From 1cf268b770931d94bbb636007abecc4773ee723e Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Wed, 6 Dec 2023 21:56:59 +0000 Subject: [PATCH] refractor(dbus): use the new bus-{systemd,session} abstractions. --- apparmor.d/abstractions/bus-accessibility | 4 ++-- apparmor.d/groups/_full/default-sudo | 2 +- apparmor.d/groups/_full/systemd | 4 ++-- apparmor.d/groups/_full/systemd-user | 4 ++-- apparmor.d/groups/apps/calibre | 4 ++-- apparmor.d/groups/apt/apt | 2 +- apparmor.d/groups/apt/unattended-upgrade | 2 +- .../groups/apt/unattended-upgrade-shutdown | 2 +- apparmor.d/groups/avahi/avahi-browse | 2 +- apparmor.d/groups/avahi/avahi-resolve | 2 +- apparmor.d/groups/browsers/firefox | 4 ++-- apparmor.d/groups/bus/ibus-daemon | 2 +- apparmor.d/groups/bus/ibus-dconf | 4 ++-- apparmor.d/groups/bus/ibus-extension-gtk3 | 4 ++-- apparmor.d/groups/bus/ibus-portal | 2 +- apparmor.d/groups/bus/ibus-x11 | 4 ++-- apparmor.d/groups/children/child-systemctl | 2 +- apparmor.d/groups/freedesktop/accounts-daemon | 2 +- .../groups/freedesktop/at-spi2-registryd | 4 ++-- apparmor.d/groups/freedesktop/colord | 2 +- apparmor.d/groups/freedesktop/colord-sane | 2 +- apparmor.d/groups/freedesktop/dconf-service | 2 +- apparmor.d/groups/freedesktop/geoclue | 2 +- apparmor.d/groups/freedesktop/pipewire | 4 ++-- .../groups/freedesktop/pipewire-media-session | 4 ++-- .../groups/freedesktop/polkit-agent-helper | 2 +- apparmor.d/groups/freedesktop/polkitd | 2 +- apparmor.d/groups/freedesktop/pulseaudio | 4 ++-- apparmor.d/groups/freedesktop/upowerd | 2 +- apparmor.d/groups/freedesktop/xdg-dbus-proxy | 6 ++--- .../groups/freedesktop/xdg-desktop-portal | 4 ++-- .../freedesktop/xdg-desktop-portal-gnome | 4 ++-- .../groups/freedesktop/xdg-desktop-portal-gtk | 6 ++--- .../groups/freedesktop/xdg-document-portal | 2 +- .../groups/freedesktop/xdg-permission-store | 2 +- apparmor.d/groups/freedesktop/xorg | 2 +- .../gnome/evolution-addressbook-factory | 4 ++-- .../groups/gnome/evolution-calendar-factory | 4 ++-- .../groups/gnome/evolution-source-registry | 2 +- apparmor.d/groups/gnome/gdm | 4 ++-- apparmor.d/groups/gnome/gdm-session-worker | 4 ++-- apparmor.d/groups/gnome/gdm-wayland-session | 4 ++-- apparmor.d/groups/gnome/gdm-x-session | 4 ++-- apparmor.d/groups/gnome/gdm-xsession | 2 +- apparmor.d/groups/gnome/gjs-console | 4 ++-- .../gnome/gnome-calculator-search-provider | 2 +- apparmor.d/groups/gnome/gnome-calendar | 4 ++-- apparmor.d/groups/gnome/gnome-characters | 4 ++-- .../gnome/gnome-characters-backgroudservice | 2 +- apparmor.d/groups/gnome/gnome-control-center | 2 +- .../gnome/gnome-control-center-goa-helper | 4 ++-- .../gnome/gnome-control-center-print-renderer | 4 ++-- .../gnome-control-center-search-provider | 2 +- apparmor.d/groups/gnome/gnome-disks | 2 +- apparmor.d/groups/gnome/gnome-extension-ding | 6 ++--- .../groups/gnome/gnome-extension-gsconnect | 6 ++--- apparmor.d/groups/gnome/gnome-initial-setup | 2 +- apparmor.d/groups/gnome/gnome-keyring-daemon | 4 ++-- .../groups/gnome/gnome-remote-desktop-daemon | 2 +- apparmor.d/groups/gnome/gnome-session-binary | 6 ++--- apparmor.d/groups/gnome/gnome-session-ctl | 2 +- apparmor.d/groups/gnome/gnome-shell | 6 ++--- .../groups/gnome/gnome-shell-calendar-server | 2 +- .../groups/gnome/gnome-shell-hotplug-sniffer | 2 +- apparmor.d/groups/gnome/gnome-system-monitor | 2 +- apparmor.d/groups/gnome/gnome-terminal-server | 4 ++-- apparmor.d/groups/gnome/goa-daemon | 4 ++-- apparmor.d/groups/gnome/goa-identity-service | 2 +- apparmor.d/groups/gnome/gsd-a11y-settings | 2 +- apparmor.d/groups/gnome/gsd-color | 6 ++--- apparmor.d/groups/gnome/gsd-datetime | 2 +- .../groups/gnome/gsd-disk-utility-notify | 4 ++-- apparmor.d/groups/gnome/gsd-housekeeping | 2 +- apparmor.d/groups/gnome/gsd-keyboard | 6 ++--- apparmor.d/groups/gnome/gsd-media-keys | 6 ++--- apparmor.d/groups/gnome/gsd-power | 6 ++--- .../groups/gnome/gsd-print-notifications | 4 ++-- apparmor.d/groups/gnome/gsd-printer | 4 ++-- apparmor.d/groups/gnome/gsd-rfkill | 4 ++-- apparmor.d/groups/gnome/gsd-screensaver-proxy | 2 +- apparmor.d/groups/gnome/gsd-sharing | 4 ++-- apparmor.d/groups/gnome/gsd-smartcard | 2 +- apparmor.d/groups/gnome/gsd-sound | 2 +- apparmor.d/groups/gnome/gsd-wacom | 4 ++-- apparmor.d/groups/gnome/gsd-xsettings | 6 ++--- apparmor.d/groups/gnome/mutter-x11-frames | 2 +- apparmor.d/groups/gnome/nautilus | 6 ++--- apparmor.d/groups/gnome/seahorse | 4 ++-- apparmor.d/groups/gnome/tracker-extract | 2 +- apparmor.d/groups/gnome/tracker-miner | 4 ++-- .../groups/gvfs/gvfs-afc-volume-monitor | 2 +- .../groups/gvfs/gvfs-goa-volume-monitor | 2 +- .../groups/gvfs/gvfs-gphoto2-volume-monitor | 2 +- .../groups/gvfs/gvfs-mtp-volume-monitor | 2 +- .../groups/gvfs/gvfs-udisks2-volume-monitor | 4 ++-- apparmor.d/groups/gvfs/gvfsd | 2 +- apparmor.d/groups/gvfs/gvfsd-dnssd | 4 ++-- apparmor.d/groups/gvfs/gvfsd-fuse | 2 +- apparmor.d/groups/gvfs/gvfsd-metadata | 2 +- apparmor.d/groups/gvfs/gvfsd-network | 2 +- apparmor.d/groups/gvfs/gvfsd-smb-browse | 2 +- apparmor.d/groups/gvfs/gvfsd-trash | 2 +- apparmor.d/groups/kde/kded5 | 2 +- apparmor.d/groups/kde/plasmashell | 4 ++-- apparmor.d/groups/network/ModemManager | 2 +- apparmor.d/groups/network/networkd-dispatcher | 4 ++-- apparmor.d/groups/network/nm-dispatcher | 2 +- apparmor.d/groups/network/nm-online | 3 ++- apparmor.d/groups/network/tailscaled | 2 +- apparmor.d/groups/ssh/ssh-agent-launch | 2 +- apparmor.d/groups/ssh/sshd | 2 +- apparmor.d/groups/systemd/hostnamectl | 2 +- apparmor.d/groups/systemd/loginctl | 2 +- apparmor.d/groups/systemd/networkctl | 2 +- apparmor.d/groups/systemd/systemd-analyze | 2 +- apparmor.d/groups/systemd/systemd-homed | 2 +- apparmor.d/groups/systemd/systemd-hostnamed | 2 +- apparmor.d/groups/systemd/systemd-localed | 2 +- apparmor.d/groups/systemd/systemd-logind | 2 +- apparmor.d/groups/systemd/systemd-machined | 2 +- apparmor.d/groups/systemd/systemd-networkd | 2 +- apparmor.d/groups/systemd/systemd-oomd | 2 +- apparmor.d/groups/systemd/systemd-resolved | 2 +- apparmor.d/groups/systemd/systemd-sleep | 2 +- apparmor.d/groups/systemd/systemd-timedated | 2 +- apparmor.d/groups/systemd/systemd-timesyncd | 2 +- .../groups/systemd/systemd-user-runtime-dir | 2 +- apparmor.d/groups/ubuntu/apport-gtk | 2 +- .../groups/ubuntu/check-new-release-gtk | 4 ++-- .../groups/ubuntu/livepatch-notification | 4 ++-- .../groups/ubuntu/software-properties-dbus | 2 +- .../groups/ubuntu/software-properties-gtk | 4 ++-- .../ubuntu/ubuntu-advantage-desktop-daemon | 2 +- .../ubuntu/ubuntu-advantage-notification | 4 ++-- apparmor.d/groups/ubuntu/update-manager | 4 ++-- apparmor.d/groups/ubuntu/update-notifier | 6 ++--- apparmor.d/groups/virt/dockerd | 2 +- apparmor.d/profiles-a-f/aa-notify | 2 +- apparmor.d/profiles-a-f/atril | 4 ++-- apparmor.d/profiles-a-f/atrild | 2 +- apparmor.d/profiles-a-f/bluetoothd | 2 +- apparmor.d/profiles-a-f/boltd | 2 +- apparmor.d/profiles-a-f/cups-browsed | 2 +- .../profiles-a-f/cups-pk-helper-mechanism | 2 +- apparmor.d/profiles-a-f/engrampa | 4 ++-- apparmor.d/profiles-a-f/evince | 4 ++-- apparmor.d/profiles-a-f/evince-previewer | 4 ++-- apparmor.d/profiles-a-f/exim4 | 2 +- apparmor.d/profiles-a-f/file-roller | 4 ++-- apparmor.d/profiles-a-f/fprintd | 2 +- apparmor.d/profiles-a-f/fwupd | 2 +- apparmor.d/profiles-a-f/fwupdmgr | 2 +- apparmor.d/profiles-g-l/glib-pacrunner | 4 ++-- apparmor.d/profiles-g-l/gsettings | 2 +- apparmor.d/profiles-g-l/keepassxc | 4 ++-- apparmor.d/profiles-g-l/kerneloops | 2 +- apparmor.d/profiles-g-l/login | 2 +- apparmor.d/profiles-g-l/lvm | 2 +- apparmor.d/profiles-m-r/murmurd | 2 +- .../profiles-m-r/needrestart-apt-pinvoke | 2 +- apparmor.d/profiles-m-r/obexd | 4 ++-- apparmor.d/profiles-m-r/packagekitd | 2 +- apparmor.d/profiles-m-r/passimd | 2 +- apparmor.d/profiles-m-r/pkexec | 2 +- apparmor.d/profiles-m-r/pkttyagent | 2 +- apparmor.d/profiles-m-r/plank | 2 +- apparmor.d/profiles-m-r/power-profiles-daemon | 2 +- apparmor.d/profiles-m-r/qbittorrent | 6 ++--- apparmor.d/profiles-m-r/qemu-ga | 2 +- apparmor.d/profiles-m-r/remmina | 6 ++--- apparmor.d/profiles-m-r/rtkit-daemon | 2 +- apparmor.d/profiles-m-r/rustdesk | 4 ++-- apparmor.d/profiles-s-z/snap | 4 ++-- apparmor.d/profiles-s-z/snapd | 2 +- apparmor.d/profiles-s-z/spice-vdagent | 6 ++--- apparmor.d/profiles-s-z/spice-vdagentd | 2 +- apparmor.d/profiles-s-z/su | 2 +- apparmor.d/profiles-s-z/sudo | 2 +- apparmor.d/profiles-s-z/switcheroo-control | 2 +- apparmor.d/profiles-s-z/system-config-printer | 4 ++-- apparmor.d/profiles-s-z/thermald | 2 +- apparmor.d/profiles-s-z/thunderbird | 4 ++-- apparmor.d/profiles-s-z/udisksd | 2 +- apparmor.d/profiles-s-z/wireplumber | 4 ++-- apparmor.d/profiles-s-z/wireshark | 22 +++++++++---------- apparmor.d/profiles-s-z/wpa-supplicant | 2 +- apparmor.d/profiles-s-z/zsysd | 2 +- 187 files changed, 288 insertions(+), 287 deletions(-) diff --git a/apparmor.d/abstractions/bus-accessibility b/apparmor.d/abstractions/bus-accessibility index 4a5615f98..b310d54c6 100644 --- a/apparmor.d/abstractions/bus-accessibility +++ b/apparmor.d/abstractions/bus-accessibility @@ -5,12 +5,12 @@ dbus send bus=accessibility path=/org/freedesktop/DBus interface=org.freedesktop.DBus member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName} - peer=(name=org.freedesktop.DBus, label=at-spi-bus-launcher), + peer=(name=org.freedesktop.DBus, label="{dbus-daemon,at-spi-bus-launcher}"), dbus send bus=accessibility path=/org/freedesktop/DBus interface=org.freedesktop.DBus member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=at-spi-bus-launcher), + peer=(name=org.freedesktop.DBus, label="{dbus-daemon,at-spi-bus-launcher}"), owner @{run}/user/@{uid}/at-spi/ rw, owner @{run}/user/@{uid}/at-spi/bus rw, diff --git a/apparmor.d/groups/_full/default-sudo b/apparmor.d/groups/_full/default-sudo index 7f6a26c2c..d0a492e29 100644 --- a/apparmor.d/groups/_full/default-sudo +++ b/apparmor.d/groups/_full/default-sudo @@ -9,8 +9,8 @@ include profile default-sudo @{exec_path} { include include + include include - include include include diff --git a/apparmor.d/groups/_full/systemd b/apparmor.d/groups/_full/systemd index d3f55cf75..fa2fefc35 100644 --- a/apparmor.d/groups/_full/systemd +++ b/apparmor.d/groups/_full/systemd @@ -21,8 +21,8 @@ profile systemd flags=(attach_disconnected,mediate_deleted) { include include include - include - include + include + include include include include diff --git a/apparmor.d/groups/_full/systemd-user b/apparmor.d/groups/_full/systemd-user index 9cdc29ee3..b39607253 100644 --- a/apparmor.d/groups/_full/systemd-user +++ b/apparmor.d/groups/_full/systemd-user @@ -18,8 +18,8 @@ include @{exec_path} = @{lib}/systemd/systemd profile systemd-user flags=(attach_disconnected,mediate_deleted) { include - include - include + include + include include network netlink raw, diff --git a/apparmor.d/groups/apps/calibre b/apparmor.d/groups/apps/calibre index e2561214e..597dcf725 100644 --- a/apparmor.d/groups/apps/calibre +++ b/apparmor.d/groups/apps/calibre @@ -16,10 +16,10 @@ include profile calibre @{exec_path} { include include + include + include include include - include - include include include include diff --git a/apparmor.d/groups/apt/apt b/apparmor.d/groups/apt/apt index 28dcd35b3..79ba74917 100644 --- a/apparmor.d/groups/apt/apt +++ b/apparmor.d/groups/apt/apt @@ -11,11 +11,11 @@ include profile apt @{exec_path} flags=(attach_disconnected) { include include + include include include include include - include include include include diff --git a/apparmor.d/groups/apt/unattended-upgrade b/apparmor.d/groups/apt/unattended-upgrade index fa40f1f88..d1e0e7d09 100644 --- a/apparmor.d/groups/apt/unattended-upgrade +++ b/apparmor.d/groups/apt/unattended-upgrade @@ -11,11 +11,11 @@ include profile unattended-upgrade @{exec_path} flags=(attach_disconnected) { include include + include include include include include - include include include include diff --git a/apparmor.d/groups/apt/unattended-upgrade-shutdown b/apparmor.d/groups/apt/unattended-upgrade-shutdown index 0e0b0a3ae..1190d3431 100644 --- a/apparmor.d/groups/apt/unattended-upgrade-shutdown +++ b/apparmor.d/groups/apt/unattended-upgrade-shutdown @@ -9,9 +9,9 @@ include @{exec_path} = /usr/share/unattended-upgrades/unattended-upgrade-shutdown profile unattended-upgrade-shutdown @{exec_path} flags=(attach_disconnected) { include + include include include - include include include diff --git a/apparmor.d/groups/avahi/avahi-browse b/apparmor.d/groups/avahi/avahi-browse index 9a8c5062d..3397019b0 100644 --- a/apparmor.d/groups/avahi/avahi-browse +++ b/apparmor.d/groups/avahi/avahi-browse @@ -10,9 +10,9 @@ include @{exec_path} = @{bin}/avahi-browse @{bin}/avahi-browse-domains profile avahi-browse @{exec_path} { include + include include include - include dbus receive bus=system path=/Client@{int}/ServiceTypeBrowser@{int} interface=org.freedesktop.Avahi.ServiceTypeBrowser diff --git a/apparmor.d/groups/avahi/avahi-resolve b/apparmor.d/groups/avahi/avahi-resolve index b378b2d83..39a9d6814 100644 --- a/apparmor.d/groups/avahi/avahi-resolve +++ b/apparmor.d/groups/avahi/avahi-resolve @@ -10,9 +10,9 @@ include @{exec_path} = @{bin}/avahi-resolve @{bin}/avahi-resolve-address @{bin}/avahi-resolve-host-name profile avahi-resolve @{exec_path} { include + include include include - include dbus send bus=system path=/Client@{int}/AddressResolver@{int} interface=org.freedesktop.Avahi.AddressResolver diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox index 262088410..1334becb0 100644 --- a/apparmor.d/groups/browsers/firefox +++ b/apparmor.d/groups/browsers/firefox @@ -16,13 +16,13 @@ include profile firefox @{exec_path} flags=(attach_disconnected) { include include + include + include include include include include include - include - include include include include diff --git a/apparmor.d/groups/bus/ibus-daemon b/apparmor.d/groups/bus/ibus-daemon index b7f2d5c07..3aa080046 100644 --- a/apparmor.d/groups/bus/ibus-daemon +++ b/apparmor.d/groups/bus/ibus-daemon @@ -9,8 +9,8 @@ include @{exec_path} = @{bin}/ibus-daemon profile ibus-daemon @{exec_path} flags=(attach_disconnected) { include + include include - include include include diff --git a/apparmor.d/groups/bus/ibus-dconf b/apparmor.d/groups/bus/ibus-dconf index 0f4c06cec..8abeeced7 100644 --- a/apparmor.d/groups/bus/ibus-dconf +++ b/apparmor.d/groups/bus/ibus-dconf @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/{,ibus/}ibus-dconf profile ibus-dconf @{exec_path} flags=(attach_disconnected) { include + include + include include - include - include include signal (receive) set=term peer=ibus-daemon, diff --git a/apparmor.d/groups/bus/ibus-extension-gtk3 b/apparmor.d/groups/bus/ibus-extension-gtk3 index c0c167d43..fb7a5d806 100644 --- a/apparmor.d/groups/bus/ibus-extension-gtk3 +++ b/apparmor.d/groups/bus/ibus-extension-gtk3 @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/{,ibus/}ibus-extension-gtk3 profile ibus-extension-gtk3 @{exec_path} flags=(attach_disconnected) { include + include + include include - include - include include include include diff --git a/apparmor.d/groups/bus/ibus-portal b/apparmor.d/groups/bus/ibus-portal index ed6167102..031c090a4 100644 --- a/apparmor.d/groups/bus/ibus-portal +++ b/apparmor.d/groups/bus/ibus-portal @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/{,ibus/}ibus-portal profile ibus-portal @{exec_path} flags=(attach_disconnected) { include - include + include include signal (receive) set=(term, hup) peer=gdm*, diff --git a/apparmor.d/groups/bus/ibus-x11 b/apparmor.d/groups/bus/ibus-x11 index d6fbe2453..536cbdbbe 100644 --- a/apparmor.d/groups/bus/ibus-x11 +++ b/apparmor.d/groups/bus/ibus-x11 @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/{,ibus/}ibus-x11 profile ibus-x11 @{exec_path} flags=(attach_disconnected) { include + include + include include - include - include include include include diff --git a/apparmor.d/groups/children/child-systemctl b/apparmor.d/groups/children/child-systemctl index 16e89c215..18644552e 100644 --- a/apparmor.d/groups/children/child-systemctl +++ b/apparmor.d/groups/children/child-systemctl @@ -16,8 +16,8 @@ include @{exec_path} = @{bin}/systemctl profile child-systemctl flags=(attach_disconnected) { include + include include - include include include diff --git a/apparmor.d/groups/freedesktop/accounts-daemon b/apparmor.d/groups/freedesktop/accounts-daemon index 032a39f2d..b3a6b1ce8 100644 --- a/apparmor.d/groups/freedesktop/accounts-daemon +++ b/apparmor.d/groups/freedesktop/accounts-daemon @@ -10,8 +10,8 @@ include @{exec_path} = @{lib}/{,accountsservice/}accounts-daemon profile accounts-daemon @{exec_path} flags=(attach_disconnected) { include + include include - include include include diff --git a/apparmor.d/groups/freedesktop/at-spi2-registryd b/apparmor.d/groups/freedesktop/at-spi2-registryd index bd6dbe9e2..99d6bc640 100644 --- a/apparmor.d/groups/freedesktop/at-spi2-registryd +++ b/apparmor.d/groups/freedesktop/at-spi2-registryd @@ -10,10 +10,10 @@ include @{exec_path} = @{lib}/{,at-spi2{,-core}/}at-spi2-registryd profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) { include + include + include include include - include - include include include diff --git a/apparmor.d/groups/freedesktop/colord b/apparmor.d/groups/freedesktop/colord index aaa4a61ed..f791c4b9f 100644 --- a/apparmor.d/groups/freedesktop/colord +++ b/apparmor.d/groups/freedesktop/colord @@ -10,8 +10,8 @@ include @{exec_path} = @{lib}/{,colord/}colord profile colord @{exec_path} flags=(attach_disconnected) { include + include include - include include include diff --git a/apparmor.d/groups/freedesktop/colord-sane b/apparmor.d/groups/freedesktop/colord-sane index b25c68f41..b67360410 100644 --- a/apparmor.d/groups/freedesktop/colord-sane +++ b/apparmor.d/groups/freedesktop/colord-sane @@ -10,8 +10,8 @@ include @{exec_path} = @{lib}/{,colord/}colord-sane profile colord-sane @{exec_path} flags=(attach_disconnected) { include + include include - include include include diff --git a/apparmor.d/groups/freedesktop/dconf-service b/apparmor.d/groups/freedesktop/dconf-service index d7d371803..eea031a00 100644 --- a/apparmor.d/groups/freedesktop/dconf-service +++ b/apparmor.d/groups/freedesktop/dconf-service @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/{,dconf/}dconf-service profile dconf-service @{exec_path} flags=(attach_disconnected) { include - include + include include signal (receive) set=(term kill hup) peer=dbus-daemon, diff --git a/apparmor.d/groups/freedesktop/geoclue b/apparmor.d/groups/freedesktop/geoclue index 12540c5ae..6204d1fe6 100644 --- a/apparmor.d/groups/freedesktop/geoclue +++ b/apparmor.d/groups/freedesktop/geoclue @@ -9,11 +9,11 @@ include @{exec_path} = @{lib}/geoclue @{lib}/geoclue-2.0/demos/agent profile geoclue @{exec_path} flags=(attach_disconnected) { include + include include include include include - include include include include diff --git a/apparmor.d/groups/freedesktop/pipewire b/apparmor.d/groups/freedesktop/pipewire index 0729b0f57..512fb9ef9 100644 --- a/apparmor.d/groups/freedesktop/pipewire +++ b/apparmor.d/groups/freedesktop/pipewire @@ -11,9 +11,9 @@ include profile pipewire @{exec_path} flags=(attach_disconnected) { include include + include + include include - include - include include include diff --git a/apparmor.d/groups/freedesktop/pipewire-media-session b/apparmor.d/groups/freedesktop/pipewire-media-session index eec008484..faab73801 100644 --- a/apparmor.d/groups/freedesktop/pipewire-media-session +++ b/apparmor.d/groups/freedesktop/pipewire-media-session @@ -11,9 +11,9 @@ include profile pipewire-media-session @{exec_path} { include include + include + include include - include - include include include include diff --git a/apparmor.d/groups/freedesktop/polkit-agent-helper b/apparmor.d/groups/freedesktop/polkit-agent-helper index d3e96948d..939a8ea67 100644 --- a/apparmor.d/groups/freedesktop/polkit-agent-helper +++ b/apparmor.d/groups/freedesktop/polkit-agent-helper @@ -12,8 +12,8 @@ include profile polkit-agent-helper @{exec_path} { include include + include include - include include capability audit_write, diff --git a/apparmor.d/groups/freedesktop/polkitd b/apparmor.d/groups/freedesktop/polkitd index c83119ffa..0691c3ff7 100644 --- a/apparmor.d/groups/freedesktop/polkitd +++ b/apparmor.d/groups/freedesktop/polkitd @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/{,polkit-1/}polkitd profile polkitd @{exec_path} flags=(attach_disconnected) { include - include + include include capability setgid, diff --git a/apparmor.d/groups/freedesktop/pulseaudio b/apparmor.d/groups/freedesktop/pulseaudio index 1c6d6894b..3121da1cf 100644 --- a/apparmor.d/groups/freedesktop/pulseaudio +++ b/apparmor.d/groups/freedesktop/pulseaudio @@ -12,13 +12,13 @@ include profile pulseaudio @{exec_path} { include include + include + include include include include include include - include - include include include include diff --git a/apparmor.d/groups/freedesktop/upowerd b/apparmor.d/groups/freedesktop/upowerd index 9e762e76b..25883216e 100644 --- a/apparmor.d/groups/freedesktop/upowerd +++ b/apparmor.d/groups/freedesktop/upowerd @@ -10,9 +10,9 @@ include @{exec_path} = @{lib}/{,upower/}upowerd profile upowerd @{exec_path} flags=(attach_disconnected) { include + include include include - include include network netlink raw, diff --git a/apparmor.d/groups/freedesktop/xdg-dbus-proxy b/apparmor.d/groups/freedesktop/xdg-dbus-proxy index ba2fbe846..ea58402df 100644 --- a/apparmor.d/groups/freedesktop/xdg-dbus-proxy +++ b/apparmor.d/groups/freedesktop/xdg-dbus-proxy @@ -9,12 +9,12 @@ include @{exec_path} = @{bin}/xdg-dbus-proxy profile xdg-dbus-proxy @{exec_path} flags=(attach_disconnected) { include + include + include + include include include include - include - include - include dbus send bus=session path=/org/freedesktop/portal/desktop interface=org.freedesktop.portal.Realtime diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal b/apparmor.d/groups/freedesktop/xdg-desktop-portal index 43d322805..683bfdd4e 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal @@ -9,12 +9,12 @@ include @{exec_path} = @{lib}/xdg-desktop-portal profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) { include + include + include include include include include - include - include include include include diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome index d4910e0a8..6b3c572fc 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome @@ -9,12 +9,12 @@ include @{exec_path} = @{lib}/xdg-desktop-portal-gnome profile xdg-desktop-portal-gnome @{exec_path} { include + include + include include include include include - include - include include include include diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk index 6e43e90e5..8d18c5a7b 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk @@ -9,6 +9,9 @@ include @{exec_path} = @{lib}/xdg-desktop-portal-gtk profile xdg-desktop-portal-gtk @{exec_path} { include + include + include + include include include include @@ -16,9 +19,6 @@ profile xdg-desktop-portal-gtk @{exec_path} { include include include - include - include - include include include include diff --git a/apparmor.d/groups/freedesktop/xdg-document-portal b/apparmor.d/groups/freedesktop/xdg-document-portal index 2b7061b81..d79540929 100644 --- a/apparmor.d/groups/freedesktop/xdg-document-portal +++ b/apparmor.d/groups/freedesktop/xdg-document-portal @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/xdg-document-portal profile xdg-document-portal @{exec_path} flags=(attach_disconnected) { include + include include - include capability sys_nice, capability sys_resource, diff --git a/apparmor.d/groups/freedesktop/xdg-permission-store b/apparmor.d/groups/freedesktop/xdg-permission-store index afbddff45..6e7d9d430 100644 --- a/apparmor.d/groups/freedesktop/xdg-permission-store +++ b/apparmor.d/groups/freedesktop/xdg-permission-store @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/xdg-permission-store profile xdg-permission-store @{exec_path} flags=(attach_disconnected) { include - include + include capability sys_nice, diff --git a/apparmor.d/groups/freedesktop/xorg b/apparmor.d/groups/freedesktop/xorg index 6add25f4e..3da138261 100644 --- a/apparmor.d/groups/freedesktop/xorg +++ b/apparmor.d/groups/freedesktop/xorg @@ -13,8 +13,8 @@ include @{exec_path} += @{lib}/xorg/Xorg{,.wrap} profile xorg @{exec_path} flags=(attach_disconnected) { include + include include - include include include include diff --git a/apparmor.d/groups/gnome/evolution-addressbook-factory b/apparmor.d/groups/gnome/evolution-addressbook-factory index c87177a04..5c081d176 100644 --- a/apparmor.d/groups/gnome/evolution-addressbook-factory +++ b/apparmor.d/groups/gnome/evolution-addressbook-factory @@ -9,11 +9,11 @@ include @{exec_path} = @{lib}/{,evolution-data-server/}evolution-addressbook-factory profile evolution-addressbook-factory @{exec_path} { include + include + include include include include - include - include include include include diff --git a/apparmor.d/groups/gnome/evolution-calendar-factory b/apparmor.d/groups/gnome/evolution-calendar-factory index 0bef231f5..85b79b1dd 100644 --- a/apparmor.d/groups/gnome/evolution-calendar-factory +++ b/apparmor.d/groups/gnome/evolution-calendar-factory @@ -9,10 +9,10 @@ include @{exec_path} = @{lib}/{,evolution-data-server/}evolution-calendar-factory profile evolution-calendar-factory @{exec_path} { include + include + include include include - include - include include include include diff --git a/apparmor.d/groups/gnome/evolution-source-registry b/apparmor.d/groups/gnome/evolution-source-registry index 65fced962..d93135807 100644 --- a/apparmor.d/groups/gnome/evolution-source-registry +++ b/apparmor.d/groups/gnome/evolution-source-registry @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/{,evolution-data-server/}evolution-source-registry profile evolution-source-registry @{exec_path} { include + include include - include include include include diff --git a/apparmor.d/groups/gnome/gdm b/apparmor.d/groups/gnome/gdm index eaa6afb39..d13c6f3ce 100644 --- a/apparmor.d/groups/gnome/gdm +++ b/apparmor.d/groups/gnome/gdm @@ -9,8 +9,8 @@ include @{exec_path} = @{bin}/gdm{3,} profile gdm @{exec_path} flags=(attach_disconnected) { include - include - include + include + include include include diff --git a/apparmor.d/groups/gnome/gdm-session-worker b/apparmor.d/groups/gnome/gdm-session-worker index 5157fbbca..43725a205 100644 --- a/apparmor.d/groups/gnome/gdm-session-worker +++ b/apparmor.d/groups/gnome/gdm-session-worker @@ -10,9 +10,9 @@ include profile gdm-session-worker @{exec_path} flags=(attach_disconnected) { include include + include + include include - include - include include capability audit_write, diff --git a/apparmor.d/groups/gnome/gdm-wayland-session b/apparmor.d/groups/gnome/gdm-wayland-session index 6acdb444b..7207994c1 100644 --- a/apparmor.d/groups/gnome/gdm-wayland-session +++ b/apparmor.d/groups/gnome/gdm-wayland-session @@ -10,10 +10,10 @@ include profile gdm-wayland-session @{exec_path} { include include + include + include include include - include - include include include include diff --git a/apparmor.d/groups/gnome/gdm-x-session b/apparmor.d/groups/gnome/gdm-x-session index 22b35f1b2..23666260c 100644 --- a/apparmor.d/groups/gnome/gdm-x-session +++ b/apparmor.d/groups/gnome/gdm-x-session @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/{,gdm/}gdm-x-session profile gdm-x-session @{exec_path} flags=(attach_disconnected) { include - include - include + include + include include signal (receive) set=term peer=gdm{,-session-worker}, diff --git a/apparmor.d/groups/gnome/gdm-xsession b/apparmor.d/groups/gnome/gdm-xsession index dd98613c3..a824ce8e4 100644 --- a/apparmor.d/groups/gnome/gdm-xsession +++ b/apparmor.d/groups/gnome/gdm-xsession @@ -65,7 +65,7 @@ profile gdm-xsession @{exec_path} { profile dbus { include - include + include dbus send bus=session path=/org/freedesktop/systemd1 interface=org.freedesktop.systemd1.Manager diff --git a/apparmor.d/groups/gnome/gjs-console b/apparmor.d/groups/gnome/gjs-console index 08c85dad5..5b0f23eda 100644 --- a/apparmor.d/groups/gnome/gjs-console +++ b/apparmor.d/groups/gnome/gjs-console @@ -13,8 +13,8 @@ include @{exec_path} = @{bin}/gjs-console profile gjs-console @{exec_path} flags=(attach_disconnected) { include - include - include + include + include include include include diff --git a/apparmor.d/groups/gnome/gnome-calculator-search-provider b/apparmor.d/groups/gnome/gnome-calculator-search-provider index 762e12aa7..b06a0de33 100644 --- a/apparmor.d/groups/gnome/gnome-calculator-search-provider +++ b/apparmor.d/groups/gnome/gnome-calculator-search-provider @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/gnome-calculator-search-provider profile gnome-calculator-search-provider @{exec_path} { include - include + include include include include diff --git a/apparmor.d/groups/gnome/gnome-calendar b/apparmor.d/groups/gnome/gnome-calendar index f8a185a0a..9f1c8e620 100644 --- a/apparmor.d/groups/gnome/gnome-calendar +++ b/apparmor.d/groups/gnome/gnome-calendar @@ -9,12 +9,12 @@ include @{exec_path} = @{bin}/gnome-calendar profile gnome-calendar @{exec_path} { include + include + include include include include include - include - include include include include diff --git a/apparmor.d/groups/gnome/gnome-characters b/apparmor.d/groups/gnome/gnome-characters index 38f4ae94b..9170875bc 100644 --- a/apparmor.d/groups/gnome/gnome-characters +++ b/apparmor.d/groups/gnome/gnome-characters @@ -9,9 +9,9 @@ include @{exec_path} = /usr/share/org.gnome.Characters/org.gnome.Characters profile gnome-characters @{exec_path} { include + include + include include - include - include include include include diff --git a/apparmor.d/groups/gnome/gnome-characters-backgroudservice b/apparmor.d/groups/gnome/gnome-characters-backgroudservice index ab2cfa1a1..8e76baa36 100644 --- a/apparmor.d/groups/gnome/gnome-characters-backgroudservice +++ b/apparmor.d/groups/gnome/gnome-characters-backgroudservice @@ -9,7 +9,7 @@ include @{exec_path} = /usr/share/org.gnome.Characters/org.gnome.Characters.BackgroundService profile gnome-characters-backgroudservice @{exec_path} { include - include + include include include diff --git a/apparmor.d/groups/gnome/gnome-control-center b/apparmor.d/groups/gnome/gnome-control-center index 00dd628bb..19d80ad08 100644 --- a/apparmor.d/groups/gnome/gnome-control-center +++ b/apparmor.d/groups/gnome/gnome-control-center @@ -10,8 +10,8 @@ include profile gnome-control-center @{exec_path} flags=(attach_disconnected) { include include + include include - include include include include diff --git a/apparmor.d/groups/gnome/gnome-control-center-goa-helper b/apparmor.d/groups/gnome/gnome-control-center-goa-helper index 0597f09c2..0b68adce7 100644 --- a/apparmor.d/groups/gnome/gnome-control-center-goa-helper +++ b/apparmor.d/groups/gnome/gnome-control-center-goa-helper @@ -9,10 +9,10 @@ include @{exec_path} = @{lib}/gnome-control-center-goa-helper profile gnome-control-center-goa-helper @{exec_path} { include + include + include include include - include - include include include include diff --git a/apparmor.d/groups/gnome/gnome-control-center-print-renderer b/apparmor.d/groups/gnome/gnome-control-center-print-renderer index ff3bad828..3a53ea198 100644 --- a/apparmor.d/groups/gnome/gnome-control-center-print-renderer +++ b/apparmor.d/groups/gnome/gnome-control-center-print-renderer @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/gnome-control-center-print-renderer profile gnome-control-center-print-renderer @{exec_path} { include + include + include include - include - include include include include diff --git a/apparmor.d/groups/gnome/gnome-control-center-search-provider b/apparmor.d/groups/gnome/gnome-control-center-search-provider index 5efe6b33b..bad7e5ee7 100644 --- a/apparmor.d/groups/gnome/gnome-control-center-search-provider +++ b/apparmor.d/groups/gnome/gnome-control-center-search-provider @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/gnome-control-center-search-provider profile gnome-control-center-search-provider @{exec_path} { include - include + include include include include diff --git a/apparmor.d/groups/gnome/gnome-disks