From 1fab846875cae905de7c4e194848a043793185c6 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 18 May 2025 13:47:08 +0200 Subject: [PATCH] feat(abs): add proc stat to the gnome common abs. --- apparmor.d/abstractions/common/gnome | 1 + apparmor.d/groups/apparmor/aa-notify | 1 - apparmor.d/groups/gnome/decibels | 1 - apparmor.d/groups/gnome/gnome-calculator | 2 -- apparmor.d/groups/gnome/gnome-characters | 1 - apparmor.d/groups/gnome/gnome-extensions-app | 1 - apparmor.d/groups/gnome/gnome-logs | 2 -- apparmor.d/groups/gnome/gnome-maps | 1 - apparmor.d/groups/gnome/gnome-text-editor | 1 - apparmor.d/groups/gnome/gnome-weather | 1 - apparmor.d/groups/gnome/papers | 1 - apparmor.d/groups/gnome/ptyxis | 2 -- apparmor.d/profiles-a-f/file-roller | 1 - apparmor.d/profiles-a-f/foliate | 1 - apparmor.d/profiles-a-f/fractal | 1 - 15 files changed, 1 insertion(+), 17 deletions(-) diff --git a/apparmor.d/abstractions/common/gnome b/apparmor.d/abstractions/common/gnome index ccb5de8b3..056f6581b 100644 --- a/apparmor.d/abstractions/common/gnome +++ b/apparmor.d/abstractions/common/gnome @@ -32,6 +32,7 @@ owner @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/cpu.max r, owner @{PROC}/@{pid}/cmdline r, + owner @{PROC}/@{pid}/stat r, owner @{PROC}/@{pid}/task/@{tid}/comm rw, include if exists diff --git a/apparmor.d/groups/apparmor/aa-notify b/apparmor.d/groups/apparmor/aa-notify index b64317a57..7cb64af80 100644 --- a/apparmor.d/groups/apparmor/aa-notify +++ b/apparmor.d/groups/apparmor/aa-notify @@ -75,7 +75,6 @@ profile aa-notify @{exec_path} { owner @{user_share_dirs}/org.gnome.TextEditor/{,**} rw, owner @{PROC}/@{pid}/mountinfo r, - owner @{PROC}/@{pid}/stat r, deny @{user_share_dirs}/gvfs-metadata/* r, diff --git a/apparmor.d/groups/gnome/decibels b/apparmor.d/groups/gnome/decibels index 88d292b07..2bb38dfd5 100644 --- a/apparmor.d/groups/gnome/decibels +++ b/apparmor.d/groups/gnome/decibels @@ -28,7 +28,6 @@ profile decibels @{exec_path} { owner @{user_videos_dirs}/{,**} r, owner @{PROC}/@{pid}/mounts r, - owner @{PROC}/@{pid}/stat r, owner @{PROC}/@{pid}/task/@{tid}/stat r, include if exists diff --git a/apparmor.d/groups/gnome/gnome-calculator b/apparmor.d/groups/gnome/gnome-calculator index 3f2290e6a..2e553d9f4 100644 --- a/apparmor.d/groups/gnome/gnome-calculator +++ b/apparmor.d/groups/gnome/gnome-calculator @@ -23,8 +23,6 @@ profile gnome-calculator @{exec_path} { @{open_path} rPx -> child-open-help, - owner @{PROC}/@{pid}/stat r, - include if exists } diff --git a/apparmor.d/groups/gnome/gnome-characters b/apparmor.d/groups/gnome/gnome-characters index 890a54691..7ee0f835e 100644 --- a/apparmor.d/groups/gnome/gnome-characters +++ b/apparmor.d/groups/gnome/gnome-characters @@ -29,7 +29,6 @@ profile gnome-characters @{exec_path} { /usr/share/xml/iso-codes/{,**} r, owner @{PROC}/@{pid}/mounts r, - owner @{PROC}/@{pid}/stat r, owner @{PROC}/@{pid}/status r, owner @{PROC}/@{pid}/task/@{tid}/stat r, diff --git a/apparmor.d/groups/gnome/gnome-extensions-app b/apparmor.d/groups/gnome/gnome-extensions-app index f1e229b59..0a65c95f2 100644 --- a/apparmor.d/groups/gnome/gnome-extensions-app +++ b/apparmor.d/groups/gnome/gnome-extensions-app @@ -22,7 +22,6 @@ profile gnome-extensions-app @{exec_path} { /usr/share/terminfo/** r, owner @{PROC}/@{pid}/mounts r, - owner @{PROC}/@{pids}/stat r, owner @{PROC}/@{pids}/task/@{tid}/stat r, /dev/tty rw, diff --git a/apparmor.d/groups/gnome/gnome-logs b/apparmor.d/groups/gnome/gnome-logs index 06e66a43b..5e3ab03bd 100644 --- a/apparmor.d/groups/gnome/gnome-logs +++ b/apparmor.d/groups/gnome/gnome-logs @@ -27,8 +27,6 @@ profile gnome-logs @{exec_path} { /{run,var}/log/journal/@{hex32}/user-@{uid}@@{hex32}-@{hex16}-@{hex16}.journal r, /{run,var}/log/journal/remote/ r, - owner @{PROC}/@{pid}/stat r, - include if exists } diff --git a/apparmor.d/groups/gnome/gnome-maps b/apparmor.d/groups/gnome/gnome-maps index 294d6229a..705857391 100644 --- a/apparmor.d/groups/gnome/gnome-maps +++ b/apparmor.d/groups/gnome/gnome-maps @@ -45,7 +45,6 @@ profile gnome-maps @{exec_path} { owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, - owner @{PROC}/@{pid}/stat r, owner @{PROC}/@{pid}/task/@{tid}/stat r, include if exists diff --git a/apparmor.d/groups/gnome/gnome-text-editor b/apparmor.d/groups/gnome/gnome-text-editor index 693b1618f..22823753b 100644 --- a/apparmor.d/groups/gnome/gnome-text-editor +++ b/apparmor.d/groups/gnome/gnome-text-editor @@ -24,7 +24,6 @@ profile gnome-text-editor @{exec_path} { owner @{user_share_dirs}/org.gnome.TextEditor/{,**} rw, owner @{PROC}/@{pid}/mountinfo r, - owner @{PROC}/@{pid}/stat r, deny @{user_share_dirs}/gvfs-metadata/* r, diff --git a/apparmor.d/groups/gnome/gnome-weather b/apparmor.d/groups/gnome/gnome-weather index c73ff0a19..fe2bf69b2 100644 --- a/apparmor.d/groups/gnome/gnome-weather +++ b/apparmor.d/groups/gnome/gnome-weather @@ -31,7 +31,6 @@ profile gnome-weather @{exec_path} { @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r, owner @{PROC}/@{pid}/mounts r, - owner @{PROC}/@{pid}/stat r, owner @{PROC}/@{pid}/task/@{tid}/stat r, deny owner @{user_share_dirs}/gvfs-metadata/* r, diff --git a/apparmor.d/groups/gnome/papers b/apparmor.d/groups/gnome/papers index ee829d8f3..87820376c 100644 --- a/apparmor.d/groups/gnome/papers +++ b/apparmor.d/groups/gnome/papers @@ -32,7 +32,6 @@ profile papers @{exec_path} { @{run}/mount/utab r, owner @{PROC}/@{pid}/mountinfo r, - owner @{PROC}/@{pid}/stat r, profile open { include diff --git a/apparmor.d/groups/gnome/ptyxis b/apparmor.d/groups/gnome/ptyxis index 739681eae..2f7dee368 100644 --- a/apparmor.d/groups/gnome/ptyxis +++ b/apparmor.d/groups/gnome/ptyxis @@ -28,8 +28,6 @@ profile ptyxis @{exec_path} { owner @{user_share_dirs}/org.gnome.Ptyxis/ rw, owner @{user_share_dirs}/org.gnome.Ptyxis/** rwlk -> @{user_share_dirs}/org.gnome.Ptyxis/**, - owner @{PROC}/@{pid}/stat r, - /dev/ptmx rw, include if exists diff --git a/apparmor.d/profiles-a-f/file-roller b/apparmor.d/profiles-a-f/file-roller index b8eedb263..24610cd8c 100644 --- a/apparmor.d/profiles-a-f/file-roller +++ b/apparmor.d/profiles-a-f/file-roller @@ -48,7 +48,6 @@ profile file-roller @{exec_path} { @{run}/mount/utab r, owner @{PROC}/@{pid}/mountinfo r, - owner @{PROC}/@{pid}/stat r, include if exists } diff --git a/apparmor.d/profiles-a-f/foliate b/apparmor.d/profiles-a-f/foliate index f6380d125..a07976ce9 100644 --- a/apparmor.d/profiles-a-f/foliate +++ b/apparmor.d/profiles-a-f/foliate @@ -51,7 +51,6 @@ profile foliate @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/smaps r, - owner @{PROC}/@{pid}/stat r, owner @{PROC}/@{pid}/statm r, owner @{PROC}/@{pid}/task/@{tid}/stat r, diff --git a/apparmor.d/profiles-a-f/fractal b/apparmor.d/profiles-a-f/fractal index 5971764f0..40001da68 100644 --- a/apparmor.d/profiles-a-f/fractal +++ b/apparmor.d/profiles-a-f/fractal @@ -41,7 +41,6 @@ profile fractal @{exec_path} flags=(attach_disconnected) { @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r, owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/mountinfo r, - owner @{PROC}/@{pid}/stat r, /dev/ r,