diff --git a/apparmor.d/groups/freedesktop/accounts-daemon b/apparmor.d/groups/freedesktop/accounts-daemon index d0b8e8a36..ec5d2cfca 100644 --- a/apparmor.d/groups/freedesktop/accounts-daemon +++ b/apparmor.d/groups/freedesktop/accounts-daemon @@ -58,8 +58,8 @@ profile accounts-daemon @{exec_path} flags=(attach_disconnected) { /etc/default/locale r, /etc/gdm{3,}/ r, - @{etc_rw}/gdm{3,}/daemon.conf{,.??????} rw, - @{etc_rw}/gdm{3,}/custom.conf{,.??????} rw, + /etc/gdm{3,}/daemon.conf{,.??????} rw, + /etc/gdm{3,}/custom.conf{,.??????} rw, /etc/machine-id r, /etc/shadow r, /etc/shells r, diff --git a/apparmor.d/groups/freedesktop/xdg-user-dirs-update b/apparmor.d/groups/freedesktop/xdg-user-dirs-update index 3f3bb8cc0..21d5c2ae0 100644 --- a/apparmor.d/groups/freedesktop/xdg-user-dirs-update +++ b/apparmor.d/groups/freedesktop/xdg-user-dirs-update @@ -26,15 +26,6 @@ profile xdg-user-dirs-update @{exec_path} { /var/lib/gdm{3,}/@{XDG_TEMPLATES_DIR}/ rw, /var/lib/gdm{3,}/@{XDG_VIDEOS_DIR}/ rw, - owner @{HOME}/@{XDG_DESKTOP_DIR}/ rw, - owner @{HOME}/@{XDG_DOCUMENTS_DIR}/ rw, - owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ rw, - owner @{HOME}/@{XDG_MUSIC_DIR}/ rw, - owner @{HOME}/@{XDG_PICTURES_DIR}/ rw, - owner @{HOME}/@{XDG_PUBLICSHARE_DIR}/ rw, - owner @{HOME}/@{XDG_TEMPLATES_DIR}/ rw, - owner @{HOME}/@{XDG_VIDEOS_DIR}/ rw, - owner @{user_config_dirs}/user-dirs.dirs r, include if exists diff --git a/apparmor.d/groups/freedesktop/xorg b/apparmor.d/groups/freedesktop/xorg index 144dd1088..c8aea29c0 100644 --- a/apparmor.d/groups/freedesktop/xorg +++ b/apparmor.d/groups/freedesktop/xorg @@ -11,7 +11,7 @@ include @{exec_path} += /{usr/,}bin/Xorg @{exec_path} += /{usr/,}lib/Xorg{,.wrap} @{exec_path} += /{usr/,}lib/xorg/Xorg{,.wrap} -profile xorg @{exec_path} flags=(attach_disconnected) { +profile xorg @{exec_path} flags=(attach_disconnected) { include include include diff --git a/apparmor.d/groups/gnome/nautilus b/apparmor.d/groups/gnome/nautilus index ed9b0dea4..eccaa6f86 100644 --- a/apparmor.d/groups/gnome/nautilus +++ b/apparmor.d/groups/gnome/nautilus @@ -29,9 +29,11 @@ profile nautilus @{exec_path} flags=(attach_disconnected) { member={IsSupported,List} peer=(name=:*), - dbus bind bus=session name=org.gnome.Nautilus, + dbus bind bus=session + name=org.gnome.Nautilus, - dbus bind bus=session name=org.freedesktop.FileManager1, + dbus bind bus=session + name=org.freedesktop.FileManager1, @{exec_path} mr, /{usr/,}bin/{,ba,da}sh rix, diff --git a/apparmor.d/groups/gvfs/gvfsd-metadata b/apparmor.d/groups/gvfs/gvfsd-metadata index f9c52d868..e864b3835 100644 --- a/apparmor.d/groups/gvfs/gvfsd-metadata +++ b/apparmor.d/groups/gvfs/gvfsd-metadata @@ -3,6 +3,7 @@ # Copyright (C) 2022 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +abi , include diff --git a/apparmor.d/groups/systemd/systemd-hostnamed b/apparmor.d/groups/systemd/systemd-hostnamed index 7d1e172e7..8e2625c42 100644 --- a/apparmor.d/groups/systemd/systemd-hostnamed +++ b/apparmor.d/groups/systemd/systemd-hostnamed @@ -8,7 +8,7 @@ abi , include @{exec_path} = /{usr/,}lib/systemd/systemd-hostnamed -profile systemd-hostnamed @{exec_path} flags=(attach_disconnected complain) { +profile systemd-hostnamed @{exec_path} flags=(attach_disconnected) { include include include diff --git a/apparmor.d/profiles-g-l/im-launch b/apparmor.d/profiles-g-l/im-launch index cd47b47ff..adb5713a5 100644 --- a/apparmor.d/profiles-g-l/im-launch +++ b/apparmor.d/profiles-g-l/im-launch @@ -13,6 +13,7 @@ profile im-launch @{exec_path} { @{exec_path} mr, /{usr/,}bin/{,ba,da}sh rix, + /{usr/,}bin/gnome-session rix, /{usr/,}bin/env rix, /{usr/,}bin/locale rix, /{usr/,}bin/gettext{,.sh} rix, @@ -20,14 +21,14 @@ profile im-launch @{exec_path} { /{usr/,}bin/sed rix, /{usr/,}bin/dpkg-query rpx, - /{usr/,}bin/gnome-session rPUx, - /usr/share/im-config/{,**} r, /etc/default/im-config r, /etc/X11/xinit/xinputrc r, /etc/X11/Xsession.d/70im-config_launch r, + owner @{HOME}/.xinputrc r, + # file inherit owner /dev/tty[0-9]* rw,