b/apparmor.d/groups/gnome/gnome-disks index 7af6ab22f..2190f5d20 100644 --- a/apparmor.d/groups/gnome/gnome-disks +++ b/apparmor.d/groups/gnome/gnome-disks @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/gnome-disks profile gnome-disks @{exec_path} { include - include + include include include include diff --git a/apparmor.d/groups/gnome/gnome-extension-ding b/apparmor.d/groups/gnome/gnome-extension-ding index b83c864d0..45f35800b 100644 --- a/apparmor.d/groups/gnome/gnome-extension-ding +++ b/apparmor.d/groups/gnome/gnome-extension-ding @@ -9,6 +9,9 @@ include @{exec_path} = /usr/share/gnome-shell/extensions/ding@rastersoft.com/{,app/}ding.js profile gnome-extension-ding @{exec_path} { include + include + include + include include include include @@ -16,9 +19,6 @@ profile gnome-extension-ding @{exec_path} { include include include - include - include - include include include include diff --git a/apparmor.d/groups/gnome/gnome-extension-gsconnect b/apparmor.d/groups/gnome/gnome-extension-gsconnect index 87273aed4..600a928a0 100644 --- a/apparmor.d/groups/gnome/gnome-extension-gsconnect +++ b/apparmor.d/groups/gnome/gnome-extension-gsconnect @@ -12,9 +12,9 @@ include @{exec_path} = @{share_dirs}/service/daemon.js profile gnome-extension-gsconnect @{exec_path} { include - include - include - include + include + include + include include include include diff --git a/apparmor.d/groups/gnome/gnome-initial-setup b/apparmor.d/groups/gnome/gnome-initial-setup index 938b35e8e..8bde3fe3f 100644 --- a/apparmor.d/groups/gnome/gnome-initial-setup +++ b/apparmor.d/groups/gnome/gnome-initial-setup @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/gnome-initial-setup profile gnome-initial-setup @{exec_path} { include - include + include include include include diff --git a/apparmor.d/groups/gnome/gnome-keyring-daemon b/apparmor.d/groups/gnome/gnome-keyring-daemon index cf639f5c8..7c1a8fb1f 100644 --- a/apparmor.d/groups/gnome/gnome-keyring-daemon +++ b/apparmor.d/groups/gnome/gnome-keyring-daemon @@ -10,11 +10,11 @@ include @{exec_path} = @{bin}/gnome-keyring-daemon profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) { include + include + include include include include - include - include include capability ipc_lock, diff --git a/apparmor.d/groups/gnome/gnome-remote-desktop-daemon b/apparmor.d/groups/gnome/gnome-remote-desktop-daemon index 93f1fcd9b..14b1750c1 100644 --- a/apparmor.d/groups/gnome/gnome-remote-desktop-daemon +++ b/apparmor.d/groups/gnome/gnome-remote-desktop-daemon @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/gnome-remote-desktop-daemon profile gnome-remote-desktop-daemon @{exec_path} { include - include + include include include include diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary index 2f527e2b8..f86ca28f2 100644 --- a/apparmor.d/groups/gnome/gnome-session-binary +++ b/apparmor.d/groups/gnome/gnome-session-binary @@ -9,14 +9,14 @@ include @{exec_path} = @{lib}/gnome-session-binary profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { include + include + include + include include include include include include - include - include - include include include include diff --git a/apparmor.d/groups/gnome/gnome-session-ctl b/apparmor.d/groups/gnome/gnome-session-ctl index ebd24651a..cda4c31eb 100644 --- a/apparmor.d/groups/gnome/gnome-session-ctl +++ b/apparmor.d/groups/gnome/gnome-session-ctl @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/gnome-session-ctl profile gnome-session-ctl @{exec_path} { include - include + include signal (receive) set=(kill) peer=@{systemd}, diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index c5a3f8913..ac1b616fc 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -11,6 +11,9 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { include include include + include + include + include include include include @@ -35,9 +38,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { include include include - include - include - include include include include diff --git a/apparmor.d/groups/gnome/gnome-shell-calendar-server b/apparmor.d/groups/gnome/gnome-shell-calendar-server index 250107247..873bde845 100644 --- a/apparmor.d/groups/gnome/gnome-shell-calendar-server +++ b/apparmor.d/groups/gnome/gnome-shell-calendar-server @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/{,gnome-shell/}gnome-shell-calendar-server profile gnome-shell-calendar-server @{exec_path} { include - include + include include include diff --git a/apparmor.d/groups/gnome/gnome-shell-hotplug-sniffer b/apparmor.d/groups/gnome/gnome-shell-hotplug-sniffer index 6ae8704f4..f87e79ae7 100644 --- a/apparmor.d/groups/gnome/gnome-shell-hotplug-sniffer +++ b/apparmor.d/groups/gnome/gnome-shell-hotplug-sniffer @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/gnome-shell-hotplug-sniffer profile gnome-shell-hotplug-sniffer @{exec_path} { include - include + include @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gnome-system-monitor b/apparmor.d/groups/gnome/gnome-system-monitor index dae3880f0..a2475f029 100644 --- a/apparmor.d/groups/gnome/gnome-system-monitor +++ b/apparmor.d/groups/gnome/gnome-system-monitor @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/gnome-system-monitor profile gnome-system-monitor @{exec_path} flags=(attach_disconnected) { include - include + include include include include diff --git a/apparmor.d/groups/gnome/gnome-terminal-server b/apparmor.d/groups/gnome/gnome-terminal-server index 4edf1edcf..821409b89 100644 --- a/apparmor.d/groups/gnome/gnome-terminal-server +++ b/apparmor.d/groups/gnome/gnome-terminal-server @@ -9,12 +9,12 @@ include @{exec_path} = @{lib}/gnome-terminal-server profile gnome-terminal-server @{exec_path} { include + include + include include include include include - include - include include include diff --git a/apparmor.d/groups/gnome/goa-daemon b/apparmor.d/groups/gnome/goa-daemon index d9a7aeb54..f44088371 100644 --- a/apparmor.d/groups/gnome/goa-daemon +++ b/apparmor.d/groups/gnome/goa-daemon @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/goa-daemon profile goa-daemon @{exec_path} { include + include + include include - include - include include include include diff --git a/apparmor.d/groups/gnome/goa-identity-service b/apparmor.d/groups/gnome/goa-identity-service index 9f2d99364..31d4c6082 100644 --- a/apparmor.d/groups/gnome/goa-identity-service +++ b/apparmor.d/groups/gnome/goa-identity-service @@ -10,7 +10,7 @@ include profile goa-identity-service @{exec_path} { include include - include + include dbus bind bus=session name=org.gnome.Identity, dbus receive bus=session path=/org/gnome/Identity diff --git a/apparmor.d/groups/gnome/gsd-a11y-settings b/apparmor.d/groups/gnome/gsd-a11y-settings index 7ceb20d34..68ff65ae7 100644 --- a/apparmor.d/groups/gnome/gsd-a11y-settings +++ b/apparmor.d/groups/gnome/gsd-a11y-settings @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/gsd-a11y-settings profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) { include + include include - include include signal (receive) set=(term, hup) peer=gdm*, diff --git a/apparmor.d/groups/gnome/gsd-color b/apparmor.d/groups/gnome/gsd-color index cbce8ef9f..66b859f0e 100644 --- a/apparmor.d/groups/gnome/gsd-color +++ b/apparmor.d/groups/gnome/gsd-color @@ -9,14 +9,14 @@ include @{exec_path} = @{lib}/gsd-color profile gsd-color @{exec_path} flags=(attach_disconnected) { include + include + include + include include include include include include - include - include - include include include include diff --git a/apparmor.d/groups/gnome/gsd-datetime b/apparmor.d/groups/gnome/gsd-datetime index 52f43ad43..3a78fe819 100644 --- a/apparmor.d/groups/gnome/gsd-datetime +++ b/apparmor.d/groups/gnome/gsd-datetime @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/gsd-datetime profile gsd-datetime @{exec_path} flags=(attach_disconnected) { include + include include - include include signal (receive) set=(term, hup) peer=gdm*, diff --git a/apparmor.d/groups/gnome/gsd-disk-utility-notify b/apparmor.d/groups/gnome/gsd-disk-utility-notify index 0f8577695..c2ac8ef04 100644 --- a/apparmor.d/groups/gnome/gsd-disk-utility-notify +++ b/apparmor.d/groups/gnome/gsd-disk-utility-notify @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/gsd-disk-utility-notify profile gsd-disk-utility-notify @{exec_path} { include + include + include include - include - include dbus bind bus=session name=org.gnome.Disks.NotificationMonitor, diff --git a/apparmor.d/groups/gnome/gsd-housekeeping b/apparmor.d/groups/gnome/gsd-housekeeping index 9716b8d21..7cee1b528 100644 --- a/apparmor.d/groups/gnome/gsd-housekeeping +++ b/apparmor.d/groups/gnome/gsd-housekeeping @@ -10,9 +10,9 @@ include profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) { include include + include include include - include include include diff --git a/apparmor.d/groups/gnome/gsd-keyboard b/apparmor.d/groups/gnome/gsd-keyboard index 60879460d..84df7f49b 100644 --- a/apparmor.d/groups/gnome/gsd-keyboard +++ b/apparmor.d/groups/gnome/gsd-keyboard @@ -9,13 +9,13 @@ include @{exec_path} = @{lib}/gsd-keyboard profile gsd-keyboard @{exec_path} flags=(attach_disconnected) { include + include + include + include include include include include - include - include - include include include include diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys index 39d5e40a0..e0789d0ad 100644 --- a/apparmor.d/groups/gnome/gsd-media-keys +++ b/apparmor.d/groups/gnome/gsd-media-keys @@ -10,14 +10,14 @@ include profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { include include + include + include + include include include include include include - include - include - include include include include diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power index 55760b437..b9253fe1d 100644 --- a/apparmor.d/groups/gnome/gsd-power +++ b/apparmor.d/groups/gnome/gsd-power @@ -10,6 +10,9 @@ include profile gsd-power @{exec_path} flags=(attach_disconnected) { include include + include + include + include include include include @@ -19,9 +22,6 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { include include include - include - include - include include include include diff --git a/apparmor.d/groups/gnome/gsd-print-notifications b/apparmor.d/groups/gnome/gsd-print-notifications index f4b93d016..7a5d752a2 100644 --- a/apparmor.d/groups/gnome/gsd-print-notifications +++ b/apparmor.d/groups/gnome/gsd-print-notifications @@ -9,10 +9,10 @@ include @{exec_path} = @{lib}/gsd-print-notifications profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) { include + include + include include include - include - include include network inet stream, diff --git a/apparmor.d/groups/gnome/gsd-printer b/apparmor.d/groups/gnome/gsd-printer index 37c571ce3..7dfd59f7a 