feat(profile): use the new @{tmp} variable.

It is only used with the owner statement.
2024-05-02 22:12:02 +01:00 · 2024-05-02 22:12:02 +01:00 · 3f69b9fec4
commit 3f69b9fec4
parent 0bbbe71422
257 changed files with 668 additions and 685 deletions
--- a/apparmor.d/abstractions/common/app
+++ b/apparmor.d/abstractions/common/app
@ -53,7 +53,7 @@
  owner @{user_share_dirs}/** rwkl,
  owner @{user_games_dirs}/{,**} rm,

-  owner /tmp/** rmwk,
+  owner @{tmp}/** rmwk,
  owner /dev/shm/** rwlk -> /dev/shm/**,

  @{run}/cups/cups.sock rw, # Allow access to cups printing socket.
--- a/apparmor.d/abstractions/common/apt
+++ b/apparmor.d/abstractions/common/apt
@ -25,8 +25,7 @@
  /var/lib/dpkg/status r,
  /var/lib/ubuntu-advantage/apt-esm/{,**} r,

-  owner /tmp/#@{int} rw,
-  owner /tmp/clearsigned.message.* rw,
-  owner /tmp/user/@{uid}/#@{int} rw,
+  owner @{tmp}/#@{int} rw,
+  owner @{tmp}/clearsigned.message.* rw,

  include if exists <abstractions/common/apt.d>
--- a/apparmor.d/abstractions/common/bwrap
+++ b/apparmor.d/abstractions/common/bwrap
@ -37,8 +37,8 @@
  owner / r,
  owner /newroot/{,**} w,

-  owner /tmp/newroot/ w,
-  owner /tmp/oldroot/ w,
+  owner @{tmp}/newroot/ w,
+  owner @{tmp}/oldroot/ w,

        @{PROC}/sys/kernel/overflowgid r,
        @{PROC}/sys/kernel/overflowuid r,
--- a/apparmor.d/abstractions/common/chromium
+++ b/apparmor.d/abstractions/common/chromium
@ -24,12 +24,12 @@

        /tmp/ r,
        /var/tmp/ r,
-  owner /tmp/.org.chromium.Chromium.* rw,
-  owner /tmp/.org.chromium.Chromium.*/{,**} rw,
-  owner /tmp/scoped_dir*/ rw,
-  owner /tmp/scoped_dir*/SingletonCookie w,
-  owner /tmp/scoped_dir*/SingletonSocket w,
-  owner /tmp/scoped_dir*/SS w,
+  owner @{tmp}/.org.chromium.Chromium.* rw,
+  owner @{tmp}/.org.chromium.Chromium.*/{,**} rw,
+  owner @{tmp}/scoped_dir*/ rw,
+  owner @{tmp}/scoped_dir*/SingletonCookie w,
+  owner @{tmp}/scoped_dir*/SingletonSocket w,
+  owner @{tmp}/scoped_dir*/SS w,

        /dev/shm/ r,
  owner /dev/shm/.org.chromium.Chromium.* rw,
--- a/apparmor.d/abstractions/common/electron
+++ b/apparmor.d/abstractions/common/electron
@ -50,14 +50,14 @@
  owner @{HOME}/.pki/nssdb/{cert9,key4}.db rwk,
  owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw,

-  owner /tmp/.org.chromium.Chromium.@{rand6} rw,
-  owner /tmp/.org.chromium.Chromium.@{rand6}/ rw,
-  owner /tmp/.org.chromium.Chromium.@{rand6}/SingletonCookie w,
-  owner /tmp/.org.chromium.Chromium.@{rand6}/SingletonSocket w,
-  owner /tmp/scoped_dir@{rand6}/ rw,
-  owner /tmp/scoped_dir@{rand6}/SingletonCookie w,
-  owner /tmp/scoped_dir@{rand6}/SingletonSocket w,
-  owner /tmp/scoped_dir@{rand6}/SS w,
+  owner @{tmp}/.org.chromium.Chromium.@{rand6} rw,
+  owner @{tmp}/.org.chromium.Chromium.@{rand6}/ rw,
+  owner @{tmp}/.org.chromium.Chromium.@{rand6}/SingletonCookie w,
+  owner @{tmp}/.org.chromium.Chromium.@{rand6}/SingletonSocket w,
+  owner @{tmp}/scoped_dir@{rand6}/ rw,
+  owner @{tmp}/scoped_dir@{rand6}/SingletonCookie w,
+  owner @{tmp}/scoped_dir@{rand6}/SingletonSocket w,
+  owner @{tmp}/scoped_dir@{rand6}/SS w,

  owner /dev/shm/.org.chromium.Chromium.@{rand6} rw,