feat(profiles): general update.

2023-08-21 23:32:10 +01:00 · 2023-08-21 23:32:10 +01:00 · 360230b2a5
commit 360230b2a5
parent 6756ca8138
34 changed files with 156 additions and 36 deletions
--- a/apparmor.d/groups/gnome/evolution-source-registry
+++ b/apparmor.d/groups/gnome/evolution-source-registry
@ -25,6 +25,8 @@ profile evolution-source-registry @{exec_path} {
         interface=org.freedesktop.DBus.Introspectable
         peer=(name=:*, label=gnome-shell),

+  dbus bind bus=session name=org.gnome.evolution.dataserver.Sources[0-9],
+
  @{exec_path} mr,

  /usr/share/glib-2.0/schemas/gschemas.compiled r,
--- a/apparmor.d/groups/gnome/gdm-session-worker
+++ b/apparmor.d/groups/gnome/gdm-session-worker
@ -31,14 +31,15 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
  signal (send) set=hup peer=at-spi*,
  signal (send) set=hup peer=dbus-daemon,
  signal (send) set=hup peer=dbus-run-session,
+  signal (send) set=hup peer=dconf-service,
  signal (send) set=hup peer=gjs-console,
  signal (send) set=hup peer=gnome-*,
  signal (send) set=hup peer=gsd-*,
  signal (send) set=hup peer=ibus-*,
+  signal (send) set=hup peer=tracker-miner,
+  signal (send) set=hup peer=xdg-permission-store,
  signal (send) set=hup peer=xorg,
  signal (send) set=hup peer=xwayland,
-  signal (send) set=hup peer=xdg-permission-store,
-  signal (send) set=hup peer=tracker-miner,
  signal (send) set=term peer=gdm-*-session,

  network netlink raw,
--- a/apparmor.d/groups/gnome/gnome-extension-manager
+++ b/apparmor.d/groups/gnome/gnome-extension-manager
@ -39,6 +39,8 @@ profile gnome-extension-manager @{exec_path} {
  /usr/share/themes/{,**} r,
  /usr/share/X11/xkb/{,**} r,

+  @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
+
  # Silencer
  deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,

--- a/apparmor.d/groups/gnome/gnome-session-binary
+++ b/apparmor.d/groups/gnome/gnome-session-binary
@ -143,6 +143,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
  @{bin}/gsettings-data-convert                        rix,
  @{bin}/mkdir                                         rix,
  @{bin}/session-migration                             rix,
+  @{bin}/touch                                         rix,
  @{bin}/xdg-user-dirs-gtk-update                      rix,
  @{lib}/{,gnome-shell/}gnome-shell-overrides-migration.sh  rix,
  @{lib}/at-spi-bus-launcher                           rPx,
--- a/apparmor.d/groups/gnome/tracker-extract
+++ b/apparmor.d/groups/gnome/tracker-extract
@ -11,14 +11,15 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/dbus-session-strict>
  include <abstractions/dconf-write>
+  include <abstractions/deny-sensitive-home>
  include <abstractions/disks-read>
  include <abstractions/fonts>
+  include <abstractions/freedesktop.org>
  include <abstractions/gstreamer>
  include <abstractions/nameservice-strict>
  include <abstractions/opencl-nvidia>
  include <abstractions/openssl>
  include <abstractions/X-strict>
-  include <abstractions/freedesktop.org>

  network netlink raw,