diff --git a/apparmor.d/abstractions/deny-dconf b/apparmor.d/abstractions/deny-dconf index 4fb580074..75f2d8251 100644 --- a/apparmor.d/abstractions/deny-dconf +++ b/apparmor.d/abstractions/deny-dconf @@ -9,7 +9,7 @@ # When this is blocked, expect lots of the following errors: # dconf-CRITICAL **: unable to create file '/run/user/1000/dconf/user': Permission denied. # dconf will not work properly. - deny owner @{run}/user/[0-9]*/dconf/{,**} rw, + deny owner @{run}/user/@{uid}/dconf/{,**} rw, deny owner @{user_config_dirs}/dconf/{,**} rw, deny owner @{user_cache_dirs}/dconf/{,**} rw, diff --git a/apparmor.d/abstractions/gstreamer b/apparmor.d/abstractions/gstreamer index b2cd5c44a..020d86253 100644 --- a/apparmor.d/abstractions/gstreamer +++ b/apparmor.d/abstractions/gstreamer @@ -39,7 +39,7 @@ # If one is blocked the next is used instead. # The orcexec file is placed under /home/user/ also when the /tmp/ dir is mounted with the noexec # flag. - owner @{run}/user/[0-9]*/orcexec.* mrw, + owner @{run}/user/@{uid}/orcexec.* mrw, #owner /tmp/orcexec.* mrw, #owner @{HOME}/orcexec.* mrw, diff --git a/apparmor.d/abstractions/kde5-plasma5 b/apparmor.d/abstractions/kde5-plasma5 index c9a932cd5..db4af302c 100644 --- a/apparmor.d/abstractions/kde5-plasma5 +++ b/apparmor.d/abstractions/kde5-plasma5 @@ -21,8 +21,8 @@ # includes this abstraction) #owner @{user_config_dirs}/#[0-9]*[0-9] rwk, #owner @{user_config_dirs}/@{KDE_APP_NAME}rc* rwlk -> @{user_config_dirs}/#[0-9]*[0-9], - #owner @{run}/user/[0-9]*/#[0-9]*[0-9] rw, - #owner @{run}/user/[0-9]*/@{KDE_APP_NAME}*.slave-socket rwl -> @{run}/user/[0-9]*/#[0-9]*[0-9], + #owner @{run}/user/@{uid}/#[0-9]*[0-9] rw, + #owner @{run}/user/@{uid}/@{KDE_APP_NAME}*.slave-socket rwl -> @{run}/user/@{uid}/#[0-9]*[0-9], # Common KDE config files #owner @{user_config_dirs}/#[0-9]*[0-9] rw, diff --git a/apparmor.d/abstractions/trash b/apparmor.d/abstractions/trash index 4d9adca10..420180bd1 100644 --- a/apparmor.d/abstractions/trash +++ b/apparmor.d/abstractions/trash @@ -10,8 +10,8 @@ owner @{user_config_dirs}/#[0-9]*[0-9] rwk, owner @{user_config_dirs}/trashrc.* rwl -> @{user_config_dirs}/#[0-9]*[0-9], - owner @{run}/user/[0-9]*/#[0-9]*[0-9] rw, - owner @{run}/user/[0-9]*/trash.so*.[0-9].slave-socket rwl -> @{run}/user/[0-9]*/#[0-9]*[0-9], + owner @{run}/user/@{uid}/#[0-9]*[0-9] rw, + owner @{run}/user/@{uid}/trash.so*.[0-9].slave-socket rwl -> @{run}/user/@{uid}/#[0-9]*[0-9], # Home trash location owner @{user_share_dirs}/Trash/ rw, diff --git a/apparmor.d/abstractions/wayland.d/complete b/apparmor.d/abstractions/wayland.d/complete index 645933eb9..dd11fe5e7 100644 --- a/apparmor.d/abstractions/wayland.d/complete +++ b/apparmor.d/abstractions/wayland.d/complete @@ -3,6 +3,6 @@ # 2021 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only - owner @{run}/user/[0-9]*/wayland-[0-9]* rw, - owner @{run}/user/[0-9]*/{mesa,mutter,sdl,wayland-cursor,weston,xwayland}-shared-* rw, + owner @{run}/user/@{uid}/wayland-[0-9]* rw, + owner @{run}/user/@{uid}/{mesa,mutter,sdl,wayland-cursor,weston,xwayland}-shared-* rw, owner /dev/shm/wlroots-* rw, diff --git a/apparmor.d/groups/apps/android-studio b/apparmor.d/groups/apps/android-studio index 186a27247..cc9c15f1e 100644 --- a/apparmor.d/groups/apps/android-studio +++ b/apparmor.d/groups/apps/android-studio @@ -278,7 +278,7 @@ profile android-studio @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}bin/spacefm rPx, diff --git a/apparmor.d/groups/apps/atom b/apparmor.d/groups/apps/atom index 226d229d4..66f5bdb78 100644 --- a/apparmor.d/groups/apps/atom +++ b/apparmor.d/groups/apps/atom @@ -191,7 +191,7 @@ profile atom @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/groups/apps/calibre b/apparmor.d/groups/apps/calibre index db4c7af06..a597a7013 100644 --- a/apparmor.d/groups/apps/calibre +++ b/apparmor.d/groups/apps/calibre @@ -172,7 +172,7 @@ profile calibre @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPx, diff --git a/apparmor.d/groups/apps/code b/apparmor.d/groups/apps/code index 6a2c20b02..7cd3cbba6 100644 --- a/apparmor.d/groups/apps/code +++ b/apparmor.d/groups/apps/code @@ -125,8 +125,8 @@ profile code @{exec_path} { owner "/tmp/VSCode Crashes/" rw, owner /tmp/vscode-typescript[0-9]*/ rw, - owner @{run}/user/[0-9]*/vscode-[0-9a-f]*-*-{shared,main}.sock rw, - owner @{run}/user/[0-9]*/vscode-git-askpass-[0-9a-f]*.sock rw, + owner @{run}/user/@{uid}/vscode-[0-9a-f]*-*-{shared,main}.sock rw, + owner @{run}/user/@{uid}/vscode-git-askpass-[0-9a-f]*.sock rw, owner /tmp/vscode-ipc-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*.sock rw, # For installing extensions diff --git a/apparmor.d/groups/apps/discord b/apparmor.d/groups/apps/discord index 1af8c2b59..8c55767ed 100644 --- a/apparmor.d/groups/apps/discord +++ b/apparmor.d/groups/apps/discord @@ -125,7 +125,7 @@ profile discord @{exec_path} { owner @{HOME}/.pki/nssdb/{cert9,key4}.db rwk, owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw, - owner @{run}/user/[0-9]*/discord-ipc-[0-9] rw, + owner @{run}/user/@{uid}/discord-ipc-[0-9] rw, /var/lib/dbus/machine-id r, /etc/machine-id r, @@ -200,7 +200,7 @@ profile discord @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPx, diff --git a/apparmor.d/groups/apps/dropbox b/apparmor.d/groups/apps/dropbox index c0d303b82..e834cb4ca 100644 --- a/apparmor.d/groups/apps/dropbox +++ b/apparmor.d/groups/apps/dropbox @@ -110,7 +110,7 @@ profile dropbox @{exec_path} { owner /tmp/#[0-9]*[0-9] rw, owner /var/tmp/etilqs_* rw, - @{run}/systemd/users/[0-9]* r, + @{run}/systemd/users/@{uid} r, deny @{sys}/module/apparmor/parameters/enabled r, @@ -135,7 +135,7 @@ profile dropbox @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/groups/apps/flameshot b/apparmor.d/groups/apps/flameshot index 800662bad..7cb92e4b0 100644 --- a/apparmor.d/groups/apps/flameshot +++ b/apparmor.d/groups/apps/flameshot @@ -84,7 +84,7 @@ profile flameshot @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open diff --git a/apparmor.d/groups/apps/freetube b/apparmor.d/groups/apps/freetube index f6cb7c6cb..bcc0e569d 100644 --- a/apparmor.d/groups/apps/freetube +++ b/apparmor.d/groups/apps/freetube @@ -104,7 +104,7 @@ profile freetube @{exec_path} { /var/lib/dbus/machine-id r, /etc/machine-id r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # no new privs /{usr/,}bin/xdg-settings rPx, @@ -131,7 +131,7 @@ profile freetube @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPx, diff --git a/apparmor.d/groups/apps/okular b/apparmor.d/groups/apps/okular index 05ecbd95b..2968fc23e 100644 --- a/apparmor.d/groups/apps/okular +++ b/apparmor.d/groups/apps/okular @@ -109,7 +109,7 @@ profile okular @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/groups/apps/telegram-desktop b/apparmor.d/groups/apps/telegram-desktop index 03080a16c..1298a59dd 100644 --- a/apparmor.d/groups/apps/telegram-desktop +++ b/apparmor.d/groups/apps/telegram-desktop @@ -100,7 +100,7 @@ profile telegram-desktop @{exec_path} { owner @{TELEGRAM_WORK_DIR}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPx, diff --git a/apparmor.d/groups/apps/thunderbird b/apparmor.d/groups/apps/thunderbird index 3b2e3abc1..f9316b8f4 100644 --- a/apparmor.d/groups/apps/thunderbird +++ b/apparmor.d/groups/apps/thunderbird @@ -254,7 +254,7 @@ profile thunderbird @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/groups/browsers/brave b/apparmor.d/groups/browsers/brave index 37f25fe33..2030c6f5a 100644 --- a/apparmor.d/groups/browsers/brave +++ b/apparmor.d/groups/browsers/brave @@ -209,7 +209,7 @@ profile brave @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open diff --git a/apparmor.d/groups/browsers/chrome-gnome-shell b/apparmor.d/groups/browsers/chrome-gnome-shell