.gnome.SessionManager - #aa:dbus talk bus=system name=org.freedesktop.login1 label=systemd-logind + #aa:dbus talk bus=system name=org.freedesktop.login1 label="@{p_systemd_logind}" dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index bfd695959..6c781e204 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -83,11 +83,11 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) { # Talk with gnome-shell - #aa:dbus talk bus=system name=org.freedesktop.Accounts label=accounts-daemon + #aa:dbus talk bus=system name=org.freedesktop.Accounts label="@{p_accounts_daemon}" #aa:dbus talk bus=system name=org.freedesktop.bolt label=boltd - #aa:dbus talk bus=system name=org.freedesktop.ColorManager label=colord - #aa:dbus talk bus=system name=org.freedesktop.login1 label=systemd-logind - #aa:dbus talk bus=system name=org.freedesktop.UPower.PowerProfiles label=power-profiles-daemon + #aa:dbus talk bus=system name=org.freedesktop.ColorManager label="@{p_colord}" + #aa:dbus talk bus=system name=org.freedesktop.login1 label="@{p_systemd_logind}" + #aa:dbus talk bus=system name=org.freedesktop.UPower.PowerProfiles label=@{p_power_profiles_daemon} #aa:dbus talk bus=system name=org.gnome.DisplayManager label=gdm #aa:dbus talk bus=session name=com.rastersoft.ding label=gnome-extension-ding @@ -103,11 +103,11 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) { dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority interface=org.freedesktop.PolicyKit1.Authority member=RegisterAuthenticationAgent - peer=(name=:*, label=polkitd), + peer=(name=:*, label="@{p_polkitd}"), dbus receive bus=system path=/org/freedesktop/PolicyKit1/AuthenticationAgent interface=org.freedesktop.PolicyKit1.AuthenticationAgent member=BeginAuthentication - peer=(name=:*, label=polkitd), + peer=(name=:*, label="@{p_polkitd}"), dbus send bus=system path=/org/freedesktop/NetworkManager/AgentManager interface=org.freedesktop.NetworkManager.AgentManager diff --git a/apparmor.d/groups/gnome/gsd-color b/apparmor.d/groups/gnome/gsd-color index 92cf3fa0a..2fe22305b 100644 --- a/apparmor.d/groups/gnome/gsd-color +++ b/apparmor.d/groups/gnome/gsd-color @@ -28,7 +28,7 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) { #aa:dbus own bus=session name=org.gnome.SettingsDaemon.Color - #aa:dbus talk bus=system name=org.freedesktop.ColorManager label=colord + #aa:dbus talk bus=system name=org.freedesktop.ColorManager label="@{p_colord}" dbus receive bus=session path=/org/gtk/Settings interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/gnome/gsd-housekeeping b/apparmor.d/groups/gnome/gsd-housekeeping index 9dec92df4..b8da39a4d 100644 --- a/apparmor.d/groups/gnome/gsd-housekeeping +++ b/apparmor.d/groups/gnome/gsd-housekeeping @@ -24,10 +24,10 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) { #aa:dbus own bus=session name=org.gnome.SettingsDaemon.Housekeeping - dbus receive bus=session - interface=org.freedesktop.DBus.Introspectable - member=Introspect - peer=(name=:*, label=gnome-shell), + dbus send bus=session path=/org/freedesktop/systemd1 + interface=org.freedesktop.systemd1.Manager + member=Subscribe + peer=(name=org.freedesktop.systemd1), @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys index 1ae8e2ada..2a2ea034f 100644 --- a/apparmor.d/groups/gnome/gsd-media-keys +++ b/apparmor.d/groups/gnome/gsd-media-keys @@ -38,7 +38,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=PowerOff - peer=(name=:*, label=systemd-logind), + peer=(name=:*, label="@{p_systemd_logind}"), dbus send bus=session path=/ interface=org.freedesktop.DBus diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power