Profiles update.

2022-03-04 21:30:34 +00:00 · 2022-03-04 21:30:34 +00:00 · 1e729e6b46
commit 1e729e6b46
parent 7b09b8c99a
11 changed files with 56 additions and 44 deletions
--- a/apparmor.d/groups/bus/dbus-daemon
+++ b/apparmor.d/groups/bus/dbus-daemon
@ -48,6 +48,7 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) {
  owner @{user_share_dirs}/dbus-1/{,**} r,
        @{user_share_dirs}/icc/{,edid-*} r,

+  owner @{PROC}/@{pid}/fd/ r,
  owner @{PROC}/@{pid}/mounts r,
        @{PROC}/@{pid}/oom_score_adj rw,
        @{PROC}/@{pids}/cmdline r,
--- a/apparmor.d/groups/bus/dbus-run-session
+++ b/apparmor.d/groups/bus/dbus-run-session
@ -11,7 +11,7 @@ profile dbus-run-session @{exec_path} {
  include <abstractions/base>

  signal (receive) set=term peer=gdm,
-  signal (receive) set=(term, kill) peer=gdm-wayland-session,
+  signal (receive) set=(term, kill) peer=gdm-*-session,
  signal (send) set=term peer=dbus-daemon,

  @{exec_path} mr,
@ -30,6 +30,8 @@ profile dbus-run-session @{exec_path} {
  /usr/share/dconf/profile/gdm r,
  /var/lib/gdm/.config/dconf/user r,

+  owner @{PROC}/@{pid}/fd/ r,
+
  # file_inherit
  /dev/tty rw,
  /dev/tty[0-9]* rw,
--- a/apparmor.d/groups/gnome/gnome-contacts
+++ b/apparmor.d/groups/gnome/gnome-contacts
@ -9,10 +9,13 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/gnome-contacts
 profile gnome-contacts @{exec_path} {
  include <abstractions/base>
+  include <abstractions/dconf>
  include <abstractions/dri-common>
  include <abstractions/dri-enumerate>
  include <abstractions/gnome>
+  include <abstractions/gstreamer>
  include <abstractions/nameservice-strict>
+  include <abstractions/opencl>
  include <abstractions/openssl>
  include <abstractions/ssl_certs>

@ -25,18 +28,14 @@ profile gnome-contacts @{exec_path} {
  /usr/share/applications/{,*.desktop} r,

  owner @{user_cache_dirs}/evolution/addressbook/{,**} r,
-  owner @{user_cache_dirs}/gstreamer*/{,**} r,
  owner @{user_cache_dirs}/mesa_shader_cache/index rw,
  owner @{user_config_dirs}/gnome-contacts/{,**} rw,
  owner @{user_share_dirs}/folks/relationships.ini r,

-  include <abstractions/dconf>
  owner @{run}/user/@{uid}/dconf/ rw,
  owner @{run}/user/@{uid}/dconf/user rw,

  @{PROC}/sys/dev/i915/perf_stream_paranoid r,

-  /dev/ r,
-
  include if exists <local/gnome-contacts>
 }
--- a/apparmor.d/groups/gpg/gpg-agent
+++ b/apparmor.d/groups/gpg/gpg-agent
@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
-# Copyright (C) 2017-2021 Mikhail Morfikov
+# Copyright (C) 2017-2022 Mikhail Morfikov
+# Copyright (C) 2021-2022 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only

 abi <abi/3.0>,
@ -28,6 +29,13 @@ profile gpg-agent @{exec_path} {
  owner @{HOME}/@{XDG_GPG_DIR}/S.gpg-agent{,.ssh,.browser,.extra} rw,
  owner @{HOME}/@{XDG_GPG_DIR}/sshcontrol r,

+  owner @{MOUNTS}/*/@{XDG_GPG_DIR}/ rw,
+  owner @{MOUNTS}/*/@{XDG_GPG_DIR}/gpg-agent.conf r,
+  owner @{MOUNTS}/*/@{XDG_GPG_DIR}/private-keys-v1.d/ rw,
+  owner @{MOUNTS}/*/@{XDG_GPG_DIR}/private-keys-v1.d/[0-9A-F]*.key rw,
+  owner @{MOUNTS}/*/@{XDG_GPG_DIR}/S.gpg-agent{,.ssh,.browser,.extra} rw,
+  owner @{MOUNTS}/*/@{XDG_GPG_DIR}/sshcontrol r,
+
  owner @{HOME}/@{XDG_PROJECTS_DIR}/**/{.,}gnupg/ rw,
  owner @{HOME}/@{XDG_PROJECTS_DIR}/**/{.,}gnupg/gpg-agent.conf r,
  owner @{HOME}/@{XDG_PROJECTS_DIR}/**/{.,}gnupg/private-keys-v1.d/ rw,