index 247177975..1356304b5 100644 --- a/apparmor.d/groups/browsers/chrome-gnome-shell +++ b/apparmor.d/groups/browsers/chrome-gnome-shell @@ -26,8 +26,8 @@ profile chrome-gnome-shell @{exec_path} { /usr/share/glib-2.0/schemas/gschemas.compiled r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/groups/browsers/chromium-chromium b/apparmor.d/groups/browsers/chromium-chromium index c7d7a96ed..123146879 100644 --- a/apparmor.d/groups/browsers/chromium-chromium +++ b/apparmor.d/groups/browsers/chromium-chromium @@ -194,8 +194,8 @@ profile chromium-chromium @{exec_path} { /etc/opensc.conf r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, profile open { include @@ -210,7 +210,7 @@ profile chromium-chromium @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}bin/smplayer rPx, diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox index 369bfb4bb..96fa5a44b 100644 --- a/apparmor.d/groups/browsers/firefox +++ b/apparmor.d/groups/browsers/firefox @@ -201,8 +201,8 @@ profile firefox @{exec_path} { @{user_share_dirs}/gvfs-metadata/home-*.log r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, profile open { include @@ -219,7 +219,7 @@ profile firefox @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}bin/vlc rPx, diff --git a/apparmor.d/groups/browsers/google-chrome-chrome b/apparmor.d/groups/browsers/google-chrome-chrome index e12256a2e..179034543 100644 --- a/apparmor.d/groups/browsers/google-chrome-chrome +++ b/apparmor.d/groups/browsers/google-chrome-chrome @@ -192,7 +192,7 @@ profile google-chrome-chrome @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open diff --git a/apparmor.d/groups/browsers/opera b/apparmor.d/groups/browsers/opera index ac03f0b46..f234d0e51 100644 --- a/apparmor.d/groups/browsers/opera +++ b/apparmor.d/groups/browsers/opera @@ -189,7 +189,7 @@ profile opera @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open diff --git a/apparmor.d/groups/desktop/at-spi-bus-launcher b/apparmor.d/groups/desktop/at-spi-bus-launcher index ce897babe..a66db46f2 100644 --- a/apparmor.d/groups/desktop/at-spi-bus-launcher +++ b/apparmor.d/groups/desktop/at-spi-bus-launcher @@ -32,13 +32,13 @@ profile at-spi-bus-launcher @{exec_path} { owner @{HOME}/.Xauthority r, /var/lib/lightdm/.Xauthority r, - @{run}/user/[0-9]*/gdm/Xauthority r, + @{run}/user/@{uid}/gdm/Xauthority r, /usr/share/glib-2.0/schemas/gschemas.compiled r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/dconf/profile/gdm r, /var/lib/gdm/.config/dconf/user r, diff --git a/apparmor.d/groups/desktop/at-spi2-registryd b/apparmor.d/groups/desktop/at-spi2-registryd index f7aee8e27..e820386f5 100644 --- a/apparmor.d/groups/desktop/at-spi2-registryd +++ b/apparmor.d/groups/desktop/at-spi2-registryd @@ -22,7 +22,7 @@ profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) { owner @{HOME}/.Xauthority r, /var/lib/lightdm/.Xauthority r, - @{run}/user/[0-9]*/gdm/Xauthority r, + @{run}/user/@{uid}/gdm/Xauthority r, # file_inherit owner @{HOME}/.xsession-errors w, diff --git a/apparmor.d/groups/desktop/blueman b/apparmor.d/groups/desktop/blueman index 2d2bb7865..8335f1878 100644 --- a/apparmor.d/groups/desktop/blueman +++ b/apparmor.d/groups/desktop/blueman @@ -62,8 +62,8 @@ profile blueman @{exec_path} { owner @{PROC}/@{pid}/cmdline r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/glib-2.0/schemas/gschemas.compiled r, @@ -100,7 +100,7 @@ profile blueman @{exec_path} { owner @{HOME}/ r, owner @{HOME}/bluetooth*/* r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPx, diff --git a/apparmor.d/groups/desktop/dbus-daemon b/apparmor.d/groups/desktop/dbus-daemon index 752a4724d..bf6d47a52 100644 --- a/apparmor.d/groups/desktop/dbus-daemon +++ b/apparmor.d/groups/desktop/dbus-daemon @@ -51,9 +51,9 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) { @{run}/systemd/inhibit/[0-9]*.ref rw, @{run}/systemd/sessions/[0-9].ref rw, - @{run}/systemd/users/[0-9]* r, - owner @{run}/user/[0-9]*/dbus-1/ rw, - owner @{run}/user/[0-9]*/dbus-1/services/ rw, + @{run}/systemd/users/@{uid} r, + owner @{run}/user/@{uid}/dbus-1/ rw, + owner @{run}/user/@{uid}/dbus-1/services/ rw, # Extra rules for GDM /var/lib/gdm/.local/share/icc/ r, diff --git a/apparmor.d/groups/desktop/dbus-run-session b/apparmor.d/groups/desktop/dbus-run-session index 107b2ecf3..9d577afab 100644 --- a/apparmor.d/groups/desktop/dbus-run-session +++ b/apparmor.d/groups/desktop/dbus-run-session @@ -24,8 +24,8 @@ profile dbus-run-session @{exec_path} { /usr/share/gdm/greeter-dconf-defaults r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/dconf/profile/gdm r, /var/lib/gdm/.config/dconf/user r, diff --git a/apparmor.d/groups/desktop/dconf-editor b/apparmor.d/groups/desktop/dconf-editor index 73735bd63..7d646693a 100644 --- a/apparmor.d/groups/desktop/dconf-editor +++ b/apparmor.d/groups/desktop/dconf-editor @@ -18,8 +18,8 @@ profile dconf-editor @{exec_path} { @{exec_path} mr, - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, # When GSETTINGS_BACKEND=keyfile owner @{user_config_dirs}/glib-2.0/ rw, diff --git a/apparmor.d/groups/desktop/dconf-service b/apparmor.d/groups/desktop/dconf-service index c7d72bd2d..21dd86a47 100644 --- a/apparmor.d/groups/desktop/dconf-service +++ b/apparmor.d/groups/desktop/dconf-service @@ -15,8 +15,8 @@ profile dconf-service @{exec_path} { @{exec_path} mr, - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, owner @{user_config_dirs}/dconf/ rw, owner @{user_config_dirs}/dconf/user{,.*} rw, diff --git a/apparmor.d/groups/desktop/xwayland b/apparmor.d/groups/desktop/xwayland index 06df13d0b..619d9c826 100644 --- a/apparmor.d/groups/desktop/xwayland +++ b/apparmor.d/groups/desktop/xwayland @@ -34,7 +34,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) { /dev/tty rw, # Needed for Mutter - owner @{run}/user/@{pid}/.mutter-Xwaylandauth.[a-zA-z0-9]* rw, + owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[a-zA-z0-9]* rw, @{sys}/devices/pci[0-9]*/**/uevent r, @{sys}/devices/pci[0-9]*/**/vendor r, diff --git a/apparmor.d/groups/gnome/evolution-addressbook-factory b/apparmor.d/groups/gnome/evolution-addressbook-factory index f38771b94..6109a7762 100644 --- a/apparmor.d/groups/gnome/evolution-addressbook-factory +++ b/apparmor.d/groups/gnome/evolution-addressbook-factory @@ -27,8 +27,8 @@ profile evolution-addressbook-factory @{exec_path} { owner @{user_cache_dirs}/evolution/addressbook/{,**} rwk, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, @{PROC}/sys/kernel/osrelease r, @{PROC}/cmdline r, diff --git a/apparmor.d/groups/gnome/evolution-alarm-notify b/apparmor.d/groups/gnome/evolution-alarm-notify index e1c2bbdf7..0d1dda4bf 100644 --- a/apparmor.d/groups/gnome/evolution-alarm-notify +++ b/apparmor.d/groups/gnome/evolution-alarm-notify @@ -18,8 +18,8 @@ profile evolution-alarm-notify @{exec_path} { /usr/share/glib-2.0/schemas/gschemas.compiled r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, include if exists } diff --git a/apparmor.d/groups/gnome/evolution-calendar-factory b/apparmor.d/groups/gnome/evolution-calendar-factory index 53b425fa3..2c8136711 100644 --- a/apparmor.d/groups/gnome/evolution-calendar-factory +++ b/apparmor.d/groups/gnome/evolution-calendar-factory @@ -29,8 +29,8 @@ profile evolution-calendar-factory @{exec_path} { owner @{user_cache_dirs}/evolution/tasks/{,**} rwk, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, @{PROC}/sys/kernel/osrelease r, @{PROC}/cmdline r, diff --git a/apparmor.d/groups/gnome/evolution-source-registry b/apparmor.d/groups/gnome/evolution-source-registry index 562782046..bc8456885 100644 --- a/apparmor.d/groups/gnome/evolution-source-registry +++ b/apparmor.d/groups/gnome/evolution-source-registry @@ -28,8 +28,8 @@ profile