index 0d09a0e9c..a330b76ce 100644 --- a/apparmor.d/groups/gnome/gsd-power +++ b/apparmor.d/groups/gnome/gsd-power @@ -43,7 +43,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { dbus send bus=system path=/org/freedesktop/UPower/KbdBacklight interface=org.freedesktop.UPower.KbdBacklight member=GetBrightness - peer=(name=:*, label=upowerd), + peer=(name=:*, label="@{p_upowerd}"), dbus receive bus=session path=/org/gtk/Settings interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/gnome/gsd-xsettings b/apparmor.d/groups/gnome/gsd-xsettings index e5489c2b4..4fece3366 100644 --- a/apparmor.d/groups/gnome/gsd-xsettings +++ b/apparmor.d/groups/gnome/gsd-xsettings @@ -36,12 +36,7 @@ profile gsd-xsettings @{exec_path} { dbus send bus=system path=/org/freedesktop/Accounts/User@{uid} interface=org.freedesktop.Accounts.User member=SetInputSources - peer=(name=:*, label=accounts-daemon), - - dbus send bus=session path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member=GetId - peer=(name=org.freedesktop.DBus, label="@{p_dbus_session}"), + peer=(name=:*, label="@{p_accounts_daemon}"), @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/loupe b/apparmor.d/groups/gnome/loupe index 4ee0d9268..6f783627e 100644 --- a/apparmor.d/groups/gnome/loupe +++ b/apparmor.d/groups/gnome/loupe @@ -21,6 +21,11 @@ profile loupe @{exec_path} flags=(attach_disconnected) { #aa:dbus talk bus=session name=org.gtk.vfs label="gvfsd{,-*}" + dbus send bus=system path=/org/freedesktop/hostname1 + interface=org.freedesktop.DBus.Properties + member=GetAll + peer=(name=@{busname}, label=@{p_systemd_hostnamed}), + @{exec_path} mr, @{bin}/bwrap rCx -> bwrap, diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm index b4111d6d0..396f256cc 100644 --- a/apparmor.d/groups/kde/sddm +++ b/apparmor.d/groups/kde/sddm @@ -58,7 +58,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { dbus receive bus=system path=/org/freedesktop/DisplayManager/Seat@{int} interface=org.freedesktop.DBus.Properties member=PropertiesChanged - peer=(name=:*, label=systemd-logind), + peer=(name=:*, label="@{p_systemd_logind}"), dbus send bus=system path=/org/freedesktop/DisplayManager/Seat@{int} interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/network/NetworkManager b/apparmor.d/groups/network/NetworkManager index 008b6bd31..85257c89d 100644 --- a/apparmor.d/groups/network/NetworkManager +++ b/apparmor.d/groups/network/NetworkManager @@ -46,7 +46,7 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) { #aa:dbus talk bus=system name=fi.w1.wpa_supplicant1 label=wpa-supplicant #aa:dbus talk bus=system name=org.fedoraproject.FirewallD1 label=firewalld #aa:dbus talk bus=system name=org.freedesktop.nm_dispatcher label=nm-dispatcher - #aa:dbus talk bus=system name=org.freedesktop.resolve1 label=systemd-resolved + #aa:dbus talk bus=system name=org.freedesktop.resolve1 label="@{p_systemd_resolved}" dbus send bus=system path=/org/freedesktop/nm_dispatcher interface=org.freedesktop.nm_dispatcher @@ -60,12 +60,12 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) { dbus receive bus=system path=/ interface=org.freedesktop.DBus.ObjectManager member=InterfacesRemoved - peer=(name=:*, label=bluetoothd), + peer=(name=:*, label="@{p_bluetoothd}"), dbus send bus=system path=/ interface=org.freedesktop.DBus.ObjectManager member=GetManagedObjects - peer=(name=:*, label=bluetoothd), + peer=(name=:*, label="@{p_bluetoothd}"), dbus send bus=system path=/org/freedesktop interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/groups/network/networkd-dispatcher b/apparmor.d/groups/network/networkd-dispatcher