From 0b171d13307e87266377f131c0f91d72a355ddd9 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Thu, 8 Apr 2021 22:25:48 +0100 Subject: [PATCH] Cleanup some new profiles. --- apparmor.d/groups/gnome/evolution-alarm-notify | 11 +---------- apparmor.d/groups/gnome/gio-launch-desktop | 13 ++----------- apparmor.d/groups/gnome/gjs-console | 8 ++++---- apparmor.d/groups/gnome/gnome-calendar | 14 ++++---------- apparmor.d/groups/gnome/gnome-contacts | 6 ++++-- apparmor.d/groups/gnome/goa-daemon | 4 ++-- apparmor.d/groups/gnome/seahorse | 6 ++---- 7 files changed, 19 insertions(+), 43 deletions(-) diff --git a/apparmor.d/groups/gnome/evolution-alarm-notify b/apparmor.d/groups/gnome/evolution-alarm-notify index cff455aed..e1c2bbdf7 100644 --- a/apparmor.d/groups/gnome/evolution-alarm-notify +++ b/apparmor.d/groups/gnome/evolution-alarm-notify @@ -9,22 +9,13 @@ include @{exec_path} = /{usr/,}lib/evolution-data-server/evolution-alarm-notify profile evolution-alarm-notify @{exec_path} { include + include include - include - include include - include - include @{exec_path} mr, - /etc/fonts/{,**} r, - - /usr/share/fonts/{,**} r, /usr/share/glib-2.0/schemas/gschemas.compiled r, - /usr/share/X11/xkb/** r, - - owner @{user_config_dirs}/mimeapps.list r, include owner @{run}/user/[0-9]*/dconf/ rw, diff --git a/apparmor.d/groups/gnome/gio-launch-desktop b/apparmor.d/groups/gnome/gio-launch-desktop index d0b254d25..4bbda8f0e 100644 --- a/apparmor.d/groups/gnome/gio-launch-desktop +++ b/apparmor.d/groups/gnome/gio-launch-desktop @@ -12,31 +12,22 @@ include @{exec_path} += /{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop profile gio-launch-desktop @{exec_path} { include - include include + include + include include @{exec_path} mr, - /{usr/,}bin/ r, - /{usr/,}bin/[a-z0-9]* rPUx, # System files /etc/gnome/defaults.list r, - /usr/share/mime/* r, - /usr/share/{,*/}applications/{,**} r, /var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r, # User files - owner @{user_config_dirs}/mimeapps.list r, - owner @{user_share_dirs}/applications/{,*.desktop} r, owner @{PROC}/@{pid}/fd/ r, # file_inherit owner @{HOME}/.xsession-errors w, - owner @{user_share_dirs}/mime/{subclasses,icons,generic-icons} r, - owner @{user_share_dirs}/mime/{mime.cache,aliases,magic} r, - owner @{user_share_dirs}/mime/globs* r, - owner @{user_share_dirs}/applications/{mimeapps.list,mimeinfo.cache} r, # Required by many gio command owner @{HOME}/{,**} rw, diff --git a/apparmor.d/groups/gnome/gjs-console b/apparmor.d/groups/gnome/gjs-console index 389ed1982..8b2581a73 100644 --- a/apparmor.d/groups/gnome/gjs-console +++ b/apparmor.d/groups/gnome/gjs-console @@ -9,17 +9,17 @@ include @{exec_path} = /{usr/,}bin/gjs-console profile gjs-console @{exec_path} flags=(attach_disconnected) { include - include - include include include + include + include network netlink raw, @{exec_path} mr, /{usr/,}bin/ r, - /{usr/,}bin/[a-z0-9]* rPix, - /usr/{lib,libexec}/** rPix, + /{usr/,}bin/[a-z0-9]* rPUx, + /usr/{lib,libexec}/** rPUx, /usr/share/dconf/profile/gdm r, /usr/share/gdm/greeter-dconf-defaults r, diff --git a/apparmor.d/groups/gnome/gnome-calendar b/apparmor.d/groups/gnome/gnome-calendar index d94251482..39a302f52 100644 --- a/apparmor.d/groups/gnome/gnome-calendar +++ b/apparmor.d/groups/gnome/gnome-calendar @@ -9,29 +9,23 @@ include @{exec_path} = /{usr/,}bin/gnome-calendar profile gnome-calendar @{exec_path} { include - include + include include - include include - include - include + include network netlink raw, @{exec_path} mr, + /usr/share/libgweather/Locations.xml r, /usr/share/glib-2.0/schemas/gschemas.compiled r, - /usr/share/icons/{,**} r, - /usr/share/X11/xkb/{,**} r, - - owner @{user_share_dirs}/recently-used.xbel r, - owner @{user_config_dirs}/user-dirs.dirs r, include owner @{run}/user/[0-9]*/dconf/ rw, owner @{run}/user/[0-9]*/dconf/user rw, - /run/user/1000/gdm/Xauthority r, + owner @{run}/user/[0-9]*/gdm/Xauthority r, include if exists } diff --git a/apparmor.d/groups/gnome/gnome-contacts b/apparmor.d/groups/gnome/gnome-contacts index 1dbac6d59..53a29afa7 100644 --- a/apparmor.d/groups/gnome/gnome-contacts +++ b/apparmor.d/groups/gnome/gnome-contacts @@ -9,9 +9,12 @@ include @{exec_path} = /{usr/,}bin/gnome-contacts profile gnome-contacts @{exec_path} { include + include + include + include include + include include - include network netlink raw, @@ -20,7 +23,6 @@ profile gnome-contacts @{exec_path} { /usr/share/glib-2.0/schemas/gschemas.compiled r, owner @{user_share_dirs}/folks/relationships.ini r, - /dev/dri/ r, include owner @{run}/user/[0-9]*/dconf/ rw, diff --git a/apparmor.d/groups/gnome/goa-daemon b/apparmor.d/groups/gnome/goa-daemon index cf710b32c..9a0e8b11e 100644 --- a/apparmor.d/groups/gnome/goa-daemon +++ b/apparmor.d/groups/gnome/goa-daemon @@ -10,9 +10,9 @@ include profile goa-daemon @{exec_path} { include include - include - include include + include + include network inet stream, network inet6 stream, diff --git a/apparmor.d/groups/gnome/seahorse b/apparmor.d/groups/gnome/seahorse index dc22e171d..447a06e7e 100644 --- a/apparmor.d/groups/gnome/seahorse +++ b/apparmor.d/groups/gnome/seahorse @@ -9,9 +9,9 @@ include @{exec_path} = /{usr/,}bin/seahorse profile seahorse @{exec_path} { include - include + include include - include + include @{exec_path} mr, @@ -20,8 +20,6 @@ profile seahorse @{exec_path} { /{usr/,}bin/gpgsm rPx, /usr/share/glib-2.0/schemas/gschemas.compiled r, - /usr/share/icons/{,**} r, - /usr/share/X11/xkb/** r, # Seahorse and SSH keys owner @{HOME}/@{XDG_SSH_DIR}/{,**} r,