evolution-source-registry @{exec_path} { owner @{user_cache_dirs}/evolution/{,**} rwk, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, @{PROC}/sys/kernel/osrelease r, @{PROC}/cmdline r, diff --git a/apparmor.d/groups/gnome/gdm b/apparmor.d/groups/gnome/gdm index 7722911e7..113f25e26 100644 --- a/apparmor.d/groups/gnome/gdm +++ b/apparmor.d/groups/gnome/gdm @@ -41,7 +41,7 @@ profile gdm @{exec_path} { @{run}/systemd/sessions/[0-9] r, @{run}/systemd/sessions/[0-9].ref r, @{run}/systemd/userdb/ r, - @{run}/systemd/users/[0-9]* r, + @{run}/systemd/users/@{uid} r, @{sys}/devices/virtual/tty/tty[0-9]*/active r, diff --git a/apparmor.d/groups/gnome/gdm-session-worker b/apparmor.d/groups/gnome/gdm-session-worker index 11ae68af5..327b5e4e9 100644 --- a/apparmor.d/groups/gnome/gdm-session-worker +++ b/apparmor.d/groups/gnome/gdm-session-worker @@ -51,7 +51,7 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) { @{run}/faillock/[a-zA-z0-9]* rwk, @{run}/systemd/sessions/[0-9].ref rw, - @{run}/systemd/users/[0-9]* r, + @{run}/systemd/users/@{uid} r, @{run}/utmp rwk, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/groups/gnome/gdm-wayland-session b/apparmor.d/groups/gnome/gdm-wayland-session index dea3f4c4d..406a0a9d4 100644 --- a/apparmor.d/groups/gnome/gdm-wayland-session +++ b/apparmor.d/groups/gnome/gdm-wayland-session @@ -42,8 +42,8 @@ profile gdm-wayland-session @{exec_path} { owner @{PROC}/@{pid}/loginuid r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, # file_inherit /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/gnome/gjs-console b/apparmor.d/groups/gnome/gjs-console index 3fbea9e2b..2f89c577e 100644 --- a/apparmor.d/groups/gnome/gjs-console +++ b/apparmor.d/groups/gnome/gjs-console @@ -49,10 +49,10 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/stat r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, - @{run}/user/[0-9]*/gdm/Xauthority r, + @{run}/user/@{uid}/gdm/Xauthority r, /dev/ r, /dev/tty rw, diff --git a/apparmor.d/groups/gnome/gnome-calendar b/apparmor.d/groups/gnome/gnome-calendar index 39a302f52..bb7567ebf 100644 --- a/apparmor.d/groups/gnome/gnome-calendar +++ b/apparmor.d/groups/gnome/gnome-calendar @@ -22,10 +22,10 @@ profile gnome-calendar @{exec_path} { /usr/share/glib-2.0/schemas/gschemas.compiled r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, - owner @{run}/user/[0-9]*/gdm/Xauthority r, + owner @{run}/user/@{uid}/gdm/Xauthority r, include if exists } diff --git a/apparmor.d/groups/gnome/gnome-contacts b/apparmor.d/groups/gnome/gnome-contacts index d2d9e2411..ae199bea0 100644 --- a/apparmor.d/groups/gnome/gnome-contacts +++ b/apparmor.d/groups/gnome/gnome-contacts @@ -28,8 +28,8 @@ profile gnome-contacts @{exec_path} { owner @{user_share_dirs}/folks/relationships.ini r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, include if exists } diff --git a/apparmor.d/groups/gnome/gnome-keyring-daemon b/apparmor.d/groups/gnome/gnome-keyring-daemon index 58c5a4a11..0d511f54c 100644 --- a/apparmor.d/groups/gnome/gnome-keyring-daemon +++ b/apparmor.d/groups/gnome/gnome-keyring-daemon @@ -30,9 +30,9 @@ profile gnome-keyring-daemon @{exec_path} { # Seahorse and SSH keys owner @{HOME}/@{XDG_SSH_DIR}/{,**} r, - owner @{run}/user/[0-9]*/keyring/ rw, - owner @{run}/user/[0-9]*/keyring/* rw, - owner @{run}/user/[0-9]*/ssh-askpass.[0-9A-Z]*/{,*} rw, + owner @{run}/user/@{uid}/keyring/ rw, + owner @{run}/user/@{uid}/keyring/* rw, + owner @{run}/user/@{uid}/ssh-askpass.[0-9A-Z]*/{,*} rw, @{PROC}/[0-9]*/fd/ r, diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary index 45969e970..cc79f2f3b 100644 --- a/apparmor.d/groups/gnome/gnome-session-binary +++ b/apparmor.d/groups/gnome/gnome-session-binary @@ -57,21 +57,21 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { # Dconf include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/dconf/profile/gdm r, /var/lib/gdm/.config/dconf/user r, # Temp files /tmp/.ICE-unix/[0-9]* rw, - owner @{run}/user/[0-9]*/.mutter-Xwaylandauth.[0-9A-Z]* r, - owner @{run}/user/[0-9]*/gnome-session-leader-fifo rw, - owner @{run}/user/[0-9]*/ICEauthority{,-[a-z]} rwl, + owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* r, + owner @{run}/user/@{uid}/gnome-session-leader-fifo rw, + owner @{run}/user/@{uid}/ICEauthority{,-[a-z]} rwl, @{run}/systemd/inhibit/[0-9]*.ref rw, @{run}/systemd/sessions/[0-9] r, @{run}/systemd/sessions/[0-9].ref rw, - @{run}/systemd/users/[0-9]* r, + @{run}/systemd/users/@{uid} r, @{sys}/devices/**/{vendor,device} r, diff --git a/apparmor.d/groups/gnome/gnome-session-ctl b/apparmor.d/groups/gnome/gnome-session-ctl index db5aa68b3..d5508496e 100644 --- a/apparmor.d/groups/gnome/gnome-session-ctl +++ b/apparmor.d/groups/gnome/gnome-session-ctl @@ -12,7 +12,7 @@ profile gnome-session-ctl @{exec_path} { @{exec_path} mr, - owner @{run}/user/[0-9]*/gnome-session-leader-fifo r, + owner @{run}/user/@{uid}/gnome-session-leader-fifo r, include if exists } diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index 4d1f53cf0..66560700b 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -74,18 +74,18 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { owner @{user_cache_dirs}/gnome-screenshot/{,**} rw, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/dconf/profile/gdm r, /var/lib/gdm/.config/dconf/user r, - owner @{run}/user/[0-9]*/gnome-shell/{,**} rw, - owner @{run}/user/[0-9]*/gnome-shell-disable-extensions rw, - owner @{run}/user/[0-9]*/wayland-[0-9].lock rwk, - owner @{run}/user/[0-9]*/gdm/Xauthority r, - owner @{run}/user/[0-9]*/.mutter-Xwaylandauth.[0-9A-Z]* rw, + owner @{run}/user/@{uid}/gnome-shell/{,**} rw, + owner @{run}/user/@{uid}/gnome-shell-disable-extensions rw, + owner @{run}/user/@{uid}/wayland-[0-9].lock rwk, + owner @{run}/user/@{uid}/gdm/Xauthority r, + owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* rw, - @{run}/systemd/users/[0-9]* r, + @{run}/systemd/users/@{uid} r, @{run}/systemd/sessions/ r, @{run}/systemd/sessions/[0-9] r, @{run}/systemd/inhibit/[0-9]*.ref rw, diff --git a/apparmor.d/groups/gnome/gnome-shell-calendar-server b/apparmor.d/groups/gnome/gnome-shell-calendar-server index e159e8442..e1586b545 100644 --- a/apparmor.d/groups/gnome/gnome-shell-calendar-server +++ b/apparmor.d/groups/gnome/gnome-shell-calendar-server @@ -16,8 +16,8 @@ profile gnome-shell-calendar-server @{exec_path} { /usr/share/glib-2.0/schemas/gschemas.compiled r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, include if exists } diff --git a/apparmor.d/groups/gnome/goa-daemon b/apparmor.d/groups/gnome/goa-daemon index 9a0e8b11e..3e018fee8 100644 --- a/apparmor.d/groups/gnome/goa-daemon +++ b/apparmor.d/groups/gnome/goa-daemon @@ -27,8 +27,8 @@ profile goa-daemon @{exec_path} { owner @{user_config_dirs}/goa-1.0/accounts.conf r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-a11y-settings b/apparmor.d/groups/gnome/gsd-a11y-settings index 8ada3b119..8a17cc7dc 100644 --- a/apparmor.d/groups/gnome/gsd-a11y-settings +++ b/apparmor.d/groups/gnome/gsd-a11y-settings @@ -18,8 +18,8 @@ profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) { /usr/share/glib-2.0/schemas/gschemas.compiled r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/dconf/profile/gdm r, /var/lib/gdm/.config/dconf/user r, diff --git a/apparmor.d/groups/gnome/gsd-color b/apparmor.d/groups/gnome/gsd-color index eeac838b3..161714eb1 100644 --- a/apparmor.d/groups/gnome/gsd-color +++ b/apparmor.d/groups/gnome/gsd-color @@ -26,8 +26,8 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) { /var/lib/gdm/.local/share/icc/edid-*.icc r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/dconf/profile/gdm r, /var/lib/gdm/.config/dconf/user r, diff --git a/apparmor.d/groups/gnome/gsd-datetime