From 921156c846e8afee78134e205675d7aae174c813 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Fri, 7 Jun 2024 19:25:22 +0100 Subject: [PATCH 01/70] fix(profile): pavucontrol fix #371 --- apparmor.d/abstractions/common/app | 2 ++ apparmor.d/profiles-m-r/pavucontrol | 5 ++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/apparmor.d/abstractions/common/app b/apparmor.d/abstractions/common/app index b18ce7eb0..65ac34250 100644 --- a/apparmor.d/abstractions/common/app +++ b/apparmor.d/abstractions/common/app @@ -103,10 +103,12 @@ @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/osrelease r, @{PROC}/sys/kernel/pid_max r, + @{PROC}/sys/kernel/sched_autogroup_enabled r, @{PROC}/sys/kernel/yama/ptrace_scope r, @{PROC}/uptime r, @{PROC}/version r, @{PROC}/zoneinfo r, + owner @{PROC}/@{pid}/autogroup rw, owner @{PROC}/@{pid}/clear_refs w, owner @{PROC}/@{pid}/comm rw, owner @{PROC}/@{pid}/environ r, diff --git a/apparmor.d/profiles-m-r/pavucontrol b/apparmor.d/profiles-m-r/pavucontrol index 0ea2b04ad..ad6d92aac 100644 --- a/apparmor.d/profiles-m-r/pavucontrol +++ b/apparmor.d/profiles-m-r/pavucontrol @@ -11,10 +11,9 @@ include profile pavucontrol @{exec_path} { include include + include + include include - include - include - include @{exec_path} mr, From ec25a155db5657ae3a6ba95ffd0e5d8edd6d5896 Mon Sep 17 00:00:00 2001 From: curiosityseeker <60518106+curiosityseeker@users.noreply.github.com> Date: Fri, 7 Jun 2024 20:26:39 +0200 Subject: [PATCH 02/70] Chromium based browsers: add stacking for chrashpad handler (#366) * Update chromium abs: remove crashpad-handler * Update brave: add stacking for chrashpad-handler * Update chrome: add stacking for crashpad-handler * Update chromium: add stacking for crashpad-handler * Update msedge: add stacking for crashpad-handler * Rename msedge-crashpad-handlers to msedge-crashpad-handler --- apparmor.d/abstractions/app/chromium | 1 - apparmor.d/groups/browsers/brave | 2 ++ apparmor.d/groups/browsers/chrome | 1 + apparmor.d/groups/browsers/chromium | 2 ++ apparmor.d/groups/browsers/msedge | 2 +- .../{msedge-crashpad-handlers => msedge-crashpad-handler} | 0 6 files changed, 6 insertions(+), 2 deletions(-) rename apparmor.d/groups/browsers/{msedge-crashpad-handlers => msedge-crashpad-handler} (100%) diff --git a/apparmor.d/abstractions/app/chromium b/apparmor.d/abstractions/app/chromium index d00fb331b..c4359cc9c 100644 --- a/apparmor.d/abstractions/app/chromium +++ b/apparmor.d/abstractions/app/chromium @@ -70,7 +70,6 @@ @{lib_dirs}/{,**} r, @{lib_dirs}/*.so* mr, - @{lib_dirs}/chrome_crashpad_handler rPx, @{lib_dirs}/chrome-sandbox rPx, # Desktop integration diff --git a/apparmor.d/groups/browsers/brave b/apparmor.d/groups/browsers/brave index 41b6c19b3..f8ce7d8cb 100644 --- a/apparmor.d/groups/browsers/brave +++ b/apparmor.d/groups/browsers/brave @@ -26,6 +26,8 @@ profile brave @{exec_path} { @{bin}/man rPUx, # For "brave --help" + @{lib_dirs}/chrome_crashpad_handler rPx -> brave//&brave-crashpad-handler, + /usr/share/chromium/extensions/ r, /etc/opt/chrome/ r, diff --git a/apparmor.d/groups/browsers/chrome b/apparmor.d/groups/browsers/chrome index 22a4ebf0a..2a462592b 100644 --- a/apparmor.d/groups/browsers/chrome +++ b/apparmor.d/groups/browsers/chrome @@ -24,6 +24,7 @@ profile chrome @{exec_path} { @{bin}/man rPUx, # For "chrome --help" + @{lib_dirs}/chrome_crashpad_handler rPx -> chrome//&chrome-crashpad-handler, @{lib_dirs}/google-@{name} rPx, @{lib_dirs}/nacl_helper rix, diff --git a/apparmor.d/groups/browsers/chromium b/apparmor.d/groups/browsers/chromium index 6ec3e3f97..c078e1131 100644 --- a/apparmor.d/groups/browsers/chromium +++ b/apparmor.d/groups/browsers/chromium @@ -22,5 +22,7 @@ profile chromium @{exec_path} { @{exec_path} mrix, + @{lib_dirs}/chrome_crashpad_handler rPx -> chromium//&chromium-crashpad-handler, + include if exists } diff --git a/apparmor.d/groups/browsers/msedge b/apparmor.d/groups/browsers/msedge index 36c818c4d..bba1ac4fb 100644 --- a/apparmor.d/groups/browsers/msedge +++ b/apparmor.d/groups/browsers/msedge @@ -28,7 +28,7 @@ profile msedge @{exec_path} { @{lib_dirs}/xdg-settings rix, #-> xdg-settings, @{lib_dirs}/microsoft-edge{,beta,-dev} rPx, - @{lib_dirs}/msedge_crashpad_handler rPx, + @{lib_dirs}/chrome_crashpad_handler rPx -> msedge//&msedge-crashpad-handler, @{lib_dirs}/*.so* mr, @{lib_dirs}/WidevineCdm/_platform_specific/linux_*/libwidevinecdm.so mr, diff --git a/apparmor.d/groups/browsers/msedge-crashpad-handlers b/apparmor.d/groups/browsers/msedge-crashpad-handler similarity index 100% rename from apparmor.d/groups/browsers/msedge-crashpad-handlers rename to apparmor.d/groups/browsers/msedge-crashpad-handler From 7a7479906a8773d9cffd70a029fd26d58967ea72 Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 7 Jun 2024 21:18:47 +0200 Subject: [PATCH 03/70] docs/development - Fix spelling of Arch Linux Changes Archlinux to Arch Linux --- docs/development/install.md | 2 +- docs/development/integration.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/development/install.md b/docs/development/install.md index 83409e2d3..7c08a9989 100644 --- a/docs/development/install.md +++ b/docs/development/install.md @@ -19,7 +19,7 @@ make package dist= ``` Then you can install the package with `dpkg`, `pacman` or `rpm`. -**:material-arch: Archlinux** +**:material-arch: Arch Linux** ```sh make pkg ``` diff --git a/docs/development/integration.md b/docs/development/integration.md index 19b156833..aad41b9fb 100644 --- a/docs/development/integration.md +++ b/docs/development/integration.md @@ -44,8 +44,8 @@ To build a VM image for development purpose, run the following from the `tests` | Distribution | Flavor | Build command | VM name | |:------------:|:------:|:-------------:|:-------:| -| Archlinux | Gnome | `make archlinux flavor=gnome` | `arch-gnome` | -| Archlinux | KDE | `make archlinux flavor=kde` | `arch-kde` | +| Arch Linux | Gnome | `make archlinux flavor=gnome` | `arch-gnome` | +| Arch Linux | KDE | `make archlinux flavor=kde` | `arch-kde` | | Debian | Server | `make debian flavor=server` | `debian-server` | | OpenSUSE | KDE | `make opensuse falvor=kde` | `opensuse-kde` | | Ubuntu | Server | `make ubuntu flavor=server` | `ubuntu-server` | From 129f044ce7640921a9306679b8d09c388f11d6ec Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 7 Jun 2024 21:22:04 +0200 Subject: [PATCH 04/70] Change ... to etc --- docs/concepts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/concepts.md b/docs/concepts.md index 503b7a6aa..eb4ccbbc4 100644 --- a/docs/concepts.md +++ b/docs/concepts.md @@ -8,7 +8,7 @@ There are over 50000 Linux packages and even more applications. It is simply not **What to confine and why?** -We take inspiration from the [Android/ChromeOS Security Model](https://arxiv.org/pdf/1904.05572v2.pdf), and we apply it to the Linux world. Modern [Linux security distributions](https://clip-os.org/en/) usually consider an immutable core base image with a carefully selected set of applications. Everything else should be sandboxed. Therefore, this project tries to confine all the *core* applications you will usually find in a Linux system: all systemd services, xwayland, network, bluetooth, your desktop environment... Non-core user applications are out of scope as they should be sandboxed using a dedicated tool (minijail, bubblewrap, toolbox...). +We take inspiration from the [Android/ChromeOS Security Model](https://arxiv.org/pdf/1904.05572v2.pdf), and we apply it to the Linux world. Modern [Linux security distributions](https://clip-os.org/en/) usually consider an immutable core base image with a carefully selected set of applications. Everything else should be sandboxed. Therefore, this project tries to confine all the *core* applications you will usually find in a Linux system: all systemd services, xwayland, network, bluetooth, your desktop environment, etc. Non-core user applications are out of scope as they should be sandboxed using a dedicated tool (minijail, bubblewrap, toolbox, etc). This is fundamentally different from how AppArmor is usually used on Linux servers as it is common to only confine the applications that face the internet and/or the users. From a86c63b10cbdb42e7517e3a46be551272ca206de Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 7 Jun 2024 21:22:38 +0200 Subject: [PATCH 05/70] Fix AppArmor capitalisation --- docs/configuration.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuration.md b/docs/configuration.md index c367de4d2..e784dcb82 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -65,7 +65,7 @@ directories. Example: @{XDG_PROJECTS_DIR}+="Git" "Papers" ``` -Then restart the apparmor service to reload the profiles in the kernel: +Then restart the AppArmor service to reload the profiles in the kernel: ```sh sudo systemctl restart apparmor.service ``` @@ -105,4 +105,4 @@ You can extend any profile with your own rules by creating a file in the `/etc/a `rPx` allows transition to the Firefox profile. Use `rPUx` to allow transition to an unconfined state if you do not have the profile for a given program. -Then, reload the apparmor rules with `sudo systemctl restart apparmor`. +Then, reload the AppArmor rules with `sudo systemctl restart AppArmor`. From dc1a03659f8aac6d4be04931e98f92f1f2fdecca Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 7 Jun 2024 21:24:17 +0200 Subject: [PATCH 06/70] Make enforce more understandable Rewords sentances as well as fixes some spelling mistakes Change Archlinux to Arch Linux Make which line to edit in PKGBUILD easier to understand --- docs/enforce.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/enforce.md b/docs/enforce.md index 6abf1a1ba..e712cd997 100644 --- a/docs/enforce.md +++ b/docs/enforce.md @@ -6,16 +6,16 @@ The default package configuration installs all profiles in *complain* mode. This !!! warning - - You need to test it in complain mode first and ensure your system boot! - - When reporting issue. Please ensure the profiles are in complain mode + - Please test in complain mode first and ensure your system boots! + - When reporting an issue, please ensure the affected profiles are in complain mode. -#### :material-arch: Archlinux +#### :material-arch: Arch Linux In `PKGBUILD`, replace `make` by `make enforce`: ```diff -- make -+ make enforce +- make DISTRIBUTION=arch ++ make enforce DISTRIBUTION=arch ``` #### :material-ubuntu: Ubuntu & :material-debian: Debian From 182375d347cb187ef357f7007677170a7f5b0e61 Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 7 Jun 2024 21:26:21 +0200 Subject: [PATCH 07/70] Reword and fix spelling mistakes in full-system-policy --- docs/full-system-policy.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/full-system-policy.md b/docs/full-system-policy.md index f5b7fa812..7bfb68407 100644 --- a/docs/full-system-policy.md +++ b/docs/full-system-policy.md @@ -6,8 +6,8 @@ title: Full system policy (FSP) Full system policy is still under early development: - - Do not run it outside a development VM! - - This is an **advanced** feature, you should understand what you are doing + - Do not run this outside of a development VM! + - This is an **advanced** feature, you should understand what you are doing before use. **You have been warned!!!** @@ -28,7 +28,7 @@ Particularly: - Any non-standard system app need to be explicitly profiled and allowed to run. For instance, if you want to use your own proxy or VPN software, you need to ensure it is correctly profiled and allowed to run in the `systemd` profile. - Desktop environment must be explicitly supported, your UI will not start otherwise. Again, it is a **feature**. - FSP mode will run unknown user application into the `default` profile. It might be enough for your application. If not you have to make a profile for it. -- In FSP mode, all sandbox manager **must** have a profile. Then user sandboxed application (flatpak, snap...) will work as expected. +- In FSP mode, all sandbox managers **must** have a profile. Then user sandboxed applications (flatpak, snap, etc) will work as expected. ## Install @@ -43,7 +43,7 @@ cache-loc /etc/apparmor/earlypolicy/ Optimize=compress-fast ``` -**:material-arch: Archlinux** +**:material-arch: Arch Linux** In `PKGBUILD`, replace `make` by `make full`: ```diff @@ -94,7 +94,7 @@ To work as intended, all privileged services started by systemd **must** have a /usr/lib/systemd/system/*.service ``` -The main [fallback](#fallback) profile (`default`) is not intended to be used by privileged program or service. Such programs must have they dedicated profile and will fail otherwise. This is a **feature**, not a bug. +The main [fallback](#fallback) profile (`default`) is not intended to be used by privileged program or service. Such programs must have a dedicated profile and will fail otherwise. This is a **feature**, not a bug. **`systemd-user`** @@ -120,14 +120,14 @@ To work as intended, userland services started by `systemd --user` **should** ha ### Fallback -In addition to the `systemd` profiles, a full system policy needs to ensure that no program run in an unconfined state at any time. The fallback profiles consist of a set generic specialized profiles: +In addition to the `systemd` profiles, a full system policy needs to ensure that no programs run in an unconfined state at any time. The fallback profiles consist of a set generic specialized profiles: - **`default`** is used for any *classic* user application with a GUI. It has full access to user home directories. - **`bwrap`, `bwrap-app`** are used for *classic* user application that are sandboxed with **bwrap**. !!! warning - The main fallback profile (`default`) is not intended to be used by priviligied program or service. Such programs **must** have they dedicaded profile and would break otherwise. + The main fallback profile (`default`) is not intended to be used by privileged program or service. Such programs **must** have they dedicated profile and would break otherwise. Additionally, special user access can be setup using PAM rules set such as a random shell interactively opened (as user or as root). From 0df205412c1404807452f3779d5400482eb225b0 Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 7 Jun 2024 21:27:26 +0200 Subject: [PATCH 08/70] index - Reword, change ... to etc, and fix Arch Linux spelling --- docs/index.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/index.md b/docs/index.md index 5638c2f3b..19c12027c 100644 --- a/docs/index.md +++ b/docs/index.md @@ -24,7 +24,7 @@ Business Benefits of an LSM - Confine all root processes such as all `systemd` tools, `bluetooth`, `dbus`, `polkit`, `NetworkManager`, `OpenVPN`, `GDM`, `rtkit`, `colord` - Confine all Desktop environments - Confine all user services such as `Pipewire`, `Gvfsd`, `dbus`, `xdg`, `xwayland` -- Confine some *"special"* user applications: web browser, file browser... +- Confine some *"special"* user applications: web browsers, file managers, etc - Should not break a normal usage of the confined software See the [Concepts](concepts.md)' page for more detail on the architecture. @@ -32,19 +32,19 @@ See the [Concepts](concepts.md)' page for more detail on the architecture. **Goals** - Target both desktops and servers -- Support all distributions that support AppArmor: - * [:material-arch: Archlinux](install.md#archlinux) +- Support for all distributions that support AppArmor: + * [:material-arch: Arch Linux](install.md#archlinux) * [:material-ubuntu: Ubuntu 22.04](install.md#ubuntu-debian) * [:material-debian: Debian 12](install.md#ubuntu-debian) * [:simple-suse: OpenSUSE Tumbleweed](install.md#opensuse) -- Support all major desktop environments: +- Support for all major desktop environments: - [x] :material-gnome: Gnome - [ ] :simple-kde: KDE *(work in progress)* - Fully tested (Work in progress) **Presentations** -Building large set of AppArmor profiles: +Building the largest set of AppArmor profiles: - [Linux Security Summit North America (LSS-NA 2023)](https://events.linuxfoundation.org/linux-security-summit-north-america/) *([Slide](https://lssna2023.sched.com/event/1K7bI/building-the-largest-working-set-of-apparmor-profiles-alexandre-pujol-the-collaboratory-tudublin), [Video](https://www.youtube.com/watch?v=OzyalrOzxE8))* - [Ubuntu Summit 2023](https://events.canonical.com/event/31/) *([Slide](https://events.canonical.com/event/31/contributions/209/), [Video](https://www.youtube.com/watch?v=GK1J0TlxnFI))* From 4f84b495be9936f07d5244d1ff6e5a0c92945e26 Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 7 Jun 2024 21:28:46 +0200 Subject: [PATCH 09/70] install - Reword and fix spelling mistakes --- docs/install.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/install.md b/docs/install.md index 59a963a23..f0cc6e6c5 100644 --- a/docs/install.md +++ b/docs/install.md @@ -4,17 +4,17 @@ title: Installation !!! warning - In order to not break your system, the default package configuration installs all profiles in complain mode. They can be enforced later. See the [Enforce Mode](enforce.md) page. + To prevent the risk of breaking your system, the default package configuration installs all profiles in complain mode. They can be enforced later. See the [Enforce Mode](enforce.md) page. !!! danger - Do **not** install this project if your Desktop Environement and Display Manager is not supported. Your system will not boot, and that would be a feature. + Do **not** expect this project to work correctly if your Desktop Environment and Display Manager are not supported. Your Desktop Environment or Display Manager might not load, and that would be a feature. ## Requirements **AppArmor** -An `apparmor` based Linux distribution is required. The default profiles and abstractions shipped with AppArmor must be installed. +An `AppArmor` supported Linux distribution is required. The default profiles and abstractions shipped with AppArmor must be installed. **Desktop environment** @@ -28,7 +28,7 @@ The following desktop environments are supported: * Go >= 1.18 -## :material-arch: Archlinux +## :material-arch: Arch Linux `apparmor.d-git` is available in the [Arch User Repository][aur]: ``` @@ -72,7 +72,7 @@ sudo dpkg -i ../apparmor.d_*.deb !!! warning - **Beware**: do not install a `.deb` made for Debian on Ubuntu, the packages are differents. + **Beware**: do not install a `.deb` made for Debian on Ubuntu, the packages are different. If your distribution is based on Ubuntu or Debian, you may want to manually set the target distribution by exporting `DISTRIBUTION=debian` if is Debian based, or `DISTRIBUTION=ubuntu` if it is Ubuntu based. @@ -97,7 +97,7 @@ sudo make profile-names... !!! warning - Partial installation is discouraged because profile dependencies are not fetched. To prevent some apparmor issues, the dependencies are automatically switched to unconfined (`rPx` -> `rPUx`). The installation process warns on the missing profiles so that you can easily install them if desired. (PR is welcome see [#77](https://github.com/roddhjav/apparmor.d/issues/77)) + Partial installation is discouraged because profile dependencies are not fetched. To prevent some AppArmor issues, the dependencies are automatically switched to unconfined (`rPx` -> `rPUx`). The installation process warns on the missing profiles so that you can easily install them if desired. (PR is welcome see [#77](https://github.com/roddhjav/apparmor.d/issues/77)) For instance, `sudo make pass` gives: ```sh @@ -115,7 +115,7 @@ sudo make profile-names... ## Uninstall -- :material-arch: Archlinux `sudo pacman -R apparmor.d` +- :material-arch: Arch Linux `sudo pacman -R apparmor.d` - :material-ubuntu: Ubuntu & :material-debian: Debian `sudo apt purge apparmor.d` - :simple-suse: OpenSUSE `sudo zypper remove apparmor.d` From 57dd7754247297e884f0e2836cb45eab5abf6276 Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 7 Jun 2024 21:29:21 +0200 Subject: [PATCH 10/70] issues - Fix spelling mistakes of AppArmor and Arch Linux --- docs/issues.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/issues.md b/docs/issues.md index 59ccf0ba4..d9f28cfe6 100644 --- a/docs/issues.md +++ b/docs/issues.md @@ -11,7 +11,7 @@ Known bugs are tracked on the meta issue **[#75](https://github.com/roddhjav/app * `deny` rules are enforced even in complain mode, * `attach_disconnected` (and `mediate_deleted`) will break the program if they are required and missing in the profile, - * If apparmor does not find the profile to transition `rPx`. + * If AppArmor does not find the profile to transition `rPx`. ### Pacman "could not get current working directory" @@ -25,7 +25,7 @@ error: could not get current working directory This is **a feature, not a bug!** It can safely be ignored. Pacman tries to get your current directory. You will only get this error when you run pacman in your home directory. -According to the Archlinux guideline, on Archlinux, packages cannot install files under `/home/`. Therefore, the [`pacman`][pacman] profile purposely does not allow access of your home directory. +According to the Arch Linux guideline, on Arch Linux, packages cannot install files under `/home/`. Therefore, the [`pacman`][pacman] profile purposely does not allow access of your home directory. This provides a basic protection against some packages (on the AUR) that may have rogue install script. From 491cb28f2aa11087c15d225ee62e4de48553f538 Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 7 Jun 2024 21:30:58 +0200 Subject: [PATCH 11/70] recovery - Reword, fix spelling mistakes, specify instructions are not meant for subvolume installs --- docs/recovery.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/recovery.md b/docs/recovery.md index 9f5af42d4..8cb5d7188 100644 --- a/docs/recovery.md +++ b/docs/recovery.md @@ -2,15 +2,15 @@ title: System Recovery --- -Issue in some core profiles like the systemd suite, or the desktop environment can fully break your system. This should not happen a lot, but if it does here is the process to recover your system on Archlinux: +An issue in some core profiles like the systemd suite, or the desktop environment can prevent your system from starting correctly. This is rare, but if it does happen this is the process to recover your system on an Arch Linux system **without subvolumes**: -1. Boot from a Archlinux live USB -1. If you root partition is encryped, decrypt it: `cryptsetup open /dev/ vg0` +1. Boot from an Arch Linux live USB +1. If you root partition is encrypted, decrypt it: `cryptsetup open /dev/ vg0` 1. Mount your root partition: `mount /dev/ /mnt` 1. Chroot into your system: `arch-chroot /mnt` -1. Check the AppArmor messages to see what profile is faulty: `aa-log` +1. Check the AppArmor logs to see which profile is faulty: `aa-log` 1. Temporarily fix the issue with either: - - When only one profile is faultily, remove it: `rm /etc/apparmor.d/` + - When only one profile is causing problems, remove it: `rm /etc/apparmor.d/` - Otherwise, you can also remove the package: `pacman -R apparmor.d` - Alternatively, you may temporarily disable apparmor as it will allow you to boot and study the log: `systemctl disable apparmor` From 1eaf24c9653fe01420f1828adddcc91cd194ffe3 Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 7 Jun 2024 21:31:17 +0200 Subject: [PATCH 12/70] report - Add Auditd information --- docs/report.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/report.md b/docs/report.md index 2292d1bd0..e13ac9e9f 100644 --- a/docs/report.md +++ b/docs/report.md @@ -16,6 +16,16 @@ If this command produce nothing, try: aa-log -s -R ``` +If the log file is empty, check that Auditd is running: +```sh +sudo systemctl status auditd.service +``` + +If Auditd is disabled aa-log will not have new results, you can enable Auditd by doing the following command: +```sh +sudo systemctl enable auditd.service --now +``` + You can get more logs with: 1. `aa-log -R -s` that will provide all apparmor logs since boot time (if journalctl collect them) From 9908249e68f66d168f98b936ff75e3c7893b364c Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 7 Jun 2024 21:32:24 +0200 Subject: [PATCH 13/70] usage - Fix capitalisation --- docs/usage.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/usage.md b/docs/usage.md index 9ad0d7050..70eaaa292 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -76,8 +76,7 @@ ps (complain) user ps auxZ ## AppArmor Log -Ensure that `auditd` is installed and running on your system in order to read AppArmor log from `/var/log/audit/audit.log`. Then you can see the log with the provided command `aa-log` allowing you to review AppArmor generated messages in -a colorful way. +Ensure that `Auditd` is installed and running on your system in order to read AppArmor log from `/var/log/audit/audit.log`. Then you can see the log with the provided command `aa-log` allowing you to review AppArmor generated messages in a colorful way. Other AppArmor userspace tools such as `aa-enforce`, `aa-complain`, and `aa-logprof` should work as expected. From 9535b9351cb2b71827891aaf5b4d326d2d48bd2b Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 7 Jun 2024 21:42:41 +0200 Subject: [PATCH 14/70] Update README to follow index --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 33fa7a333..ae9899b70 100644 --- a/README.md +++ b/README.md @@ -20,18 +20,18 @@ `polkit`, `NetworkManager`, `OpenVPN`, `GDM`, `rtkit`, `colord` - Confine all Desktop environments - Confine all user services such as `Pipewire`, `Gvfsd`, `dbus`, `xdg`, `xwayland` -- Confine some *"special"* user applications: web browser, file browser... +- Confine some *"special"* user applications: web browsers, file managers, etc - Should not break a normal usage of the confined software **Goals** - Target both desktops and servers - Support all distributions that support AppArmor: - * Archlinux + * Arch Linux * Ubuntu 22.04 * Debian 12 * OpenSUSE Tumbleweed -- Support major desktop environments: +- Support for all major desktop environments: * Gnome * KDE * XFCE *(work in progress)* @@ -54,7 +54,7 @@ This is fundamentally different from how AppArmor is usually used on Linux serve **Presentations** -Building large set of AppArmor profiles: +Building the largest set of AppArmor profiles: - [Linux Security Summit North America (LSS-NA 2023)](https://events.linuxfoundation.org/linux-security-summit-north-america/) *([Slide](https://lssna2023.sched.com/event/1K7bI/building-the-largest-working-set-of-apparmor-profiles-alexandre-pujol-the-collaboratory-tudublin), [Video](https://www.youtube.com/watch?v=OzyalrOzxE8))* - [Ubuntu Summit 2023](https://events.canonical.com/event/31/) *([Slide](https://events.canonical.com/event/31/contributions/209/), [Video](https://www.youtube.com/watch?v=GK1J0TlxnFI))* From 8009c1b9b9a0d11f441329d180fe012985819b8b Mon Sep 17 00:00:00 2001 From: REmerald <55359236+REmerald@users.noreply.github.com> Date: Sat, 8 Jun 2024 02:04:25 +0300 Subject: [PATCH 15/70] fix(authentication.d/complete): add missing copyright (#370) * fix(authentication.d/complete): add missing copyright * fix(authentication.d/complete): remove first copyright author Remove the original author from the copyright comment as his file is different and doesn't include his copyright as well. https://gitlab.com/morfikov/apparmemall/-/blob/master/apparmor.d/abstractions/authentication --- apparmor.d/abstractions/authentication.d/complete | 3 +++ 1 file changed, 3 insertions(+) diff --git a/apparmor.d/abstractions/authentication.d/complete b/apparmor.d/abstractions/authentication.d/complete index 4a9d55bd3..57ffc77f2 100644 --- a/apparmor.d/abstractions/authentication.d/complete +++ b/apparmor.d/abstractions/authentication.d/complete @@ -1,3 +1,6 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2021-2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only @{bin}/pam-tmpdir-helper rPx, From 3756c6853a450227b2fcda0b0d6375fc59b53587 Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Sat, 8 Jun 2024 03:44:58 +0200 Subject: [PATCH 16/70] Reword, fix spelling mistakes, and reformat development docs --- docs/development/abstractions.md | 50 ++++++++++++++++---------------- docs/development/dbus.md | 20 ++++++------- docs/development/directives.md | 12 ++++---- docs/development/guidelines.md | 18 ++++++------ docs/development/index.md | 18 ++++++------ docs/development/install.md | 6 ++-- docs/development/integration.md | 16 +++++----- docs/development/structure.md | 43 +++++++++------------------ docs/development/tests.md | 6 ++-- 9 files changed, 86 insertions(+), 103 deletions(-) diff --git a/docs/development/abstractions.md b/docs/development/abstractions.md index 07d147d6e..82c7f4b04 100644 --- a/docs/development/abstractions.md +++ b/docs/development/abstractions.md @@ -2,11 +2,11 @@ title: Abstractions --- -This project and the apparmor profile official project provide a large selection of abstractions to be included in profiles. They should always be used as they target wide compatibility across hardware and distribution wile only allowing the bare minimum access. +This project and the official apparmor-profiles project provide a large selection of abstractions to be included in profiles. They should always be used as they target wide compatibility across hardware and distributions while only allowing the bare minimum access. !!! example - For instance, to allow download directory access, instead of writing: + For instance, to allow download directory access instead of read and write permissions: ```sh owner @{HOME}/@{XDG_DOWNLOAD_DIR}/{,**} rw, ``` @@ -21,13 +21,13 @@ All of these abstractions can be extended by a system admin by adding rules in a ## Application helper -Abstraction that aim at including a complete set of rule for a given program. The calling profile only need to add rules dependant of its use case/program. +Abstraction that aims at including a complete set of rules for a given program. The calling profile only needs to add rules dependant of its use case/program. It is mostly useful for program often used in sub profile or for forks based on the same upstream. ### **`app/chromium`** -Full set of rules for all chromium based browsers. It works as a *function* and requires some variables to be provided as *arguments* and set in the header of the calling profile: +A full set of rules for all chromium based browsers. It works as a *function* and requires some variables to be provided as *arguments* and to be set in the header of the calling profile: !!! note "" @@ -49,7 +49,7 @@ instead. ### **`app/sudo`** -Minimal set of rules for profile including internal `sudo`. Interactive sudo need more rules. It is intended to be used in profile or sub profile that need to elevate their privileges using `sudo` or `su` for a very specific action: +A minimal set of rules for profiles including internal `sudo`. Interactive sudo needs more rules. It is intended to be used in profiles or sub-profiles that need to elevate their privileges using `sudo` or `su` for a very specific action: ```sh @{bin}/sudo rCx -> root, @@ -63,7 +63,7 @@ Minimal set of rules for profile including internal `sudo`. Interactive sudo nee ### **`app/systemctl`** -Alternative solution for [child-systemctl](structure.md#children-profiles), when the child profile provide too much/not enough access. This abstraction should be used by a sub profile as follows: +An alternative solution for [child-systemctl](structure.md#children-profiles), when the child profile provides too much/not enough access. This abstraction should be used by a sub profile as follows: ```sh @{bin}/systemctl rCx -> systemctl, @@ -82,7 +82,7 @@ On the contrary of [`abstractions/app/`](#application-helper), abstractions in t ### **`common/app`** -Common rules for unknown userland UI applications sandboxed using `bwrap`. +Common rules for unknown userland UI applications that are sandboxed using `bwrap`. !!! warning @@ -93,11 +93,11 @@ Common rules for unknown userland UI applications sandboxed using `bwrap`. ### **`common/apt`** -Minimal access to apt sources, preferences and configuration. +Minimal access to apt sources, preferences, and configuration. ### **`common/bwrap`** -Minimal set of rules for sandboxed program using `bwrap`. A profile using this abstraction still needs to set: +Minimal set of rules for sandboxed programs using `bwrap`. A profile using this abstraction still needs to set: - The flag: `attach_disconnected` - Bwrap execution: `@{bin}/bwrap rix,` @@ -105,12 +105,12 @@ Minimal set of rules for sandboxed program using `bwrap`. A profile using this a ### **`common/chromium`** -Minimal set of rules for chromium based application. Handle access for internal sandbox. +A minimal set of rules for chromium based application. Handle access for internal sandbox. ### **`common/electron`** -Minimal set of rules for all electron based UI application. It works as a *function* and requires some variables to be provided as *arguments* and set in the header of the calling profile: +A minimal set of rules for all electron based UI applications. It works as a *function* and requires some variables to be provided as *arguments* and set in the header of the calling profile: !!! note "" @@ -139,7 +139,7 @@ Most programs do not need access to audio devices, `audio-client` only includes ### **`audio-server`** -Provide access to audio devices. It should only be used by audio servers that need direct access to them. +Provides access to audio devices. It should only be used by audio servers that need direct access to them. ## Dbus @@ -156,16 +156,16 @@ This abstraction gives read access on all defined user directories. It should on ### **`user-download-strict`** -Provide write access to all user download directories +Provides write access to all user download directories ### **`deny-sensitive-home`** -Deny access to some sensitive directories under `/home/`. It is intended to be used by the few profiles that legitimately require full unrestricted access over all user directories (file browser and search engines). It allows to us to block access to really sensitive data to such profiles. +Denies access to some sensitive directories under `/home/`. It is intended to be used by the few profiles that legitimately require full unrestricted access over all user directories (file managers and search engines). It allows to us to block access to really sensitive data to such profiles. !!! danger - **Do not use this abstraction for other profile without explicit authorisation from the project maintainer** + **Do not use this abstraction for other profiles without explicit authorisation from the project maintainer** Per the **[Rule :material-numeric-1-circle:](index.md#rule-mandatory-access-control)** of this project: @@ -205,7 +205,7 @@ Common rules for interactive shell using zsh. ### **`nameservice-strict`** -Many programs wish to perform nameservice like operations, such as looking up users by name or Id, groups by name or Id, hosts by name or IP, etc. +Many programs wish to perform nameservice like operations, such as looking up users by name or ID, groups by name or ID, hosts by name or IP, etc. Use this abstraction instead of upstream `abstractions/nameservice` as upstream abstraction also provide full network access which is not needed for a lot of programs. @@ -218,36 +218,36 @@ Instead of allowing the run of all software under `@{bin}` or `@{lib}` the purpo ### **`devices-usb`** -Provide access to USB devices +Provides access to USB devices ### **`disks-write`** -Provide read write access to disks devices +Provides read write access to disks devices ### **`disks-read`** -Provide read only access to disks devices +Provides read-only access to disks devices ## Desktop Environment ### **`desktop`** -Unified minimal abstraction for all UI application regardless of the desktop environment. When supported in apparmor, condition will be used in this abstraction to filter resources specific for supported DE. +Unified minimal abstraction for all UI applications regardless of the desktop environment. When supported in apparmor, the condition will be used in this abstraction to filter resources specific for supported DE. -It is safe to use it in GUI application. As well as minimal desktop resource files, it includes access to configuration for: `fonts`, `gtk` & `qt`, `wayland` & `xorg`. +It is safe to use this in GUI applications as well as minimal desktop resource files, it includes access to configuration for: `fonts`, `gtk` & `qt`, `wayland` & `xorg`. ### **`gnome-strict`** -Same than `abstractions/desktop` but limited to gnome. +Same as `abstractions/desktop` but limited to gnome. ### **`kde-strict`** -Same than `abstractions/desktop` but limited to KDE. +Same as `abstractions/desktop` but limited to KDE. ## Graphics -Use either [`graphics`](#graphics) or [`graphics-full`](#graphics-full). The other abstractions are hardware/software dependant and should not usually be used directly. +Use either [`graphics`](#graphics) or [`graphics-full`](#graphics-full). The other abstractions are hardware/software dependent and should not usually be used directly. ### **`graphics`** @@ -261,7 +261,7 @@ Identical to [`graphics`](#graphics) with more direct access to nvidia GPU devic ### **`dri`** -Linux's graphics stack which allows unprivileged user-space programs to issue commands to graphics hardware without conflicting with other programs. Mostly used by Intel (integrated or not) and AMD GPU. +Linux's graphics stack which allows unprivileged user-space programs to issue commands to graphics hardware without conflicting with other programs. Mostly used by Intel (integrated or not) and AMD GPUs. Modernized equivalent of both `dri-common` and `dri-enumerate` diff --git a/docs/development/dbus.md b/docs/development/dbus.md index 1c8e2e971..98b46501c 100644 --- a/docs/development/dbus.md +++ b/docs/development/dbus.md @@ -2,19 +2,19 @@ title: Dbus --- -All dbus rules are labelled under the name of the given profiles that provide dbus data. It is one of the value added by this project, as we have profile for *everything*, we can restrict the bus further by limitint connection to a given peer label (the profile name). In case of a renaming of a profile, all dbus rules related it this profile need to be updated accordingly. +All dbus rules are labelled under the name of the given profiles that provide dbus data. It is one of the value added by this project, as we have profiles for *everything*, we can restrict the bus further by limiting connection to a given peer label (the profile name). In the case of renaming a profile, all dbus rules related in this profile need to be updated accordingly. ## Profiles Regardless of the Dbus implementation used (`dbus-daemon` or `dbus-broker`), all dbus daemons are handled under the same set of profiles: [`dbus-system`](https://github.com/roddhjav/apparmor.d/blob/main/apparmor.d/groups/bus/dbus-system), [`dbus-session`](https://github.com/roddhjav/apparmor.d/blob/main/apparmor.d/groups/bus/dbus-session), and [`dbus-accessibility`](https://github.com/roddhjav/apparmor.d/blob/main/apparmor.d/groups/bus/dbus-accessibility). This structure largely improves the confinement of each profile. -To ensure system and session bus are handled by a different profile, a [systemd drop-in](https://github.com/roddhjav/apparmor.d/blob/main/systemd/default/system/dbus.service) configuration file is used to set the specific dbus profile a dbus service must use. +To ensure the system and session bus are handled by a different profile, a [systemd drop-in](https://github.com/roddhjav/apparmor.d/blob/main/systemd/default/system/dbus.service) configuration file is used to set the specific dbus profile that a dbus service must use. ## Abstractions ### Base -Default **system**, **session** and **accessibility** bus access are provided with the abstraction: +Default **system**, **session**, and **accessibility** bus access are provided with the following abstractions: - `abstractions/bus-system` - `abstractions/bus-session` @@ -22,13 +22,13 @@ Default **system**, **session** and **accessibility** bus access are provided wi ### Interfaces -Access to common dbus interface is done using the abstractions under **[`abstractions/bus/`](https://github.com/roddhjav/apparmor.d/tree/main/apparmor.d/abstractions/bus)**. They are kept minimal on purpose. The goal is not to give full talk access an interface but to provide a *read-only* like view of it. It may be required to have a look at the dbus interface documentation to check what method can be safely allowed. +Access to common dbus interfaces is done using the abstractions under **[`abstractions/bus/`](https://github.com/roddhjav/apparmor.d/tree/main/apparmor.d/abstractions/bus)**. They are kept minimal on purpose. The goal is not to give full talk access an interface but to provide a *read-only* like view of it. It may be required to have a look at the dbus interface documentation to check what method can be safely allowed. For more access, simply use the [`aa:dbus talk`](#dbus-directive) directive. ## Dbus Directive -We use a special [directive](directives.md) to generate more advanced dbus access. The directive format is on purpose very similar to the apparmor dbus rule. +We use a special [directive](directives.md) to generate more advanced dbus access. The directive format is on purpose very similar to the AppArmor dbus rule. **Format** @@ -40,8 +40,8 @@ We use a special [directive](directives.md) to generate more advanced dbus acces : Access type. Can be `own` or `talk`: - - `own` means the profile own the dbus interface. It is allowed to send and receive from anyone on this interface. - - `talk` means the profile can talk on a given interface to the profile owning it (that must be given under the `label` option). + - `own` means the profile owns the dbus interface. It is allowed to send and receive from anyone on this interface. + - `talk` means the profile can talk on a given interface to the profile that owns it (a label must be given under the `label` option). **``** @@ -64,7 +64,7 @@ We use a special [directive](directives.md) to generate more advanced dbus acces : Can optionally be given when it is different to the dbus name. -Note: ``, `` and `` are mandatory and will break the build if ignored. +Note: ``, ``, and `` are mandatory and will break the build if ignored. **Example** @@ -78,7 +78,7 @@ Allow owning a dbus interface: #aa:dbus own bus=system name=org.freedesktop.NetworkManager ``` -Allow talking to a dbus interface on a given profile +Allow talking to a dbus interface on a given profile: !!! note "" @@ -142,4 +142,4 @@ Allow talking to a dbus interface on a given profile peer=(name="{:1.