From 32a9806219898f6c5a25b7efb3a15320ff7af24a Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Thu, 29 May 2025 23:52:40 +0200 Subject: [PATCH] feat(fsp): update systemd user drop in files with AppArmorProfile set to the target profile. --- systemd/full/user/filter-chain.service | 2 ++ systemd/full/user/pipewire-media-session.service | 5 ----- systemd/full/user/pipewire-pulse.service | 2 ++ systemd/full/user/pipewire.service | 2 ++ systemd/full/user/wireplumber.service | 2 ++ systemd/full/user/wireplumber@.service | 2 ++ 6 files changed, 10 insertions(+), 5 deletions(-) create mode 100644 systemd/full/user/filter-chain.service delete mode 100644 systemd/full/user/pipewire-media-session.service create mode 100644 systemd/full/user/pipewire-pulse.service create mode 100644 systemd/full/user/pipewire.service create mode 100644 systemd/full/user/wireplumber.service create mode 100644 systemd/full/user/wireplumber@.service diff --git a/systemd/full/user/filter-chain.service b/systemd/full/user/filter-chain.service new file mode 100644 index 000000000..4dd212f51 --- /dev/null +++ b/systemd/full/user/filter-chain.service @@ -0,0 +1,2 @@ +[Service] +AppArmorProfile=&pipewire \ No newline at end of file diff --git a/systemd/full/user/pipewire-media-session.service b/systemd/full/user/pipewire-media-session.service deleted file mode 100644 index c392e82fe..000000000 --- a/systemd/full/user/pipewire-media-session.service +++ /dev/null @@ -1,5 +0,0 @@ -[Service] -NoNewPrivileges=no -MemoryDenyWriteExecute=no -LockPersonality=no -RestrictNamespaces=no diff --git a/systemd/full/user/pipewire-pulse.service b/systemd/full/user/pipewire-pulse.service new file mode 100644 index 000000000..1d35a493e --- /dev/null +++ b/systemd/full/user/pipewire-pulse.service @@ -0,0 +1,2 @@ +[Service] +AppArmorProfile=&pipewire-pulse \ No newline at end of file diff --git a/systemd/full/user/pipewire.service b/systemd/full/user/pipewire.service new file mode 100644 index 000000000..4dd212f51 --- /dev/null +++ b/systemd/full/user/pipewire.service @@ -0,0 +1,2 @@ +[Service] +AppArmorProfile=&pipewire \ No newline at end of file diff --git a/systemd/full/user/wireplumber.service b/systemd/full/user/wireplumber.service new file mode 100644 index 000000000..c47175f40 --- /dev/null +++ b/systemd/full/user/wireplumber.service @@ -0,0 +1,2 @@ +[Service] +AppArmorProfile=&wireplumber \ No newline at end of file diff --git a/systemd/full/user/wireplumber@.service b/systemd/full/user/wireplumber@.service new file mode 100644 index 000000000..c47175f40 --- /dev/null +++ b/systemd/full/user/wireplumber@.service @@ -0,0 +1,2 @@ +[Service] +AppArmorProfile=&wireplumber \ No newline at end of file