b/apparmor.d/groups/gnome/gsd-datetime index 30a11e1ea..388c5c51b 100644 --- a/apparmor.d/groups/gnome/gsd-datetime +++ b/apparmor.d/groups/gnome/gsd-datetime @@ -18,8 +18,8 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) { /usr/share/glib-2.0/schemas/gschemas.compiled r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/dconf/profile/gdm r, /var/lib/gdm/.config/dconf/user r, diff --git a/apparmor.d/groups/gnome/gsd-housekeeping b/apparmor.d/groups/gnome/gsd-housekeeping index 2328fb1fc..0d8b6a817 100644 --- a/apparmor.d/groups/gnome/gsd-housekeeping +++ b/apparmor.d/groups/gnome/gsd-housekeeping @@ -23,8 +23,8 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) { owner @{user_cache_dirs}/thumbnails/fail/gnome-thumbnail-factory/ r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/dconf/profile/gdm r, /var/lib/gdm/.config/dconf/user r, diff --git a/apparmor.d/groups/gnome/gsd-keyboard b/apparmor.d/groups/gnome/gsd-keyboard index 95ef86682..172e2ddf7 100644 --- a/apparmor.d/groups/gnome/gsd-keyboard +++ b/apparmor.d/groups/gnome/gsd-keyboard @@ -22,8 +22,8 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) { /usr/share/X11/xkb/** r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/dconf/profile/gdm r, /var/lib/gdm/.config/dconf/user r, diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys index 88760e72b..65b19e788 100644 --- a/apparmor.d/groups/gnome/gsd-media-keys +++ b/apparmor.d/groups/gnome/gsd-media-keys @@ -34,14 +34,14 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { /var/lib/gdm/.config/pulse/client.conf r, - owner @{run}/user/[0-9]*/pulse/ r, + owner @{run}/user/@{uid}/pulse/ r, @{run}/systemd/inhibit/[0-9]*.ref rw, /dev/shm/ r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/dconf/profile/gdm r, /var/lib/gdm/.config/dconf/user r, diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power index d3b8e9f8b..f8bb145e5 100644 --- a/apparmor.d/groups/gnome/gsd-power +++ b/apparmor.d/groups/gnome/gsd-power @@ -34,8 +34,8 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { owner @{user_config_dirs}/pulse/cookie rk, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/dconf/profile/gdm r, /var/lib/gdm/.config/dconf/user r, @@ -60,7 +60,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { @{run}/systemd/inhibit/[0-9]*.ref rw, - @{run}/user/[0-9]*/pulse/ r, + @{run}/user/@{uid}/pulse/ r, @{PROC}/cmdline r, diff --git a/apparmor.d/groups/gnome/gsd-sharing b/apparmor.d/groups/gnome/gsd-sharing index 52807085c..02dd10ffc 100644 --- a/apparmor.d/groups/gnome/gsd-sharing +++ b/apparmor.d/groups/gnome/gsd-sharing @@ -18,8 +18,8 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) { /usr/share/glib-2.0/schemas/gschemas.compiled r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/dconf/profile/gdm r, /var/lib/gdm/.config/dconf/user r, diff --git a/apparmor.d/groups/gnome/gsd-smartcard b/apparmor.d/groups/gnome/gsd-smartcard index 82c758587..78ac9b2e1 100644 --- a/apparmor.d/groups/gnome/gsd-smartcard +++ b/apparmor.d/groups/gnome/gsd-smartcard @@ -18,8 +18,8 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) { /usr/share/glib-2.0/schemas/gschemas.compiled r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/dconf/profile/gdm r, /var/lib/gdm/.config/dconf/user r, diff --git a/apparmor.d/groups/gnome/gsd-sound b/apparmor.d/groups/gnome/gsd-sound index 6b6fb15f6..27ced6d9c 100644 --- a/apparmor.d/groups/gnome/gsd-sound +++ b/apparmor.d/groups/gnome/gsd-sound @@ -18,8 +18,8 @@ profile gsd-sound @{exec_path} flags=(attach_disconnected) { /usr/share/glib-2.0/schemas/gschemas.compiled r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/dconf/profile/gdm r, /var/lib/gdm/.config/dconf/user r, diff --git a/apparmor.d/groups/gnome/gsd-usb-protection b/apparmor.d/groups/gnome/gsd-usb-protection index d21fa2c0b..4f7bec7cc 100644 --- a/apparmor.d/groups/gnome/gsd-usb-protection +++ b/apparmor.d/groups/gnome/gsd-usb-protection @@ -15,8 +15,8 @@ profile gsd-usb-protection @{exec_path} { /usr/share/glib-2.0/schemas/gschemas.compiled r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-wacom b/apparmor.d/groups/gnome/gsd-wacom index 601ec28c5..c920c3dd6 100644 --- a/apparmor.d/groups/gnome/gsd-wacom +++ b/apparmor.d/groups/gnome/gsd-wacom @@ -28,8 +28,8 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) { /usr/share/X11/xkb/** r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/dconf/profile/gdm r, /var/lib/gdm/.config/dconf/user r, diff --git a/apparmor.d/groups/gnome/gsd-xsettings b/apparmor.d/groups/gnome/gsd-xsettings index d84b83d92..6ea71ad1d 100644 --- a/apparmor.d/groups/gnome/gsd-xsettings +++ b/apparmor.d/groups/gnome/gsd-xsettings @@ -33,12 +33,12 @@ profile gsd-xsettings @{exec_path} { owner @{user_cache_dirs}/mesa_shader_cache/index rw, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/dconf/profile/gdm r, /var/lib/gdm/.config/dconf/user r, - owner @{run}/user/@{pid}/.mutter-Xwaylandauth.[a-zA-z0-9]* r, + owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[a-zA-z0-9]* r, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/groups/gnome/nautilus b/apparmor.d/groups/gnome/nautilus index e477d8101..f0750a6a5 100644 --- a/apparmor.d/groups/gnome/nautilus +++ b/apparmor.d/groups/gnome/nautilus @@ -25,7 +25,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) { # Full access to user's data / r, owner @{HOME}/{,**} rw, - owner @{run}/user/@{pid}/{,**} rw, + owner @{run}/user/@{uid}/{,**} rw, owner /media/*/{,**} rw, owner /mnt/*/{,**} rw, owner /tmp/{,**} rw, @@ -37,8 +37,8 @@ profile nautilus @{exec_path} flags=(attach_disconnected) { deny /tmp/.* rw, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mountinfo r, diff --git a/apparmor.d/groups/gnome/seahorse b/apparmor.d/groups/gnome/seahorse index 447a06e7e..513156880 100644 --- a/apparmor.d/groups/gnome/seahorse +++ b/apparmor.d/groups/gnome/seahorse @@ -25,8 +25,8 @@ profile seahorse @{exec_path} { owner @{HOME}/@{XDG_SSH_DIR}/{,**} r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, @{PROC}/[0-9]*/fd/ r, diff --git a/apparmor.d/groups/gnome/tracker-extract b/apparmor.d/groups/gnome/tracker-extract index 01d2c290b..cbb7dad91 100644 --- a/apparmor.d/groups/gnome/tracker-extract +++ b/apparmor.d/groups/gnome/tracker-extract @@ -23,8 +23,8 @@ profile tracker-extract @{exec_path} { owner @{user_share_dirs}/gvfs-metadata/** r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /tmp/tracker-extract-3-files.*/{,*} rw, diff --git a/apparmor.d/groups/gnome/tracker-miner b/apparmor.d/groups/gnome/tracker-miner index dd919d0bd..4653a1ea8 100644 --- a/apparmor.d/groups/gnome/tracker-miner +++ b/apparmor.d/groups/gnome/tracker-miner @@ -35,8 +35,8 @@ profile tracker-miner @{exec_path} { @{PROC}/sys/fs/inotify/max_user_watches r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, include if exists } diff --git a/apparmor.d/groups/gpg/dirmngr b/apparmor.d/groups/gpg/dirmngr index f50f4656d..411c5e8c2 100644 --- a/apparmor.d/groups/gpg/dirmngr +++ b/apparmor.d/groups/gpg/dirmngr @@ -27,8 +27,8 @@ profile dirmngr @{exec_path} { /usr/share/gnupg/sks-keyservers.netCA.pem r, - owner @{run}/user/[0-9]*/gnupg/ rw, - owner @{run}/user/[0-9]*/gnupg/S.dirmngr rw, + owner @{run}/user/@{uid}/gnupg/ rw, + owner @{run}/user/@{uid}/gnupg/S.dirmngr rw, owner @{PROC}/@{pid}/task/@{tid}/comm rw, diff --git a/apparmor.d/groups/gpg/gpg b/apparmor.d/groups/gpg/gpg index 823273acf..d1cd0d87e 100644 --- a/apparmor.d/groups/gpg/gpg +++ b/apparmor.d/groups/gpg/gpg @@ -60,7 +60,7 @@ profile gpg @{exec_path} { owner /tmp/*.gpg.lock rwl -> /tmp/.#lk0x[0-9a-f]*.*.@{pid}, owner /tmp/.#lk0x[0-9a-f]*.*.@{pid} rw, owner /tmp/.#lk0x[0-9a-f]*.*.@{pid}x rwl -> /tmp/.#lk0x[0-9a-f]*.*.@{pid}, - owner @{run}/user/[0-9]*/gnupg/d.