@{int},org.freedesktop.login1{,.*}}", label=systemd-logind), dbus send bus=system path=/org/freedesktop/Accounts{,/**} interface=org.freedesktop.Accounts{,.*} - ``` \ No newline at end of file + ``` diff --git a/docs/development/directives.md b/docs/development/directives.md index 877001adb..9cff8840e 100644 --- a/docs/development/directives.md +++ b/docs/development/directives.md @@ -2,7 +2,7 @@ title: Directives --- -`apparmor.d` supports build directives, they are processed at build time of the project, when running `make`. They are valid apparmor comment, therefore, `apparmor_parser` can be used on a profile even if the directives have not been processed. They should not end with a comma. Multiline directive is not supported. +`apparmor.d` supports build directives, they are processed at build time of the project. They are valid AppArmor comments, therefore, `apparmor_parser` can be used on a profile even if the directives have not been processed. They should not end with a comma. Multiline directive is not supported. The directives follow the format: ```sh @@ -25,7 +25,7 @@ See the [dbus page](dbus.md#dbus-directive). ## Only, Exclude -The `only` and `exclude` directives can be used to filter individual rule or rule paragraph depending on the target distribution of distribution family. +The `only` and `exclude` directives can be used to filter individual rule or rule paragraphs depending on the target distribution or distribution family. **Format** @@ -58,12 +58,12 @@ The `only` and `exclude` directives can be used to filter individual rule or rul `#aa:only pacman` : - Remove the line/paragraph when the project is not compiled on the Archlinux family. + Remove the line/paragraph when the project is not compiled on the Arch Linux family. ## Exec -The `exec` directive is useful to allow executing transition to a profile without having to manage the possible long list of profile attachment (it varies depending on the distribution). The directive parse and resolve the attachment variable (`@{exec_path}`) of the target profile and include it in the current profile. +The `exec` directive is useful to allow executing transitions to a profile without having to manage the possible long list of profile attachments (it varies depending on the distribution). The directives parse and resolve the attachment variable (`@{exec_path}`) of the target profile and includes it in the current profile. **Format** @@ -73,7 +73,7 @@ The `exec` directive is useful to allow executing transition to a profile withou **`profiles...`** -: List of profile **file** that can be executed from the current profile. +: List of profile **files** that can be executed from the current profile. **`[transition]`** @@ -113,7 +113,7 @@ The `exec` directive is useful to allow executing transition to a profile withou **`profiles...`** -: List a profile **file** to stack at the end of the current profile. +: List a profile **files** to stack at the end of the current profile. **Example** diff --git a/docs/development/guidelines.md b/docs/development/guidelines.md index 4e5e1af7e..ec334c5f6 100644 --- a/docs/development/guidelines.md +++ b/docs/development/guidelines.md @@ -4,11 +4,11 @@ title: Guidelines ## Common structure -AppArmor profiles can be written without any specific guidelines. However, when you work with over 1400 profiles, you need a common structure among all the profiles. +AppArmor profiles can be written without any specific guidelines. However, when you work with over 1500 profiles, you need a common structure among all the profiles. -The logic behind it is that if a rule is present in a profile, it should only be in one place, making profile review easier. +The logic behind it is that if a rule is present in a profile, it should only be in one place, making it easier to review profiles. -For example, if a program needs to run executables binary. The rules allowing it can only be in a specific rule block (just after the `@{exec_path} mr,` rule). It is therefore easy to ensure some profile features such as: +For example, if a program needs to run executable binaries then the rules allowing it can only be in a specific rule block (just after the `@{exec_path} mr,` rule). It is therefore easy to ensure some profile features such as: * A profile has access to a given resource * A profile enforces a strict [write xor execute] (W^X) policy. @@ -50,7 +50,7 @@ The rules in the profile should be sorted in the rule ***block*** as follows: This rule order is taken from AppArmor with minor changes as we tend to: -- Divide the file block in multiple subcategories +- Divide the file block into multiple subcategories - Put the block with the longer rules (`files`, `dbus`) after the other blocks ### The file block @@ -93,7 +93,7 @@ If there is no predictable label it can be omitted. #### :material-numeric-1-circle: Variables -: Always use the apparmor [variables](../variables.md). +: Always use the apparmor.d [variables](../variables.md). Example: - `/usr/lib` or `/usr/bin` become `@{bin}` or `@{lib}` @@ -101,15 +101,15 @@ If there is no predictable label it can be omitted. #### :material-numeric-2-circle: Sort -: In a rule block, the rules must be alphabetically sorted. +: In a rule block, all rules must be alphabetically sorted. -#### :material-numeric-3-circle: Sub profile +#### :material-numeric-3-circle: Sub-profiles -: Sub profile should come at the end of a profile. +: Sub-profiles should come at the end of a profile. #### :material-numeric-4-circle: Similar purpose -: When some rules share similar purpose, they may be sorted together. Eg: +: When some rules share similar purposes, they may be sorted together. E.g.: ``` /etc/machine-id r, /var/lib/dbus/machine-id r, diff --git a/docs/development/index.md b/docs/development/index.md index 72029af86..6da12d47d 100644 --- a/docs/development/index.md +++ b/docs/development/index.md @@ -2,15 +2,15 @@ title: Development --- -You want to contribute to `apparmor.d`, **thanks a lot for this.** Feedbacks, contributors, pull requests are all very welcome. You will find in this page all the useful information needed to contribute. +If you're looking to contribute to `apparmor.d` you can get started by going to the project [GitHub repository](https://github.com/roddhjav/apparmor.d/)! All contributions are welcome no matter how small. In this page you will find all the useful information needed to contribute to the apparmor.d project. -??? info "How to contribute" +??? info "How to contribute pull requests" 1. If you don't have git on your machine, [install it](https://help.github.com/articles/set-up-git/). - 2. Fork this repo by clicking on the fork button on the top of the [project Github][project] page. - 3. Clone the repository and go to the directory: + 2. Fork this repo by clicking on the fork button on the top of the [project GitHub][project] page. + 3. Clone the forked repository and go to the directory: ```sh - git clone https://github.com/this-is-you/apparmor.d.git + git clone https://github.com/your-github-username/apparmor.d.git cd apparmor.d ``` 4. Create a branch: @@ -20,7 +20,7 @@ You want to contribute to `apparmor.d`, **thanks a lot for this.** Feedbacks, co 5. Make the changes and commit: ``` git add - git commit -m "A message for sum up my contribution" + git commit -m "A message to sum up my contribution" ``` 6. Push changes to GitHub: ``` @@ -34,13 +34,13 @@ You want to contribute to `apparmor.d`, **thanks a lot for this.** Feedbacks, co #### Rule :material-numeric-1-circle: - Mandatory Access Control -: As these are mandatory access control policies only what is explicitly required +: As these are mandatory access control policies **only** what is explicitly required should be authorized. Meaning, you should **not** allow everything (or a large area) and deny some sub areas. #### Rule :material-numeric-2-circle: - Do not break a program -: A profile **should not break a normal usage of the confined software**. It can +: A profile **should not break a normal usage of the confined software**. this can be complex as simply running the program for your own use case is not always exhaustive of the program features and required permissions. @@ -50,7 +50,7 @@ You want to contribute to `apparmor.d`, **thanks a lot for this.** Feedbacks, co #### Rule :material-numeric-4-circle: - Distribution and devices agnostic -: A profile should be compatible with all distributions, software and devices +: A profile should be compatible with all distributions, software, and devices in the Linux world. You cannot deny access to resources you do not use on your devices or for your use case. diff --git a/docs/development/install.md b/docs/development/install.md index 7c08a9989..cd9345aec 100644 --- a/docs/development/install.md +++ b/docs/development/install.md @@ -6,14 +6,14 @@ title: Installation !!! warning - Do **not** install this project *"manually"* (with `make`, `sudo make install`). The distribution specific packages are intended to be used in development as they include additional rule to ensure compatibility with upstream. + Do **not** install this project *"manually"* (with `make`, `sudo make install`). The distribution specific packages are intended to be used in development as they include additional rule to ensure compatibility with upstream. You have been warned! See `debian/`, `PKGBUILD` and `dists/apparmor.d.spec`. **:material-docker: Docker** -From any distribution, if you have docker installed, you can simply build the package with: +For any system with docker installed you can simply build the package with: ```sh make package dist= ``` @@ -52,4 +52,4 @@ gnome-shell attach_disconnected,mediate_deleted,complain ## Ignore profiles -It can be handy to not install a profile for a given distribution. Profile or directory to ignore are tracked under the [`dists/ignore`](https://github.com/roddhjav/apparmor.d/tree/main/dists/ignore) directory. Files in this directory should respect the following format: ``. One ignore by line. It can be a profile name or a directory to ignore (relative to the project root). +It can be handy to not install a profile for a given distribution. Profiles and directories to ignore are tracked under the [`dists/ignore`](https://github.com/roddhjav/apparmor.d/tree/main/dists/ignore) directory. Files in this directory should respect the following format: ``. One ignore by line. It can be a profile name or a directory to ignore (relative to the project root). diff --git a/docs/development/integration.md b/docs/development/integration.md index aad41b9fb..b58b9930d 100644 --- a/docs/development/integration.md +++ b/docs/development/integration.md @@ -4,13 +4,13 @@ title: Integration Tests !!! danger "Work in Progress" -The purpose of integration testing in apparmor.d is to ensure the profiles are not going to break a program when used in the Linux distribution and desktop environment we support. +The purpose of integration testing in apparmor.d is to ensure the profiles are not going to break programs found in Linux distributions and Desktop Environment that we support. **Workflow** -1. Build some tests VM +1. Create a testing VM 2. Start the VM, do some dev -3. Run the integration test against a given test VM +3. Run the integration tests against the testing VM 4. Ensure no new logs have been raised @@ -47,7 +47,7 @@ To build a VM image for development purpose, run the following from the `tests` | Arch Linux | Gnome | `make archlinux flavor=gnome` | `arch-gnome` | | Arch Linux | KDE | `make archlinux flavor=kde` | `arch-kde` | | Debian | Server | `make debian flavor=server` | `debian-server` | -| OpenSUSE | KDE | `make opensuse falvor=kde` | `opensuse-kde` | +| OpenSUSE | KDE | `make opensuse flavor=kde` | `opensuse-kde` | | Ubuntu | Server | `make ubuntu flavor=server` | `ubuntu-server` | | Ubuntu | Desktop | `make ubuntu falvor=desktop` | `ubuntu-desktop` | @@ -59,7 +59,7 @@ The development workflow is done through vagrant: * Shutdown a VM: `vagrant halt ` * Reboot a VM: `vagrant reload ` -The available VM `name` are defined in the `tests/boxes.yml` file +The available VM `name` is defined in the `tests/boxes.yml` file ### Develop @@ -70,11 +70,11 @@ The admin user is: `user`, its password is: `user`. It has passwordless sudo acc **Directories** -All the images come pre-configured with the lastest version of `apparmor.d` installed and running in the VM. The apparmor.d is mounted as `/home/user/Projects/apparmor.d` +All the images come pre-configured with the latest version of `apparmor.d` installed and running in the VM. apparmor.d is mounted as `/home/user/Projects/apparmor.d` **Usage** -On all images, `aa-update` can be used to rebuild and install latest version of the profiles. `p`, `pf`, and `pu` are two preconfigured aliases of `ps` that show the security status of processes. `htop` is also configured to show this status. +On all images, `aa-update` can be used to rebuild and install the latest version of the profiles. `p`, `pf`, and `pu` are two preconfigured aliases of `ps` that show the security status of processes. `htop` is also configured to show this status. ## Tests @@ -106,7 +106,7 @@ Initialise the tests with: ./aa-test --bootstrap ``` -List the tests scenario to be run +List the tests scenarios to be run ```sh ./aa-test --list ``` diff --git a/docs/development/structure.md b/docs/development/structure.md index 5a68a8a81..0035b6c90 100644 --- a/docs/development/structure.md +++ b/docs/development/structure.md @@ -19,15 +19,14 @@ It gets even worse. Let's say, we write a profile for `cat`. Such a profile woul However, as `/etc` can contain sensitive files, we now want to explicitly prevent access to these sensitive files. Problems: 1. How do we know the exhaustive list of *sensitive files* in `/etc`? -2. How do we ensure access to these sensitive files are not required? +2. How do we ensure access to these sensitive files is not required? 3. This breaks the principle of mandatory access control. - See the [first rule of this project](index.md#project-rules) that is to only allow + See the [first rule of this project](index.md#project-rules) which is to only allow what is required. Here we allow everything and blacklist some paths. -It creates even more issues when we want to use this profile in other profiles. Let's take the example of `diff`. Using this rule: `@{bin}/diff rPx,` will restrict access to the very generic and not very confined `diff` profile. Whereas most of the time, we want to restrict `diff` to some specific file in our profile: +It creates even more issues when we want to use this profile in other profiles. Let's take the example of `diff`. Using this rule: `@{bin}/diff rPx,` this will restrict access to the very generic and not very confined `diff` profile. Whereas most of the time, we want to restrict `diff` to some specific file in our profile: -* In `dpkg`, an internal child profile (`rCx -> diff`), allows `diff` to only - access etc config files: +* In `dpkg`, an internal child profile (`rCx -> diff`), allows `diff` to only access etc config files: !!! note "" @@ -54,10 +53,7 @@ It creates even more issues when we want to use this profile in other profiles. } ``` -* In `pass`, as it is a dependency of pass. Here `diff` inherits pass' profile - and has the same access than the pass profile, so it will be allowed to diff - password files because more than a generic `diff` it is a `diff` for the pass - password manager: +* As it is a dependency of pass, `diff` inherits the `pass' profile and has the same access as the pass profile, so it will be allowed to diff password files because more than a generic `diff`, it is a `diff` "version" for the pass password manager: !!! note "" @@ -69,14 +65,12 @@ It creates even more issues when we want to use this profile in other profiles. **What if I still want to protect these programs?** -You do not protect these programs. *Protect the usage you have of these programs*. -In practice, it means that you should put your development's terminal in a -sandbox managed with [Toolbox]. +You do not protect these programs. *Protect the usage you have of these programs*. In practice, it means that you should put your terminal in a sandbox managed environment with a sandboxing tool such as Toolbox. !!! example "To sum up" - 1. Do not a create profile for programs such as: `rm`, `ls`, `diff`, `cd`, `cat` - 2. Do not a create profile for the shell: `bash`, `sh`, `dash`, `zsh` + 1. Do not create a profile for programs such as: `rm`, `ls`, `diff`, `cd`, `cat` + 2. Do not create a profile for the shell: `bash`, `sh`, `dash`, `zsh` 3. Use [Toolbox]. [Toolbox]: https://containertoolbx.org/ @@ -85,7 +79,7 @@ sandbox managed with [Toolbox]. ## Abstractions -This project and the apparmor profile official project provide a large selection of abstractions to be included in profiles. They should be used. +This project and the apparmor-profiles official project provide a large selection of abstractions to be included in profiles. They should be used. For instance, to allow download directory access, instead of writing: ```sh @@ -104,26 +98,17 @@ Usually, a child profile is in the [`children`][children] group. They have the f !!! quote - Note: This profile does not specify an attachment path because it is - intended to be used only via `"Px -> child-open"` exec transitions - from other profiles. + Note: This profile does not specify an attachment path because it is intended to be used only via `"Px -> child-open"` exec transitions from other profiles. [children]: https://github.com/roddhjav/apparmor.d/blob/main/apparmor.d/groups/children Here is an overview of the current children profile: -1. **`child-open`**: To open resources. Instead of allowing the run of all - software in `@{bin}/`, the purpose of this profile is to list all GUI - programs that can open resources. Ultimately, only sandbox manager programs - such as `bwrap`, `snap`, `flatpak`, `firejail` should be present here. Until - this day, this profile will be a controlled mess. +1. **`child-open`**: To open resources. Instead of allowing the ability to run all software in `@{bin}/`, the purpose of this profile is to list all GUI programs that can open resources. Ultimately, only sandbox manager programs such as `bwrap`, `snap`, `flatpak`, `firejail` should be present here. Until this day, this profile will be a controlled mess. -2. **`child-pager`**: Simple access to pager such as `pager`, `less` and `more`. - This profile supposes the pager is reading its data from stdin, not from a - file on disk. +2. **`child-pager`**: Simple access to pagers such as `pager`, `less` and `more`. This profile assumes the pager is reading its data from stdin, not from a file on disk. -3. **`child-systemctl`**: Common `systemctl` action. Do not use it too much as most - of the time you will need more privilege than what this profile is giving you. +3. **`child-systemctl`**: Common `systemctl` action. Do not use it too much as most of the time you will need more privilege than what this profile is giving you. ## Browsers @@ -162,7 +147,7 @@ Special care must be given as sometimes udev numbers are allocated dynamically b ## No New Privileges -[**No New Privileges**](https://www.kernel.org/doc/html/latest/userspace-api/no_new_privs.html) is a flag preventing a newly-started program to get more privileges that its parent. So it is a **good thing** for security. And it is commonly used in systemd unit files (when possible). This flag also prevents transition to other profile because it could be less restrictive than the parent profile (no `Px` or `Ux` allowed). +[**No New Privileges**](https://www.kernel.org/doc/html/latest/userspace-api/no_new_privs.html) is a flag preventing a newly started program to get more privileges than its parent process. This is a **good thing** for security. And it is commonly used in systemd unit files (when possible). This flag also prevents transitions to other profiles because it could be less restrictive than the parent profile (no `Px` or `Ux` allowed). The possible solutions are: diff --git a/docs/development/tests.md b/docs/development/tests.md index 58920cf91..7fcdf1555 100644 --- a/docs/development/tests.md +++ b/docs/development/tests.md @@ -2,7 +2,7 @@ title: Tests suite --- -A full test suite to ensure compatibility across distributions and software is still a work in progress. Here is an overview of the current CI jobs: +A full test suite to ensure compatibility across supported distributions and that software is still considered a work in progress. Here is an overview of the current CI jobs: **On Gitlab CI** @@ -12,6 +12,4 @@ A full test suite to ensure compatibility across distributions and software is s **On Github Action** -- Integration test on the ubuntu-latest VM: run a simple list of tasks with - all the rules enabled and ensure no new issue has been raised. Github Action - is used as it offers direct access to a VM with AppArmor included. +- Integration test on the ubuntu-latest VM: run a simple list of tasks with all the rules enabled and ensure no new issue has been raised. Github Action is used as it offers direct access to a VM with AppArmor included. From 57508bd7ea29cd6898af536eed5ea51ce3cb8b7a Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Sat, 8 Jun 2024 03:48:52 +0200 Subject: [PATCH 17/70] Fix capitalisation of openSUSE --- docs/development/guidelines.md | 2 +- docs/development/install.md | 2 +- docs/development/integration.md | 2 +- docs/enforce.md | 2 +- docs/full-system-policy.md | 2 +- docs/index.md | 2 +- docs/install.md | 6 +++--- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/development/guidelines.md b/docs/development/guidelines.md index ec334c5f6..b359576aa 100644 --- a/docs/development/guidelines.md +++ b/docs/development/guidelines.md @@ -119,7 +119,7 @@ If there is no predictable label it can be omitted. ## Additional recommended documentation * [The AppArmor Core Policy Reference](https://gitlab.com/apparmor/apparmor/-/wikis/AppArmor_Core_Policy_Reference) -* [The OpenSUSE Documentation](https://doc.opensuse.org/documentation/leap/security/html/book-security/part-apparmor.html) +* [The openSUSE Documentation](https://doc.opensuse.org/documentation/leap/security/html/book-security/part-apparmor.html) * https://documentation.suse.com/sles/12-SP5/html/SLES-all/cha-apparmor-intro.html * [The AppArmor.d man page](https://man.archlinux.org/man/apparmor.d.5) * [F**k AppArmor](https://presentations.nordisch.org/apparmor/#/) diff --git a/docs/development/install.md b/docs/development/install.md index cd9345aec..74271c13c 100644 --- a/docs/development/install.md +++ b/docs/development/install.md @@ -29,7 +29,7 @@ make pkg make dpkg ``` -**:simple-suse: OpenSUSE** +**:simple-suse: openSUSE** ```sh make rpm ``` diff --git a/docs/development/integration.md b/docs/development/integration.md index b58b9930d..f829fb69f 100644 --- a/docs/development/integration.md +++ b/docs/development/integration.md @@ -47,7 +47,7 @@ To build a VM image for development purpose, run the following from the `tests` | Arch Linux | Gnome | `make archlinux flavor=gnome` | `arch-gnome` | | Arch Linux | KDE | `make archlinux flavor=kde` | `arch-kde` | | Debian | Server | `make debian flavor=server` | `debian-server` | -| OpenSUSE | KDE | `make opensuse flavor=kde` | `opensuse-kde` | +| openSUSE | KDE | `make opensuse flavor=kde` | `opensuse-kde` | | Ubuntu | Server | `make ubuntu flavor=server` | `ubuntu-server` | | Ubuntu | Desktop | `make ubuntu falvor=desktop` | `ubuntu-desktop` | diff --git a/docs/enforce.md b/docs/enforce.md index e712cd997..52241859e 100644 --- a/docs/enforce.md +++ b/docs/enforce.md @@ -27,7 +27,7 @@ override_dh_auto_build: make enforce ``` -#### :simple-suse: OpenSUSE +#### :simple-suse: openSUSE In `dists/apparmor.d.spec`, replace `%make_build` by `make enforce` ```diff diff --git a/docs/full-system-policy.md b/docs/full-system-policy.md index 7bfb68407..2b9f57454 100644 --- a/docs/full-system-policy.md +++ b/docs/full-system-policy.md @@ -60,7 +60,7 @@ override_dh_auto_build: make full ``` -**:simple-suse: OpenSUSE** +**:simple-suse: openSUSE** In `dists/apparmor.d.spec`, replace `%make_build` by `make full` ```diff diff --git a/docs/index.md b/docs/index.md index 19c12027c..3a9381ccd 100644 --- a/docs/index.md +++ b/docs/index.md @@ -36,7 +36,7 @@ See the [Concepts](concepts.md)' page for more detail on the architecture. * [:material-arch: Arch Linux](install.md#archlinux) * [:material-ubuntu: Ubuntu 22.04](install.md#ubuntu-debian) * [:material-debian: Debian 12](install.md#ubuntu-debian) - * [:simple-suse: OpenSUSE Tumbleweed](install.md#opensuse) + * [:simple-suse: openSUSE Tumbleweed](install.md#opensuse) - Support for all major desktop environments: - [x] :material-gnome: Gnome - [ ] :simple-kde: KDE *(work in progress)* diff --git a/docs/install.md b/docs/install.md index f0cc6e6c5..8f234872c 100644 --- a/docs/install.md +++ b/docs/install.md @@ -76,9 +76,9 @@ sudo dpkg -i ../apparmor.d_*.deb If your distribution is based on Ubuntu or Debian, you may want to manually set the target distribution by exporting `DISTRIBUTION=debian` if is Debian based, or `DISTRIBUTION=ubuntu` if it is Ubuntu based. -## :simple-suse: OpenSUSE +## :simple-suse: openSUSE -OpenSUSE users need to add [cboltz](https://en.opensuse.org/User:Cboltz) repo on OBS +openSUSE users need to add [cboltz](https://en.opensuse.org/User:Cboltz) repo on OBS ```sh zypper addrepo https://download.opensuse.org/repositories/home:cboltz/openSUSE_Factory/home:cboltz.repo zypper refresh @@ -117,7 +117,7 @@ sudo make profile-names... - :material-arch: Arch Linux `sudo pacman -R apparmor.d` - :material-ubuntu: Ubuntu & :material-debian: Debian `sudo apt purge apparmor.d` -- :simple-suse: OpenSUSE `sudo zypper remove apparmor.d` +- :simple-suse: openSUSE `sudo zypper remove apparmor.d` [aur]: https://aur.archlinux.org/packages/apparmor.d-git [repo]: https://repo.pujol.io/ From 5c8dda1ced0cfb9ae95e4bf390ca8a37048c721c Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sat, 8 Jun 2024 00:32:01 +0100 Subject: [PATCH 18/70] feat(profile): remove rule moved in the base or nameservice abstraction. --- apparmor.d/abstractions/common/app | 1 - apparmor.d/groups/_full/default | 1 - apparmor.d/groups/akonadi/akonadi_akonotes_resource | 2 -- apparmor.d/groups/akonadi/akonadi_archivemail_agent | 2 -- apparmor.d/groups/akonadi/akonadi_birthdays_resource | 2 -- apparmor.d/groups/akonadi/akonadi_contacts_resource | 2 -- apparmor.d/groups/akonadi/akonadi_control | 2 -- apparmor.d/groups/akonadi/akonadi_followupreminder_agent | 2 -- apparmor.d/groups/akonadi/akonadi_ical_resource | 2 -- apparmor.d/groups/akonadi/akonadi_indexing_agent | 2 -- apparmor.d/groups/akonadi/akonadi_maildir_resource | 2 -- apparmor.d/groups/akonadi/akonadi_maildispatcher_agent | 2 -- apparmor.d/groups/akonadi/akonadi_mailfilter_agent | 2 -- apparmor.d/groups/akonadi/akonadi_mailmerge_agent | 2 -- apparmor.d/groups/akonadi/akonadi_migration_agent | 2 -- apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent | 2 -- apparmor.d/groups/akonadi/akonadi_notes_agent | 2 -- apparmor.d/groups/akonadi/akonadi_sendlater_agent | 2 -- apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent | 2 -- apparmor.d/groups/apps/telegram-desktop | 1 - apparmor.d/groups/browsers/firefox-kmozillahelper | 1 - apparmor.d/groups/freedesktop/polkit-kde-authentication-agent | 1 - apparmor.d/groups/freedesktop/xdg-desktop-portal-kde | 2 -- apparmor.d/groups/kde/DiscoverNotifier | 2 -- apparmor.d/groups/kde/baloo | 1 - apparmor.d/groups/kde/baloorunner | 2 -- apparmor.d/groups/kde/dolphin | 1 - apparmor.d/groups/kde/kaccess | 2 -- apparmor.d/groups/kde/kactivitymanagerd | 1 - apparmor.d/groups/kde/kalendarac | 2 -- apparmor.d/groups/kde/kcminit | 1 - apparmor.d/groups/kde/kde-powerdevil | 1 - apparmor.d/groups/kde/kded | 1 - apparmor.d/groups/kde/kglobalacceld | 2 -- apparmor.d/groups/kde/kio_http_cache_cleaner | 2 -- apparmor.d/groups/kde/kioworker | 1 - apparmor.d/groups/kde/konsole | 1 - apparmor.d/groups/kde/kscreenlocker_greet | 1 - apparmor.d/groups/kde/ksmserver | 2 -- apparmor.d/groups/kde/ksmserver-logout-greeter | 1 - apparmor.d/groups/kde/ksplashqml | 2 -- apparmor.d/groups/kde/kwalletd | 1 - apparmor.d/groups/kde/kwalletmanager | 1 - apparmor.d/groups/kde/kwin_wayland | 1 - apparmor.d/groups/kde/kwin_x11 | 2 -- apparmor.d/groups/kde/okular | 2 -- apparmor.d/groups/kde/plasma-browser-integration-host | 1 - apparmor.d/groups/kde/plasma-discover | 1 - apparmor.d/groups/kde/plasma_session | 2 -- apparmor.d/groups/kde/plasmashell | 1 - apparmor.d/groups/kde/sddm | 1 - apparmor.d/groups/kde/sddm-greeter | 1 - apparmor.d/groups/kde/startplasma | 1 - apparmor.d/groups/kde/systemsettings | 1 - apparmor.d/groups/ubuntu/apport | 1 - apparmor.d/profiles-a-f/birdtray | 1 - apparmor.d/profiles-a-f/flameshot | 1 - apparmor.d/profiles-g-l/groups | 2 -- apparmor.d/profiles-g-l/kanyremote | 1 - apparmor.d/profiles-g-l/kodi | 1 - apparmor.d/profiles-m-r/megasync | 1 - apparmor.d/profiles-m-r/minitube | 2 -- apparmor.d/profiles-m-r/psi | 1 - apparmor.d/profiles-m-r/psi-plus | 1 - apparmor.d/profiles-m-r/qbittorrent-nox | 1 - apparmor.d/profiles-m-r/qnapi | 1 - apparmor.d/profiles-m-r/qpdfview | 1 - apparmor.d/profiles-m-r/qt5ct | 1 - apparmor.d/profiles-m-r/qtox | 1 - apparmor.d/profiles-s-z/strawberry | 1 - apparmor.d/profiles-s-z/usbguard-applet-qt | 1 - 71 files changed, 102 deletions(-) diff --git a/apparmor.d/abstractions/common/app b/apparmor.d/abstractions/common/app index 65ac34250..ff3b0f7f0 100644 --- a/apparmor.d/abstractions/common/app +++ b/apparmor.d/abstractions/common/app @@ -100,7 +100,6 @@ @{PROC}/pressure/io r, @{PROC}/pressure/memory r, @{PROC}/sys/fs/inotify/max_user_watches r, - @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/osrelease r, @{PROC}/sys/kernel/pid_max r, @{PROC}/sys/kernel/sched_autogroup_enabled r, diff --git a/apparmor.d/groups/_full/default b/apparmor.d/groups/_full/default index 0b6b72f15..8067b41a2 100644 --- a/apparmor.d/groups/_full/default +++ b/apparmor.d/groups/_full/default @@ -99,7 +99,6 @@ profile default @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/session.slice/dbus.service/memory.* r, @{PROC}/cmdline r, - @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/seccomp/actions_avail r, @{PROC}/zoneinfo r, owner @{PROC}/@{pid}/cgroup r, diff --git a/apparmor.d/groups/akonadi/akonadi_akonotes_resource b/apparmor.d/groups/akonadi/akonadi_akonotes_resource index aea9bf790..5956c3e78 100644 --- a/apparmor.d/groups/akonadi/akonadi_akonotes_resource +++ b/apparmor.d/groups/akonadi/akonadi_akonotes_resource @@ -36,8 +36,6 @@ profile akonadi_akonotes_resource @{exec_path} { owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwinrc r, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/akonadi/akonadi_archivemail_agent b/apparmor.d/groups/akonadi/akonadi_archivemail_agent index 22a2568c8..27a065274 100644 --- a/apparmor.d/groups/akonadi/akonadi_archivemail_agent +++ b/apparmor.d/groups/akonadi/akonadi_archivemail_agent @@ -42,8 +42,6 @@ profile akonadi_archivemail_agent @{exec_path} { owner @{user_share_dirs}/akonadi/file_db_data/{,**} r, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/akonadi/akonadi_birthdays_resource b/apparmor.d/groups/akonadi/akonadi_birthdays_resource index bfc042c87..5da0cbffc 100644 --- a/apparmor.d/groups/akonadi/akonadi_birthdays_resource +++ b/apparmor.d/groups/akonadi/akonadi_birthdays_resource @@ -35,8 +35,6 @@ profile akonadi_birthdays_resource @{exec_path} { owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwinrc r, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/akonadi/akonadi_contacts_resource b/apparmor.d/groups/akonadi/akonadi_contacts_resource index 03c733303..54cdc9af3 100644 --- a/apparmor.d/groups/akonadi/akonadi_contacts_resource +++ b/apparmor.d/groups/akonadi/akonadi_contacts_resource @@ -39,8 +39,6 @@ profile akonadi_contacts_resource @{exec_path} { owner @{user_share_dirs}/contacts/ r, owner @{user_share_dirs}/contacts/*.vcf w, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/akonadi/akonadi_control b/apparmor.d/groups/akonadi/akonadi_control index 23bfbab2a..16ee7c6c3 100644 --- a/apparmor.d/groups/akonadi/akonadi_control +++ b/apparmor.d/groups/akonadi/akonadi_control @@ -40,8 +40,6 @@ profile akonadi_control @{exec_path} { owner @{user_share_dirs}/akonadi/{,**} rwl, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/akonadi/akonadi_followupreminder_agent b/apparmor.d/groups/akonadi/akonadi_followupreminder_agent index 805d79ab8..220161832 100644 --- a/apparmor.d/groups/akonadi/akonadi_followupreminder_agent +++ b/apparmor.d/groups/akonadi/akonadi_followupreminder_agent @@ -38,8 +38,6 @@ profile akonadi_followupreminder_agent @{exec_path} { owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwinrc r, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/akonadi/akonadi_ical_resource b/apparmor.d/groups/akonadi/akonadi_ical_resource index 7c1b4ea61..12414ece7 100644 --- a/apparmor.d/groups/akonadi/akonadi_ical_resource +++ b/apparmor.d/groups/akonadi/akonadi_ical_resource @@ -31,8 +31,6 @@ profile akonadi_ical_resource @{exec_path} { owner @{user_config_dirs}/kwinrc r, owner @{user_share_dirs}/apps/korganizer/{,**} rw, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/akonadi/akonadi_indexing_agent b/apparmor.d/groups/akonadi/akonadi_indexing_agent index 0bffc97ff..1c59bc78d 100644 --- a/apparmor.d/groups/akonadi/akonadi_indexing_agent +++ b/apparmor.d/groups/akonadi/akonadi_indexing_agent @@ -45,8 +45,6 @@ profile akonadi_indexing_agent @{exec_path} { owner @{user_share_dirs}/akonadi/ rw, owner @{user_share_dirs}/akonadi/** rwlk -> @{user_share_dirs}/akonadi/**, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/akonadi/akonadi_maildir_resource b/apparmor.d/groups/akonadi/akonadi_maildir_resource index fa44749df..55d0ce2b0 100644 --- a/apparmor.d/groups/akonadi/akonadi_maildir_resource +++ b/apparmor.d/groups/akonadi/akonadi_maildir_resource @@ -39,8 +39,6 @@ profile akonadi_maildir_resource @{exec_path} { owner @{user_share_dirs}/akonadi/{,**} rwk, owner @{user_share_dirs}/local-mail*/{,**} rw, - @{PROC}/sys/kernel/core_pattern rw, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent b/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent index 35839f63c..9030af7b5 100644 --- a/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent +++ b/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent @@ -50,8 +50,6 @@ profile akonadi_maildispatcher_agent @{exec_path} { owner @{user_share_dirs}/akonadi/file_db_data/{,**} r, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/akonadi/akonadi_mailfilter_agent b/apparmor.d/groups/akonadi/akonadi_mailfilter_agent index 80594c6bd..d0d666b31 100644 --- a/apparmor.d/groups/akonadi/akonadi_mailfilter_agent +++ b/apparmor.d/groups/akonadi/akonadi_mailfilter_agent @@ -56,8 +56,6 @@ profile akonadi_mailfilter_agent @{exec_path} { owner @{user_share_dirs}/akonadi/file_db_data/{,**} rw, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/akonadi/akonadi_mailmerge_agent b/apparmor.d/groups/akonadi/akonadi_mailmerge_agent index fa663481a..510bcb1fb 100644 --- a/apparmor.d/groups/akonadi/akonadi_mailmerge_agent +++ b/apparmor.d/groups/akonadi/akonadi_mailmerge_agent @@ -39,8 +39,6 @@ profile akonadi_mailmerge_agent @{exec_path} { owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwinrc r, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/akonadi/akonadi_migration_agent b/apparmor.d/groups/akonadi/akonadi_migration_agent index 5ad12003c..9a0478320 100644 --- a/apparmor.d/groups/akonadi/akonadi_migration_agent +++ b/apparmor.d/groups/akonadi/akonadi_migration_agent @@ -36,8 +36,6 @@ profile akonadi_migration_agent @{exec_path} { owner @{user_share_dirs}/akonadi_migration_agent/{,**} rw, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent b/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent index ffd40e8de..d07dcedbf 100644 --- a/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent +++ b/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent @@ -33,8 +33,6 @@ profile akonadi_newmailnotifier_agent @{exec_path} { owner @{user_config_dirs}/kmail2rc r, owner @{user_config_dirs}/specialmailcollectionsrc r, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/akonadi/akonadi_notes_agent b/apparmor.d/groups/akonadi/akonadi_notes_agent index ee08560e3..56eb53c25 100644 --- a/apparmor.d/groups/akonadi/akonadi_notes_agent +++ b/apparmor.d/groups/akonadi/akonadi_notes_agent @@ -39,8 +39,6 @@ profile akonadi_notes_agent @{exec_path} { owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwinrc r, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/akonadi/akonadi_sendlater_agent b/apparmor.d/groups/akonadi/akonadi_sendlater_agent index 945066cb8..104b3ec42 100644 --- a/apparmor.d/groups/akonadi/akonadi_sendlater_agent +++ b/apparmor.d/groups/akonadi/akonadi_sendlater_agent @@ -40,8 +40,6 @@ profile akonadi_sendlater_agent @{exec_path} { owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwinrc r, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent b/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent index fcbf68d07..22f53cb04 100644 --- a/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent +++ b/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent @@ -34,8 +34,6 @@ profile akonadi_unifiedmailbox_agent @{exec_path} { owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwinrc r, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/apps/telegram-desktop b/apparmor.d/groups/apps/telegram-desktop index add8fa0d2..68543770a 100644 --- a/apparmor.d/groups/apps/telegram-desktop +++ b/apparmor.d/groups/apps/telegram-desktop @@ -45,7 +45,6 @@ profile telegram-desktop @{exec_path} { owner @{run}/user/@{uid}/@{hex}-* rwk, owner /dev/shm/#@{int} rw, - @{PROC}/sys/kernel/random/boot_id r, owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mountinfo r, diff --git a/apparmor.d/groups/browsers/firefox-kmozillahelper b/apparmor.d/groups/browsers/firefox-kmozillahelper index a47bef7c5..cf299b489 100644 --- a/apparmor.d/groups/browsers/firefox-kmozillahelper +++ b/apparmor.d/groups/browsers/firefox-kmozillahelper @@ -55,7 +55,6 @@ profile firefox-kmozillahelper @{exec_path} { @{run}/udev/data/c189:@{int} r, # for /dev/bus/usb/** - @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/mountinfo r, /dev/tty r, diff --git a/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent b/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent index 164d40ab4..abd15224c 100644 --- a/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent +++ b/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent @@ -53,7 +53,6 @@ profile polkit-kde-authentication-agent @{exec_path} flags=(attach_disconnected, @{PROC}/@{pid}/cgroup r, @{PROC}/@{pid}/cmdline r, @{PROC}/@{pid}/fd/ r, - @{PROC}/sys/kernel/core_pattern r, include if exists } diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde index c724c0aad..22c944a87 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde @@ -38,8 +38,6 @@ profile xdg-desktop-portal-kde @{exec_path} { owner @{run}/user/@{uid}/xdg-desktop-portal-kde@{rand6}.