100644 --- a/apparmor.d/groups/gnome/gsd-printer +++ b/apparmor.d/groups/gnome/gsd-printer @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/gsd-printer profile gsd-printer @{exec_path} flags=(attach_disconnected) { include + include + include include - include - include include signal (receive) set=(term, hup) peer=gdm*, diff --git a/apparmor.d/groups/gnome/gsd-rfkill b/apparmor.d/groups/gnome/gsd-rfkill index 8ba57fa23..4c6c96b6c 100644 --- a/apparmor.d/groups/gnome/gsd-rfkill +++ b/apparmor.d/groups/gnome/gsd-rfkill @@ -9,12 +9,12 @@ include @{exec_path} = @{lib}/gsd-rfkill profile gsd-rfkill @{exec_path} flags=(attach_disconnected) { include + include + include include include include include - include - include signal (receive) set=(term, hup) peer=gdm*, diff --git a/apparmor.d/groups/gnome/gsd-screensaver-proxy b/apparmor.d/groups/gnome/gsd-screensaver-proxy index 43efda14b..9149023ca 100644 --- a/apparmor.d/groups/gnome/gsd-screensaver-proxy +++ b/apparmor.d/groups/gnome/gsd-screensaver-proxy @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/gsd-screensaver-proxy profile gsd-screensaver-proxy @{exec_path} flags=(attach_disconnected) { include + include include - include signal (receive) set=(term, hup) peer=gdm*, diff --git a/apparmor.d/groups/gnome/gsd-sharing b/apparmor.d/groups/gnome/gsd-sharing index 55bff5886..111fac2ac 100644 --- a/apparmor.d/groups/gnome/gsd-sharing +++ b/apparmor.d/groups/gnome/gsd-sharing @@ -9,10 +9,10 @@ include @{exec_path} = @{lib}/gsd-sharing profile gsd-sharing @{exec_path} flags=(attach_disconnected) { include + include + include include include - include - include include signal (receive) set=(term, hup) peer=gdm*, diff --git a/apparmor.d/groups/gnome/gsd-smartcard b/apparmor.d/groups/gnome/gsd-smartcard index 7617ff331..d9c280233 100644 --- a/apparmor.d/groups/gnome/gsd-smartcard +++ b/apparmor.d/groups/gnome/gsd-smartcard @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/gsd-smartcard profile gsd-smartcard @{exec_path} flags=(attach_disconnected) { include + include include - include include include include diff --git a/apparmor.d/groups/gnome/gsd-sound b/apparmor.d/groups/gnome/gsd-sound index de8ef6223..7659da3e1 100644 --- a/apparmor.d/groups/gnome/gsd-sound +++ b/apparmor.d/groups/gnome/gsd-sound @@ -10,9 +10,9 @@ include profile gsd-sound @{exec_path} flags=(attach_disconnected) { include include + include include include - include include signal (receive) set=(term, hup) peer=gdm*, diff --git a/apparmor.d/groups/gnome/gsd-wacom b/apparmor.d/groups/gnome/gsd-wacom index 9d5c2681d..4ee9d9e6a 100644 --- a/apparmor.d/groups/gnome/gsd-wacom +++ b/apparmor.d/groups/gnome/gsd-wacom @@ -9,11 +9,11 @@ include @{exec_path} = @{lib}/gsd-wacom profile gsd-wacom @{exec_path} flags=(attach_disconnected) { include + include + include include include include - include - include include include include diff --git a/apparmor.d/groups/gnome/gsd-xsettings b/apparmor.d/groups/gnome/gsd-xsettings index 41d9a53da..401b3c043 100644 --- a/apparmor.d/groups/gnome/gsd-xsettings +++ b/apparmor.d/groups/gnome/gsd-xsettings @@ -9,14 +9,14 @@ include @{exec_path} = @{lib}/gsd-xsettings profile gsd-xsettings @{exec_path} { include + include + include + include include include include include include - include - include - include include include include diff --git a/apparmor.d/groups/gnome/mutter-x11-frames b/apparmor.d/groups/gnome/mutter-x11-frames index 3a8837265..7a700e369 100644 --- a/apparmor.d/groups/gnome/mutter-x11-frames +++ b/apparmor.d/groups/gnome/mutter-x11-frames @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/mutter-x11-frames profile mutter-x11-frames @{exec_path} { include - include + include include include include diff --git a/apparmor.d/groups/gnome/nautilus b/apparmor.d/groups/gnome/nautilus index 87fb5c646..9a50a2862 100644 --- a/apparmor.d/groups/gnome/nautilus +++ b/apparmor.d/groups/gnome/nautilus @@ -9,12 +9,12 @@ include @{exec_path} = @{bin}/nautilus profile nautilus @{exec_path} flags=(attach_disconnected) { include + include + include + include include include include - include - include - include include include include diff --git a/apparmor.d/groups/gnome/seahorse b/apparmor.d/groups/gnome/seahorse index 5e1845fd2..309da110e 100644 --- a/apparmor.d/groups/gnome/seahorse +++ b/apparmor.d/groups/gnome/seahorse @@ -9,12 +9,12 @@ include @{exec_path} = @{bin}/seahorse profile seahorse @{exec_path} { include + include + include include include include include - include - include include include include diff --git a/apparmor.d/groups/gnome/tracker-extract b/apparmor.d/groups/gnome/tracker-extract index ce64f017d..dbe287191 100644 --- a/apparmor.d/groups/gnome/tracker-extract +++ b/apparmor.d/groups/gnome/tracker-extract @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/tracker-extract-3 profile tracker-extract @{exec_path} flags=(attach_disconnected) { include + include include include - include include include include diff --git a/apparmor.d/groups/gnome/tracker-miner b/apparmor.d/groups/gnome/tracker-miner index 7531f9640..6d3e5f4ce 100644 --- a/apparmor.d/groups/gnome/tracker-miner +++ b/apparmor.d/groups/gnome/tracker-miner @@ -9,11 +9,11 @@ include @{exec_path} = @{lib}/tracker-miner-fs-{,control-}3 profile tracker-miner @{exec_path} flags=(attach_disconnected) { include + include + include include include include - include - include include include include diff --git a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor index 2357778a3..806d6fcb1 100644 --- a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfs-afc-volume-monitor profile gvfs-afc-volume-monitor @{exec_path} { include - include + include dbus bind bus=session name=org.gtk.vfs.AfcVolumeMonitor, dbus receive bus=session path=/org/gtk/Private/RemoteVolumeMonitor diff --git a/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor b/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor index 9a4c3b9db..059c0a1f7 100644 --- a/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfs-goa-volume-monitor profile gvfs-goa-volume-monitor @{exec_path} { include - include + include dbus bind bus=session name=org.gtk.vfs.GoaVolumeMonitor, diff --git a/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor index 32aa83cda..e99eddd24 100644 --- a/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfs-gphoto2-volume-monitor profile gvfs-gphoto2-volume-monitor @{exec_path} { include - include + include include include diff --git a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor index fff1b126b..06d2e3b09 100644 --- a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfs-mtp-volume-monitor profile gvfs-mtp-volume-monitor @{exec_path} { include - include + include include network netlink raw, diff --git a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor index a92f4a48d..b7e6bfdc6 100644 --- a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor @@ -10,10 +10,10 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfs-udisks2-volume-monitor profile gvfs-udisks2-volume-monitor @{exec_path} flags=(attach_disconnected) { include + include + include include include - include - include include include include diff --git a/apparmor.d/groups/gvfs/gvfsd b/apparmor.d/groups/gvfs/gvfsd index 5666d525e..0f93193dc 100644 --- a/apparmor.d/groups/gvfs/gvfsd +++ b/apparmor.d/groups/gvfs/gvfsd @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfsd profile gvfsd @{exec_path} { include - include + include dbus bind bus=session name=org.gtk.vfs.Daemon, diff --git a/apparmor.d/groups/gvfs/gvfsd-dnssd b/apparmor.d/groups/gvfs/gvfsd-dnssd index c081b6bd5..495043134 100644 --- a/apparmor.d/groups/gvfs/gvfsd-dnssd +++ b/apparmor.d/groups/gvfs/gvfsd-dnssd @@ -10,10 +10,10 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfsd-dnssd profile gvfsd-dnssd @{exec_path} { include + include + include include include - include - include dbus bind bus=session name=org.gtk.vfs.mountpoint_dnssd, diff --git a/apparmor.d/groups/gvfs/gvfsd-fuse b/apparmor.d/groups/gvfs/gvfsd-fuse index 7fe5c1e39..7ec099e4f 100644 --- a/apparmor.d/groups/gvfs/gvfsd-fuse +++ b/apparmor.d/groups/gvfs/gvfsd-fuse @@ -10,8 +10,8 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfsd-fuse profile gvfsd-fuse @{exec_path} { include + include include - include unix (send,receive) type=stream addr=none peer=(label=gvfsd-fuse//fusermount), diff --git a/apparmor.d/groups/gvfs/gvfsd-metadata b/apparmor.d/groups/gvfs/gvfsd-metadata index 8ba651eb6..d49e533c7 100644 --- a/apparmor.d/groups/gvfs/gvfsd-metadata +++ b/apparmor.d/groups/gvfs/gvfsd-metadata @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfsd-metadata profile gvfsd-metadata @{exec_path} { include - include + include include network netlink raw, diff --git a/apparmor.d/groups/gvfs/gvfsd-network b/apparmor.d/groups/gvfs/gvfsd-network index b8c65a144..1208707aa 100644 --- a/apparmor.d/groups/gvfs/gvfsd-network +++ b/apparmor.d/groups/gvfs/gvfsd-network @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfsd-network profile gvfsd-network @{exec_path} { include - include + include include dbus send bus=session path=/org/gtk/gvfs/exec_spaw/@{int} diff --git a/apparmor.d/groups/gvfs/gvfsd-smb-browse b/apparmor.d/groups/gvfs/gvfsd-smb-browse index 5f1f91bba..3f26bf8d9 100644 --- a/apparmor.d/groups/gvfs/gvfsd-smb-browse +++ b/apparmor.d/groups/gvfs/gvfsd-smb-browse @@ -10,8 +10,8 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfsd-smb-browse profile gvfsd-smb-browse @{exec_path} { include + include include - include include include diff --git a/apparmor.d/groups/gvfs/gvfsd-trash b/apparmor.d/groups/gvfs/gvfsd-trash index a586cb8a0..ae1abf584 100644 --- a/apparmor.d/groups/gvfs/gvfsd-trash +++ b/apparmor.d/groups/gvfs/gvfsd-trash @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfsd-trash profile gvfsd-trash @{exec_path} { include - include + include include include include diff --git a/apparmor.d/groups/kde/kded5 b/apparmor.d/groups/kde/kded5 index 2c89d4bb1..19bd2942b 100644 --- a/apparmor.d/groups/kde/kded5 +++ b/apparmor.d/groups/kde/kded5 @@ -10,9 +10,9 @@ include profile kded5 @{exec_path} { include include + include include include - include include include include diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell index 923e63e47..75214af33 100644 --- a/apparmor.d/groups/kde/plasmashell +++ b/apparmor.d/groups/kde/plasmashell @@ -11,10 +11,10 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { include include include + include + include include include - include - include include include include diff --git a/apparmor.d/groups/network/ModemManager b/apparmor.d/groups/network/ModemManager index ca04cd06c..d46ca2f5e 100644 --- a/apparmor.d/groups/network/ModemManager +++ b/apparmor.d/groups/network/ModemManager @@ -9,10 +9,10 @@ include @{exec_path} = @{bin}/ModemManager profile ModemManager @{exec_path} flags=(attach_disconnected) { include + include include include include - include include include diff --git a/apparmor.d/groups/network/networkd-dispatcher b/apparmor.d/groups/network/networkd-dispatcher index f1ba61695..5d3127781 100644 --- a/apparmor.d/groups/network/networkd-dispatcher +++ b/apparmor.d/groups/network/networkd-dispatcher @@ -9,10 +9,10 @@ include @{exec_path} = @{bin}/networkd-dispatcher profile networkd-dispatcher @{exec_path} { include - include + include include - include include + include dbus receive bus=system path=/org/freedesktop/network1{,/link/*} interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/network/nm-dispatcher b/apparmor.d/groups/network/nm-dispatcher index 2b272dcaa..95f1f3a7f 100644 --- a/apparmor.d/groups/network/nm-dispatcher +++ b/apparmor.d/groups/network/nm-dispatcher @@ -11,7 +11,7 @@ include @{exec_path} = @{lib}/{,NetworkManager/}nm-dispatcher profile nm-dispatcher @{exec_path} flags=(attach_disconnected) { include - include + include include capability net_admin, diff --git a/apparmor.d/groups/network/nm-online b/apparmor.d/groups/network/nm-online index b80628b3d..d203b0fa9 100644 --- a/apparmor.d/groups/network/nm-online +++ b/apparmor.d/groups/network/nm-online @@ -9,7 +9,8 @@ include @{exec_path} = @{bin}/nm-online profile nm-online @{exec_path} { include - include + include + include @{exec_path} mr, diff --git a/apparmor.d/groups/network/tailscaled b/apparmor.d/groups/network/tailscaled index 93b3fc731..55e1d35f9 100644 --- a/apparmor.d/groups/network/tailscaled +++ b/apparmor.d/groups/network/tailscaled @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/tailscaled profile tailscaled @{exec_path} flags=(attach_disconnected) { include - include + include include include diff --git a/apparmor.d/groups/ssh/ssh-agent-launch b/apparmor.d/groups/ssh/ssh-agent-launch index 99e983fba..0231aa101 100644 --- a/apparmor.d/groups/ssh/ssh-agent-launch +++ b/apparmor.d/groups/ssh/ssh-agent-launch @@ -21,7 +21,7 @@ profile ssh-agent-launch @{exec_path} { profile dbus { include - include + include dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/groups/ssh/sshd b/apparmor.d/groups/ssh/sshd index 793429290..5bc5e725e 100644 --- a/apparmor.d/groups/ssh/sshd +++ b/apparmor.d/groups/ssh/sshd @@ -19,8 +19,8 @@ include profile sshd @{exec_path} flags=(attach_disconnected) { include include + include include - include include include include diff --git a/apparmor.d/groups/systemd/hostnamectl b/apparmor.d/groups/systemd/hostnamectl index 58d967d62..eccb2cc8f 100644 --- a/apparmor.d/groups/systemd/hostnamectl +++ b/apparmor.d/groups/systemd/hostnamectl @@ -9,9 +9,9 @@ include @{exec_path} = @{bin}/hostnamectl profile hostnamectl @{exec_path} { include + include include include - include capability net_admin, diff --git a/apparmor.d/groups/systemd/loginctl b/apparmor.d/groups/systemd/loginctl index 4a8139431..3a910bd0a 100644 --- a/apparmor.d/groups/systemd/loginctl +++ b/apparmor.d/groups/systemd/loginctl @@ -9,9 +9,9 @@ include @{exec_path} = @{bin}/loginctl profile loginctl @{exec_path} { include + include include include - include include capability net_admin, diff --git a/apparmor.d/groups/systemd/networkctl b/apparmor.d/groups/systemd/networkctl index afdd1ded9..23c619eef 100644 --- a/apparmor.d/groups/systemd/networkctl +++ b/apparmor.d/groups/systemd/networkctl @@ -10,7 +10,7 @@ include @{exec_path} = @{bin}/networkctl profile networkctl @{exec_path} flags=(attach_disconnected) { include - include + include capability net_admin, capability sys_module, diff --git a/apparmor.d/groups/systemd/systemd-analyze b/apparmor.d/groups/systemd/systemd-analyze index 92d042b92..5b77813f1 100644 --- a/apparmor.d/groups/systemd/systemd-analyze +++ b/apparmor.d/groups/systemd/systemd-analyze @@ -10,8 +10,8 @@ include @{exec_path} = @{bin}/systemd-analyze profile systemd-analyze @{exec_path} { include + include include - include include capability sys_resource, diff --git a/apparmor.d/groups/systemd/systemd-homed b/apparmor.d/groups/systemd/systemd-homed index 130162662..2690d6335 100644 --- a/apparmor.d/groups/systemd/systemd-homed +++ b/apparmor.d/groups/systemd/systemd-homed @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/systemd/systemd-homed profile systemd-homed @{exec_path} flags=(attach_disconnected) { include - include + include include include include diff --git a/apparmor.d/groups/systemd/systemd-hostnamed b/apparmor.d/groups/systemd/systemd-hostnamed index f3bdb1e62..a4300d4a1 100644 --- a/apparmor.d/groups/systemd/systemd-hostnamed +++ b/apparmor.d/groups/systemd/systemd-hostnamed @@ -10,8 +10,8 @@ include @{exec_path} = @{lib}/systemd/systemd-hostnamed profile systemd-hostnamed @{exec_path} flags=(attach_disconnected) { include + include include - include include capability sys_admin, # To set a hostname diff --git a/apparmor.d/groups/systemd/systemd-localed b/apparmor.d/groups/systemd/systemd-localed index ebb05e990..a3c69fcb5 100644 --- a/apparmor.d/groups/systemd/systemd-localed +++ b/apparmor.d/groups/systemd/systemd-localed @@ -10,8 +10,8 @@ include @{exec_path} = @{lib}/systemd/systemd-localed profile systemd-localed @{exec_path} flags=(attach_disconnected) { include + include include - include include # Needed? diff --git a/apparmor.d/groups/systemd/systemd-logind b/apparmor.d/groups/systemd/systemd-logind index 464ac6d71..c762acd6d 100644 --- a/apparmor.d/groups/systemd/systemd-logind +++ b/apparmor.d/groups/systemd/systemd-logind @@ -10,9 +10,9 @@ include @{exec_path} = @{lib}/systemd/systemd-logind profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) { include + include include include - include include include include diff --git a/apparmor.d/groups/systemd/systemd-machined b/apparmor.d/groups/systemd/systemd-machined index 641bb8715..456f948d4 100644 --- a/apparmor.d/groups/systemd/systemd-machined +++ b/apparmor.d/groups/systemd/systemd-machined @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/systemd/systemd-machined profile systemd-machined @{exec_path} { include - include + include include capability chown, diff --git a/apparmor.d/groups/systemd/systemd-networkd b/apparmor.d/groups/systemd/systemd-networkd index b1b92df5c..d4a8f17fd 100644 --- a/apparmor.d/groups/systemd/systemd-networkd +++ b/apparmor.d/groups/systemd/systemd-networkd @@ -10,8 +10,8 @@ include @{exec_path} = @{lib}/systemd/systemd-networkd profile systemd-networkd @{exec_path} flags=(attach_disconnected,complain) { include + include include - include include capability net_admin, diff --git a/apparmor.d/groups/systemd/systemd-oomd b/apparmor.d/groups/systemd/systemd-oomd index d778cbba7..5bfa3f988 100644 --- a/apparmor.d/groups/systemd/systemd-oomd +++ b/apparmor.d/groups/systemd/systemd-oomd @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/systemd/systemd-oomd profile systemd-oomd @{exec_path} flags=(attach_disconnected) { include - include + include include capability dac_override, diff --git a/apparmor.d/groups/systemd/systemd-resolved b/apparmor.d/groups/systemd/systemd-resolved index f938b7e32..c8fe3ef58 100644 --- a/apparmor.d/groups/systemd/systemd-resolved +++ b/apparmor.d/groups/systemd/systemd-resolved @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/systemd/systemd-resolved profile systemd-resolved @{exec_path} flags=(attach_disconnected) { include + include include - include include include include diff --git a/apparmor.d/groups/systemd/systemd-sleep b/apparmor.d/groups/systemd/systemd-sleep index 7222c7853..186aed4fa 100644 --- a/apparmor.d/groups/systemd/systemd-sleep +++ b/apparmor.d/groups/systemd/systemd-sleep @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/systemd/systemd-sleep profile systemd-sleep @{exec_path} { include + include include - include include capability net_admin, diff --git a/apparmor.d/groups/systemd/systemd-timedated b/apparmor.d/groups/systemd/systemd-timedated index beb7f295b..5b00b71a6 100644 --- a/apparmor.d/groups/systemd/systemd-timedated +++ b/apparmor.d/groups/systemd/systemd-timedated @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/systemd/systemd-timedated profile systemd-timedated @{exec_path} flags=(attach_disconnected) { include - include + include include capability sys_time, diff --git a/apparmor.d/groups/systemd/systemd-timesyncd b/apparmor.d/groups/systemd/systemd-timesyncd index f1ea2a12a..6871a354f 100644 --- a/apparmor.d/groups/systemd/systemd-timesyncd +++ b/apparmor.d/groups/systemd/systemd-timesyncd @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/systemd/systemd-timesyncd profile systemd-timesyncd @{exec_path} flags=(attach_disconnected) { include - include + include include include diff --git a/apparmor.d/groups/systemd/systemd-user-runtime-dir b/apparmor.d/groups/systemd/systemd-user-runtime-dir index 71a0f6655..0a6b1d72d 100644 --- a/apparmor.d/groups/systemd/systemd-user-runtime-dir +++ b/apparmor.d/groups/systemd/systemd-user-runtime-dir @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/systemd/systemd-user-runtime-dir profile systemd-user-runtime-dir @{exec_path} { include + include include - include include include diff --git a/apparmor.d/groups/ubuntu/apport-gtk b/apparmor.d/groups/ubuntu/apport-gtk index dd7fbd834..eefd2cfe9 100644 --- a/apparmor.d/groups/ubuntu/apport-gtk +++ b/apparmor.d/groups/ubuntu/apport-gtk @@ -10,7 +10,7 @@ include profile apport-gtk @{exec_path} { include include - include + include include include include diff --git a/apparmor.d/groups/ubuntu/check-new-release-gtk b/apparmor.d/groups/ubuntu/check-new-release-gtk index 5bb04cc44..8fdc70519 100644 --- a/apparmor.d/groups/ubuntu/check-new-release-gtk +++ b/apparmor.d/groups/ubuntu/check-new-release-gtk @@ -10,9 +10,9 @@ include profile check-new-release-gtk @{exec_path} { include include + include + include include - include - include include include include diff --git a/apparmor.d/groups/ubuntu/livepatch-notification b/apparmor.d/groups/ubuntu/livepatch-notification index 13521edf5..9f74579a9 100644 --- a/apparmor.d/groups/ubuntu/livepatch-notification +++ b/apparmor.d/groups/ubuntu/livepatch-notification @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/update-notifier/livepatch-notification profile livepatch-notification @{exec_path} { include + include + include include - include - include include include include diff --git a/apparmor.d/groups/ubuntu/software-properties-dbus b/apparmor.d/groups/ubuntu/software-properties-dbus index 2864843b2..b877a3e46 100644 --- a/apparmor.d/groups/ubuntu/software-properties-dbus +++ b/apparmor.d/groups/ubuntu/software-properties-dbus @@ -10,7 +10,7 @@ include profile software-properties-dbus @{exec_path} { include