*/ rw, + owner @{run}/user/@{uid}/gnupg/d.*/ rw, # Verify files owner @{HOME}/** r, diff --git a/apparmor.d/groups/gpg/gpg-agent b/apparmor.d/groups/gpg/gpg-agent index e77302fcc..66089521a 100644 --- a/apparmor.d/groups/gpg/gpg-agent +++ b/apparmor.d/groups/gpg/gpg-agent @@ -38,7 +38,7 @@ profile gpg-agent @{exec_path} { # For debuild owner /tmp/dpkg-import-key.*/private-keys-v1.d/ w, - owner @{run}/user/[0-9]*/gnupg/d.*/S.gpg-agent{,.extra,.browser,.ssh} w, + owner @{run}/user/@{uid}/gnupg/d.*/S.gpg-agent{,.extra,.browser,.ssh} w, @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/groups/gpg/scdaemon b/apparmor.d/groups/gpg/scdaemon index 12d85ad9f..dfe46e193 100644 --- a/apparmor.d/groups/gpg/scdaemon +++ b/apparmor.d/groups/gpg/scdaemon @@ -20,7 +20,7 @@ profile scdaemon @{exec_path} { owner @{HOME}/@{XDG_GPG_DIR}/scdaemon.conf r, owner @{HOME}/@{XDG_GPG_DIR}/reader_0.status rw, - owner @{run}/user/[0-9]*/gnupg/S.scdaemon rw, + owner @{run}/user/@{uid}/gnupg/S.scdaemon rw, @{PROC}/@{pid}/task/@{tid}/comm rw, diff --git a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor index fd5521b5f..954d5e69e 100644 --- a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor @@ -29,8 +29,8 @@ profile gvfs-udisks2-volume-monitor @{exec_path} { /{usr/,}bin/umount rPx, include - owner @{run}/user/[0-9]*/dconf/ w, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ w, + owner @{run}/user/@{uid}/dconf/user rw, /etc/fstab r, diff --git a/apparmor.d/groups/gvfs/gvfsd b/apparmor.d/groups/gvfs/gvfsd index 1b5726139..312c26f08 100644 --- a/apparmor.d/groups/gvfs/gvfsd +++ b/apparmor.d/groups/gvfs/gvfsd @@ -21,7 +21,7 @@ profile gvfsd @{exec_path} { /usr/share/gvfs/{,**} r, - owner @{run}/user/[0-9]*/gvfs/ rw, + owner @{run}/user/@{uid}/gvfs/ rw, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/groups/gvfs/gvfsd-dav b/apparmor.d/groups/gvfs/gvfsd-dav index cc40a6ee3..9fa66bc3f 100644 --- a/apparmor.d/groups/gvfs/gvfsd-dav +++ b/apparmor.d/groups/gvfs/gvfsd-dav @@ -28,11 +28,11 @@ profile gvfsd-dav @{exec_path} { /usr/share/mime/mime.cache r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, - owner @{run}/user/[0-9]*/gvfsd/ rw, - owner @{run}/user/[0-9]*/gvfsd/socket-[a-zA-z0-9]* rw, + owner @{run}/user/@{uid}/gvfsd/ rw, + owner @{run}/user/@{uid}/gvfsd/socket-[a-zA-z0-9]* rw, include if exists } diff --git a/apparmor.d/groups/gvfs/gvfsd-dnssd b/apparmor.d/groups/gvfs/gvfsd-dnssd index 43c67eab6..ff13e4412 100644 --- a/apparmor.d/groups/gvfs/gvfsd-dnssd +++ b/apparmor.d/groups/gvfs/gvfsd-dnssd @@ -14,8 +14,8 @@ profile gvfsd-dnssd @{exec_path} { @{exec_path} mr, - owner @{run}/user/[0-9]*/gvfsd/ rw, - owner @{run}/user/[0-9]*/gvfsd/socket-[a-zA-z0-9]* rw, + owner @{run}/user/@{uid}/gvfsd/ rw, + owner @{run}/user/@{uid}/gvfsd/socket-[a-zA-z0-9]* rw, include if exists } diff --git a/apparmor.d/groups/gvfs/gvfsd-ftp b/apparmor.d/groups/gvfs/gvfsd-ftp index 9c3e8e8f2..348e5069b 100644 --- a/apparmor.d/groups/gvfs/gvfsd-ftp +++ b/apparmor.d/groups/gvfs/gvfsd-ftp @@ -22,8 +22,8 @@ profile gvfsd-ftp @{exec_path} { @{exec_path} mr, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/glib-2.0/schemas/gschemas.compiled r, diff --git a/apparmor.d/groups/gvfs/gvfsd-fuse b/apparmor.d/groups/gvfs/gvfsd-fuse index 51757cae8..60f419683 100644 --- a/apparmor.d/groups/gvfs/gvfsd-fuse +++ b/apparmor.d/groups/gvfs/gvfsd-fuse @@ -16,7 +16,7 @@ profile gvfsd-fuse @{exec_path} { /{usr/,}bin/fusermount{,3} rCx -> fusermount, - mount fstype={fuse,fuse.*} -> @{run}/user/[0-9]*/gvfs/, + mount fstype={fuse,fuse.*} -> @{run}/user/@{uid}/gvfs/, /dev/fuse rw, @@ -33,8 +33,8 @@ profile gvfsd-fuse @{exec_path} { /{usr/,}bin/fusermount{,3} mr, - mount fstype={fuse,fuse.*} -> @{run}/user/[0-9]*/gvfs/, - umount @{run}/user/[0-9]*/**/, + mount fstype={fuse,fuse.*} -> @{run}/user/@{uid}/gvfs/, + umount @{run}/user/@{uid}/**/, /etc/fuse.conf r, diff --git a/apparmor.d/groups/gvfs/gvfsd-mtp b/apparmor.d/groups/gvfs/gvfsd-mtp index c886bf6d9..f92698ab2 100644 --- a/apparmor.d/groups/gvfs/gvfsd-mtp +++ b/apparmor.d/groups/gvfs/gvfsd-mtp @@ -19,8 +19,8 @@ profile gvfsd-mtp @{exec_path} { @{exec_path} mr, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/glib-2.0/schemas/gschemas.compiled r, diff --git a/apparmor.d/groups/gvfs/gvfsd-network b/apparmor.d/groups/gvfs/gvfsd-network index 0c6f83828..6143c9605 100644 --- a/apparmor.d/groups/gvfs/gvfsd-network +++ b/apparmor.d/groups/gvfs/gvfsd-network @@ -14,14 +14,14 @@ profile gvfsd-network @{exec_path} { @{exec_path} mr, - owner @{run}/user/[0-9]*/gvfsd/ rw, - owner @{run}/user/[0-9]*/gvfsd/socket-[a-zA-z0-9]* rw, + owner @{run}/user/@{uid}/gvfsd/ rw, + owner @{run}/user/@{uid}/gvfsd/socket-[a-zA-z0-9]* rw, /usr/share/glib-2.0/schemas/gschemas.compiled r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, include if exists } diff --git a/apparmor.d/groups/gvfs/gvfsd-recent b/apparmor.d/groups/gvfs/gvfsd-recent index 759178076..0c54a608f 100644 --- a/apparmor.d/groups/gvfs/gvfsd-recent +++ b/apparmor.d/groups/gvfs/gvfsd-recent @@ -27,8 +27,8 @@ profile gvfsd-recent @{exec_path} { owner @{user_share_dirs}/gvfs-metadata/{,*} r, owner @{user_share_dirs}/recently-used.xbel r, - owner @{run}/user/[0-9]*/gvfsd/ rw, - owner @{run}/user/[0-9]*/gvfsd/socket-[a-zA-z0-9]* rw, + owner @{run}/user/@{uid}/gvfsd/ rw, + owner @{run}/user/@{uid}/gvfsd/socket-[a-zA-z0-9]* rw, owner @{PROC}/@{pid}/mountinfo r, @{PROC}/sys/kernel/random/boot_id r, diff --git a/apparmor.d/groups/gvfs/gvfsd-smb b/apparmor.d/groups/gvfs/gvfsd-smb index ca9d62a85..5d41c78e0 100644 --- a/apparmor.d/groups/gvfs/gvfsd-smb +++ b/apparmor.d/groups/gvfs/gvfsd-smb @@ -21,8 +21,8 @@ profile gvfsd-smb @{exec_path} { @{exec_path} mr, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/glib-2.0/schemas/gschemas.compiled r, diff --git a/apparmor.d/groups/gvfs/gvfsd-smb-browse b/apparmor.d/groups/gvfs/gvfsd-smb-browse index a7b54d7ab..67f25c74a 100644 --- a/apparmor.d/groups/gvfs/gvfsd-smb-browse +++ b/apparmor.d/groups/gvfs/gvfsd-smb-browse @@ -21,8 +21,8 @@ profile gvfsd-smb-browse @{exec_path} { @{exec_path} mr, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/glib-2.0/schemas/gschemas.compiled r, diff --git a/apparmor.d/groups/gvfs/gvfsd-trash b/apparmor.d/groups/gvfs/gvfsd-trash index b5d54ab85..fa2076874 100644 --- a/apparmor.d/groups/gvfs/gvfsd-trash +++ b/apparmor.d/groups/gvfs/gvfsd-trash @@ -26,8 +26,8 @@ profile gvfsd-trash @{exec_path} { @{run}/mount/utab r, - owner @{run}/user/[0-9]*/gvfsd/ rw, - owner @{run}/user/[0-9]*/gvfsd/socket-[a-zA-z0-9]* rw, + owner @{run}/user/@{uid}/gvfsd/ rw, + owner @{run}/user/@{uid}/gvfsd/socket-[a-zA-z0-9]* rw, # Can restore all user files owner @{HOME}/{,**} rw, diff --git a/apparmor.d/groups/ssh/ssh-agent b/apparmor.d/groups/ssh/ssh-agent index db8439222..84f0707f1 100644 --- a/apparmor.d/groups/ssh/ssh-agent +++ b/apparmor.d/groups/ssh/ssh-agent @@ -31,7 +31,7 @@ profile ssh-agent @{exec_path} { owner @{HOME}/@{XDG_PROJECTS_DIR}/**/ssh/{,*} r, # When started via systemd - @{run}/user/[0-9]*/openssh_agent rw, + @{run}/user/@{uid}/openssh_agent rw, # askpass apps #/{usr/,}lib/ssh/x11-ssh-askpass rPUx, diff --git a/apparmor.d/groups/systemd/systemd-logind b/apparmor.d/groups/systemd/systemd-logind index a7eb9b072..636888378 100644 --- a/apparmor.d/groups/systemd/systemd-logind +++ b/apparmor.d/groups/systemd/systemd-logind @@ -58,7 +58,7 @@ profile systemd-logind @{exec_path} flags=(complain) { @{run}/systemd/sessions/[0-9]*{,.ref} rw, @{run}/systemd/sessions/.#* rw, @{run}/systemd/users/ r, - @{run}/systemd/users/[0-9]* rw, + @{run}/systemd/users/@{uid} rw, @{run}/systemd/users/.