*.socket rw, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/kde/DiscoverNotifier b/apparmor.d/groups/kde/DiscoverNotifier index b7fc61d2e..3156f1aa7 100644 --- a/apparmor.d/groups/kde/DiscoverNotifier +++ b/apparmor.d/groups/kde/DiscoverNotifier @@ -55,8 +55,6 @@ profile DiscoverNotifier @{exec_path} { owner @{tmp}/ostree-gpg-*/ rw, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, profile gpg { diff --git a/apparmor.d/groups/kde/baloo b/apparmor.d/groups/kde/baloo index 88476e81c..fe18f834f 100644 --- a/apparmor.d/groups/kde/baloo +++ b/apparmor.d/groups/kde/baloo @@ -42,7 +42,6 @@ profile baloo @{exec_path} { owner @{user_share_dirs}/baloo/{,**} rwk, - @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mountinfo r, diff --git a/apparmor.d/groups/kde/baloorunner b/apparmor.d/groups/kde/baloorunner index b92bcd005..64d22df67 100644 --- a/apparmor.d/groups/kde/baloorunner +++ b/apparmor.d/groups/kde/baloorunner @@ -61,8 +61,6 @@ profile baloorunner @{exec_path} { @{sys}/class/*/ r, @{sys}/devices/**/uevent r, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/kde/dolphin b/apparmor.d/groups/kde/dolphin index b22386b52..3d03db73f 100644 --- a/apparmor.d/groups/kde/dolphin +++ b/apparmor.d/groups/kde/dolphin @@ -86,7 +86,6 @@ profile dolphin @{exec_path} { owner @{run}/user/@{uid}/dolphin@{rand6}.@{int}.kioworker.socket rwl -> @{run}/user/@{uid}/#@{int}, owner @{run}/user/@{uid}/#@{int} rw, - @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/groups/kde/kaccess b/apparmor.d/groups/kde/kaccess index 53bc4cd69..170144b8a 100644 --- a/apparmor.d/groups/kde/kaccess +++ b/apparmor.d/groups/kde/kaccess @@ -26,8 +26,6 @@ profile kaccess @{exec_path} { owner @{user_share_dirs}/mime/generic-icons r, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/kde/kactivitymanagerd b/apparmor.d/groups/kde/kactivitymanagerd index 23ae41a5c..f12504d70 100644 --- a/apparmor.d/groups/kde/kactivitymanagerd +++ b/apparmor.d/groups/kde/kactivitymanagerd @@ -49,7 +49,6 @@ profile kactivitymanagerd @{exec_path} { owner @{run}/user/@{uid}/#@{int} rw, owner @{run}/user/@{uid}/*@{rand6}.*.socket rwl -> @{run}/user/@{uid}/#@{int}, - @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/groups/kde/kalendarac b/apparmor.d/groups/kde/kalendarac index fc1cb49f4..453ac9124 100644 --- a/apparmor.d/groups/kde/kalendarac +++ b/apparmor.d/groups/kde/kalendarac @@ -36,8 +36,6 @@ profile kalendarac @{exec_path} { owner @{user_config_dirs}/kalendaracrc.lock rwk, owner @{user_config_dirs}/kmail2rc r, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/kde/kcminit b/apparmor.d/groups/kde/kcminit index bec3e4456..1b14791ac 100644 --- a/apparmor.d/groups/kde/kcminit +++ b/apparmor.d/groups/kde/kcminit @@ -40,7 +40,6 @@ profile kcminit @{exec_path} { @{run}/user/@{uid}/xauth_@{rand6} rl, - @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/random/boot_id r, /dev/tty r, diff --git a/apparmor.d/groups/kde/kde-powerdevil b/apparmor.d/groups/kde/kde-powerdevil index 9e596c410..287b495fe 100644 --- a/apparmor.d/groups/kde/kde-powerdevil +++ b/apparmor.d/groups/kde/kde-powerdevil @@ -71,7 +71,6 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted) @{PROC}/@{pid}/fd/ r, @{PROC}/@{pid}/mounts r, - @{PROC}/sys/kernel/core_pattern r, /dev/i2c-@{int} rwk, /dev/rfkill r, diff --git a/apparmor.d/groups/kde/kded b/apparmor.d/groups/kde/kded index cb719c10d..22c9ab4dd 100644 --- a/apparmor.d/groups/kde/kded +++ b/apparmor.d/groups/kde/kded @@ -157,7 +157,6 @@ profile kded @{exec_path} { @{PROC}/@{pids}/fdinfo/@{int} r, @{PROC}/@{pids}/fd/info/@{int} r, @{PROC}/sys/fs/inotify/max_user_{instances,watches} r, - @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/groups/kde/kglobalacceld b/apparmor.d/groups/kde/kglobalacceld index 545e1e1b9..c0ea43b30 100644 --- a/apparmor.d/groups/kde/kglobalacceld +++ b/apparmor.d/groups/kde/kglobalacceld @@ -23,8 +23,6 @@ profile kglobalacceld @{exec_path} { owner @{user_config_dirs}/kglobalshortcutsrc* rwl, owner @{user_config_dirs}/kglobalshortcutsrc.lock rwk, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/kde/kio_http_cache_cleaner b/apparmor.d/groups/kde/kio_http_cache_cleaner index 0f3c799ad..b96769fe4 100644 --- a/apparmor.d/groups/kde/kio_http_cache_cleaner +++ b/apparmor.d/groups/kde/kio_http_cache_cleaner @@ -21,7 +21,5 @@ profile kio_http_cache_cleaner @{exec_path} { owner @{run}/user/@{uid}/kio_http_cache_cleaner rw, - @{PROC}/sys/kernel/core_pattern r, - include if exists } \ No newline at end of file diff --git a/apparmor.d/groups/kde/kioworker b/apparmor.d/groups/kde/kioworker index 3e8d2a594..5e39ad775 100644 --- a/apparmor.d/groups/kde/kioworker +++ b/apparmor.d/groups/kde/kioworker @@ -92,7 +92,6 @@ profile kioworker @{exec_path} { owner @{run}/user/@{uid}/#@{int} rw, owner @{run}/user/@{uid}/kio_*.socket rwl -> @{run}/user/@{uid}/#@{int}, - @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/groups/kde/konsole b/apparmor.d/groups/kde/konsole index 45cb52cf0..d80f20b93 100644 --- a/apparmor.d/groups/kde/konsole +++ b/apparmor.d/groups/kde/konsole @@ -62,7 +62,6 @@ profile konsole @{exec_path} flags=(attach_disconnected,mediate_deleted) { owner @{tmp}/#@{int} rw, owner @{tmp}/konsole.@{rand6} rw, - @{PROC}/sys/kernel/core_pattern r, @{PROC}/@{pid}/cmdline r, @{PROC}/@{pid}/stat r, diff --git a/apparmor.d/groups/kde/kscreenlocker_greet b/apparmor.d/groups/kde/kscreenlocker_greet index 8f2120233..6b6eab4b5 100644 --- a/apparmor.d/groups/kde/kscreenlocker_greet +++ b/apparmor.d/groups/kde/kscreenlocker_greet @@ -101,7 +101,6 @@ profile kscreenlocker_greet @{exec_path} { @{PROC}/@{pid}/fd/ r, @{PROC}/@{pid}/loginuid r, @{PROC}/@{pid}/mounts r, - @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/loginuid r, /dev/tty r, diff --git a/apparmor.d/groups/kde/ksmserver b/apparmor.d/groups/kde/ksmserver index e5f898295..33724c835 100644 --- a/apparmor.d/groups/kde/ksmserver +++ b/apparmor.d/groups/kde/ksmserver @@ -67,8 +67,6 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{run}/systemd/inhibit/[0-9]*.ref rw, owner @{run}/user/@{uid}/KSMserver__[0-9] rw, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty r, include if exists diff --git a/apparmor.d/groups/kde/ksmserver-logout-greeter b/apparmor.d/groups/kde/ksmserver-logout-greeter index a13b08f3c..9c35530a6 100644 --- a/apparmor.d/groups/kde/ksmserver-logout-greeter +++ b/apparmor.d/groups/kde/ksmserver-logout-greeter @@ -53,7 +53,6 @@ profile ksmserver-logout-greeter @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/ r, @{PROC}/sys/dev/i915/perf_stream_paranoid r, - @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/exe r, owner @{PROC}/@{pid}/status r, diff --git a/apparmor.d/groups/kde/ksplashqml b/apparmor.d/groups/kde/ksplashqml index 59d90b35b..80d91048e 100644 --- a/apparmor.d/groups/kde/ksplashqml +++ b/apparmor.d/groups/kde/ksplashqml @@ -32,7 +32,5 @@ profile ksplashqml @{exec_path} { owner @{user_config_dirs}/ksplashrc r, owner @{user_config_dirs}/plasmarc r, - @{PROC}/sys/kernel/core_pattern r, - include if exists } diff --git a/apparmor.d/groups/kde/kwalletd b/apparmor.d/groups/kde/kwalletd index 5aa42fb38..9d255e683 100644 --- a/apparmor.d/groups/kde/kwalletd +++ b/apparmor.d/groups/kde/kwalletd @@ -43,7 +43,6 @@ profile kwalletd @{exec_path} { owner @{tmp}/kwalletd5.* rw, - @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/groups/kde/kwalletmanager b/apparmor.d/groups/kde/kwalletmanager index 90e8dbf2b..8c99ca25d 100644 --- a/apparmor.d/groups/kde/kwalletmanager +++ b/apparmor.d/groups/kde/kwalletmanager @@ -43,7 +43,6 @@ profile kwalletmanager @{exec_path} { @{PROC}/@{pid}/mountinfo r, @{PROC}/@{pid}/mounts r, - @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/cmdline r, /dev/shm/ r, diff --git a/apparmor.d/groups/kde/kwin_wayland b/apparmor.d/groups/kde/kwin_wayland index 3e62ed175..0c682e2a3 100644 --- a/apparmor.d/groups/kde/kwin_wayland +++ b/apparmor.d/groups/kde/kwin_wayland @@ -126,7 +126,6 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) { @{run}/udev/data/c226:@{int} r, # for /dev/dri/card* @{PROC}/@{pid}/task/@{tid}/comm rw, - @{PROC}/sys/kernel/core_pattern r, /dev/input/event@{int} rw, /dev/tty r, diff --git a/apparmor.d/groups/kde/kwin_x11 b/apparmor.d/groups/kde/kwin_x11 index cd43b074c..7713d4945 100644 --- a/apparmor.d/groups/kde/kwin_x11 +++ b/apparmor.d/groups/kde/kwin_x11 @@ -64,8 +64,6 @@ profile kwin_x11 @{exec_path} { @{sys}/devices/system/node/ r, @{sys}/devices/system/node/node@{int}/meminfo r, - @{PROC}/sys/kernel/core_pattern r, - /dev/tty rw, include if exists diff --git a/apparmor.d/groups/kde/okular b/apparmor.d/groups/kde/okular index 71a982ca5..4d8e8a9b9 100644 --- a/apparmor.d/groups/kde/okular +++ b/apparmor.d/groups/kde/okular @@ -48,8 +48,6 @@ profile okular @{exec_path} { owner @{tmp}/#@{int} rw, owner @{tmp}/okular_@{rand6}.ps rwl -> /tmp/#@{int}, - @{PROC}/sys/kernel/core_pattern r, - profile gpg { include diff --git a/apparmor.d/groups/kde/plasma-browser-integration-host b/apparmor.d/groups/kde/plasma-browser-integration-host index 93b11c812..18d09bf79 100644 --- a/apparmor.d/groups/kde/plasma-browser-integration-host +++ b/apparmor.d/groups/kde/plasma-browser-integration-host @@ -37,7 +37,6 @@ profile plasma-browser-integration-host @{exec_path} { owner @{user_share_dirs}/kservices{5,6}/ r, owner @{user_share_dirs}/kservices{5,6}/ServiceMenus/ r, - @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/stat r, diff --git a/apparmor.d/groups/kde/plasma-discover b/apparmor.d/groups/kde/plasma-discover index 6b8269b46..11cb7206e 100644 --- a/apparmor.d/groups/kde/plasma-discover +++ b/apparmor.d/groups/kde/plasma-discover @@ -95,7 +95,6 @@ profile plasma-discover @{exec_path} { owner @{run}/user/@{uid}/#@{int} rw, owner @{run}/user/@{uid}/discover@{rand6}.* rwl -> @{run}/user/@{uid}/#@{int}, - @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/mountinfo r, /dev/tty r, diff --git a/apparmor.d/groups/kde/plasma_session b/apparmor.d/groups/kde/plasma_session index 0041d753f..d67966678 100644 --- a/apparmor.d/groups/kde/plasma_session +++ b/apparmor.d/groups/kde/plasma_session @@ -45,7 +45,5 @@ profile plasma_session @{exec_path} { owner @{user_config_dirs}/kdedefaults/ksplashrc r, owner @{user_config_dirs}/plasma-welcomerc r, - @{PROC}/sys/kernel/core_pattern r, - include if exists } \ No newline at end of file diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell index f3456eec4..3c7b4eed8 100644 --- a/apparmor.d/groups/kde/plasmashell +++ b/apparmor.d/groups/kde/plasmashell @@ -192,7 +192,6 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { @{PROC}/cmdline r, @{PROC}/diskstats r, @{PROC}/loadavg r, - @{PROC}/sys/kernel/core_pattern r, @{PROC}/uptime r, @{PROC}/vmstat r, owner @{PROC}/@{pid}/{cgroup,cmdline,stat,statm} r, diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm index 20fec7b18..b93d46e9d 100644 --- a/apparmor.d/groups/kde/sddm +++ b/apparmor.d/groups/kde/sddm @@ -188,7 +188,6 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{PROC}/uptime r, @{PROC}/@{pids}/cmdline r, @{PROC}/@{pids}/stat r, - @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/loginuid rw, owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/uid_map r, diff --git a/apparmor.d/groups/kde/sddm-greeter b/apparmor.d/groups/kde/sddm-greeter index eb8943137..305430f1f 100644 --- a/apparmor.d/groups/kde/sddm-greeter +++ b/apparmor.d/groups/kde/sddm-greeter @@ -68,7 +68,6 @@ profile sddm-greeter @{exec_path} { owner @{run}/sddm/{,*} rw, - @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/groups/kde/startplasma b/apparmor.d/groups/kde/startplasma index 1010c0a43..bcfa8d209 100644 --- a/apparmor.d/groups/kde/startplasma +++ b/apparmor.d/groups/kde/startplasma @@ -77,7 +77,6 @@ profile startplasma @{exec_path} { owner @{run}/user/@{uid}/ r, - @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/random/boot_id r, owner @{PROC}/@{pid}/maps r, diff --git a/apparmor.d/groups/kde/systemsettings b/apparmor.d/groups/kde/systemsettings index 1af32ce81..d3ad9dccd 100644 --- a/apparmor.d/groups/kde/systemsettings +++ b/apparmor.d/groups/kde/systemsettings @@ -74,7 +74,6 @@ profile systemsettings @{exec_path} { @{sys}/bus/cpu/devices/ r, @{sys}/class/ r, - @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/mounts r, /dev/tty r, diff --git a/apparmor.d/groups/ubuntu/apport b/apparmor.d/groups/ubuntu/apport index eba45da06..f24a36275 100644 --- a/apparmor.d/groups/ubuntu/apport +++ b/apparmor.d/groups/ubuntu/apport @@ -46,7 +46,6 @@ profile apport @{exec_path} flags=(attach_disconnected) { @{PROC}/@{pid}/environ r, @{PROC}/@{pid}/stat r, @{PROC}/sys/fs/suid_dumpable w, - @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/core_pattern w, @{PROC}/sys/kernel/core_pipe_limit w, owner @{PROC}/@{pid}/attr/current r, diff --git a/apparmor.d/profiles-a-f/birdtray b/apparmor.d/profiles-a-f/birdtray index 972ee380d..93eb3d572 100644 --- a/apparmor.d/profiles-a-f/birdtray +++ b/apparmor.d/profiles-a-f/birdtray @@ -49,7 +49,6 @@ profile birdtray @{exec_path} { /dev/shm/#@{int} rw, - @{PROC}/sys/kernel/random/boot_id r, owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-a-f/flameshot b/apparmor.d/profiles-a-f/flameshot index 666245156..4d5c83fa9 100644 --- a/apparmor.d/profiles-a-f/flameshot +++ b/apparmor.d/profiles-a-f/flameshot @@ -51,7 +51,6 @@ profile flameshot @{exec_path} { owner @{tmp}/.@{rand8}/** rw, owner /dev/shm/#@{int} rw, - @{PROC}/sys/kernel/random/boot_id r, owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mountinfo r, diff --git a/apparmor.d/profiles-g-l/groups b/apparmor.d/profiles-g-l/groups index 625632e73..2affa7562 100644 --- a/apparmor.d/profiles-g-l/groups +++ b/apparmor.d/profiles-g-l/groups @@ -15,8 +15,6 @@ profile groups @{exec_path} { @{exec_path} mr, - @{PROC}/sys/kernel/random/boot_id r, - /dev/tty@{int} rw, include if exists diff --git a/apparmor.d/profiles-g-l/kanyremote b/apparmor.d/profiles-g-l/kanyremote index fb11c31c9..8f0ba584b 100644 --- a/apparmor.d/profiles-g-l/kanyremote +++ b/apparmor.d/profiles-g-l/kanyremote @@ -65,7 +65,6 @@ profile kanyremote @{exec_path} { owner /dev/shm/#@{int} rw, - @{PROC}/sys/kernel/random/boot_id r, owner @{PROC}/@{pid}/cmdline r, profile killall { diff --git a/apparmor.d/profiles-g-l/kodi b/apparmor.d/profiles-g-l/kodi index 55beb1b6a..87624f946 100644 --- a/apparmor.d/profiles-g-l/kodi +++ b/apparmor.d/profiles-g-l/kodi @@ -61,7 +61,6 @@ profile kodi @{exec_path} { @{PROC}/@{pid}/net/dev r, @{PROC}/@{pid}/net/route r, - @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mountinfo r, diff --git a/apparmor.d/profiles-m-r/megasync b/apparmor.d/profiles-m-r/megasync index 8f30c0c83..bf26a1aa8 100644 --- a/apparmor.d/profiles-m-r/megasync +++ b/apparmor.d/profiles-m-r/megasync @@ -51,7 +51,6 @@ profile megasync @{exec_path} { owner @{user_sync_dirs}/ r, owner @{user_sync_dirs}/** rwl -> @{user_sync_dirs}/**, - @{PROC}/sys/kernel/random/boot_id r, owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-m-r/minitube b/apparmor.d/profiles-m-r/minitube index e8e07ef43..3eecbb2bb 100644 --- a/apparmor.d/profiles-m-r/minitube +++ b/apparmor.d/profiles-m-r/minitube @@ -64,8 +64,6 @@ profile minitube @{exec_path} { # owner @{tmp}/#@{int} mrw, # owner @{tmp}/.glvnd* mrw, - @{PROC}/sys/kernel/core_pattern r, - @{PROC}/sys/kernel/random/boot_id r, owner @{PROC}/@{pid}/cmdline r, /dev/shm/#@{int} rw, diff --git a/apparmor.d/profiles-m-r/psi b/apparmor.d/profiles-m-r/psi index 84ae5b1b2..a0765eb7e 100644 --- a/apparmor.d/profiles-m-r/psi +++ b/apparmor.d/profiles-m-r/psi @@ -61,7 +61,6 @@ profile psi @{exec_path} { @{run}/systemd/inhibit/[0-9]*.ref rw, - @{PROC}/sys/kernel/random/boot_id r, owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-m-r/psi-plus b/apparmor.d/profiles-m-r/psi-plus index e1f78a45b..aaead522e 100644 --- a/apparmor.d/profiles-m-r/psi-plus +++ b/apparmor.d/profiles-m-r/psi-plus @@ -61,7 +61,6 @@ profile psi-plus @{exec_path} { @{run}/systemd/inhibit/[0-9]*.ref rw, - @{PROC}/sys/kernel/random/boot_id r, owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-m-r/qbittorrent-nox b/apparmor.d/profiles-m-r/qbittorrent-nox index cc8edfd64..cd4015707 100644 --- a/apparmor.d/profiles-m-r/qbittorrent-nox +++ b/apparmor.d/profiles-m-r/qbittorrent-nox @@ -46,7 +46,6 @@ profile qbittorrent-nox @{exec_path} { owner @{tmp}/qtsingleapp-qBitto-* rw, owner @{tmp}/qtsingleapp-qBitto-*-lockfile rwk, - @{PROC}/sys/kernel/random/boot_id r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-m-r/qnapi b/apparmor.d/profiles-m-r/qnapi index 712750a33..7075a0a49 100644 --- a/apparmor.d/profiles-m-r/qnapi +++ b/apparmor.d/profiles-m-r/qnapi @@ -64,7 +64,6 @@ profile qnapi @{exec_path} { owner @{tmp}/QNapi.@{int}.tmp.* rwl -> /tmp/#@{int}, owner @{tmp}/QNapi.@{int} rw, - @{PROC}/sys/kernel/random/boot_id r, owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-m-r/qpdfview b/apparmor.d/profiles-m-r/qpdfview index 2ced93511..4ce205c27 100644 --- a/apparmor.d/profiles-m-r/qpdfview +++ b/apparmor.d/profiles-m-r/qpdfview @@ -54,7 +54,6 @@ profile qpdfview @{exec_path} { owner @{tmp}/#@{int} rw, owner @{tmp}/qpdfview.*.pdf rwl -> /tmp/#@{int}, - @{PROC}/sys/kernel/random/boot_id r, owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-m-r/qt5ct b/apparmor.d/profiles-m-r/qt5ct index 3d4d73bb7..58bd6948e 100644 --- a/apparmor.d/profiles-m-r/qt5ct +++ b/apparmor.d/profiles-m-r/qt5ct @@ -33,7 +33,6 @@ profile qt5ct @{exec_path} { owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/icon-cache.kcache rw, - @{PROC}/sys/kernel/random/boot_id r, owner @{PROC}/@{pid}/cmdline r, /dev/shm/#@{int} rw, diff --git a/apparmor.d/profiles-m-r/qtox b/apparmor.d/profiles-m-r/qtox index a60136402..fd9e0748d 100644 --- a/apparmor.d/profiles-m-r/qtox +++ b/apparmor.d/profiles-m-r/qtox @@ -50,7 +50,6 @@ profile qtox @{exec_path} { owner @{user_share_dirs}/qTox/** rw, owner @{PROC}/@{pid}/cmdline r, - @{PROC}/sys/kernel/core_pattern r, # for KCrash::initialize() owner @{tmp}/qipc_{systemsem,sharedmemory}_*@{hex} rw, diff --git a/apparmor.d/profiles-s-z/strawberry b/apparmor.d/profiles-s-z/strawberry index efb326115..39c68f5ed 100644 --- a/apparmor.d/profiles-s-z/strawberry +++ b/apparmor.d/profiles-s-z/strawberry @@ -72,7 +72,6 @@ profile strawberry @{exec_path} { @{run}/mount/utab r, - @{PROC}/sys/kernel/random/boot_id r, owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mountinfo r, diff --git a/apparmor.d/profiles-s-z/usbguard-applet-qt b/apparmor.d/profiles-s-z/usbguard-applet-qt index 6737abc6e..a266575ee 100644 --- a/apparmor.d/profiles-s-z/usbguard-applet-qt +++ b/apparmor.d/profiles-s-z/usbguard-applet-qt @@ -36,7 +36,6 @@ profile usbguard-applet-qt @{exec_path} { owner @{run}/user/@{uid}/sni-qt_usbguard-applet-qt_@{int}-[a-zA-Z0-9]*/{,**} rw, owner @{PROC}/@{pid}/cmdline r, - @{PROC}/sys/kernel/core_pattern r, /usr/share/hwdata/pnp.ids r, From e362aa91079c6b1f9591b5a8afb3a99c5daa4c34 Mon Sep 17 00:00:00 2001 From: REmerald <55359236+REmerald@users.noreply.github.com> Date: Sun, 9 Jun 2024 19:44:15 +0300 Subject: [PATCH 19/70] feat(profiles-m-r): vim syntax support Add vim modeline instructing the editor to use the syntax plugin provided by apparmor. --- apparmor.d/profiles-m-r/macchanger | 1 + apparmor.d/profiles-m-r/man | 1 + apparmor.d/profiles-m-r/mandb | 1 + apparmor.d/profiles-m-r/mate-notification-daemon | 1 + apparmor.d/profiles-m-r/mdevctl | 1 + apparmor.d/profiles-m-r/mediainfo | 1 + apparmor.d/profiles-m-r/mediainfo-gui | 1 + apparmor.d/profiles-m-r/megasync | 1 + apparmor.d/profiles-m-r/memtester | 1 + apparmor.d/profiles-m-r/merkaartor | 1 + apparmor.d/profiles-m-r/metadata-cleaner | 1 + apparmor.d/profiles-m-r/mimetype | 1 + apparmor.d/profiles-m-r/minitube | 1 + apparmor.d/profiles-m-r/mission-control | 1 + apparmor.d/profiles-m-r/mke2fs | 1 + apparmor.d/profiles-m-r/mkfs-btrfs | 1 + apparmor.d/profiles-m-r/mkfs-fat | 1 + apparmor.d/profiles-m-r/mkinitramfs | 1 + apparmor.d/profiles-m-r/mkntfs | 1 + apparmor.d/profiles-m-r/mkswap | 1 + apparmor.d/profiles-m-r/mkvmerge | 1 + apparmor.d/profiles-m-r/mkvtoolnix-gui | 1 + apparmor.d/profiles-m-r/mlocate | 1 + apparmor.d/profiles-m-r/modprobed-db | 1 + apparmor.d/profiles-m-r/molly-guard | 1 + apparmor.d/profiles-m-r/monitorix | 1 + apparmor.d/profiles-m-r/mono-sgen | 1 + apparmor.d/profiles-m-r/mount | 1 + apparmor.d/profiles-m-r/mount-cifs | 1 + apparmor.d/profiles-m-r/mount-nfs | 1 + apparmor.d/profiles-m-r/mount-zfs | 1 + apparmor.d/profiles-m-r/mpd | 1 + apparmor.d/profiles-m-r/mpsyt | 1 + apparmor.d/profiles-m-r/mpv | 1 + apparmor.d/profiles-m-r/mtools | 1 + apparmor.d/profiles-m-r/mtr | 1 + apparmor.d/profiles-m-r/mtr-packet | 1 + apparmor.d/profiles-m-r/mullvad-setup | 1 + apparmor.d/profiles-m-r/multipath | 1 + apparmor.d/profiles-m-r/multipathd | 1 + apparmor.d/profiles-m-r/mumble | 1 + apparmor.d/profiles-m-r/mumble-overlay | 1 + apparmor.d/profiles-m-r/murmurd | 1 + apparmor.d/profiles-m-r/mutt | 1 + apparmor.d/profiles-m-r/needrestart | 1 + apparmor.d/profiles-m-r/needrestart-apt-pinvoke | 1 + apparmor.d/profiles-m-r/needrestart-dpkg-status | 1 + apparmor.d/profiles-m-r/needrestart-iucode-scan-versions | 1 + apparmor.d/profiles-m-r/nemo | 1 + apparmor.d/profiles-m-r/netcap | 1 + apparmor.d/profiles-m-r/nethogs | 1 + apparmor.d/profiles-m-r/netstat | 1 + apparmor.d/profiles-m-r/newgidmap | 1 + apparmor.d/profiles-m-r/newgrp | 1 + apparmor.d/profiles-m-r/newuidmap | 1 + apparmor.d/profiles-m-r/nfsdcld | 1 + apparmor.d/profiles-m-r/nft | 1 + apparmor.d/profiles-m-r/nmap | 1 + apparmor.d/profiles-m-r/nologin | 1 + apparmor.d/profiles-m-r/nslookup | 1 + apparmor.d/profiles-m-r/ntfs-3g | 1 + apparmor.d/profiles-m-r/ntfs-3g-probe | 1 + apparmor.d/profiles-m-r/ntfscat | 1 + apparmor.d/profiles-m-r/ntfsclone | 1 + apparmor.d/profiles-m-r/ntfscluster | 1 + apparmor.d/profiles-m-r/ntfscmp | 1 + apparmor.d/profiles-m-r/ntfscp | 1 + apparmor.d/profiles-m-r/ntfsdecrypt | 1 + apparmor.d/profiles-m-r/ntfsfallocate | 1 + apparmor.d/profiles-m-r/ntfsfix | 1 + apparmor.d/profiles-m-r/ntfsinfo | 1 + apparmor.d/profiles-m-r/ntfslabel | 1 + apparmor.d/profiles-m-r/ntfsls | 1 + apparmor.d/profiles-m-r/ntfsmove | 1 + apparmor.d/profiles-m-r/ntfsrecover | 1 + apparmor.d/profiles-m-r/ntfsresize | 1 + apparmor.d/profiles-m-r/ntfssecaudit | 1 + apparmor.d/profiles-m-r/ntfstruncate | 1 + apparmor.d/profiles-m-r/ntfsundelete | 1 + apparmor.d/profiles-m-r/ntfsusermap | 1 + apparmor.d/profiles-m-r/ntfswipe | 1 + apparmor.d/profiles-m-r/nullmailer-send | 1 + apparmor.d/profiles-m-r/numlockx | 1 + apparmor.d/profiles-m-r/nvidia-detector | 1 + apparmor.d/profiles-m-r/nvidia-persistenced | 1 + apparmor.d/profiles-m-r/nvidia-settings | 1 + apparmor.d/profiles-m-r/nvtop | 1 + apparmor.d/profiles-m-r/obamenu | 1 + apparmor.d/profiles-m-r/obconf | 1 + apparmor.d/profiles-m-r/obex-folder-listing | 1 + apparmor.d/profiles-m-r/obexautofs | 1 + apparmor.d/profiles-m-r/obexctl | 1 + apparmor.d/profiles-m-r/obexd | 1 + apparmor.d/profiles-m-r/obexfs | 1 + apparmor.d/profiles-m-r/obexpush-atd | 1 + apparmor.d/profiles-m-r/obexpushd | 1 + apparmor.d/profiles-m-r/obxprop | 1 + apparmor.d/profiles-m-r/on-ac-power | 1 + apparmor.d/profiles-m-r/onefetch | 1 + apparmor.d/profiles-m-r/openbox | 1 + apparmor.d/profiles-m-r/openbox-session | 1 + apparmor.d/profiles-m-r/orage | 1 + apparmor.d/profiles-m-r/os-prober | 1 + apparmor.d/profiles-m-r/packagekitd | 1 + apparmor.d/profiles-m-r/pacmd | 1 + apparmor.d/profiles-m-r/pactl | 1 + apparmor.d/profiles-m-r/pagesize | 1 + apparmor.d/profiles-m-r/pam-auth-update | 1 + apparmor.d/profiles-m-r/pam-tmpdir-helper | 1 + apparmor.d/profiles-m-r/pam/mappings | 1 + apparmor.d/profiles-m-r/parted | 1 + apparmor.d/profiles-m-r/partprobe | 1 + apparmor.d/profiles-m-r/pass | 1 + apparmor.d/profiles-m-r/pass-import | 1 + apparmor.d/profiles-m-r/passimd | 1 + apparmor.d/profiles-m-r/passwd | 1 + apparmor.d/profiles-m-r/pavucontrol | 1 + apparmor.d/profiles-m-r/pcb-gtk | 1 + apparmor.d/profiles-m-r/pcscd | 1 + apparmor.d/profiles-m-r/picom | 1 + apparmor.d/profiles-m-r/pidof | 1 + apparmor.d/profiles-m-r/pinentry | 1 + apparmor.d/profiles-m-r/pinentry-curses | 1 + apparmor.d/profiles-m-r/pinentry-gnome3 | 1 + apparmor.d/profiles-m-r/pinentry-gtk-2 | 1 + apparmor.d/profiles-m-r/pinentry-kwallet | 1 + apparmor.d/profiles-m-r/pinentry-qt | 1 + apparmor.d/profiles-m-r/pkcs11-register | 1 + apparmor.d/profiles-m-r/pkexec | 1 + apparmor.d/profiles-m-r/pkttyagent | 1 + apparmor.d/profiles-m-r/plank | 1 + apparmor.d/profiles-m-r/plocate | 1 + apparmor.d/profiles-m-r/plocate-build | 1 + apparmor.d/profiles-m-r/popularity-contest | 1 + apparmor.d/profiles-m-r/power-profiles-daemon | 1 + apparmor.d/profiles-m-r/protonmail-bridge | 1 + apparmor.d/profiles-m-r/ps | 1 + apparmor.d/profiles-m-r/ps-mem | 1 + apparmor.d/profiles-m-r/pscap | 1 + apparmor.d/profiles-m-r/psi | 1 + apparmor.d/profiles-m-r/psi-plus | 1 + apparmor.d/profiles-m-r/pstree | 1 + apparmor.d/profiles-m-r/pulseeffects | 1 + apparmor.d/profiles-m-r/pwck | 1 + apparmor.d/profiles-m-r/qbittorrent | 1 + apparmor.d/profiles-m-r/qbittorrent-nox | 1 + apparmor.d/profiles-m-r/qemu-ga | 1 + apparmor.d/profiles-m-r/qnapi | 1 + apparmor.d/profiles-m-r/qpdfview | 1 + apparmor.d/profiles-m-r/qt5ct | 1 + apparmor.d/profiles-m-r/qtchooser | 1 + apparmor.d/profiles-m-r/qtox | 1 + apparmor.d/profiles-m-r/quiterss | 1 + apparmor.d/profiles-m-r/rdmsr | 1 + apparmor.d/profiles-m-r/remmina | 1 + apparmor.d/profiles-m-r/repo | 1 + apparmor.d/profiles-m-r/reprepro | 1 + apparmor.d/profiles-m-r/resize2fs | 1 + apparmor.d/profiles-m-r/resolvconf | 1 + apparmor.d/profiles-m-r/rfkill | 1 + apparmor.d/profiles-m-r/rngd | 1 + apparmor.d/profiles-m-r/rpi-imager | 1 + apparmor.d/profiles-m-r/rredtool | 1 + apparmor.d/profiles-m-r/rsyslogd | 1 + apparmor.d/profiles-m-r/rtkit-daemon | 1 + apparmor.d/profiles-m-r/rtkitctl | 1 + apparmor.d/profiles-m-r/run-parts | 1 + apparmor.d/profiles-m-r/runuser | 1 + apparmor.d/profiles-m-r/rustdesk | 1 + apparmor.d/profiles-m-r/rustdesk-utils | 1 + 170 files changed, 170 insertions(+) diff --git a/apparmor.d/profiles-m-r/macchanger b/apparmor.d/profiles-m-r/macchanger index 7f0d334eb..456e7faf2 100644 --- a/apparmor.d/profiles-m-r/macchanger +++ b/apparmor.d/profiles-m-r/macchanger @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/man b/apparmor.d/profiles-m-r/man index c85b5e1d1..721bb28f4 100644 --- a/apparmor.d/profiles-m-r/man +++ b/apparmor.d/profiles-m-r/man @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mandb b/apparmor.d/profiles-m-r/mandb index 74cef2862..8ed3f6a61 100644 --- a/apparmor.d/profiles-m-r/mandb +++ b/apparmor.d/profiles-m-r/mandb @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mate-notification-daemon b/apparmor.d/profiles-m-r/mate-notification-daemon index 7d3ea0192..e40102814 100644 --- a/apparmor.d/profiles-m-r/mate-notification-daemon +++ b/apparmor.d/profiles-m-r/mate-notification-daemon @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mdevctl b/apparmor.d/profiles-m-r/mdevctl index 4f1c54ac1..eefbd4f64 100644 --- a/apparmor.d/profiles-m-r/mdevctl +++ b/apparmor.d/profiles-m-r/mdevctl @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mediainfo b/apparmor.d/profiles-m-r/mediainfo index bd1d1e41a..aa740e696 100644 --- a/apparmor.d/profiles-m-r/mediainfo +++ b/apparmor.d/profiles-m-r/mediainfo @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mediainfo-gui b/apparmor.d/profiles-m-r/mediainfo-gui index 4315a8157..79230046e 100644 --- a/apparmor.d/profiles-m-r/mediainfo-gui +++ b/apparmor.d/profiles-m-r/mediainfo-gui @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/megasync b/apparmor.d/profiles-m-r/megasync index bf26a1aa8..3f7712847 100644 --- a/apparmor.d/profiles-m-r/megasync +++ b/apparmor.d/profiles-m-r/megasync @@ -2,6 +2,7 @@ # Copyright (C) 2015-2020 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/memtester b/apparmor.d/profiles-m-r/memtester index e25c98180..1ce609815 100644 --- a/apparmor.d/profiles-m-r/memtester +++ b/apparmor.d/profiles-m-r/memtester @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/merkaartor b/apparmor.d/profiles-m-r/merkaartor index 6cd06a019..b9613ec2d 100644 --- a/apparmor.d/profiles-m-r/merkaartor +++ b/apparmor.d/profiles-m-r/merkaartor @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/metadata-cleaner b/apparmor.d/profiles-m-r/metadata-cleaner index 63bea0ac2..f9d4adb05 100644 --- a/apparmor.d/profiles-m-r/metadata-cleaner +++ b/apparmor.d/profiles-m-r/metadata-cleaner @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mimetype b/apparmor.d/profiles-m-r/mimetype index e65d07613..a22f19c6a 100644 --- a/apparmor.d/profiles-m-r/mimetype +++ b/apparmor.d/profiles-m-r/mimetype @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/minitube b/apparmor.d/profiles-m-r/minitube index 3eecbb2bb..0e6379cf0 100644 --- a/apparmor.d/profiles-m-r/minitube +++ b/apparmor.d/profiles-m-r/minitube @@ -2,6 +2,7 @@ # Copyright (C) 2015-2020 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mission-control b/apparmor.d/profiles-m-r/mission-control index b36117459..dc5c1c0db 100644 --- a/apparmor.d/profiles-m-r/mission-control +++ b/apparmor.d/profiles-m-r/mission-control @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mke2fs b/apparmor.d/profiles-m-r/mke2fs index 4fc5c9d08..92805e83a 100644 --- a/apparmor.d/profiles-m-r/mke2fs +++ b/apparmor.d/profiles-m-r/mke2fs @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mkfs-btrfs b/apparmor.d/profiles-m-r/mkfs-btrfs index 48ba79bac..9e85623e6 100644 --- a/apparmor.d/profiles-m-r/mkfs-btrfs +++ b/apparmor.d/profiles-m-r/mkfs-btrfs @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mkfs-fat b/apparmor.d/profiles-m-r/mkfs-fat index 68fc2aaae..bdc5c4a78 100644 --- a/apparmor.d/profiles-m-r/mkfs-fat +++ b/apparmor.d/profiles-m-r/mkfs-fat @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mkinitramfs b/apparmor.d/profiles-m-r/mkinitramfs index 304b5834f..9ceb83627 100644 --- a/apparmor.d/profiles-m-r/mkinitramfs +++ b/apparmor.d/profiles-m-r/mkinitramfs @@ -3,6 +3,7 @@ # Copyright (C) 2022-2024 Alexandre Pujol # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mkntfs b/apparmor.d/profiles-m-r/mkntfs index ee6153a83..01bb1dbaf 100644 --- a/apparmor.d/profiles-m-r/mkntfs +++ b/apparmor.d/profiles-m-r/mkntfs @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mkswap b/apparmor.d/profiles-m-r/mkswap index 81cd835b1..74d2f54ac 100644 --- a/apparmor.d/profiles-m-r/mkswap +++ b/apparmor.d/profiles-m-r/mkswap @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mkvmerge b/apparmor.d/profiles-m-r/mkvmerge index 7350d7b7f..7973a192f 100644 --- a/apparmor.d/profiles-m-r/mkvmerge +++ b/apparmor.d/profiles-m-r/mkvmerge @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mkvtoolnix-gui b/apparmor.d/profiles-m-r/mkvtoolnix-gui index 63a978baf..8bdcd7e15 100644 --- a/apparmor.d/profiles-m-r/mkvtoolnix-gui +++ b/apparmor.d/profiles-m-r/mkvtoolnix-gui @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mlocate b/apparmor.d/profiles-m-r/mlocate index 6d2d33c9e..21c82bedb 100644 --- a/apparmor.d/profiles-m-r/mlocate +++ b/apparmor.d/profiles-m-r/mlocate @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/modprobed-db b/apparmor.d/profiles-m-r/modprobed-db index 9e84ee501..89b7800d8 100644 --- a/apparmor.d/profiles-m-r/modprobed-db +++ b/apparmor.d/profiles-m-r/modprobed-db @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/molly-guard b/apparmor.d/profiles-m-r/molly-guard index c6eb2a2ac..c50aa8469 100644 --- a/apparmor.d/profiles-m-r/molly-guard +++ b/apparmor.d/profiles-m-r/molly-guard @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/monitorix b/apparmor.d/profiles-m-r/monitorix index 88699a37b..827ff6d01 100644 --- a/apparmor.d/profiles-m-r/monitorix +++ b/apparmor.d/profiles-m-r/monitorix @@ -2,6 +2,7 @@ # Copyright (C) 2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mono-sgen b/apparmor.d/profiles-m-r/mono-sgen index 72891c7bf..d676f9911 100644 --- a/apparmor.d/profiles-m-r/mono-sgen +++ b/apparmor.d/profiles-m-r/mono-sgen @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mount b/apparmor.d/profiles-m-r/mount index 7c48c4d85..19c2b036a 100644 --- a/apparmor.d/profiles-m-r/mount +++ b/apparmor.d/profiles-m-r/mount @@ -3,6 +3,7 @@ # Copyright (C) 2022-2024 Alexandre Pujol # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mount-cifs b/apparmor.d/profiles-m-r/mount-cifs index 94a523e8f..5b3e2c0a4 100644 --- a/apparmor.d/profiles-m-r/mount-cifs +++ b/apparmor.d/profiles-m-r/mount-cifs @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mount-nfs b/apparmor.d/profiles-m-r/mount-nfs index 9e7a488d4..7a647d730 100644 --- a/apparmor.d/profiles-m-r/mount-nfs +++ b/apparmor.d/profiles-m-r/mount-nfs @@ -2,6 +2,7 @@ # Copyright (C) 2019-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mount-zfs b/apparmor.d/profiles-m-r/mount-zfs index d2efa3054..bb723ad8a 100644 --- a/apparmor.d/profiles-m-r/mount-zfs +++ b/apparmor.d/profiles-m-r/mount-zfs @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mpd b/apparmor.d/profiles-m-r/mpd index e222681be..5779253fe 100644 --- a/apparmor.d/profiles-m-r/mpd +++ b/apparmor.d/profiles-m-r/mpd @@ -3,6 +3,7 @@ # Copyright (C) 2023-2024 Alexandre Pujol # Copyright (C) 2023 Jose Maldonado # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mpsyt b/apparmor.d/profiles-m-r/mpsyt index 71f1e4cf9..18c086cf2 100644 --- a/apparmor.d/profiles-m-r/mpsyt +++ b/apparmor.d/profiles-m-r/mpsyt @@ -2,6 +2,7 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mpv b/apparmor.d/profiles-m-r/mpv index 23aa2b9a1..506ad9f9d 100644 --- a/apparmor.d/profiles-m-r/mpv +++ b/apparmor.d/profiles-m-r/mpv @@ -2,6 +2,7 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mtools b/apparmor.d/profiles-m-r/mtools index b19df6cc7..667ec5460 100644 --- a/apparmor.d/profiles-m-r/mtools +++ b/apparmor.d/profiles-m-r/mtools @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mtr b/apparmor.d/profiles-m-r/mtr index 00d4c0629..cf50a1d8b 100644 --- a/apparmor.d/profiles-m-r/mtr +++ b/apparmor.d/profiles-m-r/mtr @@ -2,6 +2,7 @@ # Copyright (C) 2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mtr-packet b/apparmor.d/profiles-m-r/mtr-packet index 2605b9e25..0e637ebc5 100644 --- a/apparmor.d/profiles-m-r/mtr-packet +++ b/apparmor.d/profiles-m-r/mtr-packet @@ -2,6 +2,7 @@ # Copyright (C) 2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mullvad-setup b/apparmor.d/profiles-m-r/mullvad-setup index befffe09f..3ff624060 100644 --- a/apparmor.d/profiles-m-r/mullvad-setup +++ b/apparmor.d/profiles-m-r/mullvad-setup @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/multipath b/apparmor.d/profiles-m-r/multipath index a571e233d..9d1593383 100644 --- a/apparmor.d/profiles-m-r/multipath +++ b/apparmor.d/profiles-m-r/multipath @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/multipathd b/apparmor.d/profiles-m-r/multipathd index dffcde3cc..d1917f385 100644 --- a/apparmor.d/profiles-m-r/multipathd +++ b/apparmor.d/profiles-m-r/multipathd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mumble b/apparmor.d/profiles-m-r/mumble index 6608498b7..61869179e 100644 --- a/apparmor.d/profiles-m-r/mumble +++ b/apparmor.d/profiles-m-r/mumble @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/mumble-overlay b/apparmor.d/profiles-m-r/mumble-overlay index 07f5a0107..b4c82b995 100644 --- a/apparmor.d/profiles-m-r/mumble-overlay +++ b/apparmor.d/profiles-m-r/mumble-overlay @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/murmurd b/apparmor.d/profiles-m-r/murmurd index f9ee44271..eb23ececf 100644 --- a/apparmor.d/profiles-m-r/murmurd +++ b/apparmor.d/profiles-m-r/murmurd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include diff --git a/apparmor.d/profiles-m-r/mutt b/apparmor.d/profiles-m-r/mutt index 27060bf3c..9e5725121 100644 --- a/apparmor.d/profiles-m-r/mutt +++ b/apparmor.d/profiles-m-r/mutt @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023 Zane Zakraisek # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/needrestart b/apparmor.d/profiles-m-r/needrestart index d01c714f6..4d28d7e7f 100644 --- a/apparmor.d/profiles-m-r/needrestart +++ b/apparmor.d/profiles-m-r/needrestart @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/needrestart-apt-pinvoke b/apparmor.d/profiles-m-r/needrestart-apt-pinvoke index addce84cb..eb11993e4 100644 --- a/apparmor.d/profiles-m-r/needrestart-apt-pinvoke +++ b/apparmor.d/profiles-m-r/needrestart-apt-pinvoke @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/needrestart-dpkg-status b/apparmor.d/profiles-m-r/needrestart-dpkg-status index 1de2b3200..b8326e8b3 100644 --- a/apparmor.d/profiles-m-r/needrestart-dpkg-status +++ b/apparmor.d/profiles-m-r/needrestart-dpkg-status @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions b/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions index 30a7bb801..4d6441a30 100644 --- a/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions +++ b/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/nemo b/apparmor.d/profiles-m-r/nemo index 56c2a960f..56a0a1cff 100644 --- a/apparmor.d/profiles-m-r/nemo +++ b/apparmor.d/profiles-m-r/nemo @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/netcap b/apparmor.d/profiles-m-r/netcap index 91de9da81..ddcb1d368 100644 --- a/apparmor.d/profiles-m-r/netcap +++ b/apparmor.d/profiles-m-r/netcap @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/nethogs b/apparmor.d/profiles-m-r/nethogs index 22fc63a36..51e8b2afa 100644 --- a/apparmor.d/profiles-m-r/nethogs +++ b/apparmor.d/profiles-m-r/nethogs @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/netstat b/apparmor.d/profiles-m-r/netstat index 12060ddb8..e6e0fceb1 100644 --- a/apparmor.d/profiles-m-r/netstat +++ b/apparmor.d/profiles-m-r/netstat @@ -4,6 +4,7 @@ # Copyright (C) 2018-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/newgidmap b/apparmor.d/profiles-m-r/newgidmap index 9c6303bef..dc0115e0b 100644 --- a/apparmor.d/profiles-m-r/newgidmap +++ b/apparmor.d/profiles-m-r/newgidmap @@ -2,6 +2,7 @@ # Copyright (C) 2021-2024 Alexandre Pujol # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/newgrp b/apparmor.d/profiles-m-r/newgrp index 836da42f9..5485ae247 100644 --- a/apparmor.d/profiles-m-r/newgrp +++ b/apparmor.d/profiles-m-r/newgrp @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/newuidmap b/apparmor.d/profiles-m-r/newuidmap index b2d0a5e16..8363b82f8 100644 --- a/apparmor.d/profiles-m-r/newuidmap +++ b/apparmor.d/profiles-m-r/newuidmap @@ -2,6 +2,7 @@ # Copyright (C) 2021-2024 Alexandre Pujol # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/nfsdcld b/apparmor.d/profiles-m-r/nfsdcld index 52223b8f1..4f56bb407 100644 --- a/apparmor.d/profiles-m-r/nfsdcld +++ b/apparmor.d/profiles-m-r/nfsdcld @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/nft b/apparmor.d/profiles-m-r/nft index caa99aa4d..e1e36c08e 100644 --- a/apparmor.d/profiles-m-r/nft +++ b/apparmor.d/profiles-m-r/nft @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/nmap b/apparmor.d/profiles-m-r/nmap index 4a40f4180..788207b91 100644 --- a/apparmor.d/profiles-m-r/nmap +++ b/apparmor.d/profiles-m-r/nmap @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/nologin b/apparmor.d/profiles-m-r/nologin index 431ca92b3..104bf31db 100644 --- a/apparmor.d/profiles-m-r/nologin +++ b/apparmor.d/profiles-m-r/nologin @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/nslookup b/apparmor.d/profiles-m-r/nslookup index 1cf1ec1fd..8ec30d881 100644 --- a/apparmor.d/profiles-m-r/nslookup +++ b/apparmor.d/profiles-m-r/nslookup @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfs-3g b/apparmor.d/profiles-m-r/ntfs-3g index bf6fda62f..9ef58b7fe 100644 --- a/apparmor.d/profiles-m-r/ntfs-3g +++ b/apparmor.d/profiles-m-r/ntfs-3g @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfs-3g-probe b/apparmor.d/profiles-m-r/ntfs-3g-probe index 1b3d84d48..387e50a55 100644 --- a/apparmor.d/profiles-m-r/ntfs-3g-probe +++ b/apparmor.d/profiles-m-r/ntfs-3g-probe @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfscat b/apparmor.d/profiles-m-r/ntfscat index cba96e5ef..cbed4f2ee 100644 --- a/apparmor.d/profiles-m-r/ntfscat +++ b/apparmor.d/profiles-m-r/ntfscat @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfsclone b/apparmor.d/profiles-m-r/ntfsclone index 871cd69d6..620077c1e 100644 --- a/apparmor.d/profiles-m-r/ntfsclone +++ b/apparmor.d/profiles-m-r/ntfsclone @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfscluster b/apparmor.d/profiles-m-r/ntfscluster index fb5406347..114ee7009 100644 --- a/apparmor.d/profiles-m-r/ntfscluster +++ b/apparmor.d/profiles-m-r/ntfscluster @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfscmp b/apparmor.d/profiles-m-r/ntfscmp index 2df16e98e..ddb9610ae 100644 --- a/apparmor.d/profiles-m-r/ntfscmp +++ b/apparmor.d/profiles-m-r/ntfscmp @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfscp b/apparmor.d/profiles-m-r/ntfscp index 323848b52..7ad2d73e2 100644 --- a/apparmor.d/profiles-m-r/ntfscp +++ b/apparmor.d/profiles-m-r/ntfscp @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfsdecrypt b/apparmor.d/profiles-m-r/ntfsdecrypt index 4a9e437b8..a717cd021 100644 --- a/apparmor.d/profiles-m-r/ntfsdecrypt +++ b/apparmor.d/profiles-m-r/ntfsdecrypt @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfsfallocate b/apparmor.d/profiles-m-r/ntfsfallocate index 03d346e80..f7faaba76 100644 --- a/apparmor.d/profiles-m-r/ntfsfallocate +++ b/apparmor.d/profiles-m-r/ntfsfallocate @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfsfix b/apparmor.d/profiles-m-r/ntfsfix index 513985be5..b80e8d689 100644 --- a/apparmor.d/profiles-m-r/ntfsfix +++ b/apparmor.d/profiles-m-r/ntfsfix @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfsinfo b/apparmor.d/profiles-m-r/ntfsinfo index 808723b00..968755f11 100644 --- a/apparmor.d/profiles-m-r/ntfsinfo +++ b/apparmor.d/profiles-m-r/ntfsinfo @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfslabel b/apparmor.d/profiles-m-r/ntfslabel index 4c780e65c..b84dd812a 100644 --- a/apparmor.d/profiles-m-r/ntfslabel +++ b/apparmor.d/profiles-m-r/ntfslabel @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfsls b/apparmor.d/profiles-m-r/ntfsls index 7b0f63c53..bb1dda661 100644 --- a/apparmor.d/profiles-m-r/ntfsls +++ b/apparmor.d/profiles-m-r/ntfsls @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfsmove b/apparmor.d/profiles-m-r/ntfsmove index f1263c8b6..57263169b 100644 --- a/apparmor.d/profiles-m-r/ntfsmove +++ b/apparmor.d/profiles-m-r/ntfsmove @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfsrecover b/apparmor.d/profiles-m-r/ntfsrecover index 971eea643..331011d97 100644 --- a/apparmor.d/profiles-m-r/ntfsrecover +++ b/apparmor.d/profiles-m-r/ntfsrecover @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfsresize b/apparmor.d/profiles-m-r/ntfsresize index f6c2608fc..ddaee0504 100644 --- a/apparmor.d/profiles-m-r/ntfsresize +++ b/apparmor.d/profiles-m-r/ntfsresize @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfssecaudit b/apparmor.d/profiles-m-r/ntfssecaudit index a1a0add39..333636143 100644 --- a/apparmor.d/profiles-m-r/ntfssecaudit +++ b/apparmor.d/profiles-m-r/ntfssecaudit @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfstruncate b/apparmor.d/profiles-m-r/ntfstruncate index a5d9aea5c..3df08ba14 100644 --- a/apparmor.d/profiles-m-r/ntfstruncate +++ b/apparmor.d/profiles-m-r/ntfstruncate @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfsundelete b/apparmor.d/profiles-m-r/ntfsundelete index 5b066d3f1..0f9625a83 100644 --- a/apparmor.d/profiles-m-r/ntfsundelete +++ b/apparmor.d/profiles-m-r/ntfsundelete @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfsusermap b/apparmor.d/profiles-m-r/ntfsusermap index 056207ccd..e125ae7ec 100644 --- a/apparmor.d/profiles-m-r/ntfsusermap +++ b/apparmor.d/profiles-m-r/ntfsusermap @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ntfswipe b/apparmor.d/profiles-m-r/ntfswipe index 1c9a62f3d..4f90518d3 100644 --- a/apparmor.d/profiles-m-r/ntfswipe +++ b/apparmor.d/profiles-m-r/ntfswipe @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/nullmailer-send b/apparmor.d/profiles-m-r/nullmailer-send index efc10f9de..08fd62456 100644 --- a/apparmor.d/profiles-m-r/nullmailer-send +++ b/apparmor.d/profiles-m-r/nullmailer-send @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/numlockx b/apparmor.d/profiles-m-r/numlockx index 672f33417..e435c139b 100644 --- a/apparmor.d/profiles-m-r/numlockx +++ b/apparmor.d/profiles-m-r/numlockx @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/nvidia-detector b/apparmor.d/profiles-m-r/nvidia-detector index a29711965..988a43a10 100644 --- a/apparmor.d/profiles-m-r/nvidia-detector +++ b/apparmor.d/profiles-m-r/nvidia-detector @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/nvidia-persistenced b/apparmor.d/profiles-m-r/nvidia-persistenced index da68f30e2..e91560a51 100644 --- a/apparmor.d/profiles-m-r/nvidia-persistenced +++ b/apparmor.d/profiles-m-r/nvidia-persistenced @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/nvidia-settings b/apparmor.d/profiles-m-r/nvidia-settings index fa4c52f4c..2aaea25f2 100644 --- a/apparmor.d/profiles-m-r/nvidia-settings +++ b/apparmor.d/profiles-m-r/nvidia-settings @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/nvtop b/apparmor.d/profiles-m-r/nvtop index 0448b8db8..07710f048 100644 --- a/apparmor.d/profiles-m-r/nvtop +++ b/apparmor.d/profiles-m-r/nvtop @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/obamenu b/apparmor.d/profiles-m-r/obamenu index a5768aa00..7947beeac 100644 --- a/apparmor.d/profiles-m-r/obamenu +++ b/apparmor.d/profiles-m-r/obamenu @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/obconf b/apparmor.d/profiles-m-r/obconf index f3a4c9d37..52a449dff 100644 --- a/apparmor.d/profiles-m-r/obconf +++ b/apparmor.d/profiles-m-r/obconf @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/obex-folder-listing b/apparmor.d/profiles-m-r/obex-folder-listing index af0fda673..e33ed75c7 100644 --- a/apparmor.d/profiles-m-r/obex-folder-listing +++ b/apparmor.d/profiles-m-r/obex-folder-listing @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/obexautofs b/apparmor.d/profiles-m-r/obexautofs index 091a1df08..ba6dc8fa9 100644 --- a/apparmor.d/profiles-m-r/obexautofs +++ b/apparmor.d/profiles-m-r/obexautofs @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/obexctl b/apparmor.d/profiles-m-r/obexctl index b6e78eff1..1303fe112 100644 --- a/apparmor.d/profiles-m-r/obexctl +++ b/apparmor.d/profiles-m-r/obexctl @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/obexd b/apparmor.d/profiles-m-r/obexd index cb9f00b0d..8a9d23b5f 100644 --- a/apparmor.d/profiles-m-r/obexd +++ b/apparmor.d/profiles-m-r/obexd @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/obexfs b/apparmor.d/profiles-m-r/obexfs index 24c4063e5..f88a451aa 100644 --- a/apparmor.d/profiles-m-r/obexfs +++ b/apparmor.d/profiles-m-r/obexfs @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/obexpush-atd b/apparmor.d/profiles-m-r/obexpush-atd index 3ea806849..d6d1878c4 100644 --- a/apparmor.d/profiles-m-r/obexpush-atd +++ b/apparmor.d/profiles-m-r/obexpush-atd @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/obexpushd b/apparmor.d/profiles-m-r/obexpushd index c6f4b6db7..99ca9aaaa 100644 --- a/apparmor.d/profiles-m-r/obexpushd +++ b/apparmor.d/profiles-m-r/obexpushd @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/obxprop b/apparmor.d/profiles-m-r/obxprop index 4a1688e70..1419c3213 100644 --- a/apparmor.d/profiles-m-r/obxprop +++ b/apparmor.d/profiles-m-r/obxprop @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/on-ac-power b/apparmor.d/profiles-m-r/on-ac-power index d5248795f..8da400ee4 100644 --- a/apparmor.d/profiles-m-r/on-ac-power +++ b/apparmor.d/profiles-m-r/on-ac-power @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/onefetch b/apparmor.d/profiles-m-r/onefetch index 02618d169..e04ee7bbf 100644 --- a/apparmor.d/profiles-m-r/onefetch +++ b/apparmor.d/profiles-m-r/onefetch @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/openbox b/apparmor.d/profiles-m-r/openbox index 4788f38c6..08eab7d99 100644 --- a/apparmor.d/profiles-m-r/openbox +++ b/apparmor.d/profiles-m-r/openbox @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/openbox-session b/apparmor.d/profiles-m-r/openbox-session index 185984063..85ee6699f 100644 --- a/apparmor.d/profiles-m-r/openbox-session +++ b/apparmor.d/profiles-m-r/openbox-session @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/orage b/apparmor.d/profiles-m-r/orage index ee04dda66..f90890d03 100644 --- a/apparmor.d/profiles-m-r/orage +++ b/apparmor.d/profiles-m-r/orage @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/os-prober b/apparmor.d/profiles-m-r/os-prober index 5333bc944..80ce94cc2 100644 --- a/apparmor.d/profiles-m-r/os-prober +++ b/apparmor.d/profiles-m-r/os-prober @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/packagekitd b/apparmor.d/profiles-m-r/packagekitd index 972d45265..55dcdf74e 100644 --- a/apparmor.d/profiles-m-r/packagekitd +++ b/apparmor.d/profiles-m-r/packagekitd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pacmd b/apparmor.d/profiles-m-r/pacmd index 9ebb1b1a0..541266aa3 100644 --- a/apparmor.d/profiles-m-r/pacmd +++ b/apparmor.d/profiles-m-r/pacmd @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pactl b/apparmor.d/profiles-m-r/pactl index 551dc7a9a..c671e58e4 100644 --- a/apparmor.d/profiles-m-r/pactl +++ b/apparmor.d/profiles-m-r/pactl @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pagesize b/apparmor.d/profiles-m-r/pagesize index 64e575927..d32fa5949 100644 --- a/apparmor.d/profiles-m-r/pagesize +++ b/apparmor.d/profiles-m-r/pagesize @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pam-auth-update b/apparmor.d/profiles-m-r/pam-auth-update index 48af5a9f3..9a3dcd47e 100644 --- a/apparmor.d/profiles-m-r/pam-auth-update +++ b/apparmor.d/profiles-m-r/pam-auth-update @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pam-tmpdir-helper b/apparmor.d/profiles-m-r/pam-tmpdir-helper index 1c0836c1f..dd598e039 100644 --- a/apparmor.d/profiles-m-r/pam-tmpdir-helper +++ b/apparmor.d/profiles-m-r/pam-tmpdir-helper @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pam/mappings b/apparmor.d/profiles-m-r/pam/mappings index 0f9d039fd..fb55deb62 100644 --- a/apparmor.d/profiles-m-r/pam/mappings +++ b/apparmor.d/profiles-m-r/pam/mappings @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # See more at: https://gitlab.com/apparmor/apparmor/wikis/Pam_apparmor_example diff --git a/apparmor.d/profiles-m-r/parted b/apparmor.d/profiles-m-r/parted index bd0238323..75bcb96ba 100644 --- a/apparmor.d/profiles-m-r/parted +++ b/apparmor.d/profiles-m-r/parted @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/partprobe b/apparmor.d/profiles-m-r/partprobe index 27edebbf5..5e3528c56 100644 --- a/apparmor.d/profiles-m-r/partprobe +++ b/apparmor.d/profiles-m-r/partprobe @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pass b/apparmor.d/profiles-m-r/pass index 1dbcac174..f1536ec93 100644 --- a/apparmor.d/profiles-m-r/pass +++ b/apparmor.d/profiles-m-r/pass @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pass-import b/apparmor.d/profiles-m-r/pass-import index d2ad4fd91..e85d2791d 100644 --- a/apparmor.d/profiles-m-r/pass-import +++ b/apparmor.d/profiles-m-r/pass-import @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/passimd b/apparmor.d/profiles-m-r/passimd index 2ead4d034..9fa951cdc 100644 --- a/apparmor.d/profiles-m-r/passimd +++ b/apparmor.d/profiles-m-r/passimd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/passwd b/apparmor.d/profiles-m-r/passwd index 99d20eb10..b36451c4a 100644 --- a/apparmor.d/profiles-m-r/passwd +++ b/apparmor.d/profiles-m-r/passwd @@ -2,6 +2,7 @@ # Copyright (C) 2019-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pavucontrol b/apparmor.d/profiles-m-r/pavucontrol index ad6d92aac..b01303799 100644 --- a/apparmor.d/profiles-m-r/pavucontrol +++ b/apparmor.d/profiles-m-r/pavucontrol @@ -2,6 +2,7 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pcb-gtk b/apparmor.d/profiles-m-r/pcb-gtk index 9ff0fbcdd..3e334ec2d 100644 --- a/apparmor.d/profiles-m-r/pcb-gtk +++ b/apparmor.d/profiles-m-r/pcb-gtk @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pcscd b/apparmor.d/profiles-m-r/pcscd index c4b5cb689..3929b5b29 100644 --- a/apparmor.d/profiles-m-r/pcscd +++ b/apparmor.d/profiles-m-r/pcscd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/picom b/apparmor.d/profiles-m-r/picom index baaa80dea..b93b344af 100644 --- a/apparmor.d/profiles-m-r/picom +++ b/apparmor.d/profiles-m-r/picom @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pidof b/apparmor.d/profiles-m-r/pidof index ba557f810..69666decc 100644 --- a/apparmor.d/profiles-m-r/pidof +++ b/apparmor.d/profiles-m-r/pidof @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pinentry b/apparmor.d/profiles-m-r/pinentry index 3606078b7..dd43b948a 100644 --- a/apparmor.d/profiles-m-r/pinentry +++ b/apparmor.d/profiles-m-r/pinentry @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pinentry-curses b/apparmor.d/profiles-m-r/pinentry-curses index b9d53352f..fb8c28111 100644 --- a/apparmor.d/profiles-m-r/pinentry-curses +++ b/apparmor.d/profiles-m-r/pinentry-curses @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pinentry-gnome3 b/apparmor.d/profiles-m-r/pinentry-gnome3 index 5da9358bf..642e43a18 100644 --- a/apparmor.d/profiles-m-r/pinentry-gnome3 +++ b/apparmor.d/profiles-m-r/pinentry-gnome3 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pinentry-gtk-2 b/apparmor.d/profiles-m-r/pinentry-gtk-2 index c139e2e2b..f0a960571 100644 --- a/apparmor.d/profiles-m-r/pinentry-gtk-2 +++ b/apparmor.d/profiles-m-r/pinentry-gtk-2 @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pinentry-kwallet b/apparmor.d/profiles-m-r/pinentry-kwallet index 612f68851..1dcc5c70c 100644 --- a/apparmor.d/profiles-m-r/pinentry-kwallet +++ b/apparmor.d/profiles-m-r/pinentry-kwallet @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pinentry-qt b/apparmor.d/profiles-m-r/pinentry-qt index ae157744e..d169bedbb 100644 --- a/apparmor.d/profiles-m-r/pinentry-qt +++ b/apparmor.d/profiles-m-r/pinentry-qt @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pkcs11-register b/apparmor.d/profiles-m-r/pkcs11-register index 3ca20d326..04c2298ba 100644 --- a/apparmor.d/profiles-m-r/pkcs11-register +++ b/apparmor.d/profiles-m-r/pkcs11-register @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pkexec b/apparmor.d/profiles-m-r/pkexec index 417ca76fd..e5272cd55 100644 --- a/apparmor.d/profiles-m-r/pkexec +++ b/apparmor.d/profiles-m-r/pkexec @@ -2,6 +2,7 @@ # Copyright (C) 2019-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pkttyagent b/apparmor.d/profiles-m-r/pkttyagent index ce290da5f..ac6a3be06 100644 --- a/apparmor.d/profiles-m-r/pkttyagent +++ b/apparmor.d/profiles-m-r/pkttyagent @@ -2,6 +2,7 @@ # Copyright (C) 2021-2024 Alexandre Pujol # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/plank b/apparmor.d/profiles-m-r/plank index f94da07a7..2d677fe19 100644 --- a/apparmor.d/profiles-m-r/plank +++ b/apparmor.d/profiles-m-r/plank @@ -2,6 +2,7 @@ # Copyright (C) 2023 Jeroen Rijken # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/plocate b/apparmor.d/profiles-m-r/plocate index 21a27e43e..574f169d7 100644 --- a/apparmor.d/profiles-m-r/plocate +++ b/apparmor.d/profiles-m-r/plocate @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/plocate-build b/apparmor.d/profiles-m-r/plocate-build index 615baabe5..e5ca94bef 100644 --- a/apparmor.d/profiles-m-r/plocate-build +++ b/apparmor.d/profiles-m-r/plocate-build @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/popularity-contest b/apparmor.d/profiles-m-r/popularity-contest index 702ccbcdf..a243b2241 100644 --- a/apparmor.d/profiles-m-r/popularity-contest +++ b/apparmor.d/profiles-m-r/popularity-contest @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/power-profiles-daemon b/apparmor.d/profiles-m-r/power-profiles-daemon index eb5470217..ee1521c69 100644 --- a/apparmor.d/profiles-m-r/power-profiles-daemon +++ b/apparmor.d/profiles-m-r/power-profiles-daemon @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/protonmail-bridge b/apparmor.d/profiles-m-r/protonmail-bridge index 92a5eb13c..b1a9a5919 100644 --- a/apparmor.d/profiles-m-r/protonmail-bridge +++ b/apparmor.d/profiles-m-r/protonmail-bridge @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Warning: only the protonmail-bridge CLI and service are supported, NOT the GUI. diff --git a/apparmor.d/profiles-m-r/ps b/apparmor.d/profiles-m-r/ps index dbaf443fc..3fd5efdcc 100644 --- a/apparmor.d/profiles-m-r/ps +++ b/apparmor.d/profiles-m-r/ps @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/ps-mem b/apparmor.d/profiles-m-r/ps-mem index 4d0a5c642..c015f077e 100644 --- a/apparmor.d/profiles-m-r/ps-mem +++ b/apparmor.d/profiles-m-r/ps-mem @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pscap b/apparmor.d/profiles-m-r/pscap index 61bd4438a..130f6dfdd 100644 --- a/apparmor.d/profiles-m-r/pscap +++ b/apparmor.d/profiles-m-r/pscap @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/psi b/apparmor.d/profiles-m-r/psi index a0765eb7e..51967fb79 100644 --- a/apparmor.d/profiles-m-r/psi +++ b/apparmor.d/profiles-m-r/psi @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/psi-plus b/apparmor.d/profiles-m-r/psi-plus index aaead522e..4117790e9 100644 --- a/apparmor.d/profiles-m-r/psi-plus +++ b/apparmor.d/profiles-m-r/psi-plus @@ -2,6 +2,7 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pstree b/apparmor.d/profiles-m-r/pstree index 3ad9e7b0c..86ec8536f 100644 --- a/apparmor.d/profiles-m-r/pstree +++ b/apparmor.d/profiles-m-r/pstree @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pulseeffects b/apparmor.d/profiles-m-r/pulseeffects index 4166f0678..7c78de274 100644 --- a/apparmor.d/profiles-m-r/pulseeffects +++ b/apparmor.d/profiles-m-r/pulseeffects @@ -2,6 +2,7 @@ # Copyright (C) 2015-2020 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/pwck b/apparmor.d/profiles-m-r/pwck index 051417cf2..bba63f378 100644 --- a/apparmor.d/profiles-m-r/pwck +++ b/apparmor.d/profiles-m-r/pwck @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/qbittorrent b/apparmor.d/profiles-m-r/qbittorrent index e1eb03dd8..308396ec4 100644 --- a/apparmor.d/profiles-m-r/qbittorrent +++ b/apparmor.d/profiles-m-r/qbittorrent @@ -2,6 +2,7 @@ # Copyright (C) 2015-2022 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/qbittorrent-nox b/apparmor.d/profiles-m-r/qbittorrent-nox index cd4015707..b83fd24e3 100644 --- a/apparmor.d/profiles-m-r/qbittorrent-nox +++ b/apparmor.d/profiles-m-r/qbittorrent-nox @@ -2,6 +2,7 @@ # Copyright (C) 2015-2020 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/qemu-ga b/apparmor.d/profiles-m-r/qemu-ga index b873fb6a5..53d8ac0e5 100644 --- a/apparmor.d/profiles-m-r/qemu-ga +++ b/apparmor.d/profiles-m-r/qemu-ga @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/qnapi b/apparmor.d/profiles-m-r/qnapi index 7075a0a49..5e0a76e90 100644 --- a/apparmor.d/profiles-m-r/qnapi +++ b/apparmor.d/profiles-m-r/qnapi @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/qpdfview b/apparmor.d/profiles-m-r/qpdfview index 4ce205c27..ee89f9c6d 100644 --- a/apparmor.d/profiles-m-r/qpdfview +++ b/apparmor.d/profiles-m-r/qpdfview @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/qt5ct b/apparmor.d/profiles-m-r/qt5ct index 58bd6948e..d4723b920 100644 --- a/apparmor.d/profiles-m-r/qt5ct +++ b/apparmor.d/profiles-m-r/qt5ct @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/qtchooser b/apparmor.d/profiles-m-r/qtchooser index 10749b88e..d6e91f17e 100644 --- a/apparmor.d/profiles-m-r/qtchooser +++ b/apparmor.d/profiles-m-r/qtchooser @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/qtox b/apparmor.d/profiles-m-r/qtox index fd9e0748d..2dbaa7d55 100644 --- a/apparmor.d/profiles-m-r/qtox +++ b/apparmor.d/profiles-m-r/qtox @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/quiterss b/apparmor.d/profiles-m-r/quiterss index a0463bb98..7fa111f47 100644 --- a/apparmor.d/profiles-m-r/quiterss +++ b/apparmor.d/profiles-m-r/quiterss @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/rdmsr b/apparmor.d/profiles-m-r/rdmsr index 5500bbfda..1d092f20b 100644 --- a/apparmor.d/profiles-m-r/rdmsr +++ b/apparmor.d/profiles-m-r/rdmsr @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/remmina b/apparmor.d/profiles-m-r/remmina index 833c81818..170df87a3 100644 --- a/apparmor.d/profiles-m-r/remmina +++ b/apparmor.d/profiles-m-r/remmina @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/repo b/apparmor.d/profiles-m-r/repo index 0132cbe9a..51335d5e0 100644 --- a/apparmor.d/profiles-m-r/repo +++ b/apparmor.d/profiles-m-r/repo @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/reprepro b/apparmor.d/profiles-m-r/reprepro index b0d31a4fb..76bb0b228 100644 --- a/apparmor.d/profiles-m-r/reprepro +++ b/apparmor.d/profiles-m-r/reprepro @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/resize2fs b/apparmor.d/profiles-m-r/resize2fs index 7406602e4..fd449af74 100644 --- a/apparmor.d/profiles-m-r/resize2fs +++ b/apparmor.d/profiles-m-r/resize2fs @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/resolvconf b/apparmor.d/profiles-m-r/resolvconf index 8609e4858..f7433f7d4 100644 --- a/apparmor.d/profiles-m-r/resolvconf +++ b/apparmor.d/profiles-m-r/resolvconf @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/rfkill b/apparmor.d/profiles-m-r/rfkill index a0ba2c7b3..96df69bd3 100644 --- a/apparmor.d/profiles-m-r/rfkill +++ b/apparmor.d/profiles-m-r/rfkill @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/rngd b/apparmor.d/profiles-m-r/rngd index b929f1a7a..4eefee054 100644 --- a/apparmor.d/profiles-m-r/rngd +++ b/apparmor.d/profiles-m-r/rngd @@ -2,6 +2,7 @@ # Copyright (C) 2021-2024 Alexandre Pujol # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/rpi-imager b/apparmor.d/profiles-m-r/rpi-imager index 946219e92..fd7ada167 100644 --- a/apparmor.d/profiles-m-r/rpi-imager +++ b/apparmor.d/profiles-m-r/rpi-imager @@ -2,6 +2,7 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/rredtool b/apparmor.d/profiles-m-r/rredtool index 569f9f25a..8ffe134be 100644 --- a/apparmor.d/profiles-m-r/rredtool +++ b/apparmor.d/profiles-m-r/rredtool @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/rsyslogd b/apparmor.d/profiles-m-r/rsyslogd index 60f6d63e9..c93b67254 100644 --- a/apparmor.d/profiles-m-r/rsyslogd +++ b/apparmor.d/profiles-m-r/rsyslogd @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/rtkit-daemon b/apparmor.d/profiles-m-r/rtkit-daemon index 72d6f0e7f..9c58a9548 100644 --- a/apparmor.d/profiles-m-r/rtkit-daemon +++ b/apparmor.d/profiles-m-r/rtkit-daemon @@ -2,6 +2,7 @@ # Copyright (C) 2018-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/rtkitctl b/apparmor.d/profiles-m-r/rtkitctl index adbe7d66b..8a45f0339 100644 --- a/apparmor.d/profiles-m-r/rtkitctl +++ b/apparmor.d/profiles-m-r/rtkitctl @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/run-parts b/apparmor.d/profiles-m-r/run-parts index 726f6f64e..135b56622 100644 --- a/apparmor.d/profiles-m-r/run-parts +++ b/apparmor.d/profiles-m-r/run-parts @@ -3,6 +3,7 @@ # Copyright (C) 2022-2024 Alexandre Pujol # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/runuser b/apparmor.d/profiles-m-r/runuser index 590ed971c..3992c1993 100644 --- a/apparmor.d/profiles-m-r/runuser +++ b/apparmor.d/profiles-m-r/runuser @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/rustdesk b/apparmor.d/profiles-m-r/rustdesk index c711530ef..718b8fe3b 100644 --- a/apparmor.d/profiles-m-r/rustdesk +++ b/apparmor.d/profiles-m-r/rustdesk @@ -1,5 +1,6 @@ # apparmor.d - Full set of apparmor profiles # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-m-r/rustdesk-utils b/apparmor.d/profiles-m-r/rustdesk-utils index 8c5817b15..102536379 100644 --- a/apparmor.d/profiles-m-r/rustdesk-utils +++ b/apparmor.d/profiles-m-r/rustdesk-utils @@ -1,5 +1,6 @@ # apparmor.d - Full set of apparmor profiles # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , From bb6df870bb6203bb881be50518ed9578b0da1e1d Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Mon, 10 Jun 2024 23:43:55 +0100 Subject: [PATCH 20/70] chore: cleanup opensc debian structure. --- apparmor.d/abstractions/app/chromium | 3 +-- apparmor.d/abstractions/app/firefox | 3 +-- apparmor.d/groups/gnome/gsd-smartcard | 3 +-- apparmor.d/groups/gnome/seahorse | 3 +-- apparmor.d/profiles-m-r/pkcs11-register | 3 +-- apparmor.d/profiles-m-r/rngd | 3 +-- 6 files changed, 6 insertions(+), 12 deletions(-) diff --git a/apparmor.d/abstractions/app/chromium b/apparmor.d/abstractions/app/chromium index c4359cc9c..a3af128df 100644 --- a/apparmor.d/abstractions/app/chromium +++ b/apparmor.d/abstractions/app/chromium @@ -110,8 +110,7 @@ /etc/@{name}/{,**} r, /etc/fstab r, - /etc/opensc.conf r, - /etc/opensc/opensc.conf r, # Debian ubication + /etc/{,opensc/}opensc.conf r, /var/lib/dbus/machine-id r, /etc/machine-id r, diff --git a/apparmor.d/abstractions/app/firefox b/apparmor.d/abstractions/app/firefox index ba0c7f3ee..bd8b14620 100644 --- a/apparmor.d/abstractions/app/firefox +++ b/apparmor.d/abstractions/app/firefox @@ -73,8 +73,7 @@ /etc/fstab r, /etc/mailcap r, /etc/mime.types r, - /etc/opensc.conf r, - /etc/opensc/opensc.conf r, + /etc/{,opensc/}opensc.conf r, /etc/sysconfig/proxy r, /etc/xdg/* r, /etc/xul-ext/kwallet5.js r, diff --git a/apparmor.d/groups/gnome/gsd-smartcard b/apparmor.d/groups/gnome/gsd-smartcard index 4003d1753..f5516c22c 100644 --- a/apparmor.d/groups/gnome/gsd-smartcard +++ b/apparmor.d/groups/gnome/gsd-smartcard @@ -30,8 +30,7 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) { /usr/share/gdm/greeter-dconf-defaults r, /usr/share/glib-2.0/schemas/gschemas.compiled r, - /etc/opensc.conf r, - /etc/opensc/opensc.conf r, + /etc/{,opensc/}opensc.conf r, owner @{GDM_HOME}/greeter-dconf-defaults r, owner @{gdm_config_dirs}/dconf/user r, diff --git a/apparmor.d/groups/gnome/seahorse b/apparmor.d/groups/gnome/seahorse index 8987ae31a..1f5a088be 100644 --- a/apparmor.d/groups/gnome/seahorse +++ b/apparmor.d/groups/gnome/seahorse @@ -36,8 +36,7 @@ profile seahorse @{exec_path} { /etc/pki/trust/blocklist/ r, /etc/gcrypt/hwf.deny r, - /etc/opensc.conf r, - /etc/opensc/opensc.conf r, + /etc/{,opensc/}opensc.conf r, owner @{HOME}/@{XDG_SSH_DIR}/{,**} r, diff --git a/apparmor.d/profiles-m-r/pkcs11-register b/apparmor.d/profiles-m-r/pkcs11-register index 3ca20d326..23893edfe 100644 --- a/apparmor.d/profiles-m-r/pkcs11-register +++ b/apparmor.d/profiles-m-r/pkcs11-register @@ -12,8 +12,7 @@ profile pkcs11-register @{exec_path} { @{exec_path} mr, - /etc/opensc.conf r, - /etc/opensc/opensc.conf r, + /etc/{,opensc/}opensc.conf r, owner @{HOME}/.mozilla/firefox/*/pkcs11.txt rw, owner @{HOME}/.mozilla/firefox/profiles.ini r, diff --git a/apparmor.d/profiles-m-r/rngd b/apparmor.d/profiles-m-r/rngd index b929f1a7a..b600f5838 100644 --- a/apparmor.d/profiles-m-r/rngd +++ b/apparmor.d/profiles-m-r/rngd @@ -24,8 +24,7 @@ profile rngd @{exec_path} flags=(attach_disconnected) { /etc/conf.d/rngd r, /etc/machine-id r, - /etc/opensc.conf r, - /etc/opensc/opensc.conf r, + /etc/{,opensc/}opensc.conf r, /var/lib/dbus/machine-id r, @{sys}/devices/virtual/misc/hw_random/rng_available r, From 222685c029ad1b0e056ff54b8bc7a80386d767b4 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Mon, 10 Jun 2024 23:51:38 +0100 Subject: [PATCH 21/70] feat(profile): use the cups-client more often. --- apparmor.d/abstractions/app/firefox | 3 +-- apparmor.d/abstractions/common/app | 2 +- apparmor.d/groups/gnome/gnome-control-center | 3 +-- apparmor.d/groups/gnome/gsd-print-notifications | 5 +---- apparmor.d/groups/kde/plasmashell | 2 +- 5 files changed, 5 insertions(+), 10 deletions(-) diff --git a/apparmor.d/abstractions/app/firefox b/apparmor.d/abstractions/app/firefox index bd8b14620..578689aa4 100644 --- a/apparmor.d/abstractions/app/firefox +++ b/apparmor.d/abstractions/app/firefox @@ -17,6 +17,7 @@ include include include + include include include include @@ -69,7 +70,6 @@ /usr/share/xul-ext/kwallet5/* r, /etc/@{name}/{,**} r, - /etc/cups/client.conf r, /etc/fstab r, /etc/mailcap r, /etc/mime.types r, @@ -81,7 +81,6 @@ /var/lib/nscd/services r, owner @{HOME}/ r, - owner @{HOME}/.cups/lpoptions r, owner @{config_dirs}/ rw, owner @{config_dirs}/** rwk, diff --git a/apparmor.d/abstractions/common/app b/apparmor.d/abstractions/common/app index ff3b0f7f0..f563d8039 100644 --- a/apparmor.d/abstractions/common/app +++ b/apparmor.d/abstractions/common/app @@ -15,6 +15,7 @@ include include include + include # include include include @@ -63,7 +64,6 @@ owner @{tmp}/** rmwk, owner /dev/shm/** rwlk -> /dev/shm/**, - @{run}/cups/cups.sock rw, # Allow access to cups printing socket. @{run}/havahi-daemon/socket rw, # Allow access to avahi-daemon socket. @{run}/host/{,**} r, @{run}/pcscd/pcscd.comm rw, # Allow access to pcscd socket. diff --git a/apparmor.d/groups/gnome/gnome-control-center b/apparmor.d/groups/gnome/gnome-control-center index fd2462ffa..6abb6f1f2 100644 --- a/apparmor.d/groups/gnome/gnome-control-center +++ b/apparmor.d/groups/gnome/gnome-control-center @@ -16,6 +16,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) { include include include + include include include include @@ -93,7 +94,6 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) { /usr/share/wallpapers/{,**} r, /usr/share/xml/iso-codes/{,**} r, - /etc/cups/client.conf r, /etc/machine-info r, /etc/rygel.conf r, /etc/security/pwquality.conf r, @@ -130,7 +130,6 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) { owner @{tmp}/gdkpixbuf-xpm-tmp.@{rand6} rw, - @{run}/cups/cups.sock rw, @{run}/samba/ rw, @{run}/systemd/sessions/ r, @{run}/systemd/sessions/* r, diff --git a/apparmor.d/groups/gnome/gsd-print-notifications b/apparmor.d/groups/gnome/gsd-print-notifications index 6846ecaa5..ad71bec7f 100644 --- a/apparmor.d/groups/gnome/gsd-print-notifications +++ b/apparmor.d/groups/gnome/gsd-print-notifications @@ -13,6 +13,7 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) { include include include + include include network inet stream, @@ -34,10 +35,6 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, @{lib}/gsd-printer rPx, - /etc/cups/client.conf r, - - @{run}/cups/cups.sock rw, - owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell index 3c7b4eed8..7464a9842 100644 --- a/apparmor.d/groups/kde/plasmashell +++ b/apparmor.d/groups/kde/plasmashell @@ -16,6 +16,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { include include include + include include include include @@ -76,7 +77,6 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { /usr/share/wallpapers/{,**} r, /etc/appstream.conf r, - /etc/cups/client.conf r, /etc/fstab r, /etc/ksysguarddrc r, /etc/machine-id r, From 0d8afd21e3f7d30bfe052649517f194c8e4dd353 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Mon, 10 Jun 2024 23:52:40 +0100 Subject: [PATCH 22/70] feat(abs): vulkan: allow empty vulkan home dir. --- apparmor.d/abstractions/vulkan-strict | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/apparmor.d/abstractions/vulkan-strict b/apparmor.d/abstractions/vulkan-strict index ee56ef44c..f5926fc20 100644 --- a/apparmor.d/abstractions/vulkan-strict +++ b/apparmor.d/abstractions/vulkan-strict @@ -14,9 +14,12 @@ /etc/vulkan/icd.d/{,*.json} r, /etc/vulkan/implicit_layer.d/{,*.json} r, - owner @{user_share_dirs}/vulkan/implicit_layer.d/{,*.json} r, owner @{user_cache_dirs}/radv_builtin_shaders{32,64} r, # Vulkan radv shaders cache + owner @{user_share_dirs}/vulkan/ rw, + owner @{user_share_dirs}/vulkan/implicit_layer.d/ rw, + owner @{user_share_dirs}/vulkan/implicit_layer.d/*.json r, + @{sys}/class/ r, @{sys}/class/drm/ r, @{sys}/devices/@{pci}/drm/ r, From b4407fb7f8d6441d24dfc9f449cd1d30f46b5b54 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Mon, 10 Jun 2024 23:53:31 +0100 Subject: [PATCH 23/70] feat(abs): wayland: add ibus shared file. --- apparmor.d/abstractions/wayland.d/complete | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apparmor.d/abstractions/wayland.d/complete b/apparmor.d/abstractions/wayland.d/complete index 4e2e7dd02..1029e0a1f 100644 --- a/apparmor.d/abstractions/wayland.d/complete +++ b/apparmor.d/abstractions/wayland.d/complete @@ -2,6 +2,8 @@ # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only + owner @{user_config_dirs}/ibus/bus/@{hex32}-unix-wayland-@{int} r, + owner @{user_share_dirs}/sddm/wayland-session.log w, owner @{run}/user/@{uid}/wayland-@{int}.lock rwk, From d283ef51965a9f1f16a121c0f1824e3e8ca189d3 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Mon, 10 Jun 2024 23:58:44 +0100 Subject: [PATCH 24/70] feat(profile): general update. --- apparmor.d/groups/apt/debsign | 1 + apparmor.d/groups/apt/debsums | 14 +++---- apparmor.d/groups/apt/dpkg-divert | 2 +- .../groups/browsers/firefox-minidump-analyzer | 10 ++--- apparmor.d/groups/bus/ibus-memconf | 4 +- .../groups/cron/cron-popularity-contest | 41 +++++++++---------- apparmor.d/groups/gnome/gdm-generate-config | 2 +- apparmor.d/groups/gnome/gnome-shell | 2 + apparmor.d/groups/gnome/gnome-software | 3 ++ apparmor.d/groups/virt/libvirtd | 1 + apparmor.d/profiles-a-f/cups-notifier-dbus | 3 +- apparmor.d/profiles-a-f/flatpak-portal | 3 ++ apparmor.d/profiles-g-l/kodi-xrandr | 2 +- apparmor.d/profiles-g-l/libreoffice | 5 +++ apparmor.d/profiles-m-r/mkinitramfs | 2 +- apparmor.d/profiles-m-r/qpdfview | 4 +- apparmor.d/profiles-s-z/wsdd | 6 +++ 17 files changed, 62 insertions(+), 43 deletions(-) diff --git a/apparmor.d/groups/apt/debsign b/apparmor.d/groups/apt/debsign index c15be86ea..effa93be2 100644 --- a/apparmor.d/groups/apt/debsign +++ b/apparmor.d/groups/apt/debsign @@ -55,6 +55,7 @@ profile debsign @{exec_path} { owner @{tmp}/debsign.*/*.{dsc,changes,buildinfo} r, owner @{tmp}/debsign.*/*.