Merge branch 'tunables' of https://github.com/nobody43/apparmor.d into nobody43-tunables

* 'tunables' of https://github.com/nobody43/apparmor.d: dbus temp tails Update apparmor.d Update gdm-runtime-config more unrelated changes adjust date-time random tails rename to int, convert more profiles fixes tunables
2023-08-17 20:01:53 +01:00 · 2023-08-17 20:01:53 +01:00 · 557d905543
commit 557d905543
parent 7b018a60bd
198 changed files with 560 additions and 507 deletions
--- a/apparmor.d/groups/gnome/gnome-shell
+++ b/apparmor.d/groups/gnome/gnome-shell
@ -52,7 +52,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
  unix (send,receive) type=stream addr=none peer=(label=gnome-extension-ding),
  unix (send,receive) type=stream addr=none peer=(label=xkbcomp),
  unix (send,receive) type=stream addr=none peer=(label=xwayland),
-  unix (send, receive, connect) type=stream peer=(addr="@/var/lib/gdm{3,}/.cache/ibus/dbus-*", label=ibus-daemon),
+  unix (send, receive, connect) type=stream peer=(addr="@/var/lib/gdm{3,}/.cache/ibus/dbus-????????", label=ibus-daemon),

  dbus send bus=session path=/org/freedesktop/DBus
       interface=org.freedesktop.DBus
@ -514,20 +514,20 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
  /etc/xdg/menus/gnome-applications.menu r,

  /var/lib/gdm{3,}/.cache/ w,
-  /var/lib/gdm{3,}/.cache/event-sound-cache.tdb.*.x86_64-pc-linux-gnu rwk,
+  /var/lib/gdm{3,}/.cache/event-sound-cache.tdb.@{md5}.x86_64-pc-linux-gnu rwk,
  /var/lib/gdm{3,}/.cache/fontconfig/{,*} rwl, 
  /var/lib/gdm{3,}/.cache/gstreamer-[0-9]*/ rw,
-  /var/lib/gdm{3,}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
+  /var/lib/gdm{3,}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp@{rand6}} rw,
  /var/lib/gdm{3,}/.cache/libgweather/ r,
  /var/lib/gdm{3,}/.cache/mesa_shader_cache/ rw,
-  /var/lib/gdm{3,}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/ rw,
-  /var/lib/gdm{3,}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/@{hex} rw,
-  /var/lib/gdm{3,}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/@{hex}.tmp rwk,
+  /var/lib/gdm{3,}/.cache/mesa_shader_cache/@{h}@{h}/ rw,
+  /var/lib/gdm{3,}/.cache/mesa_shader_cache/@{h}@{h}/@{hex} rw,
+  /var/lib/gdm{3,}/.cache/mesa_shader_cache/@{h}@{h}/@{hex}.tmp rwk,
  /var/lib/gdm{3,}/.cache/mesa_shader_cache/index rw,
  /var/lib/gdm{3,}/.config/dconf/user r,
  /var/lib/gdm{3,}/.config/ibus/ rw,
  /var/lib/gdm{3,}/.config/ibus/bus/ rw,
-  /var/lib/gdm{3,}/.config/ibus/bus/@{hex}-unix-{,wayland-}[0-9] r,
+  /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r,
  /var/lib/gdm{3,}/.config/pulse/ r,
  /var/lib/gdm{3,}/.config/pulse/client.conf r,
  /var/lib/gdm{3,}/.config/pulse/cookie rwk,
@ -554,7 +554,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
  owner @{user_games_dirs}/**/*.{png,jpg} r,
  owner @{user_music_dirs}/**/*.{png,jpg} r,

-  owner @{user_config_dirs}/.goutputstream{,*} rw,
+  owner @{user_config_dirs}/.goutputstream{,-@{rand6}} rw,
  owner @{user_config_dirs}/ibus/ w,
  owner @{user_config_dirs}/monitors.xml{,~} rwl,
  owner @{user_config_dirs}/pulse/ r,
@ -578,10 +578,10 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {

  owner @{run}/user/@{uid}/gnome-shell-disable-extensions rw,
  owner @{run}/user/@{uid}/gnome-shell/{,**} rw,
-  owner @{run}/user/@{uid}/gvfsd/socket-[0-9A-Za-z]* rw,
+  owner @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw,
  owner @{run}/user/@{uid}/snap.snap*/wayland-cursor-shared-* rw,
  owner @{run}/user/@{uid}/systemd/notify rw,
-  owner @{run}/user/@{uid}/wayland-[0-9]* rwk,
+  owner @{run}/user/@{uid}/wayland-@{int} rwk,

  owner /dev/shm/.org.chromium.Chromium.* rw,
  owner /dev/shm/wayland.mozilla.ipc.[0-9]* rw,