#* rw, @{run}/systemd/userdb/ r, diff --git a/apparmor.d/groups/systemd/systemd-tmpfiles b/apparmor.d/groups/systemd/systemd-tmpfiles index 8bbbc1702..7bc99e10a 100644 --- a/apparmor.d/groups/systemd/systemd-tmpfiles +++ b/apparmor.d/groups/systemd/systemd-tmpfiles @@ -29,7 +29,7 @@ profile systemd-tmpfiles @{exec_path} { @{run}/tmpfiles.d/{,*.conf} r, /usr/lib/tmpfiles.d/{,*.conf} r, @{user_config_dirs}/user-tmpfiles.d/{,*.conf} r, - @{run}/user/@{pid}/user-tmpfiles.d/{,*.conf} r, + @{run}/user/@{uid}/user-tmpfiles.d/{,*.conf} r, @{user_share_dirs}/user-tmpfiles.d/{,*.conf} r, /usr/share/user-tmpfiles.d/{,*.conf} r, diff --git a/apparmor.d/groups/systemd/systemd-xdg-autostart-generator b/apparmor.d/groups/systemd/systemd-xdg-autostart-generator index 7f494d3a1..d6ebfa2d1 100644 --- a/apparmor.d/groups/systemd/systemd-xdg-autostart-generator +++ b/apparmor.d/groups/systemd/systemd-xdg-autostart-generator @@ -17,7 +17,7 @@ profile systemd-xdg-autostart-generator @{exec_path} { /etc/xdg/autostart/{,*.desktop} r, owner @{user_config_dirs}/autostart/{,*.desktop} r, - owner @{run}/user/@{pid}/systemd/generator.late/{,**} rw, + owner @{run}/user/@{uid}/systemd/generator.late/{,**} rw, owner @{PROC}/@{pid}/cgroup r, diff --git a/apparmor.d/profiles-a-l/amarok b/apparmor.d/profiles-a-l/amarok index 8d9a548e8..1d1f66811 100644 --- a/apparmor.d/profiles-a-l/amarok +++ b/apparmor.d/profiles-a-l/amarok @@ -136,7 +136,7 @@ profile amarok @{exec_path} { /usr/share/icons/*/index.theme rk, - @{run}/user/[0-9]*/ksocket-*/amarok*.slave-socket rw, + @{run}/user/@{uid}/ksocket-*/amarok*.slave-socket rw, # What's this for? deny /etc/mysql/** r, diff --git a/apparmor.d/profiles-a-l/anki b/apparmor.d/profiles-a-l/anki index 7cf6a1796..6550785e4 100644 --- a/apparmor.d/profiles-a-l/anki +++ b/apparmor.d/profiles-a-l/anki @@ -185,7 +185,7 @@ profile anki @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-a-l/arduino b/apparmor.d/profiles-a-l/arduino index 7fba14cb6..a7af4d7c2 100644 --- a/apparmor.d/profiles-a-l/arduino +++ b/apparmor.d/profiles-a-l/arduino @@ -52,7 +52,7 @@ profile arduino @{exec_path} { owner @{HOME}/.java/fonts/*/fcinfo-*.properties rw, include - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/arduino/{,**} r, /usr/share/arduino-builder/{,**} r, @@ -126,7 +126,7 @@ profile arduino @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-a-l/birdtray b/apparmor.d/profiles-a-l/birdtray index 04758e49d..f6388c8fb 100644 --- a/apparmor.d/profiles-a-l/birdtray +++ b/apparmor.d/profiles-a-l/birdtray @@ -87,7 +87,7 @@ profile birdtray @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-a-l/cawbird b/apparmor.d/profiles-a-l/cawbird index b97edb54d..01cdb8e12 100644 --- a/apparmor.d/profiles-a-l/cawbird +++ b/apparmor.d/profiles-a-l/cawbird @@ -39,8 +39,8 @@ profile cawbird @{exec_path} { # This is needed as cawbird stores its settings in the dconf database. include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /var/lib/dbus/machine-id r, /etc/machine-id r, @@ -61,7 +61,7 @@ profile cawbird @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-a-l/czkawka-gui b/apparmor.d/profiles-a-l/czkawka-gui index 327f0a672..59808b2ae 100644 --- a/apparmor.d/profiles-a-l/czkawka-gui +++ b/apparmor.d/profiles-a-l/czkawka-gui @@ -39,8 +39,8 @@ profile czkawka-gui @{exec_path} { /usr/share/glib-2.0/schemas/gschemas.compiled r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, profile open { @@ -56,7 +56,7 @@ profile czkawka-gui @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open #/{usr/,}lib/firefox/firefox rPx, diff --git a/apparmor.d/profiles-a-l/dino-im b/apparmor.d/profiles-a-l/dino-im index aa6c3a7d8..692ba3b27 100644 --- a/apparmor.d/profiles-a-l/dino-im +++ b/apparmor.d/profiles-a-l/dino-im @@ -30,8 +30,8 @@ profile dino-im @{exec_path} { /{usr/,}bin/gpgsm rCx -> gpg, include - owner @{run}/user/[0-9]*/dconf/ w, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ w, + owner @{run}/user/@{uid}/dconf/user rw, owner @{user_share_dirs}/dino/ rw, owner @{user_share_dirs}/dino/** rwk, diff --git a/apparmor.d/profiles-a-l/engrampa b/apparmor.d/profiles-a-l/engrampa index 9bc21b6f8..1a263043f 100644 --- a/apparmor.d/profiles-a-l/engrampa +++ b/apparmor.d/profiles-a-l/engrampa @@ -45,8 +45,8 @@ profile engrampa @{exec_path} { /{usr/,}bin/xdg-open rCx -> open, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, owner @{user_config_dirs}/engrampa/ rw, @@ -106,7 +106,7 @@ profile engrampa @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}bin/engrampa rPx, diff --git a/apparmor.d/profiles-a-l/font-manager b/apparmor.d/profiles-a-l/font-manager index d9a358bfb..d5901360f 100644 --- a/apparmor.d/profiles-a-l/font-manager +++ b/apparmor.d/profiles-a-l/font-manager @@ -60,8 +60,8 @@ profile font-manager @{exec_path} { @{sys}/fs/cgroup/{,**} r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, # Silencer owner /var/cache/fontconfig/ w, diff --git a/apparmor.d/profiles-a-l/gajim b/apparmor.d/profiles-a-l/gajim index 12cd210f3..56c52cd8b 100644 --- a/apparmor.d/profiles-a-l/gajim +++ b/apparmor.d/profiles-a-l/gajim @@ -94,8 +94,8 @@ profile gajim @{exec_path} { owner /tmp/* rw, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, # Silencer deny /usr/share/gajim/** w, @@ -115,8 +115,8 @@ profile gajim @{exec_path} { @{PROC}/@{pid}/fd/ r, @{PROC}/@{pid}/task/@{tid}/comm rw, - owner @{run}/user/[0-9]*/gnupg/d.*/ rw, - owner @{run}/user/[0-9]*/gnupg/d.*/S.gpg-agent{,.extra,.browser,.ssh} w, + owner @{run}/user/@{uid}/gnupg/d.*/ rw, + owner @{run}/user/@{uid}/gnupg/d.*/S.gpg-agent{,.extra,.browser,.ssh} w, owner @{HOME}/@{XDG_GPG_DIR}/ rw, owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, diff --git a/apparmor.d/profiles-a-l/gpartedbin b/apparmor.d/profiles-a-l/gpartedbin index 68e12063b..08c88cefb 100644 --- a/apparmor.d/profiles-a-l/gpartedbin +++ b/apparmor.d/profiles-a-l/gpartedbin @@ -217,7 +217,7 @@ profile gpartedbin @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open diff --git a/apparmor.d/profiles-a-l/gpodder b/apparmor.d/profiles-a-l/gpodder index 386b4080e..1cdd05c2b 100644 --- a/apparmor.d/profiles-a-l/gpodder +++ b/apparmor.d/profiles-a-l/gpodder @@ -84,7 +84,7 @@ profile gpodder @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-a-l/gtk-youtube-viewer b/apparmor.d/profiles-a-l/gtk-youtube-viewer index 187101c81..2184266e2 100644 --- a/apparmor.d/profiles-a-l/gtk-youtube-viewer +++ b/apparmor.d/profiles-a-l/gtk-youtube-viewer @@ -108,7 +108,7 @@ profile gtk-youtube-viewer @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-a-l/hardinfo b/apparmor.d/profiles-a-l/hardinfo index 112280432..ccb2e00eb 100644 --- a/apparmor.d/profiles-a-l/hardinfo +++ b/apparmor.d/profiles-a-l/hardinfo @@ -168,7 +168,7 @@ profile hardinfo @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-a-l/hypnotix b/apparmor.d/profiles-a-l/hypnotix index 9a17e6d3c..fe5df0980 100644 --- a/apparmor.d/profiles-a-l/hypnotix +++ b/apparmor.d/profiles-a-l/hypnotix @@ -61,8 +61,8 @@ profile hypnotix @{exec_path} { # To be able to store settings include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, /usr/share/hypnotix/{,**} r, diff --git a/apparmor.d/profiles-a-l/jdownloader b/apparmor.d/profiles-a-l/jdownloader index 924039424..99bc8ec68 100644 --- a/apparmor.d/profiles-a-l/jdownloader +++ b/apparmor.d/profiles-a-l/jdownloader @@ -112,7 +112,7 @@ profile jdownloader @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-a-l/keepassxc b/apparmor.d/profiles-a-l/keepassxc index f02df7549..0703dd80f 100644 --- a/apparmor.d/profiles-a-l/keepassxc +++ b/apparmor.d/profiles-a-l/keepassxc @@ -89,10 +89,10 @@ profile keepassxc @{exec_path} { owner @{user_config_dirs}/chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json rw, owner @{user_config_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json rw, owner @{HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json rw, - owner @{run}/user/[0-9]*/.