{dsc,changes,buildinfo}.asc rw, + include if exists } include if exists diff --git a/apparmor.d/groups/apt/debsums b/apparmor.d/groups/apt/debsums index 7bc55f09b..5cd5e045d 100644 --- a/apparmor.d/groups/apt/debsums +++ b/apparmor.d/groups/apt/debsums @@ -20,13 +20,6 @@ profile debsums @{exec_path} { @{sh_path} rix, @{bin}/{m,g,}awk rix, - /etc/dpkg/dpkg.cfg.d/{,*} r, - /etc/dpkg/dpkg.cfg r, - - /var/lib/dpkg/info/* r, - - /etc/locale.nopurge r, - # Do not strip env to avoid errors like the following: # ERROR: ld.so: object 'libfakeroot-sysv.so' from LD_PRELOAD cannot be preloaded (cannot open # shared object file): ignored. @@ -35,6 +28,13 @@ profile debsums @{exec_path} { @{bin}/dpkg rPx -> child-dpkg, @{bin}/dpkg-divert rPx -> child-dpkg-divert, + /etc/dpkg/dpkg.cfg.d/{,*} r, + /etc/dpkg/dpkg.cfg r, + + /etc/locale.nopurge r, + + /var/lib/dpkg/info/* r, + # For shell pwd / r, /root/ r, diff --git a/apparmor.d/groups/apt/dpkg-divert b/apparmor.d/groups/apt/dpkg-divert index 74217421c..515e41679 100644 --- a/apparmor.d/groups/apt/dpkg-divert +++ b/apparmor.d/groups/apt/dpkg-divert @@ -16,7 +16,7 @@ profile dpkg-divert @{exec_path} { /var/lib/dpkg/** r, - /usr/share/*/** w, + /usr/share/*/** rw, /var/lib/dpkg/diversions rw, /var/lib/dpkg/diversions-new rw, diff --git a/apparmor.d/groups/browsers/firefox-minidump-analyzer b/apparmor.d/groups/browsers/firefox-minidump-analyzer index 7c436755a..665673a77 100644 --- a/apparmor.d/groups/browsers/firefox-minidump-analyzer +++ b/apparmor.d/groups/browsers/firefox-minidump-analyzer @@ -15,7 +15,7 @@ include @{cache_dirs} = @{user_cache_dirs}/mozilla/ @{exec_path} = @{lib_dirs}/minidump-analyzer -profile firefox-minidump-analyzer @{exec_path} { +profile firefox-minidump-analyzer @{exec_path} flags=(attach_disconnected) { include signal (receive) set=(term, kill) peer=firefox, @@ -27,10 +27,10 @@ profile firefox-minidump-analyzer @{exec_path} { owner "@{config_dirs}/firefox/Crash Reports/" rw, owner "@{config_dirs}/firefox/Crash Reports/pending/" rw, owner "@{config_dirs}/firefox/Crash Reports/pending/@{hex}.{dmp,extra}" rw, - owner @{config_dirs}/*.*/extensions/*.xpi r, - owner @{config_dirs}/*.*/minidumps/ rw, - owner @{config_dirs}/*.*/minidumps/@{uuid}.{dmp,extra} rw, - owner @{config_dirs}/*.*/storage/default/* r, + owner @{config_dirs}/{,firefox/}*.*/extensions/*.xpi r, + owner @{config_dirs}/{,firefox/}*.*/minidumps/ rw, + owner @{config_dirs}/{,firefox/}*.*/minidumps/@{uuid}.{dmp,extra} rw, + owner @{config_dirs}/{,firefox/}*.*/storage/default/* r, owner @{cache_dirs}/firefox/*.*/startupCache/*Cache* r, diff --git a/apparmor.d/groups/bus/ibus-memconf b/apparmor.d/groups/bus/ibus-memconf index dc7895bae..79aae18f7 100644 --- a/apparmor.d/groups/bus/ibus-memconf +++ b/apparmor.d/groups/bus/ibus-memconf @@ -7,7 +7,7 @@ abi , include @{exec_path} = @{lib}/{,ibus/}ibus-memconf -profile ibus-memconf @{exec_path} { +profile ibus-memconf @{exec_path} flags=(attach_disconnected) { include include include @@ -27,5 +27,7 @@ profile ibus-memconf @{exec_path} { owner @{desktop_config_dirs}/ibus/bus/ r, owner @{desktop_config_dirs}/ibus/bus/@{hex32}-unix-{,wayland-}@{int} r, + owner /dev/tty@{int} rw, + include if exists } diff --git a/apparmor.d/groups/cron/cron-popularity-contest b/apparmor.d/groups/cron/cron-popularity-contest index aadae9bfe..59bd622f0 100644 --- a/apparmor.d/groups/cron/cron-popularity-contest +++ b/apparmor.d/groups/cron/cron-popularity-contest @@ -49,6 +49,7 @@ profile cron-popularity-contest @{exec_path} { /var/log/popularity-contest{,.new} rw, /var/log/popularity-contest{,.new}.gpg rw, /var/log/popularity-contest.@{int} rw, + /var/log/popularity-contest.@{int}.gpg rw, # Store last successful http submission timestamp /var/lib/popularity-contest/ rw, @@ -66,15 +67,14 @@ profile cron-popularity-contest @{exec_path} { @{bin}/savelog mr, - @{bin}/date rix, @{bin}/basename rix, - @{bin}/which{,.debianutils} rix, + @{bin}/date rix, @{bin}/dirname rix, - @{bin}/rm rix, - @{bin}/mv rix, - @{bin}/touch rix, @{bin}/gzip rix, - + @{bin}/mv rix, + @{bin}/rm rix, + @{bin}/touch rix, + @{bin}/which{,.debianutils} rix, @{sh_path} rix, /var/log/ r, @@ -82,9 +82,9 @@ profile cron-popularity-contest @{exec_path} { /var/log/popularity-contest.@{int} rw, /var/log/popularity-contest rw, - # file_inherit - owner @{tmp}/#@{int} rw, + owner @{tmp}/#@{int} rw, # file_inherit + include if exists } profile runuser { @@ -96,19 +96,18 @@ profile cron-popularity-contest @{exec_path} { @{bin}/runuser mr, @{sh_path} rix, - - @{bin}/popularity-contest rPx, - - owner @{PROC}/@{pids}/loginuid r, - @{PROC}/1/limits r, + @{bin}/popularity-contest rPx, @{etc_ro}/security/limits.d/ r, /var/log/popularity-contest.new w, - # file_inherit - owner @{tmp}/#@{int} rw, + @{PROC}/1/limits r, + owner @{PROC}/@{pids}/loginuid r, + owner @{tmp}/#@{int} rw, # file_inherit + + include if exists } profile gpg { @@ -126,9 +125,9 @@ profile cron-popularity-contest @{exec_path} { owner @{tmp}/tmp.*/** rwkl -> /tmp/tmp.*/**, - # file_inherit - owner @{tmp}/#@{int} rw, + owner @{tmp}/#@{int} rw, # file_inherit + include if exists } profile popcon-upload { @@ -142,18 +141,18 @@ profile cron-popularity-contest @{exec_path} { network inet6 stream, network netlink raw, - /usr/share/popularity-contest/popcon-upload r, @{bin}/perl r, - @{bin}/gzip rix, + /usr/share/popularity-contest/popcon-upload r, + /var/log/ r, /var/log/popularity-contest.new.gpg r, /var/log/popularity-contest.@{int}.gpg r, - # file_inherit - owner @{tmp}/#@{int} rw, + owner @{tmp}/#@{int} rw, # file_inherit + include if exists } include if exists diff --git a/apparmor.d/groups/gnome/gdm-generate-config b/apparmor.d/groups/gnome/gdm-generate-config index 7d24d304a..7d577c4c4 100644 --- a/apparmor.d/groups/gnome/gdm-generate-config +++ b/apparmor.d/groups/gnome/gdm-generate-config @@ -41,7 +41,7 @@ profile gdm-generate-config @{exec_path} { @{sys}/devices/system/node/node@{int}/meminfo r, @{PROC}/ r, - @{PROC}/@{pid}/cgroup r, + @{PROC}/@{pid}/cgroup r, @{PROC}/@{pid}/cmdline r, @{PROC}/@{pid}/stat r, @{PROC}/uptime r, diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index 217cc0d52..2f0c112e9 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -407,6 +407,8 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) { /usr/games/* PUx, /usr/share/gnome-shell/extensions/ding@rastersoft.com/{,*/}ding.js rPx, + owner @{run}/user/@{uid}/gnome-shell-disable-extensions w, + deny @{user_share_dirs}/gvfs-metadata/* r, include if exists diff --git a/apparmor.d/groups/gnome/gnome-software b/apparmor.d/groups/gnome/gnome-software index f4e6a1262..e87cbcd7e 100644 --- a/apparmor.d/groups/gnome/gnome-software +++ b/apparmor.d/groups/gnome/gnome-software @@ -99,6 +99,9 @@ profile gnome-software @{exec_path} { owner @{run}/user/@{uid}/.flatpak/**/*.ref rwk, owner @{run}/user/@{uid}/app/{,*/} rw, + owner /dev/shm/flatpak-com.*/ rw, + owner /dev/shm/flatpak-com.*/.flatpak-tmpdir rw, + @{run}/systemd/inhibit/*.ref rw, @{sys}/module/nvidia/version r, diff --git a/apparmor.d/groups/virt/libvirtd b/apparmor.d/groups/virt/libvirtd index 2a75035e1..32428f2b5 100644 --- a/apparmor.d/groups/virt/libvirtd +++ b/apparmor.d/groups/virt/libvirtd @@ -206,6 +206,7 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) { @{sys}/devices/system/cpu/cpu@{int}/cache/{,**} r, @{sys}/devices/system/cpu/cpu@{int}/topology/{,**} r, + @{sys}/devices/system/cpu/isolated r, @{sys}/devices/system/cpu/present r, @{sys}/devices/system/node/ r, @{sys}/devices/system/node/node@{int}/ r, diff --git a/apparmor.d/profiles-a-f/cups-notifier-dbus b/apparmor.d/profiles-a-f/cups-notifier-dbus index 3fb7158e9..dddfea78a 100644 --- a/apparmor.d/profiles-a-f/cups-notifier-dbus +++ b/apparmor.d/profiles-a-f/cups-notifier-dbus @@ -11,14 +11,13 @@ profile cups-notifier-dbus @{exec_path} { include include include + include include signal (receive) set=(term) peer=cupsd, @{exec_path} mr, - /etc/cups/client.conf r, - owner /var/spool/cups/tmp/cups-dbus-notifier-lockfile rw, owner @{tmp}/cups-dbus-notifier-lockfile rwk, diff --git a/apparmor.d/profiles-a-f/flatpak-portal b/apparmor.d/profiles-a-f/flatpak-portal index d82c38653..a41bf3e77 100644 --- a/apparmor.d/profiles-a-f/flatpak-portal +++ b/apparmor.d/profiles-a-f/flatpak-portal @@ -34,6 +34,9 @@ profile flatpak-portal @{exec_path} flags=(attach_disconnected) { / r, /.flatpak-info r, + owner @{HOME}/.var/app/*/**/.ref rw, + owner @{HOME}/.var/app/*/**/logs/* rw, + owner @{user_config_dirs}/user-dirs.dirs r, owner @{user_share_dirs}/mime/mime.cache r, diff --git a/apparmor.d/profiles-g-l/kodi-xrandr b/apparmor.d/profiles-g-l/kodi-xrandr index 469476329..843375246 100644 --- a/apparmor.d/profiles-g-l/kodi-xrandr +++ b/apparmor.d/profiles-g-l/kodi-xrandr @@ -16,7 +16,7 @@ profile kodi-xrandr @{exec_path} { owner @{HOME}/.Xauthority r, # file_inherit - @{sys}/devices/virtual/thermal/thermal_zone0/temp r, + @{sys}/devices/virtual/thermal/thermal_zone@{int}/temp r, @{sys}/devices/system/cpu/cpufreq/policy0/scaling_cur_freq r, owner @{HOME}/.kodi/temp/kodi.log w, diff --git a/apparmor.d/profiles-g-l/libreoffice b/apparmor.d/profiles-g-l/libreoffice index cad2260bb..f2da11dd6 100644 --- a/apparmor.d/profiles-g-l/libreoffice +++ b/apparmor.d/profiles-g-l/libreoffice @@ -52,13 +52,17 @@ profile libreoffice @{exec_path} { @{lib}/libreoffice/share/uno_packages/cache/stamp.sys w, @{lib}/libreoffice/{,**} rm, + /usr/share/hyphen/{,**} r, /usr/share/libexttextcat/{,**} r, /usr/share/liblangtag/{,**} r, + /usr/share/libreoffice/{,**} r, + /usr/share/mythes/{,**} r, /etc/java-openjdk/{,**} r, /etc/libreoffice/{,**} r, /etc/paperspecs r, + owner @{user_cache_dirs}/libreoffice/{,**} rw, owner @{user_config_dirs}/libreoffice/ rw, owner @{user_config_dirs}/libreoffice/** rwk, @@ -75,6 +79,7 @@ profile libreoffice @{exec_path} { @{sys}/kernel/mm/transparent_hugepage/enabled r, @{sys}/kernel/mm/transparent_hugepage/shmem_enabled r, owner @{sys}/fs/cgroup/user.slice/user-@{int}.slice/user@@{int}.service/app.slice/**/memory.max r, + owner @{sys}/fs/cgroup/user.slice/user-@{int}.slice/user@@{int}.service/session.slice/org.gnome.Shell@wayland.service/memory.max r, @{PROC}/cgroups r, owner @{PROC}/@{pid}/cgroup r, diff --git a/apparmor.d/profiles-m-r/mkinitramfs b/apparmor.d/profiles-m-r/mkinitramfs index 304b5834f..081aad4e6 100644 --- a/apparmor.d/profiles-m-r/mkinitramfs +++ b/apparmor.d/profiles-m-r/mkinitramfs @@ -59,7 +59,7 @@ profile mkinitramfs @{exec_path} { @{bin}/kmod rCx -> kmod, @{bin}/ldconfig rCx -> ldconfig, @{bin}/ldd rCx -> ldd, - @{lib}/ld-linux.so.2 rCx -> ldd, + @{lib}/ld-linux.so* rCx -> ldd, @{bin}/dpkg rPx -> child-dpkg, @{bin}/linux-version rPx, diff --git a/apparmor.d/profiles-m-r/qpdfview b/apparmor.d/profiles-m-r/qpdfview index 4ce205c27..bb0ad1aa8 100644 --- a/apparmor.d/profiles-m-r/qpdfview +++ b/apparmor.d/profiles-m-r/qpdfview @@ -61,6 +61,4 @@ profile qpdfview @{exec_path} { owner /dev/tty@{int} rw, include if exists -} - - +} \ No newline at end of file diff --git a/apparmor.d/profiles-s-z/wsdd b/apparmor.d/profiles-s-z/wsdd index 46a3c40b6..d850e9f02 100644 --- a/apparmor.d/profiles-s-z/wsdd +++ b/apparmor.d/profiles-s-z/wsdd @@ -11,6 +11,10 @@ profile wsdd @{exec_path} { include include + network inet dgram, + network inet6 dgram, + network netlink raw, + @{exec_path} mr, @{bin}/env r, @@ -18,6 +22,8 @@ profile wsdd @{exec_path} { /etc/machine-id r, + owner /var/lib/libuuid/clock.txt rw, + owner @{run}/user/@{uid}/gvfsd/wsdd w, include if exists From 8fe2bf4c20a3525c80116d7b6f5a9f4b78f72c00 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Tue, 11 Jun 2024 00:00:51 +0100 Subject: [PATCH 25/70] feat(profile): add missing enchant abs. --- apparmor.d/groups/gnome/gnome-text-editor | 3 +-- apparmor.d/groups/xfce/mousepad | 6 +----- apparmor.d/profiles-g-l/libreoffice | 1 + 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/apparmor.d/groups/gnome/gnome-text-editor b/apparmor.d/groups/gnome/gnome-text-editor index 6d40144ce..de035a598 100644 --- a/apparmor.d/groups/gnome/gnome-text-editor +++ b/apparmor.d/groups/gnome/gnome-text-editor @@ -11,13 +11,12 @@ profile gnome-text-editor @{exec_path} { include include include + include include include @{exec_path} mr, - /usr/share/enchant-*/{,**} r, - owner @{user_share_dirs}/org.gnome.TextEditor/{,**} rw, owner @{PROC}/@{pid}/mountinfo r, diff --git a/apparmor.d/groups/xfce/mousepad b/apparmor.d/groups/xfce/mousepad index e61709db1..a83e7fa0c 100644 --- a/apparmor.d/groups/xfce/mousepad +++ b/apparmor.d/groups/xfce/mousepad @@ -10,6 +10,7 @@ include profile mousepad @{exec_path} { include include + include include include include @@ -18,14 +19,9 @@ profile mousepad @{exec_path} { @{open_path} rPx -> child-open-help, - /usr/share/hunspell/{,**} r, - owner @{user_config_dirs}/Mousepad/ rw, owner @{user_config_dirs}/Mousepad/** rwk, - owner @{user_config_dirs}/enchant/ rw, - owner @{user_config_dirs}/enchant/ rwk, - owner @{user_share_dirs}/Mousepad/ rw, owner @{user_share_dirs}/Mousepad/** rwk, diff --git a/apparmor.d/profiles-g-l/libreoffice b/apparmor.d/profiles-g-l/libreoffice index f2da11dd6..f9dc76461 100644 --- a/apparmor.d/profiles-g-l/libreoffice +++ b/apparmor.d/profiles-g-l/libreoffice @@ -13,6 +13,7 @@ profile libreoffice @{exec_path} { include include include + include include include include From 08a1aba39d11e04c4cad657078ded50cfe66c5c6 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Tue, 11 Jun 2024 00:01:46 +0100 Subject: [PATCH 26/70] feat(abs): bwrap: add special mount rule for debian. --- apparmor.d/abstractions/common/bwrap | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/apparmor.d/abstractions/common/bwrap b/apparmor.d/abstractions/common/bwrap index f2e76bcdf..4b9610472 100644 --- a/apparmor.d/abstractions/common/bwrap +++ b/apparmor.d/abstractions/common/bwrap @@ -2,10 +2,9 @@ # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# Minimal set of rules for bwrap - +# A minimal set of rules for sandboxed programs using bwrap. # A profile using this abstraction still needs to set: -# - the attach_disconnected flag +# - the flag: attach_disconnected # - bwrap execution: '@{bin}/bwrap rix,' # userns, @@ -31,6 +30,9 @@ umount /, umount /oldroot/, + #aa:only debian whonix + mount -> /newroot/{,**}, # Debian does not support the remount rule. + pivot_root oldroot=/newroot/ /newroot/, pivot_root oldroot=/tmp/oldroot/ /tmp/, From 6f5986a05e80dd24efb53340ebe58c07e0bd0ff1 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Tue, 11 Jun 2024 00:08:17 +0100 Subject: [PATCH 27/70] feat(aa-log): improve rule generation on debian. --- pkg/aa/profile.go | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/pkg/aa/profile.go b/pkg/aa/profile.go index 211813789..365bf1eba 100644 --- a/pkg/aa/profile.go +++ b/pkg/aa/profile.go @@ -190,10 +190,14 @@ var ( return newFileFromLog(log) } }, - "exec": newFileFromLog, - "file_inherit": newFileFromLog, - "file_perm": newFileFromLog, - "open": newFileFromLog, + "exec": newFileFromLog, + "getattr": newFileFromLog, + "mkdir": newFileFromLog, + "mknod": newFileFromLog, + "open": newFileFromLog, + "rename_src": newFileFromLog, + "truncate": newFileFromLog, + "unlink": newFileFromLog, } newLogMountMap = map[string]func(log map[string]string) Rule{ "mount": newMountFromLog, @@ -229,10 +233,13 @@ func (p *Profile) AddRule(log map[string]string) { } if !done { - if strings.Contains(log["operation"], "dbus") { + switch { + case strings.HasPrefix(log["operation"], "file_"): + p.Rules = append(p.Rules, newFileFromLog(log)) + case strings.Contains(log["operation"], "dbus"): p.Rules = append(p.Rules, newDbusFromLog(log)) - } else { - fmt.Printf("unknown log type: %s", log) + default: + fmt.Printf("unknown log type: %s", log["operation"]) } } } From 6d549b7c70415e884586c23a8a5d2448d89e543d Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Tue, 11 Jun 2024 00:21:29 +0100 Subject: [PATCH 28/70] feat(profile): rewrite steam profiles. - Separate profile for sandboxes. - Separate profile for native and proton games. - Updated path dirs - tested on arch & debian. Note: these profiles are still in alpha stage and disabled by default. --- apparmor.d/abstractions/common/steam-game | 115 +++++++ apparmor.d/profiles-s-z/steam | 333 ++++++++++++++------ apparmor.d/profiles-s-z/steam-fossilize | 16 +- apparmor.d/profiles-s-z/steam-game | 225 ------------- apparmor.d/profiles-s-z/steam-game-native | 37 +++ apparmor.d/profiles-s-z/steam-game-proton | 107 +++++++ apparmor.d/profiles-s-z/steam-gameoverlayui | 28 +- apparmor.d/profiles-s-z/steam-launch | 46 +++ apparmor.d/profiles-s-z/steam-launcher | 29 ++ apparmor.d/profiles-s-z/steam-reaper | 40 --- apparmor.d/profiles-s-z/steam-runtime | 81 +++-- apparmor.d/profiles-s-z/steamerrorreporter | 19 +- dists/flags/main.flags | 10 +- dists/ignore/main.ignore | 6 +- 14 files changed, 681 insertions(+), 411 deletions(-) create mode 100644 apparmor.d/abstractions/common/steam-game delete mode 100644 apparmor.d/profiles-s-z/steam-game create mode 100644 apparmor.d/profiles-s-z/steam-game-native create mode 100644 apparmor.d/profiles-s-z/steam-game-proton create mode 100644 apparmor.d/profiles-s-z/steam-launch create mode 100644 apparmor.d/profiles-s-z/steam-launcher delete mode 100644 apparmor.d/profiles-s-z/steam-reaper diff --git a/apparmor.d/abstractions/common/steam-game b/apparmor.d/abstractions/common/steam-game new file mode 100644 index 000000000..719fcbd60 --- /dev/null +++ b/apparmor.d/abstractions/common/steam-game @@ -0,0 +1,115 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + + include + include + include + include + include + include + include + + @{bin}/uname rix, + @{bin}/xdg-settings rPx, + @{browsers_path} rPx, + + @{bin}/env r, + + @{app_dirs}/ r, + @{lib_dirs}/ r, + @{lib}/ r, + / r, + /home/ r, + /usr/ r, + /usr/local/ r, + /usr/local/lib/ r, + + /etc/machine-id r, + /var/lib/dbus/machine-id r, + + owner @{HOME}/ r, + owner @{HOME}/.steam/steam.pid r, + owner @{HOME}/.steam/steam.pipe r, + + owner @{user_games_dirs}/ r, + owner @{user_games_dirs}/*/ r, + owner @{user_games_dirs}/*/{,**} rwkl, + + owner @{user_config_dirs}/unity3d/{,**} rwk, + + owner @{share_dirs}/ r, + owner @{share_dirs}/* r, + owner @{share_dirs}/config/*.vdf* rw, + owner @{share_dirs}/logs/* rw, + owner @{share_dirs}/steamapps/ r, + owner @{share_dirs}/steamapps/common/ r, + owner @{share_dirs}/steamapps/common/*/** rwlk, + owner @{share_dirs}/steamapps/shadercache/{,**} rwk, + owner @{share_dirs}/shader_cache_temp_dir_*/fozpipelinesv@{int}/{,**} rw, + + @{tmp}/ r, + owner @{tmp}/#@{int} rw, + owner @{tmp}/CASESENSITIVETEST@{hex32} rw, + owner @{tmp}/crashes/ rw, + owner @{tmp}/crashes/** rwk, + owner @{tmp}/miles_image_@{rand6} mrw, + owner @{tmp}/runtime-info.txt.@{rand6} rw, + owner @{tmp}/vdpau-drivers-@{rand6}/{,**} rw, + + owner /dev/shm/mono.@{int} rw, + owner /dev/shm/softbuffer-x11-@{rand6}@{c} rw, + owner /dev/shm/u@{uid}-Shm_@{hex6} rw, + owner /dev/shm/u@{uid}-Shm_@{hex6}@{h} rw, + owner /dev/shm/u@{uid}-Shm_@{hex8} rw, + owner /dev/shm/u@{uid}-ValveIPCSharedObj-Steam rwk, + owner /dev/shm/ValveIPCSHM_@{uid} rw, + + @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad + @{run}/udev/data/c13:@{int} r, # for /dev/input/* + + @{sys}/ r, + @{sys}/bus/ r, + @{sys}/class/ r, + @{sys}/class/hidraw/ r, + @{sys}/class/input/ r, + @{sys}/devices/ r, + @{sys}/devices/@{pci}/boot_vga r, + @{sys}/devices/@{pci}/net/*/carrier r, + @{sys}/devices/**/input@{int}/ r, + @{sys}/devices/**/input@{int}/**/{vendor,product} r, + @{sys}/devices/**/input@{int}/capabilities/* r, + @{sys}/devices/**/input/input@{int}/ r, + @{sys}/devices/**/uevent r, + @{sys}/devices/system/ r, + @{sys}/devices/system/clocksource/clocksource@{int}/current_clocksource r, + @{sys}/devices/system/cpu/cpu@{int}/ r, + @{sys}/devices/virtual/dmi/id/* r, + @{sys}/devices/virtual/net/*/carrier r, + @{sys}/kernel/ r, + + @{sys}/fs/cgroup/user.slice/cpu.max r, + @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/cpu.max r, + @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/cpu.max r, + owner @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/cpu.max r, + + @{PROC}/uptime r, + @{PROC}/version r, + owner @{PROC}/@{pid}/cgroup r, + owner @{PROC}/@{pid}/cmdline r, + owner @{PROC}/@{pid}/fd/ r, + owner @{PROC}/@{pid}/mounts r, + owner @{PROC}/@{pid}/pagemap r, + owner @{PROC}/@{pid}/stat r, + owner @{PROC}/@{pid}/task/ r, + owner @{PROC}/@{pid}/task/@{tid}/comm rw, + owner @{PROC}/@{pid}/task/@{tid}/stat r, + + /dev/ r, + /dev/hidraw@{int} rw, + /dev/input/ r, + /dev/input/event@{int} rw, + /dev/tty rw, + /dev/uinput rw, + + include if exists \ No newline at end of file diff --git a/apparmor.d/profiles-s-z/steam b/apparmor.d/profiles-s-z/steam index 85f5191bb..36b8bd54d 100644 --- a/apparmor.d/profiles-s-z/steam +++ b/apparmor.d/profiles-s-z/steam @@ -6,28 +6,32 @@ # - Ensure no user data is accessed by either steam or steam games # - Limit what steam/games can access to the host # -# Current architecture: +# Overall architecture of the steam profiles: # steam -# ├── steam-fossilize -# ├── steam-reaper -# │ └── steam-game -# ├── steam-gameoverlayui -# └── steamerrorreporter +# ├── steam//check # Requirements check (sandboxed) +# ├── steam//web # steamwebhelper (sandboxed) +# ├── steam-fossilize # Update shader cache +# ├── steam-runtime # Launcher tasks up to the creation of the sandbox +# │ ├── steam-game-native # Native games +# │ └── steam-game-proton # Proton games (sandboxed) +# ├── steam-gameoverlayui # Steam game overlay +# └── steamerrorreporter # Error reporter abi , include -@{share_dirs} = @{user_share_dirs}/Steam +@{arch} = amd64 i386 +@{runtime} = SteamLinuxRuntime_sniper +@{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} -@{runtime_dirs} = @{share_dirs}/steamapps/common/SteamLinuxRuntime_sniper +@{runtime_dirs} = @{lib_dirs}/steam-runtime{,-sniper} +@{app_dirs} = @{share_dirs}/steamapps/common/ @{exec_path} = @{share_dirs}/steam.sh profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { include include - include - include include include include @@ -38,69 +42,71 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { include include + capability sys_ptrace, + network inet dgram, network inet6 dgram, network inet stream, network inet6 stream, network netlink raw, + network unix stream, - ptrace (read), - ptrace (trace) peer=steam, + ptrace read, + ptrace trace peer=steam, - signal (send) peer=steam-game, - signal (read), - - unix (receive) type=stream, + signal send peer=steam-game, + signal send peer=steam-launcher, + signal send peer=steam//journalctl, + signal send peer=steam//web, @{exec_path} mrix, @{sh_path} rix, @{coreutils_path} rix, - @{bin}/cmp rix, - @{bin}/file rix, @{bin}/getopt rix, - @{bin}/gzip rix, + @{bin}/journalctl rPx -> systemctl, @{bin}/ldconfig rix, @{bin}/ldd rix, - @{bin}/localedef rix, @{bin}/lsb_release rPx -> lsb_release, @{bin}/lsof rix, @{bin}/lspci rCx -> lspci, - @{bin}/steam-runtime-urlopen rix, - @{bin}/tar rix, - @{bin}/which rix, + @{bin}/which{,.debianutils} rix, @{bin}/xdg-icon-resource rPx, @{bin}/xdg-user-dir rix, - @{bin}/xz rix, - @{bin}/zenity rix, + @{lib}/@{multiarch}/ld-*.so* rix, @{lib}/ld-linux.so* rix, + @{open_path} rPx -> child-open, - @{lib_dirs}/** mr, - @{lib_dirs}/*/** ix, - @{lib_dirs}/*driverquery rix, - @{lib_dirs}/fossilize_replay rpx, - @{lib_dirs}/gameoverlayui rpx, - @{lib_dirs}/reaper rpx, - @{lib_dirs}/steam* rix, + @{lib_dirs}/** mr, + @{lib_dirs}/*driverquery rix, + @{lib_dirs}/fossilize_replay rpx, + @{lib_dirs}/gameoverlayui rpx, + @{lib_dirs}/reaper rpx, # steam-runtime + @{lib_dirs}/steam* rix, - # Entry point for steam-game - @{runtime_dirs}/*entry-point rpx, - - @{lib}/pressure-vessel/from-host/** rix, - @{run}/host/@{bin}/* rix, - @{run}/host/@{lib}/** rix, + @{app_dirs}/@{runtime}/*entry-point rpx -> steam-runtime, @{share_dirs}/linux{32,64}/steamerrorreporter rpx, - @{share_dirs}/config/cefdata/WidevineCdm/**/linux_*/libwidevinecdm.so rm, - /usr/lib/os-release rk, - /usr/share/fonts/**.{ttf,otf} rk, - /usr/share/terminfo/** r, - /usr/share/zenity/* r, + @{runtime_dirs}/@{arch}/@{bin}/steam-runtime-check-requirements rcx -> check, + @{runtime_dirs}/@{arch}/@{bin}/steam-runtime-identify-library-abi rix, + @{runtime_dirs}/@{arch}/@{bin}/steam-runtime-launcher-service rpx, + @{runtime_dirs}/@{arch}/@{bin}/steam-runtime-system-info rix, + @{runtime_dirs}/@{lib}/steam-runtime-tools-@{int}/@{multiarch}-* rix, + @{runtime_dirs}/*entry-point rix, + @{runtime_dirs}/pressure-vessel/@{bin}/pressure-vessel-* rix, + @{runtime_dirs}/pressure-vessel/@{lib}/steam-runtime-tools-@{int}/@{multiarch}-* rix, + @{runtime_dirs}/pressure-vessel/@{lib}/steam-runtime-tools-@{int}/srt-bwrap rcx -> web, + @{runtime_dirs}/run{,.sh} rix, + @{runtime_dirs}/setup.sh rix, + + @{lib}/os-release rk, + + /usr/share/fonts/** rk, /etc/lsb-release r, - /etc/udev/udev.conf r, /etc/machine-id r, + /etc/timezone r, /var/lib/dbus/machine-id r, @{bin}/ r, @@ -108,16 +114,11 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { / r, /etc/ r, /home/ r, - /run/ r, /usr/ r, /usr/local/ r, /usr/local/lib/ r, /var/ r, - - owner /bindfile@{rand6} rw, - - owner /var/pressure-vessel/** rw, - owner /var/cache/ldconfig/aux-cache* rw, + /var/tmp/ r, owner @{HOME}/ r, owner @{HOME}/.steam/{,**} rw, @@ -142,106 +143,231 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { owner @{user_share_dirs}/icons/hicolor/**/apps/steam*.png rw, owner @{user_share_dirs}/vulkan/implicit_layer.d/steam*.json rwk, - owner /dev/shm/#@{int} rw, - owner /dev/shm/fossilize-*-@{int}-@{int} rw, - owner /dev/shm/u@{uid}-Shm_@{hex} rw, - owner /dev/shm/u@{uid}-ValveIPCSharedObj-Steam rwk, - owner /dev/shm/ValveIPCSHM_@{uid} rw, - @{tmp}/ r, owner @{tmp}/#@{int} rw, owner @{tmp}/dumps/ rw, owner @{tmp}/dumps/** rwk, owner @{tmp}/gdkpixbuf-xpm-tmp.@{rand6} rw, - owner @{tmp}/miles_image_* mrw, - owner @{tmp}/pressure-vessel-*-@{rand6}/ rw, - owner @{tmp}/pressure-vessel-*-@{rand6}/** rwlk -> @{tmp}/pressure-vessel-*-@{rand6}/**, - owner @{tmp}/runtime-info.txt.* rwk, - owner @{tmp}/sh-thd.* rw, - owner @{tmp}/steam_chrome_shmem_uid@{uid}_spid@{int} rw, + owner @{tmp}/glx-icds-@{rand6}/{,**} rw, + owner @{tmp}/runtime-info.txt.@{rand6} rwk, owner @{tmp}/steam@{rand6}/{,**} rw, owner @{tmp}/steam/ rw, owner @{tmp}/steam/** rwk, owner @{tmp}/vdpau-drivers-@{rand6}/{,**} rw, - owner @{run}/pressure-vessel/** r, + /dev/shm/ r, + owner /dev/shm/fossilize-*-@{int}-@{int} rw, + owner /dev/shm/u@{uid}-Shm_@{hex6} rw, + owner /dev/shm/u@{uid}-Shm_@{hex6}@{h} rw, + owner /dev/shm/u@{uid}-Shm_@{hex8} rw, + owner /dev/shm/u@{uid}-ValveIPCSharedObj-Steam rwk, + owner /dev/shm/ValveIPCSHM_@{uid} rw, + owner @{run}/user/@{uid}/ r, - @{run}/host/{,**} r, - - @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad @{run}/udev/data/+pci:* r, # Identifies all PCI devices (CPU, GPU, Network, Disks, USB, etc.) @{run}/udev/data/c13:@{int} r, # for /dev/input/* - @{run}/udev/data/c116:@{int} r, # for ALSA - @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511 @{run}/udev/data/n@{int} r, @{sys}/ r, @{sys}/bus/ r, - @{sys}/bus/pci/devices/ r, @{sys}/class/ r, @{sys}/class/hidraw/ r, @{sys}/class/input/ r, @{sys}/class/net/ r, - @{sys}/devices/@{pci}/class r, - @{sys}/devices/@{pci}/i2c-@{int}/{,**/}report_descriptor r, - @{sys}/devices/@{pci}/sound/card@{int}/** r, - @{sys}/devices/@{pci}/usb@{int}/{manufacturer,product,bcdDevice,bInterfaceNumber} r, + @{sys}/devices/ r, + @{sys}/devices/@{pci}/boot_vga r, + @{sys}/devices/@{pci}/sound/card@{int}/input@{int}/properties r, @{sys}/devices/**/input@{int}/ r, @{sys}/devices/**/input@{int}/capabilities/* r, @{sys}/devices/**/input/input@{int}/ r, @{sys}/devices/**/input/input@{int}/properties r, + @{sys}/devices/**/report_descriptor r, @{sys}/devices/**/uevent r, - @{sys}/devices/system/cpu/** r, - @{sys}/devices/system/node/ r, - @{sys}/devices/virtual/**/report_descriptor r, + @{sys}/devices/system/ r, + @{sys}/devices/system/cpu/cpu@{int}/ r, + @{sys}/devices/virtual/dmi/id/bios_vendor r, + @{sys}/devices/virtual/dmi/id/bios_version r, + @{sys}/devices/virtual/dmi/id/product_name r, + @{sys}/devices/virtual/dmi/id/sys_vendor r, @{sys}/devices/virtual/net/*/ r, - @{sys}/devices/virtual/tty/tty@{int}/active r, @{sys}/kernel/ r, @{sys}/power/suspend_stats/success rk, @{PROC}/ r, - @{PROC}/@{pids}/comm rk, - @{PROC}/@{pids}/net/route r, - @{PROC}/@{pids}/stat r, - @{PROC}/locks r, + @{PROC}/@{pid}/comm rk, + @{PROC}/@{pid}/fdinfo/@{int} r, @{PROC}/@{pid}/net/* r, + @{PROC}/@{pid}/stat r, + @{PROC}/@{pid}/stat r, @{PROC}/1/cgroup r, - @{PROC}/sys/fs/inotify/max_user_watches r, + @{PROC}/locks r, @{PROC}/sys/kernel/sched_autogroup_enabled r, - @{PROC}/sys/kernel/unprivileged_userns_clone r, - @{PROC}/sys/kernel/yama/ptrace_scope r, - @{PROC}/sys/net/ipv{4,6}/conf/all/disable_ipv{4,6} r, - @{PROC}/sys/user/max_user_namespaces r, + @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r, @{PROC}/version r, - owner @{PROC}/@{pid}/mem r, owner @{PROC}/@{pid}/autogroup rw, owner @{PROC}/@{pid}/cmdline rk, owner @{PROC}/@{pid}/environ r, owner @{PROC}/@{pid}/fd/ r, - owner @{PROC}/@{pid}/fdinfo/@{int} r, + owner @{PROC}/@{pid}/mem r, owner @{PROC}/@{pid}/mounts r, - owner @{PROC}/@{pid}/oom_score_adj w, - owner @{PROC}/@{pid}/statm r, owner @{PROC}/@{pid}/task/ r, owner @{PROC}/@{pid}/task/@{tid}/comm rw, - owner @{PROC}/@{pid}/task/@{tid}/status r, - /dev/hidraw@{int} rw, /dev/input/ r, - /dev/input/event@{int} r, - /dev/tty rw, /dev/uinput w, - audit deny /**.steam_exec_test.sh rw, - deny owner @{user_share_dirs}/gvfs-metadata/{,*} r, + deny /opt/** r, - profile lspci { + profile web flags=(attach_disconnected,mediate_deleted,complain) { + include + include + include + include + include + include + include + include + + network inet dgram, + network inet6 dgram, + network inet stream, + network inet6 stream, + network netlink raw, + + ptrace trace peer=steam//web, + + signal receive set=kill peer=steam, + + unix receive type=stream, + + @{bin}/ldconfig rix, + @{bin}/getopt rix, + @{bin}/gzip rix, + @{bin}/true rix, + @{bin}/localedef rix, + @{bin}/readlink rix, + + @{lib_dirs}/** mr, + @{lib_dirs}/steamwebhelper rix, + @{lib_dirs}/steamwebhelper_sniper_wrap.sh rix, + + @{runtime_dirs}/pressure-vessel/@{lib}/steam-runtime-tools-@{int}/srt-bwrap mr, + @{runtime_dirs}/pressure-vessel/@{bin}/steam-runtime-launcher-interface-@{int} rix, + + @{lib}/pressure-vessel/from-host/** rix, + @{run}/host/@{bin}/* rix, + @{run}/host/@{lib}/** rix, + + @{share_dirs}/config/cefdata/WidevineCdm/**/linux_*/libwidevinecdm.so mr, + + @{runtime_dirs}/var/tmp-@{rand6}/usr/.ref w, + + @{run}/host/{,**} r, + + /etc/machine-id r, + + @{lib}/ r, + /usr/local/lib/ r, + /var/tmp/ r, + + owner /bindfile@{rand6} rw, + + owner /var/cache/ldconfig/aux-cache* rw, + owner /var/pressure-vessel/ldso/* rw, + + owner @{HOME}/.pki/ rw, + owner @{HOME}/.pki/nssdb/ rw, + owner @{HOME}/.pki/nssdb/pkcs11.txt rw, + owner @{HOME}/.pki/nssdb/{cert9,key4}.db rwk, + owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw, + + owner @{lib_dirs}/.cef-* wk, + + owner @{share_dirs}/{,**} r, + owner @{share_dirs}/config/** rwk, + owner @{share_dirs}/logs/** rwk, + owner @{share_dirs}/clientui/** k, + owner @{share_dirs}/public/** k, + + @{tmp}/ r, + owner @{tmp}/#@{int} rw, + owner @{tmp}/dumps/ rw, + owner @{tmp}/dumps/** rwk, + owner @{tmp}/.org.chromium.Chromium.@{rand6} rw, + owner @{tmp}/pressure-vessel-*-@{rand6}/ rw, + owner @{tmp}/pressure-vessel-*-@{rand6}/** rwlk -> @{tmp}/pressure-vessel-*-@{rand6}/**, + owner @{tmp}/steam_chrome_shmem_uid@{uid}_spid@{int} rw, + + /dev/shm/ r, + owner /dev/shm/.org.chromium.Chromium.@{rand6} rw, + owner /dev/shm/u@{uid}-Shm_@{hex6} rw, + owner /dev/shm/u@{uid}-Shm_@{hex6}@{h} rw, + owner /dev/shm/u@{uid}-Shm_@{hex8} rw, + owner /dev/shm/u@{uid}-ValveIPCSharedObj-Steam rwk, + owner /dev/shm/ValveIPCSHM_@{uid} rw, + + owner @{run}/pressure-vessel/** r, + + @{run}/udev/data/c13:@{int} r, # for /dev/input/* + + @{sys}/bus/ r, + @{sys}/bus/*/devices/ r, + @{sys}/class/*/ r, + @{sys}/devices/**/report_descriptor r, + @{sys}/devices/**/uevent r, + @{sys}/devices/system/cpu/kernel_max r, + @{sys}/devices/virtual/tty/tty@{int}/active r, + + @{PROC}/ r, + @{PROC}/@{pid}/stat r, + @{PROC}/sys/fs/inotify/max_user_watches r, + @{PROC}/sys/kernel/yama/ptrace_scope r, + owner @{PROC}/@{pid}/cmdline r, + owner @{PROC}/@{pid}/oom_score_adj w, + owner @{PROC}/@{pid}/statm r, + owner @{PROC}/@{pid}/task/ r, + owner @{PROC}/@{pid}/task/@{tid}/status r, + + /dev/hidraw@{int} rw, + /dev/tty rw, + + include if exists + } + + profile check flags=(attach_disconnected,mediate_deleted,complain) { + include + include + include + + unix receive type=stream, + + @{bin}/true rix, + + @{lib_dirs}/** mr, + @{runtime_dirs}/@{arch}/@{bin}/steam-runtime-check-requirements mr, + @{runtime_dirs}/@{lib}/steam-runtime-tools-@{int}/srt-bwrap rix, + + / r, + + owner @{HOME}/.steam/root r, + owner @{HOME}/.steam/steam r, + + owner @{share_dirs}/ r, + + @{PROC}/@{pid}/cgroup r, + + include if exists + } + + profile lspci flags=(attach_disconnected,mediate_deleted,complain) { include include include + unix receive type=stream, + @{bin}/lspci mr, owner @{HOME}/.steam/steam.pipe r, @@ -256,5 +382,18 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { include if exists } + profile systemctl { + include + include + + /{run,var}/log/journal/ r, + /{run,var}/log/journal/@{hex32}/ r, + /{run,var}/log/journal/@{hex32}/system.journal* r, + /{run,var}/log/journal/@{hex32}/system@@{hex}.journal* r, + /{run,var}/log/journal/@{hex32}/user-@{hex}.journal* r, + + include if exists + } + include if exists } diff --git a/apparmor.d/profiles-s-z/steam-fossilize b/apparmor.d/profiles-s-z/steam-fossilize index 323abea8c..b8ec7e182 100644 --- a/apparmor.d/profiles-s-z/steam-fossilize +++ b/apparmor.d/profiles-s-z/steam-fossilize @@ -6,9 +6,12 @@ abi , include -@{share_dirs} = @{user_share_dirs}/Steam -@{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} -@{runtime_dirs} = @{share_dirs}/steamapps/common/SteamLinuxRuntime_sniper +@{arch} = amd64 i386 +@{runtime} = SteamLinuxRuntime_sniper +@{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation +@{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64} +@{runtime_dirs} = @{lib_dirs}/steam-runtime{,-sniper} +@{app_dirs} = @{share_dirs}/steamapps/common/ @{exec_path} = @{lib_dirs}/fossilize_replay profile steam-fossilize @{exec_path} flags=(attach_disconnected) { @@ -17,17 +20,22 @@ profile steam-fossilize @{exec_path} flags=(attach_disconnected) { include include + signal receive peer=steam, + @{exec_path} mr, - @{lib_dirs}/*.so* mr, + @{lib_dirs}/** mr, owner @{HOME}/.steam/steam.pipe r, + owner @{share_dirs}/logs/container-runtime-info.txt.@{rand6} rw, owner @{share_dirs}/steamapps/shadercache/@{int}/fozpipelinesv@{int}/{,**} rw, owner @{share_dirs}/steamapps/shadercache/@{int}/mesa_shader_cache_sf/{,**} rwk, owner @{share_dirs}/steamapps/shadercache/@{int}/nvidiav@{int}/GLCache/ rw, owner @{share_dirs}/steamapps/shadercache/@{int}/nvidiav@{int}/GLCache/** rwk, + owner @{tmp}/runtime-info.txt.@{rand6} rw, + owner /dev/shm/fossilize-*-@{int}-@{int} rw, @{sys}/devices/system/node/node@{int}/cpumap r, diff --git a/apparmor.d/profiles-s-z/steam-game b/apparmor.d/profiles-s-z/steam-game deleted file mode 100644 index 83d001455..000000000 --- a/apparmor.d/profiles-s-z/steam-game +++ /dev/null @@ -1,225 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2022-2024 Alexandre Pujol -# SPDX-License-Identifier: GPL-2.0-only - -# Default profile for steam games - -# TODO: -# Split this profile in three: -# - steam-game-native for native linux games -# - steam-runtime for all runtime related task up to the creation of the sandbox -# - steam-game-proton for the sandboxed proton games -# -# Tasks: -# - AppArmor supports for {*^} regex, or find an alternative -# - AppArmor supports change profile from pivot_root -# - Stack steam//&game to bypass no-new-privs issue -# -# The current version of this profile is not very useful as it is very similar -# to the main steam profile. - -abi , - -include - -@{share_dirs} = @{user_share_dirs}/Steam -@{lib_dirs} = @{share_dirs}/ubuntu@{int}_{32,64} -@{runtime_dirs} = @{share_dirs}/steamapps/common/SteamLinuxRuntime_sniper - -@{exec_path} = @{share_dirs}/steamapps/common/*/** -@{exec_path} += @{lib_dirs}/steam-runtime-sniper/*entry-point -profile steam-game @{exec_path} flags=(attach_disconnected) { - include - include - include - include - include - include - include - include - include - include - - capability dac_override, - capability dac_read_search, - - network inet dgram, - network inet6 dgram, - network inet stream, - network inet6 stream, - network netlink raw, - - signal (receive) peer=steam, - - unix (receive) type=stream, - - @{exec_path} mrix, - - @{sh_path} rix, - @{bin}/bwrap rix, - @{bin}/env rix, - @{bin}/getopt rix, - @{bin}/gzip rix, - @{bin}/localedef rix, - @{bin}/python3.@{int} rix, - @{bin}/readlink rix, - @{bin}/steam-runtime-launcher-interface-* rix, - @{bin}/steam-runtime-system-info rix, - @{bin}/timeout rix, - @{bin}/true rix, - @{bin}/uname rix, - @{bin}/xdg-open rPx, - - @{lib}/pressure-vessel/from-host/@{bin}/* rix, - @{lib}/pressure-vessel/from-host/@{lib}/** rix, - @{lib}/steam-runtime-tools*/* mrix, - - @{lib_dirs}/{,**} r, - @{lib_dirs}/**.so* mr, - @{lib_dirs}/reaper rix, - @{lib_dirs}/steam-launch-wrapper rm, - @{lib_dirs}/steam-runtime/@{lib}/** mrix, - - @{runtime_dirs}/pressure-vessel/@{bin}/ r, - @{runtime_dirs}/pressure-vessel/@{bin}/* rix, - @{runtime_dirs}/pressure-vessel/@{lib}/ r, - @{runtime_dirs}/pressure-vessel/@{lib}/** mrix, - @{runtime_dirs}/run rix, - - @{share_dirs}/@{bin}/ r, - @{share_dirs}/@{bin}/* mr, - @{share_dirs}/d3ddriverquery64.dxvk-cache rw, - @{share_dirs}/legacycompat/ r, - @{share_dirs}/legacycompat/** mr, - @{share_dirs}/linux{32,64}/ r, - @{share_dirs}/linux{32,64}/**.so* mr, - @{share_dirs}/standalone_installscript_progress_@{int}.vdf rw, - @{share_dirs}/steamapps/common/*/* mr, - @{share_dirs}/steamapps/common/Proton*/ r, - @{share_dirs}/steamapps/common/Proton*/files/@{bin}/* mrix, - @{share_dirs}/steamapps/common/Proton*/files/@{lib}/** mrix, - @{share_dirs}/steamapps/common/Proton*/proton rix, - @{share_dirs}/steamapps/compatdata/@{int}/pfx/**.dll rm, - - @{user_games_dirs}/*/* mr, - @{user_games_dirs}/*/**.dll mr, - - @{run}/host/usr/bin/ldconfig rix, - @{run}/host/usr/lib{,32,64}/**.so* rm, - @{run}/host/usr/bin/localedef rix, - - /usr/share/terminfo/** r, - - /etc/machine-id r, - /etc/udev/udev.conf r, - /var/lib/dbus/machine-id r, - - / r, - /{usr/,}{local/,} r, - /{usr/,}{local/,}lib{,32,64}/ r, - /bindfile@{rand6} rw, - /home/ r, - /tmp/ r, - - owner /var/pressure-vessel/** rw, - owner /var/cache/ldconfig/aux-cache* rw, - - owner @{HOME}/ r, - owner @{HOME}/.steam/steam.pid r, - owner @{HOME}/.steam/steam.pipe r, - - owner @{user_games_dirs}/{,*/} r, - owner @{user_games_dirs}/*/{,**} rwkl, - - owner @{user_config_dirs}/unity3d/{,**} rwk, - - owner @{share_dirs}/ r, - owner @{share_dirs}/* r, - owner @{share_dirs}/*log* rw, - owner @{share_dirs}/config/config.vdf* rw, - owner @{share_dirs}/logs/{,*} rw, - owner @{share_dirs}/shader_cache_temp*/fozpipelinesv*/{,**} rw, - owner @{share_dirs}/steamapps/ r, - owner @{share_dirs}/steamapps/common/ r, - owner @{share_dirs}/steamapps/common/*/ r, - owner @{share_dirs}/steamapps/common/*/** rwkl, - owner @{share_dirs}/steamapps/common/Proton*/files/share/{,**} r, - owner @{share_dirs}/steamapps/compatdata/{,**} rwk, - owner @{share_dirs}/steamapps/shadercache/{,**} rwk, - owner @{share_dirs}/userdata/**/remotecache.vdf rw, - - @{run}/host/ r, - @{run}/host/container-manager r, - @{run}/host/fonts/{,**} r, - @{run}/host/share/{,**} r, - @{run}/host/usr/{,**} r, - owner @{run}/pressure-vessel/{,**} rw, - owner @{run}/user/@{uid}/ r, - owner @{run}/user/@{uid}/orcexec.* mrw, # gstreamer - - owner /dev/shm/#@{int} rw, - owner /dev/shm/mono.