index f593db162..8b4d53b1c 100644 --- a/apparmor.d/groups/network/networkd-dispatcher +++ b/apparmor.d/groups/network/networkd-dispatcher @@ -16,7 +16,7 @@ profile networkd-dispatcher @{exec_path} { dbus receive bus=system path=/org/freedesktop/network1{,/link/*} interface=org.freedesktop.DBus.Properties member=PropertiesChanged - peer=(name=:*, label=systemd-networkd), + peer=(name=:*, label="@{p_systemd_networkd}"), @{exec_path} mr, diff --git a/apparmor.d/groups/polkit/polkit-agent-helper b/apparmor.d/groups/polkit/polkit-agent-helper index e663c299e..5799ced5b 100644 --- a/apparmor.d/groups/polkit/polkit-agent-helper +++ b/apparmor.d/groups/polkit/polkit-agent-helper @@ -35,12 +35,12 @@ profile polkit-agent-helper @{exec_path} flags=(attach_disconnected) { dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority interface=org.freedesktop.DBus.Properties member=GetAll - peer=(name=:*, label=polkitd), + peer=(name=:*, label="@{p_polkitd}"), dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority interface=org.freedesktop.PolicyKit1.Authority member=AuthenticationAgentResponse2 - peer=(name=:*, label=polkitd), + peer=(name=:*, label="@{p_polkitd}"), @{exec_path} mr, diff --git a/apparmor.d/groups/snap/snapd b/apparmor.d/groups/snap/snapd index 0481af5de..1add6c1c4 100644 --- a/apparmor.d/groups/snap/snapd +++ b/apparmor.d/groups/snap/snapd @@ -55,7 +55,7 @@ profile snapd @{exec_path} { dbus send bus=system path=/org/freedesktop/ interface=org.freedesktop.login1.Manager member={SetWallMessage,ScheduleShutdown} - peer=(name=org.freedesktop.login1, label=systemd-logind), + peer=(name=org.freedesktop.login1, label="@{p_systemd_logind}"), dbus send bus=system path=/org/freedesktop/timedate1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/ssh/sshd b/apparmor.d/groups/ssh/sshd index fe5a6f1cd..4b99aafd6 100644 --- a/apparmor.d/groups/ssh/sshd +++ b/apparmor.d/groups/ssh/sshd @@ -56,7 +56,7 @@ profile sshd @{exec_path} flags=(attach_disconnected) { dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member={CreateSession,ReleaseSession,CreateSessionWithPIDFD} - peer=(name=org.freedesktop.login1, label=systemd-logind), + peer=(name=org.freedesktop.login1, label="@{p_systemd_logind}"), @{exec_path} mrix, diff --git a/apparmor.d/groups/systemd/homectl b/apparmor.d/groups/systemd/homectl index aaae97d64..3a78c531e 100644 --- a/apparmor.d/groups/systemd/homectl +++ b/apparmor.d/groups/systemd/homectl @@ -19,7 +19,7 @@ profile homectl @{exec_path} { signal send peer=child-pager, - #aa:dbus talk bus=system name=org.freedesktop.home1 label=systemd-homed + #aa:dbus talk bus=system name=org.freedesktop.home1 label="@{p_systemd_homed}" @{exec_path} mr, diff --git a/apparmor.d/groups/systemd/hostnamectl b/apparmor.d/groups/systemd/hostnamectl index dcbe9a46f..6b29e260d 100644 --- a/apparmor.d/groups/systemd/hostnamectl +++ b/apparmor.d/groups/systemd/hostnamectl @@ -15,7 +15,7 @@ profile hostnamectl @{exec_path} { capability net_admin, - #aa:dbus talk bus=system name=org.freedesktop.hostname1 label=systemd-hostnamed + #aa:dbus talk bus=system name=org.freedesktop.hostname1 label="@{p_systemd_hostnamed}" dbus send bus=system path=/org/freedesktop/hostname1 interface=org.freedesktop.DBus.Properties member=GetAll diff --git a/apparmor.d/groups/systemd/localectl b/apparmor.d/groups/systemd/localectl index b49065fd7..f9a3625ef 100644 --- a/apparmor.d/groups/systemd/localectl +++ b/apparmor.d/groups/systemd/localectl @@ -16,7 +16,7 @@ profile localectl @{exec_path} { signal send set=cont peer=child-pager, - #aa:dbus talk bus=system name=org.freedesktop.locale1 