[a-zA-Z]*/{,s} rw, - owner @{run}/user/[0-9]*/kpxc_server rw, + owner @{run}/user/@{uid}/.[a-zA-Z]*/{,s} rw, + owner @{run}/user/@{uid}/kpxc_server rw, - owner @{run}/user/[0-9]*/org.keepassxc.KeePassXC.BrowserServer w, + owner @{run}/user/@{uid}/org.keepassxc.KeePassXC.BrowserServer w, /var/lib/dbus/machine-id r, /etc/machine-id r, @@ -122,7 +122,7 @@ profile keepassxc @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-a-l/keepassxc-proxy b/apparmor.d/profiles-a-l/keepassxc-proxy index a02133b8a..e91c62acf 100644 --- a/apparmor.d/profiles-a-l/keepassxc-proxy +++ b/apparmor.d/profiles-a-l/keepassxc-proxy @@ -23,8 +23,8 @@ profile keepassxc-proxy @{exec_path} { @{exec_path} mr, # file_inherit - deny owner @{run}/user/[0-9]*/.[a-zA-Z]*/{,s} rw, - deny owner @{run}/user/[0-9]*/kpxc_server rw, + deny owner @{run}/user/@{uid}/.[a-zA-Z]*/{,s} rw, + deny owner @{run}/user/@{uid}/kpxc_server rw, deny /dev/shm/org.chromium.* rw, deny owner /dev/shm/org.mozilla.ipc.[0-9]*.[0-9]* rw, # diff --git a/apparmor.d/profiles-a-l/labwc b/apparmor.d/profiles-a-l/labwc index 999dd1e30..f08b50e91 100644 --- a/apparmor.d/profiles-a-l/labwc +++ b/apparmor.d/profiles-a-l/labwc @@ -62,7 +62,7 @@ profile labwc @{exec_path} flags=(attach_disconnected) { @{run}/systemd/sessions/[0-9]* r, @{run}/systemd/seats/seat[0-9]* r, - @{run}/user/[0-9]*/wayland-[0-9].lock k, + @{run}/user/@{uid}/wayland-[0-9].lock k, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/profiles-a-l/light-locker b/apparmor.d/profiles-a-l/light-locker index 35e1c76fd..595fde49d 100644 --- a/apparmor.d/profiles-a-l/light-locker +++ b/apparmor.d/profiles-a-l/light-locker @@ -32,8 +32,8 @@ profile light-locker @{exec_path} { # dconf-CRITICAL **: unable to create file '/run/user/1000/dconf/user': Permission denied. # dconf will not work properly. ##include - #owner @{run}/user/[0-9]*/dconf/ w, - #owner @{run}/user/[0-9]*/dconf/user rw, + #owner @{run}/user/@{uid}/dconf/ w, + #owner @{run}/user/@{uid}/dconf/user rw, include @{sys}/devices/pci[0-9]*/**/uevent r, diff --git a/apparmor.d/profiles-m-z/mediainfo-gui b/apparmor.d/profiles-m-z/mediainfo-gui index 96a04c427..c9ab972d0 100644 --- a/apparmor.d/profiles-m-z/mediainfo-gui +++ b/apparmor.d/profiles-m-z/mediainfo-gui @@ -57,8 +57,8 @@ profile mediainfo-gui @{exec_path} { /usr/share/glib-2.0/schemas/gschemas.compiled r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, profile open { @@ -74,7 +74,7 @@ profile mediainfo-gui @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-m-z/megasync b/apparmor.d/profiles-m-z/megasync index 174092bb7..bcb262867 100644 --- a/apparmor.d/profiles-m-z/megasync +++ b/apparmor.d/profiles-m-z/megasync @@ -103,7 +103,7 @@ profile megasync @{exec_path} { owner @{HOME}/ r, owner "@{user_share_dirs}/data/Mega Limited/MEGAsync/" r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPx, diff --git a/apparmor.d/profiles-m-z/minitube b/apparmor.d/profiles-m-z/minitube index 0523825b8..29ddf17cc 100644 --- a/apparmor.d/profiles-m-z/minitube +++ b/apparmor.d/profiles-m-z/minitube @@ -112,7 +112,7 @@ profile minitube @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-m-z/mumble b/apparmor.d/profiles-m-z/mumble index cd5c387c0..359948a14 100644 --- a/apparmor.d/profiles-m-z/mumble +++ b/apparmor.d/profiles-m-z/mumble @@ -55,8 +55,8 @@ profile mumble @{exec_path} { /dev/shm/MumbleLink.[0-9]*[0-9] rw, /dev/shm/#[0-9]*[0-9] rw, - owner @{run}/user/[0-9]*/MumbleSocket rw, - owner @{run}/user/[0-9]*/MumbleOverlayPipe rw, + owner @{run}/user/@{uid}/MumbleSocket rw, + owner @{run}/user/@{uid}/MumbleOverlayPipe rw, deny owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/fd/ r, @@ -91,7 +91,7 @@ profile mumble @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-m-z/orage b/apparmor.d/profiles-m-z/orage index 150738887..29f0b7230 100644 --- a/apparmor.d/profiles-m-z/orage +++ b/apparmor.d/profiles-m-z/orage @@ -58,7 +58,7 @@ profile orage @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-m-z/pinentry-gtk-2 b/apparmor.d/profiles-m-z/pinentry-gtk-2 index 2877fcb9a..b186e20fa 100644 --- a/apparmor.d/profiles-m-z/pinentry-gtk-2 +++ b/apparmor.d/profiles-m-z/pinentry-gtk-2 @@ -18,7 +18,7 @@ profile pinentry-gtk-2 @{exec_path} { /usr/share/gtk-2.0/gtkrc r, - owner @{run}/user/@{pid}/.mutter-Xwaylandauth.[0-9A-Z]* r, + owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* r, include if exists } diff --git a/apparmor.d/profiles-m-z/polkitd b/apparmor.d/profiles-m-z/polkitd index 075865b48..48f98cfa8 100644 --- a/apparmor.d/profiles-m-z/polkitd +++ b/apparmor.d/profiles-m-z/polkitd @@ -41,7 +41,7 @@ profile polkitd @{exec_path} { owner /var/lib/polkit-1/.cache/ rw, @{run}/systemd/sessions/* r, - @{run}/systemd/users/[0-9]* r, + @{run}/systemd/users/@{uid} r, # Silencer deny /.cache/ rw, diff --git a/apparmor.d/profiles-m-z/psi b/apparmor.d/profiles-m-z/psi index ec3fb71e0..624000ae8 100644 --- a/apparmor.d/profiles-m-z/psi +++ b/apparmor.d/profiles-m-z/psi @@ -147,7 +147,7 @@ profile psi @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-m-z/psi-plus b/apparmor.d/profiles-m-z/psi-plus index be01d350f..471132146 100644 --- a/apparmor.d/profiles-m-z/psi-plus +++ b/apparmor.d/profiles-m-z/psi-plus @@ -147,7 +147,7 @@ profile psi-plus @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-m-z/pulseaudio b/apparmor.d/profiles-m-z/pulseaudio index 222ffac9a..e99ed3f31 100644 --- a/apparmor.d/profiles-m-z/pulseaudio +++ b/apparmor.d/profiles-m-z/pulseaudio @@ -42,14 +42,14 @@ profile pulseaudio @{exec_path} { owner @{HOME}/.Xauthority r, # Needed when PulseAudio is started via gdm - owner @{run}/user/[0-9]*/gdm/Xauthority r, + owner @{run}/user/@{uid}/gdm/Xauthority r, owner @{HOME}/.ICEauthority r, # TCP wrap /etc/hosts.{allow,deny} r, - owner @{run}/user/[0-9]*/ rw, - owner @{run}/user/[0-9]*/pulse/{,*} rw, + owner @{run}/user/@{uid}/ rw, + owner @{run}/user/@{uid}/pulse/{,*} rw, /usr/share/applications/{,**} r, /usr/share/glib-2.0/schemas/gschemas.compiled r, @@ -65,7 +65,7 @@ profile pulseaudio @{exec_path} { @{sys}/devices/system/node/ r, @{sys}/devices/system/node/node[0-9]/meminfo r, - @{run}/systemd/users/[0-9]* r, + @{run}/systemd/users/@{uid} r, @{run}/user/1000/dconf/user rw, @{run}/user/1000/ICEauthority r, @@ -78,7 +78,7 @@ profile pulseaudio @{exec_path} { # The orcexec.* file is JIT compiled code for various GStreamer elements. # If one is blocked the next is used instead. - owner @{run}/user/[0-9]*/orcexec.* mrw, + owner @{run}/user/@{uid}/orcexec.* mrw, #owner @{HOME}/orcexec.* mrw, #owner /tmp/orcexec.