* rw, - owner /dev/shm/u@{uid}-Shm_@{hex} rw, - owner /dev/shm/u@{uid}-ValveIPCSharedObj-Steam rwk, - owner /dev/shm/ValveIPCSHM_@{uid} rw, - owner /dev/shm/wine-*-fsync rw, - - owner @{tmp}/ r, - owner @{tmp}/.wine-@{int}/ rw, - owner @{tmp}/.wine-@{int}/** rwk, - owner @{tmp}/.wine-@{uid}/server-*/* rwk, - owner @{tmp}/#@{int} rw, - owner @{tmp}/CASESENSITIVETEST@{hex32} rw, - owner @{tmp}/miles_image_* mr, - owner @{tmp}/pressure-vessel-*/{,**} rwl, - owner @{tmp}/vdpau-drivers-@{rand6}/{,**} rw, - - @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad - - @{run}/udev/data/c13:@{int} r, # for /dev/input/* - @{run}/udev/data/c116:@{int} r, # for ALSA - @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511 - - @{sys}/ r, - @{sys}/bus/ r, - @{sys}/class/ r, - @{sys}/class/hidraw/ r, - @{sys}/class/input/ r, - @{sys}/devices/**/input@{int}/ r, - @{sys}/devices/**/input@{int}/**/{vendor,product} r, - @{sys}/devices/**/input@{int}/capabilities/* r, - @{sys}/devices/**/input/input@{int}/ r, - @{sys}/devices/**/uevent r, - @{sys}/devices/@{pci}/sound/card@{int}/** r, - @{sys}/devices/@{pci}/usb@{int}/{manufacturer,product,bcdDevice,bInterfaceNumber} r, - @{sys}/devices/system/clocksource/clocksource@{int}/current_clocksource r, - @{sys}/devices/system/cpu/** r, - @{sys}/devices/system/node/node[0-9]/cpumap r, - @{sys}/devices/system/node/online r, - @{sys}/devices/virtual/dmi/id/* r, - @{sys}/kernel/ r, - - @{PROC}/@{pids}/net/dev r, - @{PROC}/@{pids}/net/route r, - @{PROC}/sys/net/core/bpf_jit_enable r, - @{PROC}/uptime r, - @{PROC}/version r, - owner @{PROC}/@{pid}/cmdline r, - owner @{PROC}/@{pid}/fd/ r, - owner @{PROC}/@{pid}/mounts r, - owner @{PROC}/@{pid}/pagemap r, - owner @{PROC}/@{pid}/stat r, - owner @{PROC}/@{pid}/task/ r, - owner @{PROC}/@{pid}/task/@{tid}/comm rw, - owner @{PROC}/@{pid}/task/@{tid}/stat r, - - /dev/hidraw@{int} rw, - /dev/input/ r, - /dev/input/* rw, - /dev/tty rw, - /dev/uinput rw, - - deny owner @{user_share_dirs}/gvfs-metadata/{,*} r, - - include if exists -} \ No newline at end of file diff --git a/apparmor.d/profiles-s-z/steam-game-native b/apparmor.d/profiles-s-z/steam-game-native new file mode 100644 index 000000000..da72bf279 --- /dev/null +++ b/apparmor.d/profiles-s-z/steam-game-native @@ -0,0 +1,37 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2022-2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{arch} = amd64 i386 +@{runtime} = SteamLinuxRuntime_sniper +@{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation +@{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64} +@{runtime_dirs} = @{lib_dirs}/steam-runtime{,-sniper} +@{app_dirs} = @{share_dirs}/steamapps/common/ + +@{exec_path} = @{app_dirs}/*/** +profile steam-game-native @{exec_path} flags=(attach_disconnected) { + include + include + + network inet dgram, + network inet6 dgram, + network inet stream, + network inet6 stream, + network unix stream, + + signal receive peer=steam, + + @{exec_path} rmix, + + @{sh_path} rix, + + @{app_dirs}/** mr, + @{lib_dirs}/** mr, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/profiles-s-z/steam-game-proton b/apparmor.d/profiles-s-z/steam-game-proton new file mode 100644 index 000000000..7f1e29820 --- /dev/null +++ b/apparmor.d/profiles-s-z/steam-game-proton @@ -0,0 +1,107 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{arch} = amd64 i386 +@{runtime} = SteamLinuxRuntime_sniper +@{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation +@{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64} +@{runtime_dirs} = @{lib_dirs}/steam-runtime{,-sniper} +@{app_dirs} = @{share_dirs}/steamapps/common/ + +@{exec_path} = @{app_dirs}/@{runtime}/pressure-vessel/@{lib}/steam-runtime-tools-@{int}/srt-bwrap +profile steam-game-proton @{exec_path} flags=(attach_disconnected) { + include + include + include + include + + network inet dgram, + network inet6 dgram, + network inet stream, + network inet6 stream, + network unix stream, + + signal receive peer=steam, + + @{exec_path} mr, + @{bin}/bwrap mrix, + + @{bin}/getopt rix, + @{bin}/gzip rix, + @{bin}/ldconfig rix, + @{bin}/localedef rix, + @{bin}/python3.@{int} rix, + @{bin}/readlink rix, + @{bin}/steam-runtime-launcher-interface-@{int} rix, + @{bin}/steam-runtime-system-info rix, + @{bin}/steam-runtime-urlopen rix, + @{bin}/true rix, + @{bin}/chmod rix, + @{open_path} rix, + + @{lib_dirs}/** mr, + @{lib}/pressure-vessel/from-host/@{bin}/* rix, + @{lib}/pressure-vessel/from-host/@{lib}/** rix, + @{lib}/steam-runtime-tools-@{int}/@{multiarch}-* rix, + + @{app_dirs}/** mr, + @{app_dirs}/pressure-vessel/@{bin}/pressure-vessel-* rix, + @{app_dirs}/Proton*/files/@{bin}/* rix, + @{app_dirs}/Proton*/files/@{lib}/** rix, + @{app_dirs}/Proton*/proton rix, + @{app_dirs}/@{runtime}/pressure-vessel/@{bin}/steam-runtime-launcher-interface-@{int} rix, + + @{run}/host/@{bin}/ldconfig rix, + @{run}/host/@{bin}/localedef rix, + @{run}/host/@{lib}/** mr, + + @{share_dirs}/bin/d3ddriverquery64.exe mr, + @{share_dirs}/steamapps/compatdata/@{int}/pfx/** mr, + + @{user_games_dirs}/** mr, + + owner /bindfile@{rand6} rw, + + owner /var/pressure-vessel/** rw, + owner /var/cache/ldconfig/aux-cache* rw, + + owner @{app_dirs}/@{runtime}/var/tmp-@{rand6}/usr/.ref rwk, + owner @{app_dirs}/Proton*/** rwkl, + + owner @{share_dirs}/*.dll r, + owner @{share_dirs}/steamapps/compatdata/{,**} rwk, + owner @{share_dirs}/legacycompat/ r, + owner @{share_dirs}/legacycompat/** mr, + + owner @{user_share_dirs}/applications/wine/ rw, + owner @{user_share_dirs}/applications/wine/**/ rw, + + owner @{tmp}/ r, + owner @{tmp}/.wine-@{uid}/ rw, + owner @{tmp}/.wine-@{uid}/** rwk, + owner @{tmp}/glx-icds-@{rand6}/{,**} w, + owner @{tmp}/pressure-vessel-*-@{rand6}/ rw, + owner @{tmp}/pressure-vessel-*-@{rand6}/** rwlk -> @{tmp}/pressure-vessel-*-@{rand6}/**, + owner @{tmp}/vdpau-drivers-@{rand6}/{,**} w, + + owner /dev/shm/wine-@{hex6}-fsync rw, + owner /dev/shm/wine-@{hex6}@{h}-fsync rw, + + @{run}/host/fonts/{,**} r, + @{run}/host/share/{,**} r, + @{run}/host/usr/{,**} r, + owner @{run}/pressure-vessel/{,**} r, + + @{sys}/devices/system/node/node@{int}/cpumap r, + @{sys}/devices/system/node/online r, + + @{PROC}/@{pids}/net/* r, + @{PROC}/sys/net/core/bpf_jit_enable r, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/profiles-s-z/steam-gameoverlayui b/apparmor.d/profiles-s-z/steam-gameoverlayui index d41a5e644..d78751bf9 100644 --- a/apparmor.d/profiles-s-z/steam-gameoverlayui +++ b/apparmor.d/profiles-s-z/steam-gameoverlayui @@ -6,9 +6,12 @@ abi , include -@{share_dirs} = @{user_share_dirs}/Steam -@{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} -@{runtime_dirs} = @{share_dirs}/steamapps/common/SteamLinuxRuntime_sniper +@{arch} = amd64 i386 +@{runtime} = SteamLinuxRuntime_sniper +@{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation +@{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64} +@{runtime_dirs} = @{lib_dirs}/steam-runtime{,-sniper} +@{app_dirs} = @{share_dirs}/steamapps/common/ @{exec_path} = @{lib_dirs}/gameoverlayui profile steam-gameoverlayui @{exec_path} flags=(attach_disconnected) { @@ -19,15 +22,16 @@ profile steam-gameoverlayui @{exec_path} flags=(attach_disconnected) { network inet stream, network inet6 stream, - - unix (receive) type=stream, + network unix stream, @{exec_path} mr, - @{lib_dirs}/*.so* mr, - @{lib_dirs}/steam-runtime/@{lib}/**.so* mr, + @{lib_dirs}/**.so* mr, + @{runtime_dirs}/@{lib}/**.so* mr, - /usr/share/fonts/{,**} rk, # ? + @{lib_dirs}/steamerrorreporter rpx, + + /usr/share/fonts/{,**} rk, / r, /home/ r, @@ -45,15 +49,19 @@ profile steam-gameoverlayui @{exec_path} flags=(attach_disconnected) { owner @{share_dirs}/userdata/@{int}/{,**} rk, owner /dev/shm/u@{uid}-Shm_@{hex} rw, - owner /dev/shm/u@{uid}-ValveIPCSharedObj-* rwk, + owner /dev/shm/u@{uid}-ValveIPCSharedObj-Steam rwk, owner /dev/shm/ValveIPCSHM_@{uid} rw, owner @{tmp}/gameoverlayui.log* rw, + owner @{tmp}/miles_image_@{rand6} mrw, + owner @{tmp}/runtime-info.txt.@{rand6} rw, owner @{tmp}/steam_chrome_overlay_uid@{uid}_spid@{pids} rw, - owner @{tmp}/miles_image_* mrw, @{sys}/ r, @{sys}/kernel/ r, + @{sys}/devices/ r, + @{sys}/devices/system/ r, + @{sys}/devices/system/cpu/cpu@{int}/ r, @{PROC}/version r, diff --git a/apparmor.d/profiles-s-z/steam-launch b/apparmor.d/profiles-s-z/steam-launch new file mode 100644 index 000000000..1b2afd212 --- /dev/null +++ b/apparmor.d/profiles-s-z/steam-launch @@ -0,0 +1,46 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{arch} = amd64 i386 +@{runtime} = SteamLinuxRuntime_sniper +@{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation +@{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64} +@{runtime_dirs} = @{lib_dirs}/steam-runtime{,-sniper} +@{app_dirs} = @{share_dirs}/steamapps/common/ + +@{exec_path} = @{bin}/steam @{bin}/steam-runtime +profile steam-launch @{exec_path} { + include + include + + network unix stream, + + @{exec_path} mr, + + @{sh_path} rix, + @{bin}/cp rix, + @{bin}/dirname rix, + @{bin}/env rix, + @{bin}/id rix, + @{bin}/readlink rix, + + @{lib}/steam/steam rix, + @{lib}/steam/bin_steam.sh rix, + @{share_dirs}/steam.sh rPx, + + /usr/ r, + /usr/local/ r, + + owner @{share_dirs}/bootstrap.tar.xz rw, + + /dev/tty rw, + + deny /opt/** r, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/profiles-s-z/steam-launcher b/apparmor.d/profiles-s-z/steam-launcher new file mode 100644 index 000000000..9b4f09b91 --- /dev/null +++ b/apparmor.d/profiles-s-z/steam-launcher @@ -0,0 +1,29 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{arch} = amd64 i386 +@{runtime} = SteamLinuxRuntime_sniper +@{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation +@{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64} +@{runtime_dirs} = @{lib_dirs}/steam-runtime{,-sniper} +@{app_dirs} = @{share_dirs}/steamapps/common/ + +@{exec_path} = @{runtime_dirs}/@{arch}/@{bin}/steam-runtime-launcher-service +profile steam-launcher @{exec_path} flags=(attach_disconnected) { + include + + network unix stream, + + signal receive peer=steam, + + @{exec_path} mr, + + @{lib_dirs}/** mr, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/profiles-s-z/steam-reaper b/apparmor.d/profiles-s-z/steam-reaper deleted file mode 100644 index f635b1315..000000000 --- a/apparmor.d/profiles-s-z/steam-reaper +++ /dev/null @@ -1,40 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2022-2024 Alexandre Pujol -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{share_dirs} = @{user_share_dirs}/Steam -@{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} -@{runtime_dirs} = @{share_dirs}/steamapps/common/SteamLinuxRuntime_sniper - -@{exec_path} = @{lib_dirs}/reaper -profile steam-reaper @{exec_path} flags=(attach_disconnected) { - include - include - - unix (receive) type=stream, - - @{exec_path} mr, - - @{lib_dirs}/*.so* mr, - @{lib_dirs}/steam-runtime/@{lib}/**.so* mr, - @{lib_dirs}/steam-launch-wrapper rpx -> steam-game, - - @{share_dirs}/steamapps/common/*/* rpx -> steam-game, - - owner @{HOME}/.steam/steam.pipe r, - - owner @{share_dirs}/userdata/**/remotecache.vdf rw, - - owner /dev/shm/u@{uid}-Shm_@{hex} rw, - owner /dev/shm/u@{uid}-ValveIPCSharedObj-Steam rwk, - - @{sys}/devices/system/cpu/cpu@{int}/** r, - - deny owner @{user_share_dirs}/gvfs-metadata/{,*} r, - - include if exists -} \ No newline at end of file diff --git a/apparmor.d/profiles-s-z/steam-runtime b/apparmor.d/profiles-s-z/steam-runtime index 6d04630d4..6893dbe2d 100644 --- a/apparmor.d/profiles-s-z/steam-runtime +++ b/apparmor.d/profiles-s-z/steam-runtime @@ -6,38 +6,77 @@ abi , include -@{share_dirs} = @{user_share_dirs}/Steam -@{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} -@{runtime_dirs} = @{share_dirs}/steamapps/common/SteamLinuxRuntime_sniper +@{arch} = amd64 i386 +@{runtime} = SteamLinuxRuntime_sniper +@{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation +@{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64} +@{runtime_dirs} = @{lib_dirs}/steam-runtime{,-sniper} +@{app_dirs} = @{share_dirs}/steamapps/common/ -@{exec_path} = @{bin}/steam @{bin}/steam-runtime -profile steam-runtime @{exec_path} { +@{exec_path} = @{lib_dirs}/reaper +profile steam-runtime @{exec_path} flags=(attach_disconnected) { include - include + include + include + include + include + include - unix (receive) type=stream, + network unix stream, @{exec_path} mr, - @{sh_path} rix, - @{bin}/cp rix, - @{bin}/dirname rix, - @{bin}/env rix, - @{bin}/id rix, - @{bin}/readlink rix, + @{sh_path} r, + @{bin}/getopt rix, + @{bin}/readlink rix, - @{lib}/steam/steam rix, - @{lib}/steam/bin_steam.sh rix, - @{share_dirs}/steam.sh rPx, + @{lib_dirs}/** mr, + @{lib_dirs}/steam-launch-wrapper rix, - /usr/ r, - /usr/local/ r, + # Native linux games (steam-game-native) + @{app_dirs}/[^S]*/** rpx -> steam-game-native, - owner @{share_dirs}/bootstrap.tar.xz rw, + # Proton games, sandboxed (steam-game-proton) + @{app_dirs}/@{runtime}/*entry-point rmix, + @{app_dirs}/@{runtime}/pressure-vessel/@{bin}/pressure-vessel-* rix, + @{app_dirs}/@{runtime}/pressure-vessel/@{lib}/** mr, + @{app_dirs}/@{runtime}/pressure-vessel/@{lib}/steam-runtime-tools-@{int}/@{multiarch}-capsule-capture-libs rix, + @{app_dirs}/@{runtime}/pressure-vessel/@{lib}/steam-runtime-tools-@{int}/@{multiarch}-detect-platform rix, + @{app_dirs}/@{runtime}/pressure-vessel/@{lib}/steam-runtime-tools-@{int}/@{multiarch}-inspect-library rix, + @{app_dirs}/@{runtime}/pressure-vessel/@{lib}/steam-runtime-tools-@{int}/srt-bwrap rpx -> steam-game-proton, + @{app_dirs}/@{runtime}/run rix, + @{bin}/bwrap rpx -> steam-game-proton, + + / r, + @{lib}/ r, + @{lib_dirs}/ r, + + owner @{HOME}/.steam/steam.pipe r, + + owner @{app_dirs}/*/ r, + owner @{app_dirs}/@{runtime}/** r, + owner @{app_dirs}/@{runtime}/pressure-vessel/** rwk, + owner @{app_dirs}/@{runtime}/sniper_platform_*/** rwk, + owner @{app_dirs}/@{runtime}/var/** rwk, + owner link @{app_dirs}/@{runtime}/var/** -> @{app_dirs}/@{runtime}/pressure-vessel/**, + owner link @{app_dirs}/@{runtime}/var/** -> @{app_dirs}/@{runtime}/sniper_platform_*/**, + + owner @{tmp}/ r, + owner @{tmp}/#@{int} rw, + owner @{tmp}/vdpau-drivers-@{rand6}/{,**} rw, + + owner @{run}/user/@{uid}/ r, + + owner /dev/shm/u@{uid}-Shm_@{hex6} rw, + owner /dev/shm/u@{uid}-Shm_@{hex6}@{h} rw, + owner /dev/shm/u@{uid}-Shm_@{hex8} rw, + owner /dev/shm/u@{uid}-ValveIPCSharedObj-Steam rwk, + + owner @{PROC}/@{pid}/cmdline r, + owner @{PROC}/@{pid}/comm r, + owner @{PROC}/@{pid}/fd/ r, /dev/tty rw, - deny /opt/** r, - include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-s-z/steamerrorreporter b/apparmor.d/profiles-s-z/steamerrorreporter index c9e1bf630..0f765c301 100644 --- a/apparmor.d/profiles-s-z/steamerrorreporter +++ b/apparmor.d/profiles-s-z/steamerrorreporter @@ -6,12 +6,15 @@ abi , include -@{share_dirs} = @{user_share_dirs}/Steam -@{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} -@{runtime_dirs} = @{share_dirs}/steamapps/common/SteamLinuxRuntime_sniper +@{arch} = amd64 i386 +@{runtime} = SteamLinuxRuntime_sniper +@{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation +@{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64} +@{runtime_dirs} = @{lib_dirs}/steam-runtime{,-sniper} +@{app_dirs} = @{share_dirs}/steamapps/common/ -@{exec_path} = @{share_dirs}/linux{32,64}/steamerrorreporter -profile steamerrorreporter @{exec_path} { +@{exec_path} = @{lib_dirs}/steamerrorreporter +profile steamerrorreporter @{exec_path} flags=(attach_disconnected) { include include @@ -19,14 +22,14 @@ profile steamerrorreporter @{exec_path} { network inet stream, network inet6 dgram, network inet6 stream, + network unix stream, @{exec_path} mr, owner @{HOME}/.steam/steam.pipe r, - owner @{lib_dirs}/ r, - owner @{lib_dirs}/steam-runtime/pinned_libs_{32,64}/ r, - + owner @{lib_dirs}/{,**} r, + owner @{runtime_dirs}/pinned_libs_{32,64}/ r, owner @{share_dirs}/ r, owner @{tmp}/dumps/ r, diff --git a/dists/flags/main.flags b/dists/flags/main.flags index 4770b79eb..814123c81 100644 --- a/dists/flags/main.flags +++ b/dists/flags/main.flags @@ -298,11 +298,13 @@ startplasma complain startx attach_disconnected,complain steam attach_disconnected,mediate_deleted,complain steam-fossilize attach_disconnected,complain -steam-game attach_disconnected,complain +steam-game-native attach_disconnected,complain +steam-game-proton attach_disconnected,complain steam-gameoverlayui attach_disconnected,complain -steam-reaper attach_disconnected,complain -steam-runtime complain -steamerrorreporter complain +steam-launch complain +steam-launcher attach_disconnected,complain +steam-runtime attach_disconnected,complain +steamerrorreporter attach_disconnected,complain sulogin complain switcherooctl complain swtpm complain diff --git a/dists/ignore/main.ignore b/dists/ignore/main.ignore index 795fbf1c7..0e89a76c5 100644 --- a/dists/ignore/main.ignore +++ b/dists/ignore/main.ignore @@ -17,8 +17,10 @@ man plasma-discover steam steam-fossilize -steam-game +steam-game-native +steam-game-proton steam-gameoverlayui -steam-reaper +steam-launch +steam-launcher steam-runtime steamerrorreporter From ca9a8d47f83d497d31bdd561ec4b336653986e82 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Tue, 11 Jun 2024 23:16:19 +0100 Subject: [PATCH 29/70] feat(profile): add protonmail-bridge --- apparmor.d/profiles-m-r/protonmail-bridge | 82 ++++++------------ .../profiles-m-r/protonmail-bridge-core | 85 +++++++++++++++++++ 2 files changed, 109 insertions(+), 58 deletions(-) create mode 100644 apparmor.d/profiles-m-r/protonmail-bridge-core diff --git a/apparmor.d/profiles-m-r/protonmail-bridge b/apparmor.d/profiles-m-r/protonmail-bridge index 92a5eb13c..f6e8c8e4c 100644 --- a/apparmor.d/profiles-m-r/protonmail-bridge +++ b/apparmor.d/profiles-m-r/protonmail-bridge @@ -2,80 +2,46 @@ # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# Warning: only the protonmail-bridge CLI and service are supported, NOT the GUI. - abi , include -@{exec_path} = @{bin}/protonmail-bridge -profile protonmail-bridge @{exec_path} { - include - include +@{config_dirs} = @{user_config_dirs}/protonmail/bridge-v3 +@{cache_dirs} = @{user_cache_dirs}/protonmail/bridge-v3 "@{user_cache_dirs}/Proton AG/Proton Mail Bridge" +@{share_dirs} = @{user_share_dirs}/protonmail/bridge-v3 - network inet dgram, - network inet6 dgram, +@{exec_path} = @{lib}/protonmail/bridge/bridge-gui +profile protonmail-bridge @{exec_path} { + include + include + include + include + include + include + + # network inet dgram, + # network inet6 dgram, network inet stream, network inet6 stream, - network netlink raw, + # network netlink raw, @{exec_path} mr, - @{bin}/pass rCx -> pass, + @{lib}/protonmail/bridge/bridge rPx, + @{open_path} rPx -> child-open-strict, - /etc/lsb-release r, /etc/machine-id r, - owner /var/tmp/etilqs_@{hex} rw, + owner @{config_dirs}/ rw, + owner @{config_dirs}/** rwlk -> @{config_dirs}/**, - owner @{user_password_store_dirs}/docker-credential-helpers/{,**} r, - owner @{user_password_store_dirs}/protonmail-credentials/{,**} r, + owner @{cache_dirs}/ rw, + owner @{cache_dirs}/** rwlk -> @{cache_dirs}/**, - owner @{user_cache_dirs}/protonmail/{,**} rwk, - owner @{user_config_dirs}/protonmail/{,**} rwk, - owner @{user_share_dirs}/protonmail/{,**} rwk, + owner @{share_dirs}/ rw, + owner @{share_dirs}/** rwlk -> @{share_dirs}/**, - @{PROC}/sys/net/core/somaxconn r, - @{PROC}/@{pid}/cgroup r, - - # Force the use of the Gnome Keyring or Kwallet secret-service. - # Comment these lines and add the commented lines in your local/protonmail-bridge - # to allow the use of pass as secret-service. - # of pass as secret store - # deny @{bin}/pass rmx, - # deny owner @{user_password_store_dirs}/** r, - - profile pass { - include - include - - @{bin}/pass mr, - - @{sh_path} rix, - @{bin}/base64 rix, - @{bin}/dirname rix, - @{bin}/env rix, - @{bin}/getopt rix, - @{bin}/git rPx -> pass//git, - @{bin}/gpg{,2} rPx -> pass//gpg, - @{bin}/mkdir rix, - @{bin}/rm rix, - @{bin}/rmdir rix, - @{bin}/sed rix, - @{bin}/tail rix, - @{bin}/tree rix, - @{bin}/tty rix, - @{bin}/which rix, - - owner @{user_password_store_dirs}/ r, - owner @{user_password_store_dirs}/.gpg-id r, - owner @{user_password_store_dirs}/protonmail-credentials/{,**} rw, - deny owner @{user_password_store_dirs}/**/ r, - - /dev/tty rw, - - include if exists - } + owner @{PROC}/@{pid}/cmdline r, include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-m-r/protonmail-bridge-core b/apparmor.d/profiles-m-r/protonmail-bridge-core new file mode 100644 index 000000000..ef7ec136c --- /dev/null +++ b/apparmor.d/profiles-m-r/protonmail-bridge-core @@ -0,0 +1,85 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023-2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +# To force the use of the Gnome Keyring or Kwallet secret-service, add the +# following lines in your local/protonmail-bridge-core file: +# deny @{bin}/pass x, +# deny owner @{user_password_store_dirs}/** r, + +abi , + +include + +@{exec_path} = @{lib}/protonmail/bridge/bridge +profile protonmail-bridge-core @{exec_path} { + include + include + + network inet dgram, + network inet6 dgram, + network inet stream, + network inet6 stream, + network netlink raw, + + @{exec_path} mr, + + @{bin}/pass rCx -> pass, + + /etc/lsb-release r, + /etc/machine-id r, + + owner @{user_password_store_dirs}/docker-credential-helpers/{,**} r, + owner @{user_password_store_dirs}/protonmail-credentials/{,**} r, + + owner @{user_cache_dirs}/protonmail/{,**} rwk, + owner @{user_config_dirs}/protonmail/{,**} rwk, + owner @{user_share_dirs}/protonmail/{,**} rwk, + + owner "@{user_config_dirs}/autostart/Proton Mail Bridge.desktop" rw, + + owner @{tmp}/bridge@{int} rw, + owner @{tmp}/user/@{uid}/etilqs_@{hex} rw, + owner /var/tmp/etilqs_@{hex} rw, + + @{PROC}/ r, + @{PROC}/sys/net/core/somaxconn r, + @{PROC}/@{pid}/cgroup r, + + deny @{bin}/pass x, + deny owner @{user_password_store_dirs}/** r, + + profile pass { + include + include + + @{bin}/pass mr, + + @{sh_path} rix, + @{bin}/base64 rix, + @{bin}/dirname rix, + @{bin}/env rix, + @{bin}/getopt rix, + @{bin}/git rpx -> pass//git, + @{bin}/gpg{,2} rpx -> pass//gpg, + @{bin}/mkdir rix, + @{bin}/rm rix, + @{bin}/rmdir rix, + @{bin}/sed rix, + @{bin}/tail rix, + @{bin}/tree rix, + @{bin}/tty rix, + @{bin}/which rix, + + owner @{user_password_store_dirs}/ r, + owner @{user_password_store_dirs}/.gpg-id r, + owner @{user_password_store_dirs}/protonmail-credentials/{,**} rw, + deny owner @{user_password_store_dirs}/**/ r, + + /dev/tty rw, + + include if exists + } + + include if exists +} \ No newline at end of file From ff88400b22fe0ab0b2bc975716ff17e48e98c0e9 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Tue, 11 Jun 2024 23:18:07 +0100 Subject: [PATCH 30/70] feat(abs): minor cleanup. --- apparmor.d/abstractions/app/chromium | 8 ++++---- apparmor.d/abstractions/common/app | 2 +- apparmor.d/abstractions/common/chromium | 8 ++++---- apparmor.d/abstractions/common/steam-game | 1 + 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/apparmor.d/abstractions/app/chromium b/apparmor.d/abstractions/app/chromium index a3af128df..fec42ba98 100644 --- a/apparmor.d/abstractions/app/chromium +++ b/apparmor.d/abstractions/app/chromium @@ -150,10 +150,10 @@ owner @{tmp}/.@{domain}.* rw, owner @{tmp}/.@{domain}*/{,**} rw, owner @{tmp}/@{name}-crashlog-@{int}-@{int}.txt rw, - owner @{tmp}/scoped_dir*/{,**} rw, - owner @{tmp}/tmp.* rw, - owner @{tmp}/tmp.*/ rw, - owner @{tmp}/tmp.*/** rwk, + audit owner @{tmp}/scoped_dir@{rand6}/{,**} rw, + owner @{tmp}/tmp.@{rand6} rw, + owner @{tmp}/tmp.@{rand6}/ rw, + owner @{tmp}/tmp.@{rand6}/** rwk, owner @{run}/user/@{uid}/app/org.keepassxc.KeePassXC/org.keepassxc.KeePassXC.BrowserServer rw, owner @{run}/user/@{uid}/org.keepassxc.KeePassXC.BrowserServer rw, diff --git a/apparmor.d/abstractions/common/app b/apparmor.d/abstractions/common/app index f563d8039..84cd974a0 100644 --- a/apparmor.d/abstractions/common/app +++ b/apparmor.d/abstractions/common/app @@ -16,10 +16,10 @@ include include include - # include include include include + include include include include diff --git a/apparmor.d/abstractions/common/chromium b/apparmor.d/abstractions/common/chromium index 1fc1d1555..842e1f33c 100644 --- a/apparmor.d/abstractions/common/chromium +++ b/apparmor.d/abstractions/common/chromium @@ -20,19 +20,19 @@ owner @{HOME}/.pki/nssdb/{cert9,key4}.db rwk, owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw, - owner @{user_share_dirs}/.org.chromium.Chromium.* rw, + owner @{user_share_dirs}/.org.chromium.Chromium.@{rand6} rw, /tmp/ r, /var/tmp/ r, - owner @{tmp}/.org.chromium.Chromium.* rw, - owner @{tmp}/.org.chromium.Chromium.*/{,**} rw, + owner @{tmp}/.org.chromium.Chromium.@{rand6} rw, + owner @{tmp}/.org.chromium.Chromium.@{rand6}/{,**} rw, owner @{tmp}/scoped_dir*/ rw, owner @{tmp}/scoped_dir*/SingletonCookie w, owner @{tmp}/scoped_dir*/SingletonSocket w, owner @{tmp}/scoped_dir*/SS w, /dev/shm/ r, - owner /dev/shm/.org.chromium.Chromium.* rw, + owner /dev/shm/.org.chromium.Chromium.@{rand6} rw, # If kernel.unprivileged_userns_clone = 1 owner @{PROC}/@{pid}/setgroups w, diff --git a/apparmor.d/abstractions/common/steam-game b/apparmor.d/abstractions/common/steam-game index 719fcbd60..5a2cbd6db 100644 --- a/apparmor.d/abstractions/common/steam-game +++ b/apparmor.d/abstractions/common/steam-game @@ -59,6 +59,7 @@ owner /dev/shm/mono.@{int} rw, owner /dev/shm/softbuffer-x11-@{rand6}@{c} rw, + owner /dev/shm/u@{uid}-Shm_@{hex4}@{h} rw, owner /dev/shm/u@{uid}-Shm_@{hex6} rw, owner /dev/shm/u@{uid}-Shm_@{hex6}@{h} rw, owner /dev/shm/u@{uid}-Shm_@{hex8} rw, From f0cff2989d1e3363e7e704e69197c621110ed789 Mon Sep 17 00:00:00 2001 From: fira959 Date: Wed, 12 Jun 2024 12:13:34 +0200 Subject: [PATCH 31/70] Update signal-desktop --- apparmor.d/groups/apps/signal-desktop | 1 + 1 file changed, 1 insertion(+) diff --git a/apparmor.d/groups/apps/signal-desktop b/apparmor.d/groups/apps/signal-desktop index d3165a54d..6048857e9 100644 --- a/apparmor.d/groups/apps/signal-desktop +++ b/apparmor.d/groups/apps/signal-desktop @@ -43,6 +43,7 @@ profile signal-desktop @{exec_path} { @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/session-@{int}.scope/memory.high r, @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/session-@{int}.scope/memory.max r, + @{PROC}/@{pid}/fd/ r, @{PROC}/vmstat r, include if exists From 2eab87da2f82da42a6969682a3abb18f05eb9449 Mon Sep 17 00:00:00 2001 From: fira959 Date: Wed, 12 Jun 2024 12:15:34 +0200 Subject: [PATCH 32/70] Update signal-desktop-chrome-sandbox --- apparmor.d/groups/apps/signal-desktop-chrome-sandbox | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apparmor.d/groups/apps/signal-desktop-chrome-sandbox b/apparmor.d/groups/apps/signal-desktop-chrome-sandbox index 4f6bf976a..3de0c2f3f 100644 --- a/apparmor.d/groups/apps/signal-desktop-chrome-sandbox +++ b/apparmor.d/groups/apps/signal-desktop-chrome-sandbox @@ -22,6 +22,8 @@ profile signal-desktop-chrome-sandbox @{exec_path} { @{lib_dirs}/signal-desktop{,-beta} rPx, @{PROC}/@{pid}/ r, + @{PROC}/@{pid}/oom_adj w, + @{PROC}/@{pid}/oom_score_adj w, include if exists } From 56464d24bffe6b8f0d54a41c5ed6cb40e632bf10 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Wed, 12 Jun 2024 22:18:02 +0100 Subject: [PATCH 33/70] fix: xdg-desktop-portal breaks screensharing fix: #376 --- apparmor.d/abstractions/audio-client | 3 +++ apparmor.d/groups/freedesktop/xdg-desktop-portal | 4 +--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/apparmor.d/abstractions/audio-client b/apparmor.d/abstractions/audio-client index f12e7fcc4..c5734f6f8 100644 --- a/apparmor.d/abstractions/audio-client +++ b/apparmor.d/abstractions/audio-client @@ -41,6 +41,9 @@ owner @{user_config_dirs}/pulse/client.conf.d/{,*.conf} r, owner @{user_config_dirs}/pulse/cookie rwk, + owner @{user_config_dirs}/pipewire/ rw, + owner @{user_config_dirs}/pipewire/client.conf r, + owner @{user_share_dirs}/openal/hrtf/{,**} r, owner @{user_share_dirs}/sounds/__custom/index.theme r, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal b/apparmor.d/groups/freedesktop/xdg-desktop-portal index b8ee7c4ac..2fef3f62c 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal @@ -10,6 +10,7 @@ include profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) { include include + include include include include @@ -70,10 +71,8 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) { /.flatpak-info r, /usr/share/dconf/profile/gdm r, - /usr/share/pipewire/client.conf r, /usr/share/xdg-desktop-portal/** r, - /etc/pipewire/client.conf.d/ r, /etc/sysconfig/proxy r, /var/lib/gdm{,3}/greeter-dconf-defaults r, @@ -83,7 +82,6 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) { owner @{tmp}/icon* rw, owner @{run}/user/@{uid}/.flatpak/{,*/*} r, - owner @{run}/user/@{uid}/pipewire-@{int} rw, @{PROC}/ r, @{PROC}/*/ r, From a5a434f02a32f15a20640a98eca9a38d0bcfac2f Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Wed, 12 Jun 2024 22:22:26 +0100 Subject: [PATCH 34/70] fix: ensure xdg portal can read any user files. fix #375 --- apparmor.d/groups/freedesktop/xdg-document-portal | 2 +- apparmor.d/groups/freedesktop/xdg-permission-store | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/apparmor.d/groups/freedesktop/xdg-document-portal b/apparmor.d/groups/freedesktop/xdg-document-portal index 54104e51d..7884a3fd7 100644 --- a/apparmor.d/groups/freedesktop/xdg-document-portal +++ b/apparmor.d/groups/freedesktop/xdg-document-portal @@ -42,7 +42,7 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) { / r, owner /.flatpak-info r, - owner @{HOME}/*/{,**} r, + owner @{HOME}/** r, owner @{user_share_dirs}/flatpak/db/documents r, owner @{user_share_dirs}/Trash/files/** r, diff --git a/apparmor.d/groups/freedesktop/xdg-permission-store b/apparmor.d/groups/freedesktop/xdg-permission-store index 43faaaf9a..9a53b96cf 100644 --- a/apparmor.d/groups/freedesktop/xdg-permission-store +++ b/apparmor.d/groups/freedesktop/xdg-permission-store @@ -42,6 +42,7 @@ profile xdg-permission-store @{exec_path} flags=(attach_disconnected) { owner @{user_share_dirs}/flatpak/db/.goutputstream-@{rand6} rw, owner @{user_share_dirs}/flatpak/db/background rw, owner @{user_share_dirs}/flatpak/db/devices r, + owner @{user_share_dirs}/flatpak/db/documents rw, owner @{user_share_dirs}/flatpak/db/notifications rw, /dev/tty@{int} rw, From 327c1dec332aaf2f6a9ef59e2243fdf517a0956a Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Wed, 12 Jun 2024 22:24:59 +0100 Subject: [PATCH 35/70] feat(profile): add cliphist integration on wl-copy fix: #357 --- apparmor.d/profiles-s-z/wl-copy | 1 + 1 file changed, 1 insertion(+) diff --git a/apparmor.d/profiles-s-z/wl-copy b/apparmor.d/profiles-s-z/wl-copy index b961da104..bf395d80a 100644 --- a/apparmor.d/profiles-s-z/wl-copy +++ b/apparmor.d/profiles-s-z/wl-copy @@ -15,6 +15,7 @@ profile wl-copy @{exec_path} { @{bin}/cat rix, @{bin}/rm rix, + @{bin}/cliphist rPUx, @{bin}/xdg-mime rPx, owner @{tmp}/wl-copy-buffer-*/{,**} rw, From cc9e7fdde156bb11ea33bbd3b2063cd617d68ba6 Mon Sep 17 00:00:00 2001 From: valoq Date: Fri, 7 Jun 2024 10:57:21 +0200 Subject: [PATCH 36/70] add preview tools --- apparmor.d/profiles-a-f/elinks | 21 +++++++++++++++++++++ apparmor.d/profiles-a-f/ffmpegthumbnailer | 17 +++++++++++++++++ apparmor.d/profiles-g-l/img2txt | 17 +++++++++++++++++ apparmor.d/profiles-m-r/odt2txt | 17 +++++++++++++++++ apparmor.d/profiles-m-r/pdftotext | 19 +++++++++++++++++++ apparmor.d/profiles-s-z/w3m | 19 +++++++++++++++++++ 6 files changed, 110 insertions(+) create mode 100644 apparmor.d/profiles-a-f/elinks create mode 100644 apparmor.d/profiles-a-f/ffmpegthumbnailer create mode 100644 apparmor.d/profiles-g-l/img2txt create mode 100644 apparmor.d/profiles-m-r/odt2txt create mode 100644 apparmor.d/profiles-m-r/pdftotext create mode 100644 apparmor.d/profiles-s-z/w3m diff --git a/apparmor.d/profiles-a-f/elinks b/apparmor.d/profiles-a-f/elinks new file mode 100644 index 000000000..7154acb50 --- /dev/null +++ b/apparmor.d/profiles-a-f/elinks @@ -0,0 +1,21 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 valoq +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/elinks +profile elinks @{exec_path} { + include + include + include + include + + @{exec_path} mr, + + owner @{user_config_dirs}/elinks/{,**} rw, + + include if exists +} diff --git a/apparmor.d/profiles-a-f/ffmpegthumbnailer b/apparmor.d/profiles-a-f/ffmpegthumbnailer new file mode 100644 index 000000000..f1b3b181c --- /dev/null +++ b/apparmor.d/profiles-a-f/ffmpegthumbnailer @@ -0,0 +1,17 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 valoq +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/ffmpegthumbnailer +profile ffmpegthumbnailer @{exec_path} { + include + include + + @{exec_path} mr, + + include if exists +} diff --git a/apparmor.d/profiles-g-l/img2txt b/apparmor.d/profiles-g-l/img2txt new file mode 100644 index 000000000..d409f0a51 --- /dev/null +++ b/apparmor.d/profiles-g-l/img2txt @@ -0,0 +1,17 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 valoq +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/img2txt +profile img2txt @{exec_path} { + include + include + + @{exec_path} mr, + + include if exists +} diff --git a/apparmor.d/profiles-m-r/odt2txt b/apparmor.d/profiles-m-r/odt2txt new file mode 100644 index 000000000..13a29167e --- /dev/null +++ b/apparmor.d/profiles-m-r/odt2txt @@ -0,0 +1,17 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 valoq +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/odt2txt +profile odt2txt @{exec_path} { + include + include + + @{exec_path} mr, + + include if exists +} diff --git a/apparmor.d/profiles-m-r/pdftotext b/apparmor.d/profiles-m-r/pdftotext new file mode 100644 index 000000000..e0230d629 --- /dev/null +++ b/apparmor.d/profiles-m-r/pdftotext @@ -0,0 +1,19 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 valoq +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/pdftotext +profile pdftotext @{exec_path} { + include + include + + @{exec_path} mr, + + /usr/share/poppler/{,**} r, + + include if exists +} diff --git a/apparmor.d/profiles-s-z/w3m b/apparmor.d/profiles-s-z/w3m new file mode 100644 index 000000000..60f661496 --- /dev/null +++ b/apparmor.d/profiles-s-z/w3m @@ -0,0 +1,19 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 valoq +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/w3m +profile w3m @{exec_path} { + include + include + + @{exec_path} mr, + + /usr/share/terminfo/{,**} r, + + include if exists +} From 7b69b696fb8bb772defd570a1341172c2db12052 Mon Sep 17 00:00:00 2001 From: valoq Date: Fri, 7 Jun 2024 11:02:32 +0200 Subject: [PATCH 37/70] use strict abstraction --- apparmor.d/profiles-a-f/elinks | 2 +- apparmor.d/profiles-a-f/ffmpegthumbnailer | 2 +- apparmor.d/profiles-g-l/img2txt | 2 +- apparmor.d/profiles-m-r/odt2txt | 2 +- apparmor.d/profiles-m-r/pdftotext | 2 +- apparmor.d/profiles-s-z/w3m | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/apparmor.d/profiles-a-f/elinks b/apparmor.d/profiles-a-f/elinks index 7154acb50..ee9c4bd13 100644 --- a/apparmor.d/profiles-a-f/elinks +++ b/apparmor.d/profiles-a-f/elinks @@ -11,7 +11,7 @@ profile elinks @{exec_path} { include include include - include + include @{exec_path} mr, diff --git a/apparmor.d/profiles-a-f/ffmpegthumbnailer b/apparmor.d/profiles-a-f/ffmpegthumbnailer index f1b3b181c..34d37e759 100644 --- a/apparmor.d/profiles-a-f/ffmpegthumbnailer +++ b/apparmor.d/profiles-a-f/ffmpegthumbnailer @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/ffmpegthumbnailer profile ffmpegthumbnailer @{exec_path} { include - include + include @{exec_path} mr, diff --git a/apparmor.d/profiles-g-l/img2txt b/apparmor.d/profiles-g-l/img2txt index d409f0a51..1b3518777 100644 --- a/apparmor.d/profiles-g-l/img2txt +++ b/apparmor.d/profiles-g-l/img2txt @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/img2txt profile img2txt @{exec_path} { include - include + include @{exec_path} mr, diff --git a/apparmor.d/profiles-m-r/odt2txt b/apparmor.d/profiles-m-r/odt2txt index 13a29167e..9be8b8642 100644 --- a/apparmor.d/profiles-m-r/odt2txt +++ b/apparmor.d/profiles-m-r/odt2txt @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/odt2txt profile odt2txt @{exec_path} { include - include + include @{exec_path} mr, diff --git a/apparmor.d/profiles-m-r/pdftotext b/apparmor.d/profiles-m-r/pdftotext index e0230d629..9980cff64 100644 --- a/apparmor.d/profiles-m-r/pdftotext +++ b/apparmor.d/profiles-m-r/pdftotext @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/pdftotext profile pdftotext @{exec_path} { include - include + include @{exec_path} mr, diff --git a/apparmor.d/profiles-s-z/w3m b/apparmor.d/profiles-s-z/w3m index 60f661496..557f68c96 100644 --- a/apparmor.d/profiles-s-z/w3m +++ b/apparmor.d/profiles-s-z/w3m @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/w3m profile w3m @{exec_path} { include - include + include @{exec_path} mr, From 94a654e318b007135925a6661a6a52ce253dc06b Mon Sep 17 00:00:00 2001 From: valoq Date: Sat, 8 Jun 2024 12:50:56 +0200 Subject: [PATCH 38/70] fix lynx profile --- apparmor.d/profiles-g-l/lynx | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/apparmor.d/profiles-g-l/lynx b/apparmor.d/profiles-g-l/lynx index a9b3691d2..2c205f73c 100644 --- a/apparmor.d/profiles-g-l/lynx +++ b/apparmor.d/profiles-g-l/lynx @@ -13,6 +13,8 @@ profile lynx @{exec_path} { include include include + include + include network inet dgram, network inet6 dgram, @@ -20,20 +22,19 @@ profile lynx @{exec_path} { network inet6 stream, @{exec_path} mr, - - /etc/lynx/{,*} r, - + @{sh_path} rix, + + /usr/share/terminfo/{,**} r, /usr/share/doc/lynx-common/** r, - /etc/mime.types r, - - @{sh_path} rix, + /etc/lynx.cfg r, + /etc/lynx.lss r, + /etc/lynx/{,**} r, /etc/mailcap r, + /etc/mime.types r, owner @{tmp}/lynxXXXX*/ rw, owner @{tmp}/lynxXXXX*/*TMP.html{,.gz} rw, - owner @{HOME}/ r, - include if exists } From d7e09d88fd64998e86540e0fffb93bc94617e559 Mon Sep 17 00:00:00 2001 From: valoq Date: Sat, 8 Jun 2024 12:58:01 +0200 Subject: [PATCH 39/70] complete browsers --- apparmor.d/profiles-a-f/elinks | 6 ++++++ apparmor.d/profiles-s-z/w3m | 8 ++++++++ 2 files changed, 14 insertions(+) diff --git a/apparmor.d/profiles-a-f/elinks b/apparmor.d/profiles-a-f/elinks index ee9c4bd13..d926271f5 100644 --- a/apparmor.d/profiles-a-f/elinks +++ b/apparmor.d/profiles-a-f/elinks @@ -11,8 +11,14 @@ profile elinks @{exec_path} { include include include + include include + network inet dgram, + network inet6 dgram, + network inet stream, + network inet6 stream, + @{exec_path} mr, owner @{user_config_dirs}/elinks/{,**} rw, diff --git a/apparmor.d/profiles-s-z/w3m b/apparmor.d/profiles-s-z/w3m index 557f68c96..772d07f8e 100644 --- a/apparmor.d/profiles-s-z/w3m +++ b/apparmor.d/profiles-s-z/w3m @@ -9,8 +9,16 @@ include @{exec_path} = @{bin}/w3m profile w3m @{exec_path} { include + include + include + include include + network inet dgram, + network inet6 dgram, + network inet stream, + network inet6 stream, + @{exec_path} mr, /usr/share/terminfo/{,**} r, From 26e7da6641df8f4cdbb50d0a16aef1dee8631107 Mon Sep 17 00:00:00 2001 From: valoq Date: Thu, 13 Jun 2024 11:01:19 +0200 Subject: [PATCH 40/70] add