label=systemd-localed + #aa:dbus talk bus=system name=org.freedesktop.locale1 label="@{p_systemd_localed}" @{exec_path} mr, diff --git a/apparmor.d/groups/systemd/loginctl b/apparmor.d/groups/systemd/loginctl index c65bb4edd..f516d16db 100644 --- a/apparmor.d/groups/systemd/loginctl +++ b/apparmor.d/groups/systemd/loginctl @@ -20,7 +20,7 @@ profile loginctl @{exec_path} flags=(attach_disconnected) { signal send set=cont peer=child-pager, - #aa:dbus talk bus=system name=org.freedesktop.login1 label=systemd-logind + #aa:dbus talk bus=system name=org.freedesktop.login1 label="@{p_systemd_logind}" @{exec_path} mr, diff --git a/apparmor.d/groups/systemd/networkctl b/apparmor.d/groups/systemd/networkctl index 0163f2258..5b4b3e6b5 100644 --- a/apparmor.d/groups/systemd/networkctl +++ b/apparmor.d/groups/systemd/networkctl @@ -26,7 +26,7 @@ profile networkctl @{exec_path} flags=(attach_disconnected) { unix (bind) type=stream addr=@@{udbus}/bus/networkctl/system, - #aa:dbus talk bus=system name=org.freedesktop.network1 label=systemd-networkd + #aa:dbus talk bus=system name=org.freedesktop.network1 label="@{p_systemd_networkd}" dbus send bus=system path=/org/freedesktop/network1{,/**} interface=org.freedesktop.DBus.Properties member=Get diff --git a/apparmor.d/groups/systemd/resolvectl b/apparmor.d/groups/systemd/resolvectl index 5c436f6c1..1ef3404d9 100644 --- a/apparmor.d/groups/systemd/resolvectl +++ b/apparmor.d/groups/systemd/resolvectl @@ -15,7 +15,7 @@ profile resolvectl @{exec_path} { signal send set=cont peer=child-pager, - #aa:dbus talk bus=system name=org.freedesktop.resolve1 label=systemd-resolved + #aa:dbus talk bus=system name=org.freedesktop.resolve1 label="@{p_systemd_resolved}" @{exec_path} mr, diff --git a/apparmor.d/groups/systemd/systemd-inhibit b/apparmor.d/groups/systemd/systemd-inhibit index 2be38e6ba..ae475ff48 100644 --- a/apparmor.d/groups/systemd/systemd-inhibit +++ b/apparmor.d/groups/systemd/systemd-inhibit @@ -14,7 +14,7 @@ profile systemd-inhibit @{exec_path} flags=(attach_disconnected) { capability net_admin, capability sys_resource, - signal receive set=term peer=packagekitd, + signal receive set=term peer=@{p_packagekitd}, @{exec_path} mr, diff --git a/apparmor.d/groups/systemd/systemd-networkd b/apparmor.d/groups/systemd/systemd-networkd index 3d6c3a4b7..df1e74048 100644 --- a/apparmor.d/groups/systemd/systemd-networkd +++ b/apparmor.d/groups/systemd/systemd-networkd @@ -42,7 +42,7 @@ profile systemd-networkd @{exec_path} flags=(attach_disconnected) { dbus send bus=system path=/org/freedesktop/hostname1 interface=org.freedesktop.hostname1 member=SetHostname - peer=(name=org.freedesktop.hostname1, label=systemd-hostnamed), + peer=(name=org.freedesktop.hostname1, label="@{p_systemd_hostnamed}"), @{exec_path} mr, diff --git a/apparmor.d/groups/systemd/systemd-timesyncd b/apparmor.d/groups/systemd/systemd-timesyncd index b603b2411..2ac7f09fb 100644 --- a/apparmor.d/groups/systemd/systemd-timesyncd +++ b/apparmor.d/groups/systemd/systemd-timesyncd @@ -22,7 +22,7 @@ profile systemd-timesyncd @{exec_path} flags=(attach_disconnected) { network inet6 stream, unix (bind) type=stream addr=@@{udbus}/bus/systemd-timesyn/bus-api-timesync, - unix (send, receive) type=dgram addr=none peer=(label=@{p_systemd}, addr=none), + unix (send, receive) type=dgram addr=none peer=(label=@{p_sd}, addr=none), #aa:dbus own bus=system name=org.freedesktop.timesync1 diff --git a/apparmor.d/groups/systemd/systemd-tty-ask-password-agent b/apparmor.d/groups/systemd/systemd-tty-ask-password-agent index bbd4b7438..30d30b295 100644 --- a/apparmor.d/groups/systemd/systemd-tty-ask-password-agent +++ b/apparmor.d/groups/systemd/systemd-tty-ask-password-agent @@ -20,7 +20,7 @@ profile systemd-tty-ask-password-agent @{exec_path} { signal receive set=(term cont winch) peer=*//systemctl, signal receive set=(term cont winch) peer=deb-systemd-invoke, signal receive set=(term cont winch) peer=default, - signal receive set=(term cont winch) peer=logrotate, + signal receive set=(term cont winch) peer=@{p_logrotate}, signal receive set=(term cont winch) peer=makepkg//sudo, signal receive set=(term cont winch) peer=role_*, signal receive set=(term cont winch) peer=rpm, diff --git a/apparmor.d/groups/utils/chsh b/apparmor.d/groups/utils/chsh index 73f097a94..e3581be31 100644 --- a/apparmor.d/groups/utils/chsh +++ b/apparmor.d/groups/utils/chsh @@ -24,7 +24,7 @@ profile chsh @{exec_path} { network netlink raw, - #aa:dbus talk bus=system name=org.freedesktop.home1 label=systemd-homed + #aa:dbus talk bus=system name=org.freedesktop.home1 label="@{p_systemd_homed}" @{exec_path} mr, diff --git a/apparmor.d/groups/utils/login b/apparmor.d/groups/utils/login index 6968be40e..6227f4fc5 100644 --- a/apparmor.d/groups/utils/login +++ b/apparmor.d/groups/utils/login @@ -34,7 +34,7 @@ profile login @{exec_path} flags=(attach_disconnected) { ptrace read, - #aa:dbus talk bus=system name=org.freedesktop.login1 label=systemd-logind + #aa:dbus talk bus=system name=org.freedesktop.login1 label="@{p_systemd_logind}" @{exec_path} mr, diff --git a/apparmor.d/profiles-a-f/evince b/apparmor.d/profiles-a-f/evince index b7b087309..e07c91f3d 100644 --- a/apparmor.d/profiles-a-f/evince +++ b/apparmor.d/profiles-a-f/evince @@ -30,7 +30,7 @@ profile evince @{exec_path} { #aa:dbus own bus=session name=org.gnome.evince - #aa:dbus talk bus=session name=org.gnome.SettingsDaemon.MediaKeys label=gsd-media-keys + #aa:dbus talk bus=session name=org.gnome.SettingsDaemon.MediaKeys label="@{p_gsd_media_keys}" #aa:dbus talk bus=session name=org.gtk.vfs label="gvfsd{,-*}" @{exec_path} rix, diff --git a/apparmor.d/profiles-a-f/fwupdmgr b/apparmor.d/profiles-a-f/fwupdmgr index 6dffac5a6..3c9b0a3a9 100644 --- a/apparmor.d/profiles-a-f/fwupdmgr +++ b/apparmor.d/profiles-a-f/fwupdmgr @@ -27,7 +27,7 @@ profile fwupdmgr @{exec_path} flags=(attach_disconnected) { network inet6 dgram, network netlink raw, - #aa:dbus talk bus=system name=org.freedesktop.fwupd label=fwupd path=/ + #aa:dbus talk bus=system name=org.freedesktop.fwupd label="@{p_fwupd}" path=/ @{exec_path} mr, diff --git a/apparmor.d/profiles-m-r/qemu-ga b/apparmor.d/profiles-m-r/qemu-ga index 7fa668a71..5173c50d8 100644 --- a/apparmor.d/profiles-m-r/qemu-ga +++ b/apparmor.d/profiles-m-r/qemu-ga @@ -34,7 +34,7 @@ profile qemu-ga @{exec_path} { unix type=stream addr=@@{udbus}/bus/shutdown/system, - #aa:dbus talk bus=system name=org.freedesktop.login1 label=systemd-logind + #aa:dbus talk bus=system name=org.freedesktop.login1 label="@{p_systemd_logind}" include if exists } diff --git a/apparmor.d/tunables/multiarch.d/profiles b/apparmor.d/tunables/multiarch.d/profiles index ec1eff79c..6868ae87a 100644 --- a/apparmor.d/tunables/multiarch.d/profiles +++ b/apparmor.d/tunables/multiarch.d/profiles @@ -8,10 +8,10 @@ # All variables that refer to a profile name should be prefixed with `p_` # Name of the systemd profiles. Can be `unconfined` or `systemd`, `systemd-user` -@{p_systemd}=unconfined -@{p_systemd_executor}=unconfined +@{p_sd}=unconfined +@{p_sdu}=unconfined @{p_systemd_user}=unconfined -@{p_systemd_user_executor}=unconfined +@{p_systemd}=unconfined # Name of the dbus daemon profiles @{p_dbus_accessibility}=dbus-accessibility