* mrw, diff --git a/apparmor.d/profiles-m-z/qbittorrent b/apparmor.d/profiles-m-z/qbittorrent index 3b72dd67c..372799601 100644 --- a/apparmor.d/profiles-m-z/qbittorrent +++ b/apparmor.d/profiles-m-z/qbittorrent @@ -158,7 +158,7 @@ profile qbittorrent @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}bin/spacefm rPx, diff --git a/apparmor.d/profiles-m-z/qnapi b/apparmor.d/profiles-m-z/qnapi index 6f35e0bb7..665b236ab 100644 --- a/apparmor.d/profiles-m-z/qnapi +++ b/apparmor.d/profiles-m-z/qnapi @@ -136,7 +136,7 @@ profile qnapi @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-m-z/qpdfview b/apparmor.d/profiles-m-z/qpdfview index cc60f5433..dff36917d 100644 --- a/apparmor.d/profiles-m-z/qpdfview +++ b/apparmor.d/profiles-m-z/qpdfview @@ -109,7 +109,7 @@ profile qpdfview @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-m-z/qtox b/apparmor.d/profiles-m-z/qtox index f179df3cb..1890eb7c7 100644 --- a/apparmor.d/profiles-m-z/qtox +++ b/apparmor.d/profiles-m-z/qtox @@ -84,7 +84,7 @@ profile qtox @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-m-z/querybts b/apparmor.d/profiles-m-z/querybts index ae007f830..83167f6c4 100644 --- a/apparmor.d/profiles-m-z/querybts +++ b/apparmor.d/profiles-m-z/querybts @@ -70,7 +70,7 @@ profile querybts @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-m-z/quiterss b/apparmor.d/profiles-m-z/quiterss index 731287e92..f520731fb 100644 --- a/apparmor.d/profiles-m-z/quiterss +++ b/apparmor.d/profiles-m-z/quiterss @@ -90,7 +90,7 @@ profile quiterss @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-m-z/redshift b/apparmor.d/profiles-m-z/redshift index 7f93ca27a..ff46bfe66 100644 --- a/apparmor.d/profiles-m-z/redshift +++ b/apparmor.d/profiles-m-z/redshift @@ -31,7 +31,7 @@ profile redshift @{exec_path} { owner @{user_config_dirs}/redshift/{,**} rw, owner @{user_config_dirs}/redshift.conf rw, - owner @{run}/user/[0-9]*/redshift-shared-* rw, + owner @{run}/user/@{uid}/redshift-shared-* rw, owner @{HOME}/.Xauthority r, owner /tmp/xauth-[0-9]*-_[0-9] r, diff --git a/apparmor.d/profiles-m-z/reportbug b/apparmor.d/profiles-m-z/reportbug index f03f0f54d..e7fc53cbc 100644 --- a/apparmor.d/profiles-m-z/reportbug +++ b/apparmor.d/profiles-m-z/reportbug @@ -131,7 +131,7 @@ profile reportbug @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-m-z/sddm b/apparmor.d/profiles-m-z/sddm index b2a1aea88..0968089d3 100644 --- a/apparmor.d/profiles-m-z/sddm +++ b/apparmor.d/profiles-m-z/sddm @@ -93,7 +93,7 @@ profile sddm @{exec_path} { owner @{user_share_dirs}/kwalletd/ rw, owner @{user_share_dirs}/kwalletd/kdewallet.salt rw, @{user_share_dirs}/kwalletd/kdewallet.salt r, - owner @{run}/user/[0-9]*/kwallet5.socket rw, + owner @{run}/user/@{uid}/kwallet5.socket rw, # Themes /usr/share/sddm/themes/** r, diff --git a/apparmor.d/profiles-m-z/smtube b/apparmor.d/profiles-m-z/smtube index be2afb4d4..bcc872c34 100644 --- a/apparmor.d/profiles-m-z/smtube +++ b/apparmor.d/profiles-m-z/smtube @@ -93,7 +93,7 @@ profile smtube @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-m-z/strawberry b/apparmor.d/profiles-m-z/strawberry index f0e289660..af72a2fe6 100644 --- a/apparmor.d/profiles-m-z/strawberry +++ b/apparmor.d/profiles-m-z/strawberry @@ -123,7 +123,7 @@ profile strawberry @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-m-z/syncthing b/apparmor.d/profiles-m-z/syncthing index 133f7fd80..e6e26d106 100644 --- a/apparmor.d/profiles-m-z/syncthing +++ b/apparmor.d/profiles-m-z/syncthing @@ -56,7 +56,7 @@ profile syncthing @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-m-z/system-config-printer b/apparmor.d/profiles-m-z/system-config-printer index 92a4882c1..35127a40d 100644 --- a/apparmor.d/profiles-m-z/system-config-printer +++ b/apparmor.d/profiles-m-z/system-config-printer @@ -58,8 +58,8 @@ profile system-config-printer @{exec_path} flags=(complain) { owner @{PROC}/@{pid}/mountinfo r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/profiles-m-z/udiskie b/apparmor.d/profiles-m-z/udiskie index 0766cb3c2..31c3ea0ab 100644 --- a/apparmor.d/profiles-m-z/udiskie +++ b/apparmor.d/profiles-m-z/udiskie @@ -59,7 +59,7 @@ profile udiskie @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}bin/spacefm rPx, diff --git a/apparmor.d/profiles-m-z/usbguard-applet-qt b/apparmor.d/profiles-m-z/usbguard-applet-qt index e3fd579b7..3a075f7db 100644 --- a/apparmor.d/profiles-m-z/usbguard-applet-qt +++ b/apparmor.d/profiles-m-z/usbguard-applet-qt @@ -32,7 +32,7 @@ profile usbguard-applet-qt @{exec_path} { /dev/shm/qb-usbguard-{request,response,event}-[0-9]*-[0-9]*-[0-9]*-{header,data} rw, /dev/shm/qb-[0-9]*-[0-9]*-[0-9]*-*/qb-{request,response,event}-usbguard-{header,data} rw, - owner @{run}/user/[0-9]*/sni-qt_usbguard-applet-qt_[0-9]*-[a-zA-Z0-9]*/{,**} rw, + owner @{run}/user/@{uid}/sni-qt_usbguard-applet-qt_[0-9]*-[a-zA-Z0-9]*/{,**} rw, owner @{PROC}/@{pid}/cmdline r, @{PROC}/sys/kernel/random/boot_id r, diff --git a/apparmor.d/profiles-m-z/utox b/apparmor.d/profiles-m-z/utox index 0c04b94b5..f5b43ba48 100644 --- a/apparmor.d/profiles-m-z/utox +++ b/apparmor.d/profiles-m-z/utox @@ -40,8 +40,8 @@ profile utox @{exec_path} { /usr/share/glib-2.0/schemas/gschemas.compiled r, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, # For video support owner /dev/shm/libv4l-* rw, @@ -66,7 +66,7 @@ profile utox @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-m-z/vidcutter b/apparmor.d/profiles-m-z/vidcutter index 1c13184a5..46510a55f 100644 --- a/apparmor.d/profiles-m-z/vidcutter +++ b/apparmor.d/profiles-m-z/vidcutter @@ -145,7 +145,7 @@ profile vidcutter @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-m-z/virt-manager b/apparmor.d/profiles-m-z/virt-manager index ff2980a14..77de23e09 100644 --- a/apparmor.d/profiles-m-z/virt-manager +++ b/apparmor.d/profiles-m-z/virt-manager @@ -86,7 +86,7 @@ profile virt-manager @{exec_path} { @{run}/mount/utab r, - owner @{run}/user/[0-9]*/libvirt/libvirtd.lock rwk, + owner @{run}/user/@{uid}/libvirt/libvirtd.lock rwk, /var/lib/dbus/machine-id r, /etc/machine-id r, diff --git a/apparmor.d/profiles-m-z/wireshark b/apparmor.d/profiles-m-z/wireshark index a33e0fd36..f64211e76 100644 --- a/apparmor.d/profiles-m-z/wireshark +++ b/apparmor.d/profiles-m-z/wireshark @@ -100,7 +100,7 @@ profile wireshark @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}lib/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-m-z/xarchiver b/apparmor.d/profiles-m-z/xarchiver index 73099067f..0bbc3d0cd 100644 --- a/apparmor.d/profiles-m-z/xarchiver +++ b/apparmor.d/profiles-m-z/xarchiver @@ -44,8 +44,8 @@ profile xarchiver @{exec_path} { /{usr/,}bin/xdg-open rCx -> open, include - owner @{run}/user/[0-9]*/dconf/ rw, - owner @{run}/user/[0-9]*/dconf/user rw, + owner @{run}/user/@{uid}/dconf/ rw, + owner @{run}/user/@{uid}/dconf/user rw, owner @{user_config_dirs}/xarchiver/ rw, owner @{user_config_dirs}/xarchiver/xarchiverrc{,.*} rw, @@ -91,7 +91,7 @@ profile xarchiver @{exec_path} { owner @{HOME}/ r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, # Allowed apps to open /{usr/,}bin/engrampa rPUx, diff --git a/apparmor.d/profiles-m-z/xdg-dbus-proxy b/apparmor.d/profiles-m-z/xdg-dbus-proxy index 7c6645101..9632d12a7 100644 --- a/apparmor.d/profiles-m-z/xdg-dbus-proxy +++ b/apparmor.d/profiles-m-z/xdg-dbus-proxy @@ -13,7 +13,7 @@ profile xdg-dbus-proxy @{exec_path} flags=(attach_disconnected, complain) { @{exec_path} mr, owner @{run}/firejail/dbus/[0-9]*/[0-9]*-user rw, - owner @{run}/user/@{pid}/webkitgtk/dbus-proxy-[0-9A-Z]* rw, + owner @{run}/user/@{uid}/webkitgtk/dbus-proxy-[0-9A-Z]* rw, /dev/dri/card[0-9]* rw, diff --git a/apparmor.d/profiles-m-z/xdg-mime b/apparmor.d/profiles-m-z/xdg-mime index 3f7405ada..040ccf702 100644 --- a/apparmor.d/profiles-m-z/xdg-mime +++ b/apparmor.d/profiles-m-z/xdg-mime @@ -45,7 +45,7 @@ profile xdg-mime @{exec_path} { owner @{HOME}/.Xauthority r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, /dev/tty rw, diff --git a/apparmor.d/profiles-m-z/xdg-screensaver b/apparmor.d/profiles-m-z/xdg-screensaver index 16d634717..708390c62 100644 --- a/apparmor.d/profiles-m-z/xdg-screensaver +++ b/apparmor.d/profiles-m-z/xdg-screensaver @@ -38,7 +38,7 @@ profile xdg-screensaver @{exec_path} { owner @{HOME}/.Xauthority r, owner /tmp/xauth-[0-9]*-_[0-9] r, - owner @{run}/user/[0-9]*/ r, + owner @{run}/user/@{uid}/ r, include if exists } diff --git a/apparmor.d/profiles-m-z/xdg-settings b/apparmor.d/profiles-m-z/xdg-settings index aaadf18cc..6841c9903 100644 --- a/apparmor.d/profiles-m-z/xdg-settings +++ b/apparmor.d/profiles-m-z/xdg-settings @@ -58,7 +58,7 @@ profile xdg-settings @{exec_path} { # For shell pwd owner @{HOME}/ r, - @{run}/user/[0-9]*/ r, + @{run}/user/@{uid}/ r, profile dbus {