include - include + include include include include diff --git a/apparmor.d/groups/ubuntu/software-properties-gtk b/apparmor.d/groups/ubuntu/software-properties-gtk index 350fe94d0..c59851b61 100644 --- a/apparmor.d/groups/ubuntu/software-properties-gtk +++ b/apparmor.d/groups/ubuntu/software-properties-gtk @@ -10,10 +10,10 @@ include profile software-properties-gtk @{exec_path} { include include + include + include include include - include - include include include include diff --git a/apparmor.d/groups/ubuntu/ubuntu-advantage-desktop-daemon b/apparmor.d/groups/ubuntu/ubuntu-advantage-desktop-daemon index e7b2298c7..f15ef14a8 100644 --- a/apparmor.d/groups/ubuntu/ubuntu-advantage-desktop-daemon +++ b/apparmor.d/groups/ubuntu/ubuntu-advantage-desktop-daemon @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/ubuntu-advantage-desktop-daemon profile ubuntu-advantage-desktop-daemon @{exec_path} flags=(attach_disconnected) { include - include + include include capability sys_nice, diff --git a/apparmor.d/groups/ubuntu/ubuntu-advantage-notification b/apparmor.d/groups/ubuntu/ubuntu-advantage-notification index a5838563e..bfcbaff43 100644 --- a/apparmor.d/groups/ubuntu/ubuntu-advantage-notification +++ b/apparmor.d/groups/ubuntu/ubuntu-advantage-notification @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/update-notifier/ubuntu-advantage-notification profile ubuntu-advantage-notification @{exec_path} { include + include + include include - include - include include include include diff --git a/apparmor.d/groups/ubuntu/update-manager b/apparmor.d/groups/ubuntu/update-manager index 02a76768f..e42d987ac 100644 --- a/apparmor.d/groups/ubuntu/update-manager +++ b/apparmor.d/groups/ubuntu/update-manager @@ -10,12 +10,12 @@ include profile update-manager @{exec_path} flags=(attach_disconnected) { include include + include + include include include include include - include - include include include include diff --git a/apparmor.d/groups/ubuntu/update-notifier b/apparmor.d/groups/ubuntu/update-notifier index 6b25889e2..73f7f4d6f 100644 --- a/apparmor.d/groups/ubuntu/update-notifier +++ b/apparmor.d/groups/ubuntu/update-notifier @@ -11,10 +11,10 @@ profile update-notifier @{exec_path} { include include include + include + include + include include - include - include - include include include include diff --git a/apparmor.d/groups/virt/dockerd b/apparmor.d/groups/virt/dockerd index 4428eedb9..137ef88ec 100644 --- a/apparmor.d/groups/virt/dockerd +++ b/apparmor.d/groups/virt/dockerd @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/dockerd profile dockerd @{exec_path} flags=(attach_disconnected) { include - include + include include include diff --git a/apparmor.d/profiles-a-f/aa-notify b/apparmor.d/profiles-a-f/aa-notify index a76325287..490fae5c9 100644 --- a/apparmor.d/profiles-a-f/aa-notify +++ b/apparmor.d/profiles-a-f/aa-notify @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/aa-notify profile aa-notify @{exec_path} { include - include + include include include diff --git a/apparmor.d/profiles-a-f/atril b/apparmor.d/profiles-a-f/atril index 30c45d71d..7660c942c 100644 --- a/apparmor.d/profiles-a-f/atril +++ b/apparmor.d/profiles-a-f/atril @@ -10,10 +10,10 @@ include @{exec_path} = @{bin}/atril{,-*} profile atril @{exec_path} { include + include + include include include - include - include include include include diff --git a/apparmor.d/profiles-a-f/atrild b/apparmor.d/profiles-a-f/atrild index d8607e010..3a29906ce 100644 --- a/apparmor.d/profiles-a-f/atrild +++ b/apparmor.d/profiles-a-f/atrild @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/atril/atrild profile atrild @{exec_path} { include - include + include dbus bind bus=session name=org.mate.atril.Daemon, diff --git a/apparmor.d/profiles-a-f/bluetoothd b/apparmor.d/profiles-a-f/bluetoothd index c70b5aa9d..803831358 100644 --- a/apparmor.d/profiles-a-f/bluetoothd +++ b/apparmor.d/profiles-a-f/bluetoothd @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/bluetooth/bluetoothd profile bluetoothd @{exec_path} flags=(attach_disconnected) { include - include + include # Needed for configuring HCI interfaces capability net_admin, diff --git a/apparmor.d/profiles-a-f/boltd b/apparmor.d/profiles-a-f/boltd index 2c503d360..af4008337 100644 --- a/apparmor.d/profiles-a-f/boltd +++ b/apparmor.d/profiles-a-f/boltd @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/boltd profile boltd @{exec_path} flags=(attach_disconnected) { include + include include - include include capability net_admin, diff --git a/apparmor.d/profiles-a-f/cups-browsed b/apparmor.d/profiles-a-f/cups-browsed index 1cb1a6c13..edf4f57d4 100644 --- a/apparmor.d/profiles-a-f/cups-browsed +++ b/apparmor.d/profiles-a-f/cups-browsed @@ -9,10 +9,10 @@ include @{exec_path} = @{bin}/cups-browsed profile cups-browsed @{exec_path} { include + include include include include - include include include diff --git a/apparmor.d/profiles-a-f/cups-pk-helper-mechanism b/apparmor.d/profiles-a-f/cups-pk-helper-mechanism index 90721065b..634f699d6 100644 --- a/apparmor.d/profiles-a-f/cups-pk-helper-mechanism +++ b/apparmor.d/profiles-a-f/cups-pk-helper-mechanism @@ -10,8 +10,8 @@ include @{exec_path} += @{lib}/@{multiarch}/cups-pk-helper-mechanism profile cups-pk-helper-mechanism @{exec_path} { include + include include - include include capability dac_read_search, diff --git a/apparmor.d/profiles-a-f/engrampa b/apparmor.d/profiles-a-f/engrampa index 7b440ee6b..cf3d79f88 100644 --- a/apparmor.d/profiles-a-f/engrampa +++ b/apparmor.d/profiles-a-f/engrampa @@ -10,10 +10,10 @@ include @{exec_path} = @{bin}/engrampa profile engrampa @{exec_path} { include + include + include include include - include - include include include include diff --git a/apparmor.d/profiles-a-f/evince b/apparmor.d/profiles-a-f/evince index 038f419d9..db291556b 100644 --- a/apparmor.d/profiles-a-f/evince +++ b/apparmor.d/profiles-a-f/evince @@ -9,10 +9,10 @@ include @{exec_path} = @{bin}/evince @{lib}/evinced profile evince @{exec_path} { include + include + include include include - include - include include include include diff --git a/apparmor.d/profiles-a-f/evince-previewer b/apparmor.d/profiles-a-f/evince-previewer index 3fd79a15e..68d0c0342 100644 --- a/apparmor.d/profiles-a-f/evince-previewer +++ b/apparmor.d/profiles-a-f/evince-previewer @@ -9,8 +9,8 @@ include @{exec_path} = @{bin}/evince-previewer profile evince-previewer @{exec_path} { include - include - include + include + include include include include diff --git a/apparmor.d/profiles-a-f/exim4 b/apparmor.d/profiles-a-f/exim4 index 01f7de4d2..96f970fd1 100644 --- a/apparmor.d/profiles-a-f/exim4 +++ b/apparmor.d/profiles-a-f/exim4 @@ -10,8 +10,8 @@ include @{exec_path} = @{bin}/exim4 profile exim4 @{exec_path} { include + include include - include include include diff --git a/apparmor.d/profiles-a-f/file-roller b/apparmor.d/profiles-a-f/file-roller index f00e86a57..bc227ac00 100644 --- a/apparmor.d/profiles-a-f/file-roller +++ b/apparmor.d/profiles-a-f/file-roller @@ -9,8 +9,8 @@ include @{exec_path} = @{bin}/file-roller profile file-roller @{exec_path} { include - include - include + include + include include include include diff --git a/apparmor.d/profiles-a-f/fprintd b/apparmor.d/profiles-a-f/fprintd index 705cac998..f1d10735e 100644 --- a/apparmor.d/profiles-a-f/fprintd +++ b/apparmor.d/profiles-a-f/fprintd @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/fprintd profile fprintd @{exec_path} flags=(attach_disconnected) { include + include include - include include include diff --git a/apparmor.d/profiles-a-f/fwupd b/apparmor.d/profiles-a-f/fwupd index dc23df362..537f964ef 100644 --- a/apparmor.d/profiles-a-f/fwupd +++ b/apparmor.d/profiles-a-f/fwupd @@ -10,12 +10,12 @@ include @{exec_path} = @{lib}/{,fwupd/}fwupd profile fwupd @{exec_path} flags=(complain,attach_disconnected) { include + include include include include include include - include include include include diff --git a/apparmor.d/profiles-a-f/fwupdmgr b/apparmor.d/profiles-a-f/fwupdmgr index 32c0dc2ed..a99f69d04 100644 --- a/apparmor.d/profiles-a-f/fwupdmgr +++ b/apparmor.d/profiles-a-f/fwupdmgr @@ -10,7 +10,7 @@ include @{exec_path} = @{bin}/fwupdmgr profile fwupdmgr @{exec_path} flags=(attach_disconnected,complain) { include - include + include include include include diff --git a/apparmor.d/profiles-g-l/glib-pacrunner b/apparmor.d/profiles-g-l/glib-pacrunner index 097e756da..0161527ce 100644 --- a/apparmor.d/profiles-g-l/glib-pacrunner +++ b/apparmor.d/profiles-g-l/glib-pacrunner @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/glib-pacrunner profile glib-pacrunner @{exec_path} { include - include - include + include + include include network inet dgram, diff --git a/apparmor.d/profiles-g-l/gsettings b/apparmor.d/profiles-g-l/gsettings index cc8f83c3a..f5da2bf7d 100644 --- a/apparmor.d/profiles-g-l/gsettings +++ b/apparmor.d/profiles-g-l/gsettings @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/gsettings profile gsettings @{exec_path} { include - include + include include @{exec_path} mr, diff --git a/apparmor.d/profiles-g-l/keepassxc b/apparmor.d/profiles-g-l/keepassxc index f40bdd2d4..e4ce3217f 100644 --- a/apparmor.d/profiles-g-l/keepassxc +++ b/apparmor.d/profiles-g-l/keepassxc @@ -10,8 +10,8 @@ include @{exec_path} = @{bin}/keepassxc profile keepassxc @{exec_path} { include - include - include + include + include include include include diff --git a/apparmor.d/profiles-g-l/kerneloops b/apparmor.d/profiles-g-l/kerneloops index b8dc7dd11..07d021bc9 100644 --- a/apparmor.d/profiles-g-l/kerneloops +++ b/apparmor.d/profiles-g-l/kerneloops @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/kerneloops profile kerneloops @{exec_path} { include - include + include include capability syslog, diff --git a/apparmor.d/profiles-g-l/login b/apparmor.d/profiles-g-l/login index c8211e64d..0e278b089 100644 --- a/apparmor.d/profiles-g-l/login +++ b/apparmor.d/profiles-g-l/login @@ -10,9 +10,9 @@ include profile login @{exec_path} flags=(attach_disconnected) { include include + include include include - include include include diff --git a/apparmor.d/profiles-g-l/lvm b/apparmor.d/profiles-g-l/lvm index 1760ae92c..725452b5f 100644 --- a/apparmor.d/profiles-g-l/lvm +++ b/apparmor.d/profiles-g-l/lvm @@ -9,8 +9,8 @@ include @{exec_path} = @{bin}/lvm profile lvm @{exec_path} flags=(attach_disconnected) { include + include include - include include capability dac_read_search, diff --git a/apparmor.d/profiles-m-r/murmurd b/apparmor.d/profiles-m-r/murmurd index 47faeb87f..6eb54c79d 100644 --- a/apparmor.d/profiles-m-r/murmurd +++ b/apparmor.d/profiles-m-r/murmurd @@ -7,8 +7,8 @@ include @{exec_path} = @{bin}/murmurd profile murmurd @{exec_path} { include + include include - include include include include diff --git a/apparmor.d/profiles-m-r/needrestart-apt-pinvoke b/apparmor.d/profiles-m-r/needrestart-apt-pinvoke index 45408b1f1..b5e7b39dd 100644 --- a/apparmor.d/profiles-m-r/needrestart-apt-pinvoke +++ b/apparmor.d/profiles-m-r/needrestart-apt-pinvoke @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/needrestart/apt-pinvoke profile needrestart-apt-pinvoke @{exec_path} { include + include include include - include @{exec_path} mr, diff --git a/apparmor.d/profiles-m-r/obexd b/apparmor.d/profiles-m-r/obexd index b16c8ec9b..9a9510110 100644 --- a/apparmor.d/profiles-m-r/obexd +++ b/apparmor.d/profiles-m-r/obexd @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/bluetooth/obexd profile obexd @{exec_path} { include - include - include + include + include include network bluetooth stream, diff --git a/apparmor.d/profiles-m-r/packagekitd b/apparmor.d/profiles-m-r/packagekitd index 61d2d3b6d..ac585befe 100644 --- a/apparmor.d/profiles-m-r/packagekitd +++ b/apparmor.d/profiles-m-r/packagekitd @@ -9,10 +9,10 @@ include @{exec_path} = @{lib}/packagekitd profile packagekitd @{exec_path} flags=(attach_disconnected) { include + include include include include - include include include include diff --git a/apparmor.d/profiles-m-r/passimd b/apparmor.d/profiles-m-r/passimd index e725ecfec..4c44a458e 100644 --- a/apparmor.d/profiles-m-r/passimd +++ b/apparmor.d/profiles-m-r/passimd @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/passimd profile passimd @{exec_path} flags=(attach_disconnected) { include - include + include include capability dac_read_search, diff --git a/apparmor.d/profiles-m-r/pkexec b/apparmor.d/profiles-m-r/pkexec index 4d22bf163..4f2d95c21 100644 --- a/apparmor.d/profiles-m-r/pkexec +++ b/apparmor.d/profiles-m-r/pkexec @@ -11,9 +11,9 @@ include profile pkexec @{exec_path} { include include + include include include - include include include diff --git a/apparmor.d/profiles-m-r/pkttyagent b/apparmor.d/profiles-m-r/pkttyagent index a6403791e..cb1033a73 100644 --- a/apparmor.d/profiles-m-r/pkttyagent +++ b/apparmor.d/profiles-m-r/pkttyagent @@ -10,9 +10,9 @@ include @{exec_path} = @{bin}/pkttyagent profile pkttyagent @{exec_path} { include + include include include - include include capability sys_nice, diff --git a/apparmor.d/profiles-m-r/plank b/apparmor.d/profiles-m-r/plank index 678250bbf..6edb169cd 100644 --- a/apparmor.d/profiles-m-r/plank +++ b/apparmor.d/profiles-m-r/plank @@ -11,7 +11,7 @@ include profile plank @{exec_path} { include include - include + include include include include diff --git a/apparmor.d/profiles-m-r/power-profiles-daemon b/apparmor.d/profiles-m-r/power-profiles-daemon index ddf177c35..fa2d02dc4 100644 --- a/apparmor.d/profiles-m-r/power-profiles-daemon +++ b/apparmor.d/profiles-m-r/power-profiles-daemon @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/power-profiles-daemon profile power-profiles-daemon @{exec_path} flags=(attach_disconnected) { include + include include include - include include capability dac_read_search, diff --git a/apparmor.d/profiles-m-r/qbittorrent b/apparmor.d/profiles-m-r/qbittorrent index ff36c6757..25409ce01 100644 --- a/apparmor.d/profiles-m-r/qbittorrent +++ b/apparmor.d/profiles-m-r/qbittorrent @@ -13,11 +13,11 @@ include @{exec_path} = @{bin}/qbittorrent profile qbittorrent @{exec_path} { include + include + include + include include include - include - include - include include include include diff --git a/apparmor.d/profiles-m-r/qemu-ga b/apparmor.d/profiles-m-r/qemu-ga index 4f7462b91..1ee7c05b7 100644 --- a/apparmor.d/profiles-m-r/qemu-ga +++ b/apparmor.d/profiles-m-r/qemu-ga @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/qemu-ga profile qemu-ga @{exec_path} { include - include + include capability mknod, capability net_admin, diff --git a/apparmor.d/profiles-m-r/remmina b/apparmor.d/profiles-m-r/remmina index 0e415c3c5..a93687ea2 100644 --- a/apparmor.d/profiles-m-r/remmina +++ b/apparmor.d/profiles-m-r/remmina @@ -9,12 +9,12 @@ include @{exec_path} = @{bin}/remmina profile remmina @{exec_path} { include + include + include + include include include include - include - include - include include include include diff --git a/apparmor.d/profiles-m-r/rtkit-daemon b/apparmor.d/profiles-m-r/rtkit-daemon index ed388a905..be17ced73 100644 --- a/apparmor.d/profiles-m-r/rtkit-daemon +++ b/apparmor.d/profiles-m-r/rtkit-daemon @@ -10,8 +10,8 @@ include @{exec_path} = @{lib}/{,rtkit/}rtkit-daemon profile rtkit-daemon @{exec_path} flags=(attach_disconnected) { include + include include - include include capability dac_read_search, diff --git a/apparmor.d/profiles-m-r/rustdesk b/apparmor.d/profiles-m-r/rustdesk index ce21aef04..709a34d4a 100644 --- a/apparmor.d/profiles-m-r/rustdesk +++ b/apparmor.d/profiles-m-r/rustdesk @@ -9,9 +9,9 @@ include profile rustdesk @{exec_path} { include include + include + include include - include - include include include include diff --git a/apparmor.d/profiles-s-z/snap b/apparmor.d/profiles-s-z/snap index 351d9bc82..7bc41a562 100644 --- a/apparmor.d/profiles-s-z/snap +++ b/apparmor.d/profiles-s-z/snap @@ -12,9 +12,9 @@ include @{exec_path} = @{bin_dirs}/snap profile snap @{exec_path} { include + include + include include - include - include include include diff --git a/apparmor.d/profiles-s-z/snapd b/apparmor.d/profiles-s-z/snapd index 19ad28f39..b828f486d 100644 --- a/apparmor.d/profiles-s-z/snapd +++ b/apparmor.d/profiles-s-z/snapd @@ -13,8 +13,8 @@ include profile snapd @{exec_path} { include include + include include - include include include include diff --git a/apparmor.d/profiles-s-z/spice-vdagent b/apparmor.d/profiles-s-z/spice-vdagent index 454fb5e55..b0771b85e 100644 --- a/apparmor.d/profiles-s-z/spice-vdagent +++ b/apparmor.d/profiles-s-z/spice-vdagent @@ -10,13 +10,13 @@ include profile spice-vdagent @{exec_path} { include include + include + include + include include include include include - include - include - include include include include diff --git a/apparmor.d/profiles-s-z/spice-vdagentd b/apparmor.d/profiles-s-z/spice-vdagentd index c42faeba7..ccee66102 100644 --- a/apparmor.d/profiles-s-z/spice-vdagentd +++ b/apparmor.d/profiles-s-z/spice-vdagentd @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/spice-vdagentd profile spice-vdagentd @{exec_path} flags=(attach_disconnected) { include - include + include include capability sys_nice, diff --git a/apparmor.d/profiles-s-z/su b/apparmor.d/profiles-s-z/su index 7f2240f83..0e812901f 100644 --- a/apparmor.d/profiles-s-z/su +++ b/apparmor.d/profiles-s-z/su @@ -12,8 +12,8 @@ profile su @{exec_path} { include include include + include include - include include include # include diff --git a/apparmor.d/profiles-s-z/sudo b/apparmor.d/profiles-s-z/sudo index 971fc9e1e..c10ea4b36 100644 --- a/apparmor.d/profiles-s-z/sudo +++ b/apparmor.d/profiles-s-z/sudo @@ -13,8 +13,8 @@ profile sudo @{exec_path} { include include include + include include - include include include # include diff --git a/apparmor.d/profiles-s-z/switcheroo-control b/apparmor.d/profiles-s-z/switcheroo-control index 17a85d3b8..36748dc4d 100644 --- a/apparmor.d/profiles-s-z/switcheroo-control +++ b/apparmor.d/profiles-s-z/switcheroo-control @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/switcheroo-control profile switcheroo-control @{exec_path} flags=(attach_disconnected) { include - include + include capability sys_nice, diff --git a/apparmor.d/profiles-s-z/system-config-printer b/apparmor.d/profiles-s-z/system-config-printer index 54db96e80..748e96ea5 100644 --- a/apparmor.d/profiles-s-z/system-config-printer +++ b/apparmor.d/profiles-s-z/system-config-printer @@ -11,10 +11,10 @@ include @{exec_path} += /usr/share/system-config-printer/system-config-printer.py profile system-config-printer @{exec_path} flags=(complain) { include + include + include include include - include - include include include include diff --git a/apparmor.d/profiles-s-z/thermald b/apparmor.d/profiles-s-z/thermald index 3c628fd36..6fd1e0fc0 100644 --- a/apparmor.d/profiles-s-z/thermald +++ b/apparmor.d/profiles-s-z/thermald @@ -11,9 +11,9 @@ include @{exec_path} = @{bin}/thermald profile thermald @{exec_path} flags=(attach_disconnected) { include + include include include - include capability sys_boot, diff --git a/apparmor.d/profiles-s-z/thunderbird b/apparmor.d/profiles-s-z/thunderbird index 1b8c961e3..60394bbcb 100644 --- a/apparmor.d/profiles-s-z/thunderbird +++ b/apparmor.d/profiles-s-z/thunderbird @@ -16,11 +16,11 @@ include profile thunderbird @{exec_path} { include include + include + include include include include - include - include include include include diff --git a/apparmor.d/profiles-s-z/udisksd b/apparmor.d/profiles-s-z/udisksd index 654903ab0..428ff523d 100644 --- a/apparmor.d/profiles-s-z/udisksd +++ b/apparmor.d/profiles-s-z/udisksd @@ -10,9 +10,9 @@ include @{exec_path} = @{lib}/{,udisks2/}udisksd profile udisksd @{exec_path} flags=(attach_disconnected) { include + include include include - include include include include diff --git a/apparmor.d/profiles-s-z/wireplumber b/apparmor.d/profiles-s-z/wireplumber index 999a11a94..1c84cc005 100644 --- a/apparmor.d/profiles-s-z/wireplumber +++ b/apparmor.d/profiles-s-z/wireplumber @@ -10,10 +10,10 @@ include profile wireplumber @{exec_path} { include include + include + include include include - include - include include include include diff --git a/apparmor.d/profiles-s-z/wireshark b/apparmor.d/profiles-s-z/wireshark index e01c6147f..b6557b320 100644 --- a/apparmor.d/profiles-s-z/wireshark +++ b/apparmor.d/profiles-s-z/wireshark @@ -13,22 +13,22 @@ include @{exec_path} = @{bin}/wireshark profile wireshark @{exec_path} { include + include + include include - include - include - include - include - include - include - include - include include + include + include + include + include include + include + include + include include include - include - include - include + include + include signal (send) peer=dumpcap, diff --git a/apparmor.d/profiles-s-z/wpa-supplicant b/apparmor.d/profiles-s-z/wpa-supplicant index 0a3de6a5e..43d79b2f6 100644 --- a/apparmor.d/profiles-s-z/wpa-supplicant +++ b/apparmor.d/profiles-s-z/wpa-supplicant @@ -10,7 +10,7 @@ include @{exec_path} = @{bin}/wpa_supplicant profile wpa-supplicant @{exec_path} flags=(attach_disconnected) { include - include + include include include diff --git a/apparmor.d/profiles-s-z/zsysd b/apparmor.d/profiles-s-z/zsysd index 724622ba3..d492635eb 100644 --- a/apparmor.d/profiles-s-z/zsysd +++ b/apparmor.d/profiles-s-z/zsysd @@ -9,8 +9,8 @@ include @{exec_path} = @{bin}/zsysd @{bin}/zsysctl profile zsysd @{exec_path} flags=(complain) { include + include include - include include capability sys_ptrace,