xfce, updates

2025-01-22 22:50:59 +00:00 · 2025-01-22 22:50:59 +00:00 · 4286b5330c
commit 4286b5330c
parent 0b3c49d26a
44 changed files with 190 additions and 9 deletions
--- a/apparmor.d/profiles-m-r/mkinitramfs
+++ b/apparmor.d/profiles-m-r/mkinitramfs
@ -43,6 +43,7 @@ profile mkinitramfs @{exec_path} {
  @{bin}/mkdir      rix,
  @{bin}/mktemp     rix,
  @{bin}/readlink   rix,
+  @{bin}/realpath   rix,
  @{bin}/rm         rix,
  @{bin}/rmdir      rix,
  @{bin}/sed        rix,
--- a/apparmor.d/profiles-m-r/mount-cifs
+++ b/apparmor.d/profiles-m-r/mount-cifs
@ -10,10 +10,12 @@ include <tunables/global>
@{exec_path} = @{bin}/mount.cifs
 profile mount-cifs @{exec_path} flags=(complain) {
  include <abstractions/base>
+  include <abstractions/consoles>
  include <abstractions/nameservice-strict>

  capability sys_admin,
  capability setpcap,
+  capability dac_read_search,

  network inet dgram,
  network inet stream,
--- a/apparmor.d/profiles-m-r/nemo
+++ b/apparmor.d/profiles-m-r/nemo
@ -21,7 +21,12 @@ profile nemo @{exec_path} {

  @{exec_path} mr,

+  @{open_path} rPx -> child-open,
+
+  @{bin}/gdk-pixbuf-thumbnailer rPx,
+
  /usr/share/nemo/** r,
+  /usr/share/thumbnailers/{,*.thumbnailer} r,

  # Full access to user's data
  / r,
--- a/apparmor.d/profiles-m-r/remmina
+++ b/apparmor.d/profiles-m-r/remmina
@ -22,6 +22,7 @@ profile remmina @{exec_path} {
  include <abstractions/bus/org.kde.StatusNotifierWatcher>
  include <abstractions/dconf-write>
  include <abstractions/desktop>
+  include <abstractions/fontconfig-cache-read>
  include <abstractions/ibus>
  include <abstractions/nameservice-strict>
  include <abstractions/ssl_certs>
@ -29,6 +30,8 @@ profile remmina @{exec_path} {

  network inet stream,
  network inet6 stream,
+  network inet dgram,
+  network inet6 dgram,
  network netlink raw,

  #aa:dbus own bus=session name=org.remmina.Remmina
@ -58,6 +61,9 @@ profile remmina @{exec_path} {

  owner @{run}/user/@{uid}/keyring/ssh rw,

+  @{sys}/devices/system/node/ r,
+  @{sys}/devices/system/node/node@{int}/meminfo r,
+
  include if exists <local/remmina>
 }

--- a/apparmor.d/profiles-m-r/run-parts
+++ b/apparmor.d/profiles-m-r/run-parts
@ -247,6 +247,8 @@ profile run-parts @{exec_path} {
    @{run}/reboot-required w,
    @{run}/reboot-required.pkgs rw,

+    @{sys}/module/compression r,
+
    @{PROC}/devices r,
    @{PROC}/cmdline r,