config dirs --- apparmor.d/profiles-s-z/w3m | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/apparmor.d/profiles-s-z/w3m b/apparmor.d/profiles-s-z/w3m index 772d07f8e..4cc6b57e0 100644 --- a/apparmor.d/profiles-s-z/w3m +++ b/apparmor.d/profiles-s-z/w3m @@ -23,5 +23,11 @@ profile w3m @{exec_path} { /usr/share/terminfo/{,**} r, + /etc/w3m/{,**} r, + owner @{HOME}/.w3m/{,**} r, + owner @{user_config_dirs}/w3m/{,**} r, + + owner /tmp/@{rand6}/{,**} rw, + include if exists } From eefb67351f518987206b00ab49ce756a2fceb40b Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 14 Jun 2024 06:40:09 +0200 Subject: [PATCH 41/70] Add missing `user_games_dirs` and reorganise alphabetically Also adds (s) after "Default Value" to make it more clear that you can add multiple values. --- docs/variables.md | 81 ++++++++++++++++++++++++----------------------- 1 file changed, 41 insertions(+), 40 deletions(-) diff --git a/docs/variables.md b/docs/variables.md index 6ea5285c8..0ca199f62 100644 --- a/docs/variables.md +++ b/docs/variables.md @@ -6,61 +6,64 @@ title: Variables References ### User directories -| Description | Name | Default Value | +| Description | Name | Default Value(s) | |-------------|:----:|---------------| +| Books | `@{XDG_BOOKS_DIR}` | `Books` | | Desktop | `@{XDG_DESKTOP_DIR}` | `Desktop` | -| Download | `@{XDG_DOWNLOAD_DIR}` | `Downloads` | -| Templates | `@{XDG_TEMPLATES_DIR}` | `Templates` | -| Public | `@{XDG_PUBLICSHARE_DIR}` | `Public` | +| Disk images | `@{XDG_IMG_DIR}` | `images` | | Documents | `@{XDG_DOCUMENTS_DIR}` | `Documents` | +| Download | `@{XDG_DOWNLOAD_DIR}` | `Downloads` | | Music | `@{XDG_MUSIC_DIR}` | `Music` | | Pictures | `@{XDG_PICTURES_DIR}` | `Pictures` | -| Videos | `@{XDG_VIDEOS_DIR}` | `Videos` | -| Books | `@{XDG_BOOKS_DIR}` | `Books` | | Projects | `@{XDG_PROJECTS_DIR}` | `Projects` | +| Public | `@{XDG_PUBLICSHARE_DIR}` | `Public` | | Screenshots | `@{XDG_SCREENSHOTS_DIR}` | `@{XDG_PICTURES_DIR}/Screenshots` | | Sync | `@{XDG_SYNC_DIR}` | `Sync` | +| Templates | `@{XDG_TEMPLATES_DIR}` | `Templates` | | Torrents | `@{XDG_TORRENTS_DIR}` | `Torrents` | +| Videos | `@{XDG_VIDEOS_DIR}` | `Videos` | | Vm | `@{XDG_VM_DIR}` | `.vm` | Wallpapers | `@{XDG_WALLPAPERS_DIR}` | `@{XDG_PICTURES_DIR}/Wallpapers` | -| Disk images | `@{XDG_IMG_DIR}` | `images` | ### Dotfiles -| Description | Name | Default Value | +| Description | Name | Default Value(s) | |-------------|:----:|---------------| -| SSH | `@{XDG_SSH_DIR}` | `.ssh` | -| GPG | `@{XDG_GPG_DIR}` | `.gnupg` | -| Passwords | `@{XDG_PASSWORD_STORE_DIR}` | `.password-store` | +| Bin | `@{XDG_BIN_DIR}` | `.local/bin` | | Cache | ` @{XDG_CACHE_DIR}` | `.cache` | | Config | `@{XDG_CONFIG_DIR}` | `.config` | | Data | `@{XDG_DATA_DIR}` | `.local/share` | -| State | `@{XDG_STATE_DIR}` | `.local/state` | -| Bin | `@{XDG_BIN_DIR}` | `.local/bin` | +| GPG | `@{XDG_GPG_DIR}` | `.gnupg` | | Lib | `@{XDG_LIB_DIR}` | `.local/lib` | +| Passwords | `@{XDG_PASSWORD_STORE_DIR}` | `.password-store` | +| SSH | `@{XDG_SSH_DIR}` | `.ssh` | +| State | `@{XDG_STATE_DIR}` | `.local/state` | ### Full configuration path -| Description | Name | Default Value | +| Description | Name | Default Value(s) | |-------------|:----:|---------------| +| Bin | `@{user_bin_dirs}` | `@{HOME}/@{XDG_BIN_DIR}` | +| Build | `@{user_build_dirs}` | `/tmp/` | | Cache | `@{user_cache_dirs}` | `@{HOME}/@{XDG_CACHE_DIR}` | | Config | `@{user_config_dirs}` | `@{HOME}/@{XDG_CONFIG_DIR}` | +| Lib | `@{user_lib_dirs}` | `@{HOME}/@{XDG_LIB_DIR}` | +| Packages | `@{user_pkg_dirs}` | `/tmp/pkg/` | | Share | `@{user_share_dirs}` | ` @{HOME}/@{XDG_DATA_DIR}` | | State | `@{user_state_dirs}` | ` @{HOME}/@{XDG_STATE_DIR}` | -| Bin | `@{user_bin_dirs}` | `@{HOME}/@{XDG_BIN_DIR}` | -| Lib | `@{user_lib_dirs}` | `@{HOME}/@{XDG_LIB_DIR}` | -| Build | `@{user_build_dirs}` | `/tmp/` | | Tmp | `@{user_tmp_dirs}` | `@{run}/user/@{uid} /tmp/` | -| Packages | `@{user_pkg_dirs}` | `/tmp/pkg/` | ### Full user path -| Description | Name | Default Value | +| Description | Name | Default Value(s) | |-------------|:----:|---------------| | Books | `@{user_books_dirs}` | `@{HOME}/@{XDG_BOOKS_DIR} @{MOUNTS}/@{XDG_BOOKS_DIR}` | +| Disk images | `@{user_img_dirs}` | `@{HOME}/@{XDG_IMG_DIR} @{MOUNTS}/@{XDG_IMG_DIR}` | | Documents | `@{user_documents_dirs}` | `@{HOME}/@{XDG_DOCUMENTS_DIR} @{MOUNTS}/@{XDG_DOCUMENTS_DIR}` | | Download | `@{user_download_dirs}` | `@{HOME}/@{XDG_DOWNLOAD_DIR} @{MOUNTS}/@{XDG_DOWNLOAD_DIR}` | +| Games | `@{user_games_dirs}` | `@{HOME}/@{XDG_GAMES_DIR} @{MOUNTS}/@{XDG_GAMES_DIR}` | | Music | `@{user_music_dirs}` | `@{HOME}/@{XDG_MUSIC_DIR} @{MOUNTS}/@{XDG_MUSIC_DIR}` | +| Password | `@{user_password_store_dirs}` | `@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}` | | Pictures | `@{user_pictures_dirs}` | `@{HOME}/@{XDG_PICTURES_DIR} @{MOUNTS}/@{XDG_PICTURES_DIR}` | | Projects | `@{user_projects_dirs}` | `@{HOME}/@{XDG_PROJECTS_DIR} @{MOUNTS}/@{XDG_PROJECTS_DIR}` | | Public | `@{user_publicshare_dirs}` | `@{HOME}/@{XDG_PUBLICSHARE_DIR} @{MOUNTS}/@{XDG_PUBLICSHARE_DIR}` | @@ -69,8 +72,6 @@ title: Variables References | Torrents | `@{user_torrents_dirs}` | `@{HOME}/@{XDG_TORRENTS_DIR} @{MOUNTS}/@{XDG_TORRENTS_DIR}` | | Videos | `@{user_videos_dirs}` | `@{HOME}/@{XDG_VIDEOS_DIR} @{MOUNTS}/@{XDG_VIDEOS_DIR}` | | Vm | `@{user_vm_dirs}` | `@{HOME}/@{XDG_VM_DIR} @{MOUNTS}/@{XDG_VM_DIR}` -| Password | `@{user_password_store_dirs}` | `@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}` | -| Disk images | `@{user_img_dirs}` | `@{HOME}/@{XDG_IMG_DIR} @{MOUNTS}/@{XDG_IMG_DIR}` | ## System variables @@ -81,46 +82,46 @@ title: Variables References **Helper variables** -| Description | Name | Default Value | +| Description | Name | Default Value(s) | |-------------|:----:|---------------| -| Integer (up to 10 digits) | `@{int}` | `[0-9]{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}` | | Any 6, 8 or 10 characters | `@{rand6}`, `@{rand8}`, `@{rand10}` | | -| Hexadecimal | `@{h}*@{h}` | | -| Universally unique identifier | `@{uuid}` | | | Current Process id | `@{pid}` | `[0-9]*` | -| Processes ids | `@{pids}` | `[0-9]*` | -| User id | `@{uid}` | `[0-9]*` | -| Thread id | `@{tid}` | `[0-9]*` | -| Single hexadecimal character | `@{h}` | `[0-9a-fA-F]` | -| Single alphanumeric character | `@{c}` | `[0-9a-zA-Z]` | +| Hexadecimal | `@{h}*@{h}` | | +| Integer (up to 10 digits) | `@{int}` | `[0-9]{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}` | | PCI Devices | `@{pci}` | `@{pci_bus}/**/` | | PCI Bus | `@{pci_bus}` | `pci@{h}@{h}@{h}@{h}:@{h}@{h}` | | PCI Id | `@{pci_id}` | `@{h}@{h}@{h}@{h}:@{h}@{h}:@{h}@{h}.@{h}` | +| Processes ids | `@{pids}` | `[0-9]*` | +| Single hexadecimal character | `@{h}` | `[0-9a-fA-F]` | +| Single alphanumeric character | `@{c}` | `[0-9a-zA-Z]` | +| Thread id | `@{tid}` | `[0-9]*` | +| Universally unique identifier | `@{uuid}` | | +| User id | `@{uid}` | `[0-9]*` | **System Paths** -| Description | Name | Default Value | +| Description | Name | Default Value(s) | |-------------|:----:|---------------| -| Root Home | `@{HOMEDIRS}` | `/home/` | -| Home directories | `@{HOME}` | `@{HOMEDIRS}/*/ /root/` | -| Root Mountpoints | `@{MOUNTDIRS}` | `/media/ @{run}/media/ /mnt/` | -| Mountpoints directories | `@{MOUNTS}` | `@{MOUNTDIRS}/*/` | | Bin | `@{bin}` | `/{usr/,}{s,}bin` | +| Flatpack export | `@{flatpak_exports_root}` | `{flatpak/exports,flatpak/{app,runtime}/*/*/*/*/export}` | +| Home directories | `@{HOME}` | `@{HOMEDIRS}/*/ /root/` | | Lib | `@{lib}` | `/{usr/,}lib{,exec,32,64}` | -| multi-arch library | `@{multiarch}` | `*-linux-gnu*` | | Proc | `@{PROC}` | `/proc/` | +| Mountpoints directories | `@{MOUNTS}` | `@{MOUNTDIRS}/*/` | +| multi-arch library | `@{multiarch}` | `*-linux-gnu*` | +| Root Home | `@{HOMEDIRS}` | `/home/` | +| Root Mountpoints | `@{MOUNTDIRS}` | `/media/ @{run}/media/ /mnt/` | | Run | `@{run}` | `/run/ /var/run/` | | Sys | `@{sys}` | `/sys/` | -| Flatpack export | `@{flatpak_exports_root}` | `{flatpak/exports,flatpak/{app,runtime}/*/*/*/*/export}` | | System wide share | `@{system_share_dirs}` | `/{usr,usr/local,var/lib/@{flatpak_exports_root}}/share` | **Program paths** -| Description | Name | Default Value | +| Description | Name | Default Value(s) | |-------------|:----:|---------------| +| All browser paths | `@{*_path}` | See [tunables/multiarch.d/paths](https://github.com/roddhjav/apparmor.d/blob/c2d88c9bffc626fcf7d9b15b42b50706afb29562/apparmor.d/tunables/multiarch.d/paths#L11) | All the shells | `@{shells}` | `sh zsh bash dash fish rbash ksh tcsh csh` | -| Shells path | `@{shells_path}` | `@{bin}/@{shells}` | | Coreutils programs that should not have dedicated profile | `@{coreutils}` | See [tunables/multiarch.d/paths](https://github.com/roddhjav/apparmor.d/blob/c2d88c9bffc626fcf7d9b15b42b50706afb29562/apparmor.d/tunables/multiarch.d/paths#L46) | | Coreutils paths | `@{coreutils_path}` | `@{bin}/@{coreutils}` | | Launcher paths | `@{open_path}` | `@{bin}/exo-open @{bin}/xdg-open @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop @{lib}/gio-launch-desktop` -| All browser paths | `@{*_path}` | See [tunables/multiarch.d/paths](https://github.com/roddhjav/apparmor.d/blob/c2d88c9bffc626fcf7d9b15b42b50706afb29562/apparmor.d/tunables/multiarch.d/paths#L11) +| Shells path | `@{shells_path}` | `@{bin}/@{shells}` | From afbe5a95d06ab1495c9ac153e8c26a4f3db9d548 Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 14 Jun 2024 06:53:22 +0200 Subject: [PATCH 42/70] Add XDG_GAMES_DIR --- docs/variables.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/variables.md b/docs/variables.md index 0ca199f62..efbcb8e18 100644 --- a/docs/variables.md +++ b/docs/variables.md @@ -13,6 +13,7 @@ title: Variables References | Disk images | `@{XDG_IMG_DIR}` | `images` | | Documents | `@{XDG_DOCUMENTS_DIR}` | `Documents` | | Download | `@{XDG_DOWNLOAD_DIR}` | `Downloads` | +| Games | `@{XDG_GAMES_DIR}` | `.games` | | Music | `@{XDG_MUSIC_DIR}` | `Music` | | Pictures | `@{XDG_PICTURES_DIR}` | `Pictures` | | Projects | `@{XDG_PROJECTS_DIR}` | `Projects` | From aea114b1ec1c01f460f4b316a5fa00bf9e14a519 Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 14 Jun 2024 19:54:35 +0200 Subject: [PATCH 43/70] Reorganise based on type As discussed in DMs --- docs/variables.md | 88 +++++++++++++++++++++++------------------------ 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/docs/variables.md b/docs/variables.md index efbcb8e18..6045faf03 100644 --- a/docs/variables.md +++ b/docs/variables.md @@ -8,71 +8,71 @@ title: Variables References | Description | Name | Default Value(s) | |-------------|:----:|---------------| -| Books | `@{XDG_BOOKS_DIR}` | `Books` | | Desktop | `@{XDG_DESKTOP_DIR}` | `Desktop` | -| Disk images | `@{XDG_IMG_DIR}` | `images` | | Documents | `@{XDG_DOCUMENTS_DIR}` | `Documents` | -| Download | `@{XDG_DOWNLOAD_DIR}` | `Downloads` | -| Games | `@{XDG_GAMES_DIR}` | `.games` | +| Downloads | `@{XDG_DOWNLOAD_DIR}` | `Downloads` | | Music | `@{XDG_MUSIC_DIR}` | `Music` | | Pictures | `@{XDG_PICTURES_DIR}` | `Pictures` | -| Projects | `@{XDG_PROJECTS_DIR}` | `Projects` | -| Public | `@{XDG_PUBLICSHARE_DIR}` | `Public` | -| Screenshots | `@{XDG_SCREENSHOTS_DIR}` | `@{XDG_PICTURES_DIR}/Screenshots` | -| Sync | `@{XDG_SYNC_DIR}` | `Sync` | -| Templates | `@{XDG_TEMPLATES_DIR}` | `Templates` | -| Torrents | `@{XDG_TORRENTS_DIR}` | `Torrents` | | Videos | `@{XDG_VIDEOS_DIR}` | `Videos` | -| Vm | `@{XDG_VM_DIR}` | `.vm` +| Screenshots | `@{XDG_SCREENSHOTS_DIR}` | `@{XDG_PICTURES_DIR}/Screenshots` | | Wallpapers | `@{XDG_WALLPAPERS_DIR}` | `@{XDG_PICTURES_DIR}/Wallpapers` | +| Books | `@{XDG_BOOKS_DIR}` | `Books` | +| Games | `@{XDG_GAMES_DIR}` | `.games` | +| Templates | `@{XDG_TEMPLATES_DIR}` | `Templates` | +| Public | `@{XDG_PUBLICSHARE_DIR}` | `Public` | +| Projects | `@{XDG_PROJECTS_DIR}` | `Projects` | +| Sync | `@{XDG_SYNC_DIR}` | `Sync` | +| Torrents | `@{XDG_TORRENTS_DIR}` | `Torrents` | +| Vm | `@{XDG_VM_DIR}` | `.vm` +| Disk images | `@{XDG_IMG_DIR}` | `images` | ### Dotfiles | Description | Name | Default Value(s) | |-------------|:----:|---------------| -| Bin | `@{XDG_BIN_DIR}` | `.local/bin` | | Cache | ` @{XDG_CACHE_DIR}` | `.cache` | | Config | `@{XDG_CONFIG_DIR}` | `.config` | | Data | `@{XDG_DATA_DIR}` | `.local/share` | -| GPG | `@{XDG_GPG_DIR}` | `.gnupg` | -| Lib | `@{XDG_LIB_DIR}` | `.local/lib` | -| Passwords | `@{XDG_PASSWORD_STORE_DIR}` | `.password-store` | -| SSH | `@{XDG_SSH_DIR}` | `.ssh` | | State | `@{XDG_STATE_DIR}` | `.local/state` | +| Bin | `@{XDG_BIN_DIR}` | `.local/bin` | +| Lib | `@{XDG_LIB_DIR}` | `.local/lib` | +| GPG | `@{XDG_GPG_DIR}` | `.gnupg` | +| SSH | `@{XDG_SSH_DIR}` | `.ssh` | +| Passwords | `@{XDG_PASSWORD_STORE_DIR}` | `.password-store` | ### Full configuration path | Description | Name | Default Value(s) | |-------------|:----:|---------------| -| Bin | `@{user_bin_dirs}` | `@{HOME}/@{XDG_BIN_DIR}` | -| Build | `@{user_build_dirs}` | `/tmp/` | | Cache | `@{user_cache_dirs}` | `@{HOME}/@{XDG_CACHE_DIR}` | | Config | `@{user_config_dirs}` | `@{HOME}/@{XDG_CONFIG_DIR}` | +| Bin | `@{user_bin_dirs}` | `@{HOME}/@{XDG_BIN_DIR}` | | Lib | `@{user_lib_dirs}` | `@{HOME}/@{XDG_LIB_DIR}` | -| Packages | `@{user_pkg_dirs}` | `/tmp/pkg/` | | Share | `@{user_share_dirs}` | ` @{HOME}/@{XDG_DATA_DIR}` | | State | `@{user_state_dirs}` | ` @{HOME}/@{XDG_STATE_DIR}` | +| Build | `@{user_build_dirs}` | `/tmp/` | +| Packages | `@{user_pkg_dirs}` | `/tmp/pkg/` | | Tmp | `@{user_tmp_dirs}` | `@{run}/user/@{uid} /tmp/` | ### Full user path | Description | Name | Default Value(s) | |-------------|:----:|---------------| -| Books | `@{user_books_dirs}` | `@{HOME}/@{XDG_BOOKS_DIR} @{MOUNTS}/@{XDG_BOOKS_DIR}` | -| Disk images | `@{user_img_dirs}` | `@{HOME}/@{XDG_IMG_DIR} @{MOUNTS}/@{XDG_IMG_DIR}` | | Documents | `@{user_documents_dirs}` | `@{HOME}/@{XDG_DOCUMENTS_DIR} @{MOUNTS}/@{XDG_DOCUMENTS_DIR}` | -| Download | `@{user_download_dirs}` | `@{HOME}/@{XDG_DOWNLOAD_DIR} @{MOUNTS}/@{XDG_DOWNLOAD_DIR}` | -| Games | `@{user_games_dirs}` | `@{HOME}/@{XDG_GAMES_DIR} @{MOUNTS}/@{XDG_GAMES_DIR}` | +| Downloads | `@{user_download_dirs}` | `@{HOME}/@{XDG_DOWNLOAD_DIR} @{MOUNTS}/@{XDG_DOWNLOAD_DIR}` | | Music | `@{user_music_dirs}` | `@{HOME}/@{XDG_MUSIC_DIR} @{MOUNTS}/@{XDG_MUSIC_DIR}` | -| Password | `@{user_password_store_dirs}` | `@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}` | | Pictures | `@{user_pictures_dirs}` | `@{HOME}/@{XDG_PICTURES_DIR} @{MOUNTS}/@{XDG_PICTURES_DIR}` | +| Videos | `@{user_videos_dirs}` | `@{HOME}/@{XDG_VIDEOS_DIR} @{MOUNTS}/@{XDG_VIDEOS_DIR}` | +| Books | `@{user_books_dirs}` | `@{HOME}/@{XDG_BOOKS_DIR} @{MOUNTS}/@{XDG_BOOKS_DIR}` | +| Games | `@{user_games_dirs}` | `@{HOME}/@{XDG_GAMES_DIR} @{MOUNTS}/@{XDG_GAMES_DIR}` | +| Passwords | `@{user_password_store_dirs}` | `@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}` | | Projects | `@{user_projects_dirs}` | `@{HOME}/@{XDG_PROJECTS_DIR} @{MOUNTS}/@{XDG_PROJECTS_DIR}` | | Public | `@{user_publicshare_dirs}` | `@{HOME}/@{XDG_PUBLICSHARE_DIR} @{MOUNTS}/@{XDG_PUBLICSHARE_DIR}` | -| Sync | `@{user_sync_dirs}` | `@{HOME}/@{XDG_SYNC_DIR} @{MOUNTS}/*/@{XDG_SYNC_DIR}` | | Templates | `@{user_templates_dirs}` | `@{HOME}/@{XDG_TEMPLATES_DIR} @{MOUNTS}/@{XDG_TEMPLATES_DIR}` | | Torrents | `@{user_torrents_dirs}` | `@{HOME}/@{XDG_TORRENTS_DIR} @{MOUNTS}/@{XDG_TORRENTS_DIR}` | -| Videos | `@{user_videos_dirs}` | `@{HOME}/@{XDG_VIDEOS_DIR} @{MOUNTS}/@{XDG_VIDEOS_DIR}` | +| Sync | `@{user_sync_dirs}` | `@{HOME}/@{XDG_SYNC_DIR} @{MOUNTS}/*/@{XDG_SYNC_DIR}` | | Vm | `@{user_vm_dirs}` | `@{HOME}/@{XDG_VM_DIR} @{MOUNTS}/@{XDG_VM_DIR}` +| Disk images | `@{user_img_dirs}` | `@{HOME}/@{XDG_IMG_DIR} @{MOUNTS}/@{XDG_IMG_DIR}` | ## System variables @@ -85,44 +85,44 @@ title: Variables References | Description | Name | Default Value(s) | |-------------|:----:|---------------| -| Any 6, 8 or 10 characters | `@{rand6}`, `@{rand8}`, `@{rand10}` | | -| Current Process id | `@{pid}` | `[0-9]*` | -| Hexadecimal | `@{h}*@{h}` | | | Integer (up to 10 digits) | `@{int}` | `[0-9]{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}{[0-9],}` | +| Any 6, 8 or 10 characters | `@{rand6}`, `@{rand8}`, `@{rand10}` | | +| Hexadecimal | `@{h}*@{h}` | | +| Universally unique identifier | `@{uuid}` | | +| Current Process id | `@{pid}` | `[0-9]*` | +| Processes ids | `@{pids}` | `[0-9]*` | +| User id | `@{uid}` | `[0-9]*` | +| Thread id | `@{tid}` | `[0-9]*` | +| Single hexadecimal character | `@{h}` | `[0-9a-fA-F]` | +| Single alphanumeric character | `@{c}` | `[0-9a-zA-Z]` | | PCI Devices | `@{pci}` | `@{pci_bus}/**/` | | PCI Bus | `@{pci_bus}` | `pci@{h}@{h}@{h}@{h}:@{h}@{h}` | | PCI Id | `@{pci_id}` | `@{h}@{h}@{h}@{h}:@{h}@{h}:@{h}@{h}.@{h}` | -| Processes ids | `@{pids}` | `[0-9]*` | -| Single hexadecimal character | `@{h}` | `[0-9a-fA-F]` | -| Single alphanumeric character | `@{c}` | `[0-9a-zA-Z]` | -| Thread id | `@{tid}` | `[0-9]*` | -| Universally unique identifier | `@{uuid}` | | -| User id | `@{uid}` | `[0-9]*` | **System Paths** | Description | Name | Default Value(s) | |-------------|:----:|---------------| -| Bin | `@{bin}` | `/{usr/,}{s,}bin` | -| Flatpack export | `@{flatpak_exports_root}` | `{flatpak/exports,flatpak/{app,runtime}/*/*/*/*/export}` | -| Home directories | `@{HOME}` | `@{HOMEDIRS}/*/ /root/` | -| Lib | `@{lib}` | `/{usr/,}lib{,exec,32,64}` | -| Proc | `@{PROC}` | `/proc/` | -| Mountpoints directories | `@{MOUNTS}` | `@{MOUNTDIRS}/*/` | -| multi-arch library | `@{multiarch}` | `*-linux-gnu*` | | Root Home | `@{HOMEDIRS}` | `/home/` | +| Home directories | `@{HOME}` | `@{HOMEDIRS}/*/ /root/` | | Root Mountpoints | `@{MOUNTDIRS}` | `/media/ @{run}/media/ /mnt/` | +| Mountpoints directories | `@{MOUNTS}` | `@{MOUNTDIRS}/*/` | +| Bin | `@{bin}` | `/{usr/,}{s,}bin` | +| Lib | `@{lib}` | `/{usr/,}lib{,exec,32,64}` | +| multi-arch library | `@{multiarch}` | `*-linux-gnu*` | +| Proc | `@{PROC}` | `/proc/` | | Run | `@{run}` | `/run/ /var/run/` | | Sys | `@{sys}` | `/sys/` | | System wide share | `@{system_share_dirs}` | `/{usr,usr/local,var/lib/@{flatpak_exports_root}}/share` | +| Flatpak export | `@{flatpak_exports_root}` | `{flatpak/exports,flatpak/{app,runtime}/*/*/*/*/export}` | **Program paths** | Description | Name | Default Value(s) | |-------------|:----:|---------------| -| All browser paths | `@{*_path}` | See [tunables/multiarch.d/paths](https://github.com/roddhjav/apparmor.d/blob/c2d88c9bffc626fcf7d9b15b42b50706afb29562/apparmor.d/tunables/multiarch.d/paths#L11) | All the shells | `@{shells}` | `sh zsh bash dash fish rbash ksh tcsh csh` | +| Shells path | `@{shells_path}` | `@{bin}/@{shells}` | | Coreutils programs that should not have dedicated profile | `@{coreutils}` | See [tunables/multiarch.d/paths](https://github.com/roddhjav/apparmor.d/blob/c2d88c9bffc626fcf7d9b15b42b50706afb29562/apparmor.d/tunables/multiarch.d/paths#L46) | | Coreutils paths | `@{coreutils_path}` | `@{bin}/@{coreutils}` | | Launcher paths | `@{open_path}` | `@{bin}/exo-open @{bin}/xdg-open @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop @{lib}/gio-launch-desktop` -| Shells path | `@{shells_path}` | `@{bin}/@{shells}` | +| All browser paths | `@{*_path}` | See [tunables/multiarch.d/paths](https://github.com/roddhjav/apparmor.d/blob/c2d88c9bffc626fcf7d9b15b42b50706afb29562/apparmor.d/tunables/multiarch.d/paths#L11) From 117e63d88fc2b782111c8b98885a26869bc1be93 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Fri, 14 Jun 2024 20:50:17 +0100 Subject: [PATCH 44/70] fix: ensure filter directive get cleaned on build. --- apparmor.d/abstractions/authentication.d/complete | 1 + pkg/prebuild/directive/core.go | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/apparmor.d/abstractions/authentication.d/complete b/apparmor.d/abstractions/authentication.d/complete index 57ffc77f2..a6a4e3757 100644 --- a/apparmor.d/abstractions/authentication.d/complete +++ b/apparmor.d/abstractions/authentication.d/complete @@ -11,3 +11,4 @@ @{lib}/security-misc/pam_faillock_not_if_x rPx, @{lib}/security-misc/pam-abort-on-locked-password rPx, @{lib}/security-misc/pam-info rPx, + diff --git a/pkg/prebuild/directive/core.go b/pkg/prebuild/directive/core.go index 53176b01d..d14dd4861 100644 --- a/pkg/prebuild/directive/core.go +++ b/pkg/prebuild/directive/core.go @@ -65,7 +65,7 @@ func NewOption(file *paths.Path, match []string) *Option { // Useful to remove directive text applied on some condition only func (o *Option) Clean(profile string) string { reg := regexp.MustCompile(`\s*` + Keyword + o.Name + ` .*$`) - return reg.ReplaceAllString(profile, "") + return strings.Replace(profile, o.Raw, reg.ReplaceAllString(o.Raw, ""), 1) } func RegisterDirective(d Directive) { From 33c78ea4cfeec3b63bfe2cc3b4472769263926d4 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Fri, 14 Jun 2024 21:02:34 +0100 Subject: [PATCH 45/70] build(opensure): ensure docker build has apparmor-profiles. --- dists/docker.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dists/docker.sh b/dists/docker.sh index 19a8737ae..500918c5f 100644 --- a/dists/docker.sh +++ b/dists/docker.sh @@ -100,7 +100,7 @@ build_in_docker_rpm() { docker pull "$BASEIMAGE/$dist" docker run -tid --name "$img" --volume "$VOLUME:$BUILDIR" \ "$BASEIMAGE/$dist" - docker exec "$img" sudo zypper install -y distribution-release golang-packaging rsync + docker exec "$img" sudo zypper install -y distribution-release golang-packaging rsync apparmor-profiles fi docker exec --workdir="$BUILDIR/$PKGNAME" "$img" bash dists/build.sh rpm From d8dcdb0d3c2e6e46b16c09dc0584025ec44fdd31 Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 14 Jun 2024 20:40:45 +0200 Subject: [PATCH 46/70] Add missing variables to docs --- docs/variables.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/docs/variables.md b/docs/variables.md index 6045faf03..a70358263 100644 --- a/docs/variables.md +++ b/docs/variables.md @@ -21,9 +21,13 @@ title: Variables References | Templates | `@{XDG_TEMPLATES_DIR}` | `Templates` | | Public | `@{XDG_PUBLICSHARE_DIR}` | `Public` | | Projects | `@{XDG_PROJECTS_DIR}` | `Projects` | +| Private | `@{XDG_PRIVATE_DIR}` | `.{p,P}rivate {p,P}rivate` | +| Work | `@{XDG_WORK_DIR}` | `Work` | +| Mail | `@{XDG_MAIL_DIR}` | `Mail .{m,M}ail` | | Sync | `@{XDG_SYNC_DIR}` | `Sync` | | Torrents | `@{XDG_TORRENTS_DIR}` | `Torrents` | | Vm | `@{XDG_VM_DIR}` | `.vm` +| Vm Shares | `@{XDG_VM_SHARES_DIR}` | `VM_Shares` | Disk images | `@{XDG_IMG_DIR}` | `images` | ### Dotfiles @@ -38,7 +42,9 @@ title: Variables References | Lib | `@{XDG_LIB_DIR}` | `.local/lib` | | GPG | `@{XDG_GPG_DIR}` | `.gnupg` | | SSH | `@{XDG_SSH_DIR}` | `.ssh` | +| Private | `@{XDG_PRIVATE_DIR}` | `.{p,P}rivate {p,P}rivate` | | Passwords | `@{XDG_PASSWORD_STORE_DIR}` | `.password-store` | +| Mail | `@{XDG_MAIL_DIR}` | `Mail .{m,M}ail` | ### Full configuration path @@ -65,14 +71,18 @@ title: Variables References | Videos | `@{user_videos_dirs}` | `@{HOME}/@{XDG_VIDEOS_DIR} @{MOUNTS}/@{XDG_VIDEOS_DIR}` | | Books | `@{user_books_dirs}` | `@{HOME}/@{XDG_BOOKS_DIR} @{MOUNTS}/@{XDG_BOOKS_DIR}` | | Games | `@{user_games_dirs}` | `@{HOME}/@{XDG_GAMES_DIR} @{MOUNTS}/@{XDG_GAMES_DIR}` | +| Private | `@{user_private_dirs}` | `@{HOME}/@{XDG_PRIVATE_DIR} @{MOUNTS}/@{XDG_PRIVATE_DIR}` | | Passwords | `@{user_password_store_dirs}` | `@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}` | +| Work | `@{user_work_dirs}` | `@{HOME}/@{XDG_WORK_DIR} @{MOUNTS}/@{XDG_WORK_DIR}` | +| Mail | `@{user_mail_dirs}` | `@{HOME}/@{XDG_MAIL_DIR} @{MOUNTS}/@{XDG_MAIL_DIR}` | | Projects | `@{user_projects_dirs}` | `@{HOME}/@{XDG_PROJECTS_DIR} @{MOUNTS}/@{XDG_PROJECTS_DIR}` | | Public | `@{user_publicshare_dirs}` | `@{HOME}/@{XDG_PUBLICSHARE_DIR} @{MOUNTS}/@{XDG_PUBLICSHARE_DIR}` | | Templates | `@{user_templates_dirs}` | `@{HOME}/@{XDG_TEMPLATES_DIR} @{MOUNTS}/@{XDG_TEMPLATES_DIR}` | | Torrents | `@{user_torrents_dirs}` | `@{HOME}/@{XDG_TORRENTS_DIR} @{MOUNTS}/@{XDG_TORRENTS_DIR}` | | Sync | `@{user_sync_dirs}` | `@{HOME}/@{XDG_SYNC_DIR} @{MOUNTS}/*/@{XDG_SYNC_DIR}` | | Vm | `@{user_vm_dirs}` | `@{HOME}/@{XDG_VM_DIR} @{MOUNTS}/@{XDG_VM_DIR}` -| Disk images | `@{user_img_dirs}` | `@{HOME}/@{XDG_IMG_DIR} @{MOUNTS}/@{XDG_IMG_DIR}` | +| Vm Shares | `@{user_vm_shares}` | `@{HOME}/@{XDG_VM_DIR} @{MOUNTS}/@{XDG_VM_DIR}` +| Disk images | `@{user_img_dirs}` | `@{HOME}/@{XDG_VM_SHARES_DIR} @{MOUNTS}/@{XDG_VM_SHARES_DIR}` | ## System variables From 7b6ef48d7945d310fca95e7eab20d22767b306fb Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 14 Jun 2024 20:41:02 +0200 Subject: [PATCH 47/70] Reorganise xdg-user-dirs.d tunables --- apparmor.d/tunables/xdg-user-dirs.d/apparmor.d | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d b/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d index 7476a1678..2c1fedea0 100644 --- a/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d +++ b/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d @@ -18,9 +18,9 @@ @{user_download_dirs}=@{HOME}/@{XDG_DOWNLOAD_DIR} @{MOUNTS}/@{XDG_DOWNLOAD_DIR} @{user_music_dirs}=@{HOME}/@{XDG_MUSIC_DIR} @{MOUNTS}/@{XDG_MUSIC_DIR} @{user_pictures_dirs}=@{HOME}/@{XDG_PICTURES_DIR} @{MOUNTS}/@{XDG_PICTURES_DIR} +@{user_videos_dirs}=@{HOME}/@{XDG_VIDEOS_DIR} @{MOUNTS}/@{XDG_VIDEOS_DIR} @{user_publicshare_dirs}=@{HOME}/@{XDG_PUBLICSHARE_DIR} @{MOUNTS}/@{XDG_PUBLICSHARE_DIR} @{user_templates_dirs}=@{HOME}/@{XDG_TEMPLATES_DIR} @{MOUNTS}/@{XDG_TEMPLATES_DIR} -@{user_videos_dirs}=@{HOME}/@{XDG_VIDEOS_DIR} @{MOUNTS}/@{XDG_VIDEOS_DIR} @{user_vm_shares}=@{HOME}/@{XDG_VM_SHARES_DIR} @{MOUNTS}/@{XDG_VM_SHARES_DIR} include if exists From 307f2d6ad009e59725e97b80aa4eb5b0afa55542 Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 14 Jun 2024 20:41:22 +0200 Subject: [PATCH 48/70] Reorganise home.d tunables --- apparmor.d/tunables/home.d/apparmor.d | 28 +++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/apparmor.d/tunables/home.d/apparmor.d b/apparmor.d/tunables/home.d/apparmor.d index 5b8204163..f79e3ab15 100644 --- a/apparmor.d/tunables/home.d/apparmor.d +++ b/apparmor.d/tunables/home.d/apparmor.d @@ -12,22 +12,22 @@ # First part, second part in /etc/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d # Extra user personal directories -@{XDG_BOOKS_DIR}="Books" -@{XDG_PROJECTS_DIR}="Projects" -@{XDG_WORK_DIR}="Work" -@{XDG_SYNC_DIR}="Sync" -@{XDG_TORRENTS_DIR}="Torrents" -@{XDG_GAMES_DIR}=".games" -@{XDG_VM_DIR}=".vm" -@{XDG_VM_SHARES_DIR}="VM_Shares" @{XDG_IMG_DIR}="images" -@{XDG_MAIL_DIR}="Mail" ".{m,M}ail" @{XDG_SCREENSHOTS_DIR}="Pictures/Screenshots" @{XDG_WALLPAPERS_DIR}="Pictures/Wallpapers" +@{XDG_BOOKS_DIR}="Books" +@{XDG_GAMES_DIR}=".games" +@{XDG_PROJECTS_DIR}="Projects" +@{XDG_WORK_DIR}="Work" +@{XDG_MAIL_DIR}="Mail" ".{m,M}ail" +@{XDG_SYNC_DIR}="Sync" +@{XDG_TORRENTS_DIR}="Torrents" +@{XDG_VM_DIR}=".vm" +@{XDG_VM_SHARES_DIR}="VM_Shares" # User personal keyrings -@{XDG_SSH_DIR}=".ssh" @{XDG_GPG_DIR}=".gnupg" +@{XDG_SSH_DIR}=".ssh" @{XDG_PASSWORD_STORE_DIR}=".password-store" # User personal private directories @@ -44,9 +44,9 @@ # Full path of the user configuration directories @{user_cache_dirs}=@{HOME}/@{XDG_CACHE_DIR} @{user_config_dirs}=@{HOME}/@{XDG_CONFIG_DIR} -@{user_state_dirs}=@{HOME}/@{XDG_STATE_DIR} @{user_bin_dirs}=@{HOME}/@{XDG_BIN_DIR} @{user_lib_dirs}=@{HOME}/@{XDG_LIB_DIR} +@{user_state_dirs}=@{HOME}/@{XDG_STATE_DIR} # User build directories and output @{user_build_dirs}="/tmp/build/" @@ -57,11 +57,11 @@ # Other user directories @{user_books_dirs}=@{HOME}/@{XDG_BOOKS_DIR} @{MOUNTS}/@{XDG_BOOKS_DIR} @{user_games_dirs}=@{HOME}/@{XDG_GAMES_DIR} @{MOUNTS}/@{XDG_GAMES_DIR} +@{user_private_dirs}=@{HOME}/@{XDG_PRIVATE_DIR} @{MOUNTS}/@{XDG_PRIVATE_DIR} +@{user_password_store_dirs}=@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR} +@{user_work_dirs}=@{HOME}/@{XDG_WORK_DIR} @{MOUNTS}/@{XDG_WORK_DIR} @{user_mail_dirs}=@{HOME}/@{XDG_MAIL_DIR} @{MOUNTS}/@{XDG_MAIL_DIR} @{user_projects_dirs}=@{HOME}/@{XDG_PROJECTS_DIR} @{MOUNTS}/@{XDG_PROJECTS_DIR} @{user_sync_dirs}=@{HOME}/@{XDG_SYNC_DIR} @{MOUNTS}/*/@{XDG_SYNC_DIR} @{user_torrents_dirs}=@{HOME}/@{XDG_TORRENTS_DIR} @{MOUNTS}/@{XDG_TORRENTS_DIR} @{user_vm_dirs}=@{HOME}/@{XDG_VM_DIR} @{MOUNTS}/@{XDG_VM_DIR} -@{user_work_dirs}=@{HOME}/@{XDG_WORK_DIR} @{MOUNTS}/@{XDG_WORK_DIR} -@{user_password_store_dirs}=@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR} -@{user_private_dirs}=@{HOME}/@{XDG_PRIVATE_DIR} @{MOUNTS}/@{XDG_PRIVATE_DIR} From 02ea3b9ee6037e8f13bdde368da1f8b4d30a3d8e Mon Sep 17 00:00:00 2001 From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com> Date: Fri, 14 Jun 2024 20:48:34 +0200 Subject: [PATCH 49/70] Move disk images --- apparmor.d/tunables/home.d/apparmor.d | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apparmor.d/tunables/home.d/apparmor.d b/apparmor.d/tunables/home.d/apparmor.d index f79e3ab15..52b30897e 100644 --- a/apparmor.d/tunables/home.d/apparmor.d +++ b/apparmor.d/tunables/home.d/apparmor.d @@ -12,7 +12,6 @@ # First part, second part in /etc/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d # Extra user personal directories -@{XDG_IMG_DIR}="images" @{XDG_SCREENSHOTS_DIR}="Pictures/Screenshots" @{XDG_WALLPAPERS_DIR}="Pictures/Wallpapers" @{XDG_BOOKS_DIR}="Books" @@ -24,6 +23,7 @@ @{XDG_TORRENTS_DIR}="Torrents" @{XDG_VM_DIR}=".vm" @{XDG_VM_SHARES_DIR}="VM_Shares" +@{XDG_IMG_DIR}="images" # User personal keyrings @{XDG_GPG_DIR}=".gnupg" From 6c64ef95c62dba017eb6ceeda5e4d5c12079f3b7 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Fri, 14 Jun 2024 21:08:33 +0100 Subject: [PATCH 50/70] fix: ensure xdg-desktop-portal have access to download files. fix #386 --- apparmor.d/groups/freedesktop/xdg-desktop-portal | 1 + apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal b/apparmor.d/groups/freedesktop/xdg-desktop-portal index 2fef3f62c..f7801cb62 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal @@ -20,6 +20,7 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) { include include include + include capability sys_ptrace, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome index 9ca2e9b59..91eb77602 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome @@ -22,7 +22,7 @@ profile xdg-desktop-portal-gnome @{exec_path} flags=(attach_disconnected) { include include include - include + include network unix stream, From 6c1cdf4d582bebc6f3de365f1b528d832b3e27e6 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Fri, 14 Jun 2024 21:10:02 +0100 Subject: [PATCH 51/70] fix: ensure btop can send signal fix #385 --- apparmor.d/abstractions/base.d/complete | 1 + 1 file changed, 1 insertion(+) diff --git a/apparmor.d/abstractions/base.d/complete b/apparmor.d/abstractions/base.d/complete index cc4b1a1e7..e758d050b 100644 --- a/apparmor.d/abstractions/base.d/complete +++ b/apparmor.d/abstractions/base.d/complete @@ -4,6 +4,7 @@ # SPDX-License-Identifier: GPL-2.0-only # Allow to receive some signals from new well-known profiles + signal (receive) peer=btop, signal (receive) peer=htop, signal (receive) peer=sudo, signal (receive) peer=top, From 40a30dc310ce31b92f9c393cc52b02192218e3b6 Mon Sep 17 00:00:00 2001 From: REmerald <55359236+REmerald@users.noreply.github.com> Date: Sat, 15 Jun 2024 17:20:22 +0300 Subject: [PATCH 52/70] fix(profiles-m-r): move vim modeline Move vim syntax comment to the end of the file, separated by newline, as requested in #380. --- apparmor.d/profiles-m-r/macchanger | 3 ++- apparmor.d/profiles-m-r/man | 3 ++- apparmor.d/profiles-m-r/mandb | 3 ++- apparmor.d/profiles-m-r/mate-notification-daemon | 5 +++-- apparmor.d/profiles-m-r/mdevctl | 5 +++-- apparmor.d/profiles-m-r/mediainfo | 3 ++- apparmor.d/profiles-m-r/mediainfo-gui | 3 ++- apparmor.d/profiles-m-r/megasync | 3 ++- apparmor.d/profiles-m-r/memtester | 3 ++- apparmor.d/profiles-m-r/merkaartor | 3 ++- apparmor.d/profiles-m-r/metadata-cleaner | 5 +++-- apparmor.d/profiles-m-r/mimetype | 3 ++- apparmor.d/profiles-m-r/minitube | 3 ++- apparmor.d/profiles-m-r/mission-control | 3 ++- apparmor.d/profiles-m-r/mke2fs | 3 ++- apparmor.d/profiles-m-r/mkfs-btrfs | 3 ++- apparmor.d/profiles-m-r/mkfs-fat | 3 ++- apparmor.d/profiles-m-r/mkinitramfs | 3 ++- apparmor.d/profiles-m-r/mkntfs | 3 ++- apparmor.d/profiles-m-r/mkswap | 3 ++- apparmor.d/profiles-m-r/mkvmerge | 3 ++- apparmor.d/profiles-m-r/mkvtoolnix-gui | 3 ++- apparmor.d/profiles-m-r/mlocate | 3 ++- apparmor.d/profiles-m-r/modprobed-db | 5 +++-- apparmor.d/profiles-m-r/molly-guard | 5 +++-- apparmor.d/profiles-m-r/monitorix | 3 ++- apparmor.d/profiles-m-r/mono-sgen | 3 ++- apparmor.d/profiles-m-r/mount | 3 ++- apparmor.d/profiles-m-r/mount-cifs | 3 ++- apparmor.d/profiles-m-r/mount-nfs | 3 ++- apparmor.d/profiles-m-r/mount-zfs | 3 ++- apparmor.d/profiles-m-r/mpd | 3 ++- apparmor.d/profiles-m-r/mpsyt | 3 ++- apparmor.d/profiles-m-r/mpv | 3 ++- apparmor.d/profiles-m-r/mtools | 3 ++- apparmor.d/profiles-m-r/mtr | 3 ++- apparmor.d/profiles-m-r/mtr-packet | 3 ++- apparmor.d/profiles-m-r/mullvad-setup | 5 +++-- apparmor.d/profiles-m-r/multipath | 5 +++-- apparmor.d/profiles-m-r/multipathd | 5 +++-- apparmor.d/profiles-m-r/mumble | 3 ++- apparmor.d/profiles-m-r/mumble-overlay | 3 ++- apparmor.d/profiles-m-r/murmurd | 3 ++- apparmor.d/profiles-m-r/mutt | 3 ++- apparmor.d/profiles-m-r/needrestart | 3 ++- apparmor.d/profiles-m-r/needrestart-apt-pinvoke | 5 +++-- apparmor.d/profiles-m-r/needrestart-dpkg-status | 5 +++-- apparmor.d/profiles-m-r/needrestart-iucode-scan-versions | 3 ++- apparmor.d/profiles-m-r/nemo | 3 ++- apparmor.d/profiles-m-r/netcap | 3 ++- apparmor.d/profiles-m-r/nethogs | 3 ++- apparmor.d/profiles-m-r/netstat | 3 ++- apparmor.d/profiles-m-r/newgidmap | 5 +++-- apparmor.d/profiles-m-r/newgrp | 3 ++- apparmor.d/profiles-m-r/newuidmap | 5 +++-- apparmor.d/profiles-m-r/nfsdcld | 5 +++-- apparmor.d/profiles-m-r/nft | 3 ++- apparmor.d/profiles-m-r/nmap | 3 ++- apparmor.d/profiles-m-r/nologin | 5 +++-- apparmor.d/profiles-m-r/nslookup | 3 ++- apparmor.d/profiles-m-r/ntfs-3g | 3 ++- apparmor.d/profiles-m-r/ntfs-3g-probe | 3 ++- apparmor.d/profiles-m-r/ntfscat | 3 ++- apparmor.d/profiles-m-r/ntfsclone | 3 ++- apparmor.d/profiles-m-r/ntfscluster | 3 ++- apparmor.d/profiles-m-r/ntfscmp | 3 ++- apparmor.d/profiles-m-r/ntfscp | 3 ++- apparmor.d/profiles-m-r/ntfsdecrypt | 3 ++- apparmor.d/profiles-m-r/ntfsfallocate | 3 ++- apparmor.d/profiles-m-r/ntfsfix | 3 ++- apparmor.d/profiles-m-r/ntfsinfo | 3 ++- apparmor.d/profiles-m-r/ntfslabel | 3 ++- apparmor.d/profiles-m-r/ntfsls | 3 ++- apparmor.d/profiles-m-r/ntfsmove | 3 ++- apparmor.d/profiles-m-r/ntfsrecover | 3 ++- apparmor.d/profiles-m-r/ntfsresize | 3 ++- apparmor.d/profiles-m-r/ntfssecaudit | 3 ++- apparmor.d/profiles-m-r/ntfstruncate | 3 ++- apparmor.d/profiles-m-r/ntfsundelete | 3 ++- apparmor.d/profiles-m-r/ntfsusermap | 3 ++- apparmor.d/profiles-m-r/ntfswipe | 3 ++- apparmor.d/profiles-m-r/nullmailer-send | 5 +++-- apparmor.d/profiles-m-r/numlockx | 3 ++- apparmor.d/profiles-m-r/nvidia-detector | 3 ++- apparmor.d/profiles-m-r/nvidia-persistenced | 3 ++- apparmor.d/profiles-m-r/nvidia-settings | 5 +++-- apparmor.d/profiles-m-r/nvtop | 5 +++-- apparmor.d/profiles-m-r/obamenu | 3 ++- apparmor.d/profiles-m-r/obconf | 3 ++- apparmor.d/profiles-m-r/obex-folder-listing | 3 ++- apparmor.d/profiles-m-r/obexautofs | 3 ++- apparmor.d/profiles-m-r/obexctl | 3 ++- apparmor.d/profiles-m-r/obexd | 3 ++- apparmor.d/profiles-m-r/obexfs | 3 ++- apparmor.d/profiles-m-r/obexpush-atd | 3 ++- apparmor.d/profiles-m-r/obexpushd | 3 ++- apparmor.d/profiles-m-r/obxprop | 3 ++- apparmor.d/profiles-m-r/on-ac-power | 3 ++- apparmor.d/profiles-m-r/onefetch | 5 +++-- apparmor.d/profiles-m-r/openbox | 3 ++- apparmor.d/profiles-m-r/openbox-session | 3 ++- apparmor.d/profiles-m-r/orage | 3 ++- apparmor.d/profiles-m-r/os-prober | 3 ++- apparmor.d/profiles-m-r/packagekitd | 3 ++- apparmor.d/profiles-m-r/pacmd | 3 ++- apparmor.d/profiles-m-r/pactl | 3 ++- apparmor.d/profiles-m-r/pagesize | 3 ++- apparmor.d/profiles-m-r/pam-auth-update | 3 ++- apparmor.d/profiles-m-r/pam-tmpdir-helper | 5 +++-- apparmor.d/profiles-m-r/pam/mappings | 3 ++- apparmor.d/profiles-m-r/parted | 3 ++- apparmor.d/profiles-m-r/partprobe | 3 ++- apparmor.d/profiles-m-r/pass | 3 ++- apparmor.d/profiles-m-r/pass-import | 3 ++- apparmor.d/profiles-m-r/passimd | 5 +++-- apparmor.d/profiles-m-r/passwd | 3 ++- apparmor.d/profiles-m-r/pavucontrol | 3 ++- apparmor.d/profiles-m-r/pcb-gtk | 3 ++- apparmor.d/profiles-m-r/pcscd | 3 ++- apparmor.d/profiles-m-r/picom | 3 ++- apparmor.d/profiles-m-r/pidof | 5 +++-- apparmor.d/profiles-m-r/pinentry | 5 +++-- apparmor.d/profiles-m-r/pinentry-curses | 5 +++-- apparmor.d/profiles-m-r/pinentry-gnome3 | 5 +++-- apparmor.d/profiles-m-r/pinentry-gtk-2 | 3 ++- apparmor.d/profiles-m-r/pinentry-kwallet | 3 ++- apparmor.d/profiles-m-r/pinentry-qt | 3 ++- apparmor.d/profiles-m-r/pkcs11-register | 3 ++- apparmor.d/profiles-m-r/pkexec | 3 ++- apparmor.d/profiles-m-r/pkttyagent | 3 ++- apparmor.d/profiles-m-r/plank | 3 ++- apparmor.d/profiles-m-r/plocate | 3 ++- apparmor.d/profiles-m-r/plocate-build | 3 ++- apparmor.d/profiles-m-r/popularity-contest | 3 ++- apparmor.d/profiles-m-r/power-profiles-daemon | 5 +++-- apparmor.d/profiles-m-r/protonmail-bridge | 5 +++-- apparmor.d/profiles-m-r/ps | 3 ++- apparmor.d/profiles-m-r/ps-mem | 3 ++- apparmor.d/profiles-m-r/pscap | 3 ++- apparmor.d/profiles-m-r/psi | 3 ++- apparmor.d/profiles-m-r/psi-plus | 3 ++- apparmor.d/profiles-m-r/pstree | 3 ++- apparmor.d/profiles-m-r/pulseeffects | 3 ++- apparmor.d/profiles-m-r/pwck | 3 ++- apparmor.d/profiles-m-r/qbittorrent | 3 ++- apparmor.d/profiles-m-r/qbittorrent-nox | 3 ++- apparmor.d/profiles-m-r/qemu-ga | 5 +++-- apparmor.d/profiles-m-r/qnapi | 3 ++- apparmor.d/profiles-m-r/qpdfview | 3 ++- apparmor.d/profiles-m-r/qt5ct | 3 ++- apparmor.d/profiles-m-r/qtchooser | 3 ++- apparmor.d/profiles-m-r/qtox | 3 ++- apparmor.d/profiles-m-r/quiterss | 3 ++- apparmor.d/profiles-m-r/rdmsr | 3 ++- apparmor.d/profiles-m-r/remmina | 3 ++- apparmor.d/profiles-m-r/repo | 3 ++- apparmor.d/profiles-m-r/reprepro | 3 ++- apparmor.d/profiles-m-r/resize2fs | 3 ++- apparmor.d/profiles-m-r/resolvconf | 3 ++- apparmor.d/profiles-m-r/rfkill | 3 ++- apparmor.d/profiles-m-r/rngd | 3 ++- apparmor.d/profiles-m-r/rpi-imager | 3 ++- apparmor.d/profiles-m-r/rredtool | 3 ++- apparmor.d/profiles-m-r/rsyslogd | 3 ++- apparmor.d/profiles-m-r/rtkit-daemon | 3 ++- apparmor.d/profiles-m-r/rtkitctl | 3 ++- apparmor.d/profiles-m-r/run-parts | 3 ++- apparmor.d/profiles-m-r/runuser | 3 ++- apparmor.d/profiles-m-r/rustdesk | 3 ++- apparmor.d/profiles-m-r/rustdesk-utils | 3 ++- 170 files changed, 367 insertions(+), 197 deletions(-) diff --git a/apparmor.d/profiles-m-r/macchanger b/apparmor.d/profiles-m-r/macchanger index 456e7faf2..8f4efc921 100644 --- a/apparmor.d/profiles-m-r/macchanger +++ b/apparmor.d/profiles-m-r/macchanger @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -27,3 +26,5 @@ profile macchanger @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/man b/apparmor.d/profiles-m-r/man index 721bb28f4..aa0195853 100644 --- a/apparmor.d/profiles-m-r/man +++ b/apparmor.d/profiles-m-r/man @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -114,3 +113,5 @@ profile man_filter { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mandb b/apparmor.d/profiles-m-r/mandb index 8ed3f6a61..beeba50e8 100644 --- a/apparmor.d/profiles-m-r/mandb +++ b/apparmor.d/profiles-m-r/mandb @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -37,3 +36,5 @@ profile mandb @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mate-notification-daemon b/apparmor.d/profiles-m-r/mate-notification-daemon index e40102814..871434151 100644 --- a/apparmor.d/profiles-m-r/mate-notification-daemon +++ b/apparmor.d/profiles-m-r/mate-notification-daemon @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,4 +15,6 @@ profile mate-notification-daemon @{exec_path} { @{exec_path} mr, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mdevctl b/apparmor.d/profiles-m-r/mdevctl index eefbd4f64..a2631c768 100644 --- a/apparmor.d/profiles-m-r/mdevctl +++ b/apparmor.d/profiles-m-r/mdevctl @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -22,4 +21,6 @@ profile mdevctl @{exec_path} { @{PROC}/@{pids}/maps r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mediainfo b/apparmor.d/profiles-m-r/mediainfo index aa740e696..bb7c2d59b 100644 --- a/apparmor.d/profiles-m-r/mediainfo +++ b/apparmor.d/profiles-m-r/mediainfo @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -17,3 +16,5 @@ profile mediainfo @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mediainfo-gui b/apparmor.d/profiles-m-r/mediainfo-gui index 79230046e..4648d4ddf 100644 --- a/apparmor.d/profiles-m-r/mediainfo-gui +++ b/apparmor.d/profiles-m-r/mediainfo-gui @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -46,3 +45,5 @@ profile mediainfo-gui @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/megasync b/apparmor.d/profiles-m-r/megasync index 3f7712847..236041778 100644 --- a/apparmor.d/profiles-m-r/megasync +++ b/apparmor.d/profiles-m-r/megasync @@ -2,7 +2,6 @@ # Copyright (C) 2015-2020 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -61,3 +60,5 @@ profile megasync @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/memtester b/apparmor.d/profiles-m-r/memtester index 1ce609815..506892f0e 100644 --- a/apparmor.d/profiles-m-r/memtester +++ b/apparmor.d/profiles-m-r/memtester @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,3 +15,5 @@ profile memtester @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/merkaartor b/apparmor.d/profiles-m-r/merkaartor index b9613ec2d..739d18e2f 100644 --- a/apparmor.d/profiles-m-r/merkaartor +++ b/apparmor.d/profiles-m-r/merkaartor @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -58,3 +57,5 @@ profile merkaartor @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/metadata-cleaner b/apparmor.d/profiles-m-r/metadata-cleaner index f9d4adb05..142ccb78a 100644 --- a/apparmor.d/profiles-m-r/metadata-cleaner +++ b/apparmor.d/profiles-m-r/metadata-cleaner @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -61,4 +60,6 @@ profile metadata-cleaner @{exec_path} flags=(attach_disconnected) { } include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mimetype b/apparmor.d/profiles-m-r/mimetype index a22f19c6a..da56703c3 100644 --- a/apparmor.d/profiles-m-r/mimetype +++ b/apparmor.d/profiles-m-r/mimetype @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -31,3 +30,5 @@ profile mimetype @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/minitube b/apparmor.d/profiles-m-r/minitube index 0e6379cf0..4d4d26655 100644 --- a/apparmor.d/profiles-m-r/minitube +++ b/apparmor.d/profiles-m-r/minitube @@ -2,7 +2,6 @@ # Copyright (C) 2015-2020 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -97,3 +96,5 @@ profile minitube @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mission-control b/apparmor.d/profiles-m-r/mission-control index dc5c1c0db..267fb9d1a 100644 --- a/apparmor.d/profiles-m-r/mission-control +++ b/apparmor.d/profiles-m-r/mission-control @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -29,3 +28,5 @@ profile mission-control @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mke2fs b/apparmor.d/profiles-m-r/mke2fs index 92805e83a..038de3c73 100644 --- a/apparmor.d/profiles-m-r/mke2fs +++ b/apparmor.d/profiles-m-r/mke2fs @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -40,3 +39,5 @@ profile mke2fs @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mkfs-btrfs b/apparmor.d/profiles-m-r/mkfs-btrfs index 9e85623e6..237fc8006 100644 --- a/apparmor.d/profiles-m-r/mkfs-btrfs +++ b/apparmor.d/profiles-m-r/mkfs-btrfs @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -29,3 +28,5 @@ profile mkfs-btrfs @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mkfs-fat b/apparmor.d/profiles-m-r/mkfs-fat index bdc5c4a78..d7f7a1cc9 100644 --- a/apparmor.d/profiles-m-r/mkfs-fat +++ b/apparmor.d/profiles-m-r/mkfs-fat @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,3 +22,5 @@ profile mkfs-fat @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mkinitramfs b/apparmor.d/profiles-m-r/mkinitramfs index 9ceb83627..7f31b0762 100644 --- a/apparmor.d/profiles-m-r/mkinitramfs +++ b/apparmor.d/profiles-m-r/mkinitramfs @@ -3,7 +3,6 @@ # Copyright (C) 2022-2024 Alexandre Pujol # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -182,3 +181,5 @@ profile mkinitramfs @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mkntfs b/apparmor.d/profiles-m-r/mkntfs index 01bb1dbaf..ccfa5f4ed 100644 --- a/apparmor.d/profiles-m-r/mkntfs +++ b/apparmor.d/profiles-m-r/mkntfs @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile mkntfs @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mkswap b/apparmor.d/profiles-m-r/mkswap index 74d2f54ac..4c732c2c6 100644 --- a/apparmor.d/profiles-m-r/mkswap +++ b/apparmor.d/profiles-m-r/mkswap @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -25,3 +24,5 @@ profile mkswap @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mkvmerge b/apparmor.d/profiles-m-r/mkvmerge index 7973a192f..22251b87e 100644 --- a/apparmor.d/profiles-m-r/mkvmerge +++ b/apparmor.d/profiles-m-r/mkvmerge @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -28,3 +27,5 @@ profile mkvmerge @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mkvtoolnix-gui b/apparmor.d/profiles-m-r/mkvtoolnix-gui index 8bdcd7e15..595a24666 100644 --- a/apparmor.d/profiles-m-r/mkvtoolnix-gui +++ b/apparmor.d/profiles-m-r/mkvtoolnix-gui @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -67,3 +66,5 @@ profile mkvtoolnix-gui @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mlocate b/apparmor.d/profiles-m-r/mlocate index 21c82bedb..08fdee129 100644 --- a/apparmor.d/profiles-m-r/mlocate +++ b/apparmor.d/profiles-m-r/mlocate @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -22,3 +21,5 @@ profile mlocate @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/modprobed-db b/apparmor.d/profiles-m-r/modprobed-db index 89b7800d8..29125f192 100644 --- a/apparmor.d/profiles-m-r/modprobed-db +++ b/apparmor.d/profiles-m-r/modprobed-db @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -43,4 +42,6 @@ profile modprobed-db @{exec_path} { /dev/tty rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/molly-guard b/apparmor.d/profiles-m-r/molly-guard index c50aa8469..d75a5092b 100644 --- a/apparmor.d/profiles-m-r/molly-guard +++ b/apparmor.d/profiles-m-r/molly-guard @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -42,4 +41,6 @@ profile molly-guard @{exec_path} { } include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/monitorix b/apparmor.d/profiles-m-r/monitorix index 827ff6d01..cb220a7b6 100644 --- a/apparmor.d/profiles-m-r/monitorix +++ b/apparmor.d/profiles-m-r/monitorix @@ -2,7 +2,6 @@ # Copyright (C) 2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -106,3 +105,5 @@ profile monitorix @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mono-sgen b/apparmor.d/profiles-m-r/mono-sgen index d676f9911..e010a83d7 100644 --- a/apparmor.d/profiles-m-r/mono-sgen +++ b/apparmor.d/profiles-m-r/mono-sgen @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -45,3 +44,5 @@ profile mono-sgen @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mount b/apparmor.d/profiles-m-r/mount index 19c2b036a..f122b8f27 100644 --- a/apparmor.d/profiles-m-r/mount +++ b/apparmor.d/profiles-m-r/mount @@ -3,7 +3,6 @@ # Copyright (C) 2022-2024 Alexandre Pujol # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -70,3 +69,5 @@ profile mount @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mount-cifs b/apparmor.d/profiles-m-r/mount-cifs index 5b3e2c0a4..bbadcc7e0 100644 --- a/apparmor.d/profiles-m-r/mount-cifs +++ b/apparmor.d/profiles-m-r/mount-cifs @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -47,3 +46,5 @@ profile mount-cifs @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mount-nfs b/apparmor.d/profiles-m-r/mount-nfs index 7a647d730..698f350ce 100644 --- a/apparmor.d/profiles-m-r/mount-nfs +++ b/apparmor.d/profiles-m-r/mount-nfs @@ -2,7 +2,6 @@ # Copyright (C) 2019-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -71,3 +70,5 @@ profile mount-nfs @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mount-zfs b/apparmor.d/profiles-m-r/mount-zfs index bb723ad8a..bc47f0a30 100644 --- a/apparmor.d/profiles-m-r/mount-zfs +++ b/apparmor.d/profiles-m-r/mount-zfs @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -45,3 +44,5 @@ profile mount-zfs @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mpd b/apparmor.d/profiles-m-r/mpd index 5779253fe..14a6c4acf 100644 --- a/apparmor.d/profiles-m-r/mpd +++ b/apparmor.d/profiles-m-r/mpd @@ -3,7 +3,6 @@ # Copyright (C) 2023-2024 Alexandre Pujol # Copyright (C) 2023 Jose Maldonado # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -48,3 +47,5 @@ profile mpd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mpsyt b/apparmor.d/profiles-m-r/mpsyt index 18c086cf2..46f239fce 100644 --- a/apparmor.d/profiles-m-r/mpsyt +++ b/apparmor.d/profiles-m-r/mpsyt @@ -2,7 +2,6 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -59,3 +58,5 @@ profile mpsyt @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mpv b/apparmor.d/profiles-m-r/mpv index 506ad9f9d..1629176dd 100644 --- a/apparmor.d/profiles-m-r/mpv +++ b/apparmor.d/profiles-m-r/mpv @@ -2,7 +2,6 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -108,3 +107,5 @@ profile mpv @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mtools b/apparmor.d/profiles-m-r/mtools index 667ec5460..75c95fffd 100644 --- a/apparmor.d/profiles-m-r/mtools +++ b/apparmor.d/profiles-m-r/mtools @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -32,3 +31,5 @@ profile mtools @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mtr b/apparmor.d/profiles-m-r/mtr index cf50a1d8b..5b341d8f5 100644 --- a/apparmor.d/profiles-m-r/mtr +++ b/apparmor.d/profiles-m-r/mtr @@ -2,7 +2,6 @@ # Copyright (C) 2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -29,3 +28,5 @@ profile mtr @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mtr-packet b/apparmor.d/profiles-m-r/mtr-packet index 0e637ebc5..4bf15b7d5 100644 --- a/apparmor.d/profiles-m-r/mtr-packet +++ b/apparmor.d/profiles-m-r/mtr-packet @@ -2,7 +2,6 @@ # Copyright (C) 2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -27,3 +26,5 @@ profile mtr-packet @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mullvad-setup b/apparmor.d/profiles-m-r/mullvad-setup index 3ff624060..db29113ce 100644 --- a/apparmor.d/profiles-m-r/mullvad-setup +++ b/apparmor.d/profiles-m-r/mullvad-setup @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -20,4 +19,6 @@ profile mullvad-setup @{exec_path} { deny network inet6 stream, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/multipath b/apparmor.d/profiles-m-r/multipath index 9d1593383..918e5a0c2 100644 --- a/apparmor.d/profiles-m-r/multipath +++ b/apparmor.d/profiles-m-r/multipath @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -33,4 +32,6 @@ profile multipath @{exec_path} flags=(attach_disconnected) { @{PROC}/sys/fs/nr_open r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/multipathd b/apparmor.d/profiles-m-r/multipathd index d1917f385..510fb3417 100644 --- a/apparmor.d/profiles-m-r/multipathd +++ b/apparmor.d/profiles-m-r/multipathd @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -43,4 +42,6 @@ profile multipathd @{exec_path} { /dev/mapper/control rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mumble b/apparmor.d/profiles-m-r/mumble index 61869179e..879d2b9bf 100644 --- a/apparmor.d/profiles-m-r/mumble +++ b/apparmor.d/profiles-m-r/mumble @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -65,3 +64,5 @@ profile mumble @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mumble-overlay b/apparmor.d/profiles-m-r/mumble-overlay index b4c82b995..61b287329 100644 --- a/apparmor.d/profiles-m-r/mumble-overlay +++ b/apparmor.d/profiles-m-r/mumble-overlay @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -25,3 +24,5 @@ profile mumble-overlay @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/murmurd b/apparmor.d/profiles-m-r/murmurd index eb23ececf..aca74e562 100644 --- a/apparmor.d/profiles-m-r/murmurd +++ b/apparmor.d/profiles-m-r/murmurd @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include @@ -44,3 +43,5 @@ profile murmurd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/mutt b/apparmor.d/profiles-m-r/mutt index 9e5725121..1ed63e68e 100644 --- a/apparmor.d/profiles-m-r/mutt +++ b/apparmor.d/profiles-m-r/mutt @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023 Zane Zakraisek # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -158,3 +157,5 @@ profile mutt @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/needrestart b/apparmor.d/profiles-m-r/needrestart index 4d28d7e7f..e3222d2ff 100644 --- a/apparmor.d/profiles-m-r/needrestart +++ b/apparmor.d/profiles-m-r/needrestart @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -84,3 +83,5 @@ profile needrestart @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/needrestart-apt-pinvoke b/apparmor.d/profiles-m-r/needrestart-apt-pinvoke index eb11993e4..805f69678 100644 --- a/apparmor.d/profiles-m-r/needrestart-apt-pinvoke +++ b/apparmor.d/profiles-m-r/needrestart-apt-pinvoke @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -24,4 +23,6 @@ profile needrestart-apt-pinvoke @{exec_path} { @{run}/needrestart/{,**} rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/needrestart-dpkg-status b/apparmor.d/profiles-m-r/needrestart-dpkg-status index b8326e8b3..fff97e67c 100644 --- a/apparmor.d/profiles-m-r/needrestart-dpkg-status +++ b/apparmor.d/profiles-m-r/needrestart-dpkg-status @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,4 +22,6 @@ profile needrestart-dpkg-status @{exec_path} { @{run}/needrestart/{,**} rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions b/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions index 4d6441a30..37dd180c3 100644 --- a/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions +++ b/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -36,3 +35,5 @@ profile needrestart-iucode-scan-versions @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/nemo b/apparmor.d/profiles-m-r/nemo index 56a0a1cff..f28d053cd 100644 --- a/apparmor.d/profiles-m-r/nemo +++ b/apparmor.d/profiles-m-r/nemo @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -27,3 +26,5 @@ profile nemo @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/netcap b/apparmor.d/profiles-m-r/netcap index ddcb1d368..d1e5a2852 100644 --- a/apparmor.d/profiles-m-r/netcap +++ b/apparmor.d/profiles-m-r/netcap @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -33,3 +32,5 @@ profile netcap @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/nethogs b/apparmor.d/profiles-m-r/nethogs index 51e8b2afa..e39e64621 100644 --- a/apparmor.d/profiles-m-r/nethogs +++ b/apparmor.d/profiles-m-r/nethogs @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -32,3 +31,5 @@ profile nethogs @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/netstat b/apparmor.d/profiles-m-r/netstat index e6e0fceb1..039109ea2 100644 --- a/apparmor.d/profiles-m-r/netstat +++ b/apparmor.d/profiles-m-r/netstat @@ -4,7 +4,6 @@ # Copyright (C) 2018-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -48,3 +47,5 @@ profile netstat @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/newgidmap b/apparmor.d/profiles-m-r/newgidmap index dc0115e0b..9398350e1 100644 --- a/apparmor.d/profiles-m-r/newgidmap +++ b/apparmor.d/profiles-m-r/newgidmap @@ -2,7 +2,6 @@ # Copyright (C) 2021-2024 Alexandre Pujol # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -27,4 +26,6 @@ profile newgidmap @{exec_path} { @{PROC}/@{pids}/gid_map w, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/newgrp b/apparmor.d/profiles-m-r/newgrp index 5485ae247..1878b9b5e 100644 --- a/apparmor.d/profiles-m-r/newgrp +++ b/apparmor.d/profiles-m-r/newgrp @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -32,3 +31,5 @@ profile newgrp @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/newuidmap b/apparmor.d/profiles-m-r/newuidmap index 8363b82f8..eeba22557 100644 --- a/apparmor.d/profiles-m-r/newuidmap +++ b/apparmor.d/profiles-m-r/newuidmap @@ -2,7 +2,6 @@ # Copyright (C) 2021-2024 Alexandre Pujol # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -27,4 +26,6 @@ profile newuidmap @{exec_path} { @{PROC}/@{pids}/uid_map w, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/nfsdcld b/apparmor.d/profiles-m-r/nfsdcld index 4f56bb407..a02e226c6 100644 --- a/apparmor.d/profiles-m-r/nfsdcld +++ b/apparmor.d/profiles-m-r/nfsdcld @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,4 +22,6 @@ profile nfsdcld @{exec_path} { /var/lib/nfs/rpc_pipefs/nfsd/* rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/nft b/apparmor.d/profiles-m-r/nft index e1e36c08e..50ee826cf 100644 --- a/apparmor.d/profiles-m-r/nft +++ b/apparmor.d/profiles-m-r/nft @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -31,3 +30,5 @@ profile nft @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/nmap b/apparmor.d/profiles-m-r/nmap index 788207b91..0eb1eceba 100644 --- a/apparmor.d/profiles-m-r/nmap +++ b/apparmor.d/profiles-m-r/nmap @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -48,3 +47,5 @@ profile nmap @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/nologin b/apparmor.d/profiles-m-r/nologin index 104bf31db..fad964b64 100644 --- a/apparmor.d/profiles-m-r/nologin +++ b/apparmor.d/profiles-m-r/nologin @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -18,4 +17,6 @@ profile nologin @{exec_path} { owner @{PROC}/@{pid}/loginuid r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/nslookup b/apparmor.d/profiles-m-r/nslookup index 8ec30d881..9ee225d9d 100644 --- a/apparmor.d/profiles-m-r/nslookup +++ b/apparmor.d/profiles-m-r/nslookup @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -24,3 +23,5 @@ profile nslookup @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfs-3g b/apparmor.d/profiles-m-r/ntfs-3g index 9ef58b7fe..e5ae871b6 100644 --- a/apparmor.d/profiles-m-r/ntfs-3g +++ b/apparmor.d/profiles-m-r/ntfs-3g @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -56,3 +55,5 @@ profile ntfs-3g @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfs-3g-probe b/apparmor.d/profiles-m-r/ntfs-3g-probe index 387e50a55..ef870e0f0 100644 --- a/apparmor.d/profiles-m-r/ntfs-3g-probe +++ b/apparmor.d/profiles-m-r/ntfs-3g-probe @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -19,3 +18,5 @@ profile ntfs-3g-probe @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfscat b/apparmor.d/profiles-m-r/ntfscat index cbed4f2ee..069a597e9 100644 --- a/apparmor.d/profiles-m-r/ntfscat +++ b/apparmor.d/profiles-m-r/ntfscat @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile ntfscat @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfsclone b/apparmor.d/profiles-m-r/ntfsclone index 620077c1e..06fe65684 100644 --- a/apparmor.d/profiles-m-r/ntfsclone +++ b/apparmor.d/profiles-m-r/ntfsclone @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -27,3 +26,5 @@ profile ntfsclone @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfscluster b/apparmor.d/profiles-m-r/ntfscluster index 114ee7009..62aff85c8 100644 --- a/apparmor.d/profiles-m-r/ntfscluster +++ b/apparmor.d/profiles-m-r/ntfscluster @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile ntfscluster @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfscmp b/apparmor.d/profiles-m-r/ntfscmp index ddb9610ae..c5ecddc5f 100644 --- a/apparmor.d/profiles-m-r/ntfscmp +++ b/apparmor.d/profiles-m-r/ntfscmp @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile ntfscmp @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfscp b/apparmor.d/profiles-m-r/ntfscp index 7ad2d73e2..3beeb2b7a 100644 --- a/apparmor.d/profiles-m-r/ntfscp +++ b/apparmor.d/profiles-m-r/ntfscp @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -28,3 +27,5 @@ profile ntfscp @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfsdecrypt b/apparmor.d/profiles-m-r/ntfsdecrypt index a717cd021..e7ffe3188 100644 --- a/apparmor.d/profiles-m-r/ntfsdecrypt +++ b/apparmor.d/profiles-m-r/ntfsdecrypt @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,3 +22,5 @@ profile ntfsdecrypt @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfsfallocate b/apparmor.d/profiles-m-r/ntfsfallocate index f7faaba76..670092820 100644 --- a/apparmor.d/profiles-m-r/ntfsfallocate +++ b/apparmor.d/profiles-m-r/ntfsfallocate @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile ntfsfallocate @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfsfix b/apparmor.d/profiles-m-r/ntfsfix index b80e8d689..179b3b7a9 100644 --- a/apparmor.d/profiles-m-r/ntfsfix +++ b/apparmor.d/profiles-m-r/ntfsfix @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile ntfsfix @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfsinfo b/apparmor.d/profiles-m-r/ntfsinfo index 968755f11..3156e7004 100644 --- a/apparmor.d/profiles-m-r/ntfsinfo +++ b/apparmor.d/profiles-m-r/ntfsinfo @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile ntfsinfo @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfslabel b/apparmor.d/profiles-m-r/ntfslabel index b84dd812a..6eee15ef8 100644 --- a/apparmor.d/profiles-m-r/ntfslabel +++ b/apparmor.d/profiles-m-r/ntfslabel @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile ntfslabel @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfsls b/apparmor.d/profiles-m-r/ntfsls index bb1dda661..56c2c28de 100644 --- a/apparmor.d/profiles-m-r/ntfsls +++ b/apparmor.d/profiles-m-r/ntfsls @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile ntfsls @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfsmove b/apparmor.d/profiles-m-r/ntfsmove index 57263169b..876113c98 100644 --- a/apparmor.d/profiles-m-r/ntfsmove +++ b/apparmor.d/profiles-m-r/ntfsmove @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile ntfsmove @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfsrecover b/apparmor.d/profiles-m-r/ntfsrecover index 331011d97..43de112c1 100644 --- a/apparmor.d/profiles-m-r/ntfsrecover +++ b/apparmor.d/profiles-m-r/ntfsrecover @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile ntfsrecover @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfsresize b/apparmor.d/profiles-m-r/ntfsresize index ddaee0504..e0e8f58d2 100644 --- a/apparmor.d/profiles-m-r/ntfsresize +++ b/apparmor.d/profiles-m-r/ntfsresize @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile ntfsresize @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfssecaudit b/apparmor.d/profiles-m-r/ntfssecaudit index 333636143..ee38f60a0 100644 --- a/apparmor.d/profiles-m-r/ntfssecaudit +++ b/apparmor.d/profiles-m-r/ntfssecaudit @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -22,3 +21,5 @@ profile ntfssecaudit @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfstruncate b/apparmor.d/profiles-m-r/ntfstruncate index 3df08ba14..c9dec413a 100644 --- a/apparmor.d/profiles-m-r/ntfstruncate +++ b/apparmor.d/profiles-m-r/ntfstruncate @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile ntfstruncate @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfsundelete b/apparmor.d/profiles-m-r/ntfsundelete index 0f9625a83..a01876961 100644 --- a/apparmor.d/profiles-m-r/ntfsundelete +++ b/apparmor.d/profiles-m-r/ntfsundelete @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -25,3 +24,5 @@ profile ntfsundelete @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfsusermap b/apparmor.d/profiles-m-r/ntfsusermap index e125ae7ec..acc6e8bbc 100644 --- a/apparmor.d/profiles-m-r/ntfsusermap +++ b/apparmor.d/profiles-m-r/ntfsusermap @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -26,3 +25,5 @@ profile ntfsusermap @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ntfswipe b/apparmor.d/profiles-m-r/ntfswipe index 4f90518d3..1471e1d27 100644 --- a/apparmor.d/profiles-m-r/ntfswipe +++ b/apparmor.d/profiles-m-r/ntfswipe @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile ntfswipe @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/nullmailer-send b/apparmor.d/profiles-m-r/nullmailer-send index 08fd62456..e27e15429 100644 --- a/apparmor.d/profiles-m-r/nullmailer-send +++ b/apparmor.d/profiles-m-r/nullmailer-send @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,4 +22,6 @@ profile nullmailer-send @{exec_path} { /var/spool/nullmailer/{,**} rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/numlockx b/apparmor.d/profiles-m-r/numlockx index e435c139b..25903ed8b 100644 --- a/apparmor.d/profiles-m-r/numlockx +++ b/apparmor.d/profiles-m-r/numlockx @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -22,3 +21,5 @@ profile numlockx @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/nvidia-detector b/apparmor.d/profiles-m-r/nvidia-detector index 988a43a10..b0465ef85 100644 --- a/apparmor.d/profiles-m-r/nvidia-detector +++ b/apparmor.d/profiles-m-r/nvidia-detector @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -15,3 +14,5 @@ profile nvidia-detector @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/nvidia-persistenced b/apparmor.d/profiles-m-r/nvidia-persistenced index e91560a51..33dac3dba 100644 --- a/apparmor.d/profiles-m-r/nvidia-persistenced +++ b/apparmor.d/profiles-m-r/nvidia-persistenced @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -26,3 +25,5 @@ profile nvidia-persistenced @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/nvidia-settings b/apparmor.d/profiles-m-r/nvidia-settings index 2aaea25f2..d4bda6123 100644 --- a/apparmor.d/profiles-m-r/nvidia-settings +++ b/apparmor.d/profiles-m-r/nvidia-settings @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -19,4 +18,6 @@ profile nvidia-settings @{exec_path} { /usr/share/pixmaps/{,**} r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/nvtop b/apparmor.d/profiles-m-r/nvtop index 07710f048..54c9c5959 100644 --- a/apparmor.d/profiles-m-r/nvtop +++ b/apparmor.d/profiles-m-r/nvtop @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -49,4 +48,6 @@ profile nvtop @{exec_path} flags=(attach_disconnected) { /dev/nvidia-caps/nvidia-cap@{int} rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/obamenu b/apparmor.d/profiles-m-r/obamenu index 7947beeac..070ac10af 100644 --- a/apparmor.d/profiles-m-r/obamenu +++ b/apparmor.d/profiles-m-r/obamenu @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -27,3 +26,5 @@ profile obamenu @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/obconf b/apparmor.d/profiles-m-r/obconf index 52a449dff..37e94369e 100644 --- a/apparmor.d/profiles-m-r/obconf +++ b/apparmor.d/profiles-m-r/obconf @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -39,3 +38,5 @@ profile obconf @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/obex-folder-listing b/apparmor.d/profiles-m-r/obex-folder-listing index e33ed75c7..7aa4070c5 100644 --- a/apparmor.d/profiles-m-r/obex-folder-listing +++ b/apparmor.d/profiles-m-r/obex-folder-listing @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,3 +22,5 @@ profile obex-folder-listing @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/obexautofs b/apparmor.d/profiles-m-r/obexautofs index ba6dc8fa9..972829890 100644 --- a/apparmor.d/profiles-m-r/obexautofs +++ b/apparmor.d/profiles-m-r/obexautofs @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -57,3 +56,5 @@ profile obexautofs @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/obexctl b/apparmor.d/profiles-m-r/obexctl index 1303fe112..d87243b75 100644 --- a/apparmor.d/profiles-m-r/obexctl +++ b/apparmor.d/profiles-m-r/obexctl @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile obexctl @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/obexd b/apparmor.d/profiles-m-r/obexd index 8a9d23b5f..9043489eb 100644 --- a/apparmor.d/profiles-m-r/obexd +++ b/apparmor.d/profiles-m-r/obexd @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -34,3 +33,5 @@ profile obexd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/obexfs b/apparmor.d/profiles-m-r/obexfs index f88a451aa..4a746ecf1 100644 --- a/apparmor.d/profiles-m-r/obexfs +++ b/apparmor.d/profiles-m-r/obexfs @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -53,3 +52,5 @@ profile obexfs @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/obexpush-atd b/apparmor.d/profiles-m-r/obexpush-atd index d6d1878c4..17b0a2d37 100644 --- a/apparmor.d/profiles-m-r/obexpush-atd +++ b/apparmor.d/profiles-m-r/obexpush-atd @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,3 +15,5 @@ profile obexpush-atd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/obexpushd b/apparmor.d/profiles-m-r/obexpushd index 99ca9aaaa..33a922f41 100644 --- a/apparmor.d/profiles-m-r/obexpushd +++ b/apparmor.d/profiles-m-r/obexpushd @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -27,3 +26,5 @@ profile obexpushd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/obxprop b/apparmor.d/profiles-m-r/obxprop index 1419c3213..724f83de7 100644 --- a/apparmor.d/profiles-m-r/obxprop +++ b/apparmor.d/profiles-m-r/obxprop @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile obxprop @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/on-ac-power b/apparmor.d/profiles-m-r/on-ac-power index 8da400ee4..d9b5a412e 100644 --- a/apparmor.d/profiles-m-r/on-ac-power +++ b/apparmor.d/profiles-m-r/on-ac-power @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -30,3 +29,5 @@ profile on-ac-power @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/onefetch b/apparmor.d/profiles-m-r/onefetch index e04ee7bbf..84a68634c 100644 --- a/apparmor.d/profiles-m-r/onefetch +++ b/apparmor.d/profiles-m-r/onefetch @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -24,4 +23,6 @@ profile onefetch @{exec_path} { owner @{PROC}/@{pid}/stat r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/openbox b/apparmor.d/profiles-m-r/openbox index 08eab7d99..ac0831f05 100644 --- a/apparmor.d/profiles-m-r/openbox +++ b/apparmor.d/profiles-m-r/openbox @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -88,3 +87,5 @@ profile openbox @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/openbox-session b/apparmor.d/profiles-m-r/openbox-session index 85ee6699f..61666f756 100644 --- a/apparmor.d/profiles-m-r/openbox-session +++ b/apparmor.d/profiles-m-r/openbox-session @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -27,3 +26,5 @@ profile openbox-session @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/orage b/apparmor.d/profiles-m-r/orage index f90890d03..571532b4f 100644 --- a/apparmor.d/profiles-m-r/orage +++ b/apparmor.d/profiles-m-r/orage @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -70,3 +69,5 @@ profile orage @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/os-prober b/apparmor.d/profiles-m-r/os-prober index 80ce94cc2..819c4c9bd 100644 --- a/apparmor.d/profiles-m-r/os-prober +++ b/apparmor.d/profiles-m-r/os-prober @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -76,3 +75,5 @@ profile os-prober @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/packagekitd b/apparmor.d/profiles-m-r/packagekitd index 55dcdf74e..b61426196 100644 --- a/apparmor.d/profiles-m-r/packagekitd +++ b/apparmor.d/profiles-m-r/packagekitd @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -154,3 +153,5 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pacmd b/apparmor.d/profiles-m-r/pacmd index 541266aa3..752c3edd7 100644 --- a/apparmor.d/profiles-m-r/pacmd +++ b/apparmor.d/profiles-m-r/pacmd @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -31,3 +30,5 @@ profile pacmd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pactl b/apparmor.d/profiles-m-r/pactl index c671e58e4..2f8092a02 100644 --- a/apparmor.d/profiles-m-r/pactl +++ b/apparmor.d/profiles-m-r/pactl @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -32,3 +31,5 @@ profile pactl @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pagesize b/apparmor.d/profiles-m-r/pagesize index d32fa5949..f6615a71e 100644 --- a/apparmor.d/profiles-m-r/pagesize +++ b/apparmor.d/profiles-m-r/pagesize @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -19,3 +18,5 @@ profile pagesize @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pam-auth-update b/apparmor.d/profiles-m-r/pam-auth-update index 9a3dcd47e..3d805f24c 100644 --- a/apparmor.d/profiles-m-r/pam-auth-update +++ b/apparmor.d/profiles-m-r/pam-auth-update @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -65,3 +64,5 @@ profile pam-auth-update @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pam-tmpdir-helper b/apparmor.d/profiles-m-r/pam-tmpdir-helper index dd598e039..983ca7d42 100644 --- a/apparmor.d/profiles-m-r/pam-tmpdir-helper +++ b/apparmor.d/profiles-m-r/pam-tmpdir-helper @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,4 +22,6 @@ profile pam-tmpdir-helper @{exec_path} { /dev/tty@{int} rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pam/mappings b/apparmor.d/profiles-m-r/pam/mappings index fb55deb62..cbcb539ed 100644 --- a/apparmor.d/profiles-m-r/pam/mappings +++ b/apparmor.d/profiles-m-r/pam/mappings @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # See more at: https://gitlab.com/apparmor/apparmor/wikis/Pam_apparmor_example @@ -69,3 +68,5 @@ include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/parted b/apparmor.d/profiles-m-r/parted index 75bcb96ba..c403e7018 100644 --- a/apparmor.d/profiles-m-r/parted +++ b/apparmor.d/profiles-m-r/parted @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -73,3 +72,5 @@ profile parted @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/partprobe b/apparmor.d/profiles-m-r/partprobe index 5e3528c56..d1fade820 100644 --- a/apparmor.d/profiles-m-r/partprobe +++ b/apparmor.d/profiles-m-r/partprobe @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -68,3 +67,5 @@ profile partprobe @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pass b/apparmor.d/profiles-m-r/pass index f1536ec93..724bd8f38 100644 --- a/apparmor.d/profiles-m-r/pass +++ b/apparmor.d/profiles-m-r/pass @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -158,3 +157,5 @@ profile pass @{exec_path} { include if exists include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pass-import b/apparmor.d/profiles-m-r/pass-import index e85d2791d..ec77d7ca7 100644 --- a/apparmor.d/profiles-m-r/pass-import +++ b/apparmor.d/profiles-m-r/pass-import @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -40,3 +39,5 @@ profile pass-import @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/passimd b/apparmor.d/profiles-m-r/passimd index 9fa951cdc..8afbac8e5 100644 --- a/apparmor.d/profiles-m-r/passimd +++ b/apparmor.d/profiles-m-r/passimd @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -35,4 +34,6 @@ profile passimd @{exec_path} flags=(attach_disconnected) { @{PROC}/@{pid}/cmdline r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/passwd b/apparmor.d/profiles-m-r/passwd index b36451c4a..f37f5651d 100644 --- a/apparmor.d/profiles-m-r/passwd +++ b/apparmor.d/profiles-m-r/passwd @@ -2,7 +2,6 @@ # Copyright (C) 2019-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -43,3 +42,5 @@ profile passwd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pavucontrol b/apparmor.d/profiles-m-r/pavucontrol index b01303799..de3782b09 100644 --- a/apparmor.d/profiles-m-r/pavucontrol +++ b/apparmor.d/profiles-m-r/pavucontrol @@ -2,7 +2,6 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -33,3 +32,5 @@ profile pavucontrol @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pcb-gtk b/apparmor.d/profiles-m-r/pcb-gtk index 3e334ec2d..99ad50a64 100644 --- a/apparmor.d/profiles-m-r/pcb-gtk +++ b/apparmor.d/profiles-m-r/pcb-gtk @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -44,3 +43,5 @@ profile pcb-gtk @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pcscd b/apparmor.d/profiles-m-r/pcscd index 3929b5b29..085061b15 100644 --- a/apparmor.d/profiles-m-r/pcscd +++ b/apparmor.d/profiles-m-r/pcscd @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -36,3 +35,5 @@ profile pcscd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/picom b/apparmor.d/profiles-m-r/picom index b93b344af..124d5c9c3 100644 --- a/apparmor.d/profiles-m-r/picom +++ b/apparmor.d/profiles-m-r/picom @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -38,3 +37,5 @@ profile picom @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pidof b/apparmor.d/profiles-m-r/pidof index 69666decc..e2ea46e57 100644 --- a/apparmor.d/profiles-m-r/pidof +++ b/apparmor.d/profiles-m-r/pidof @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -31,4 +30,6 @@ profile pidof @{exec_path} { owner /dev/tty@{int} rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pinentry b/apparmor.d/profiles-m-r/pinentry index dd43b948a..c30bc5def 100644 --- a/apparmor.d/profiles-m-r/pinentry +++ b/apparmor.d/profiles-m-r/pinentry @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -20,4 +19,6 @@ profile pinentry @{exec_path} { /etc/pinentry/preexec r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pinentry-curses b/apparmor.d/profiles-m-r/pinentry-curses index fb8c28111..1fd585f47 100644 --- a/apparmor.d/profiles-m-r/pinentry-curses +++ b/apparmor.d/profiles-m-r/pinentry-curses @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -19,4 +18,6 @@ profile pinentry-curses @{exec_path} { /usr/share/terminfo/** r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pinentry-gnome3 b/apparmor.d/profiles-m-r/pinentry-gnome3 index 642e43a18..d6fc0abb0 100644 --- a/apparmor.d/profiles-m-r/pinentry-gnome3 +++ b/apparmor.d/profiles-m-r/pinentry-gnome3 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -19,4 +18,6 @@ profile pinentry-gnome3 @{exec_path} { owner @{PROC}/@{pid}/cmdline r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pinentry-gtk-2 b/apparmor.d/profiles-m-r/pinentry-gtk-2 index f0a960571..efad3a6f1 100644 --- a/apparmor.d/profiles-m-r/pinentry-gtk-2 +++ b/apparmor.d/profiles-m-r/pinentry-gtk-2 @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -24,3 +23,5 @@ profile pinentry-gtk-2 @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pinentry-kwallet b/apparmor.d/profiles-m-r/pinentry-kwallet index 1dcc5c70c..235c256a7 100644 --- a/apparmor.d/profiles-m-r/pinentry-kwallet +++ b/apparmor.d/profiles-m-r/pinentry-kwallet @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -52,3 +51,5 @@ profile pinentry-kwallet @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pinentry-qt b/apparmor.d/profiles-m-r/pinentry-qt index d169bedbb..947350b8a 100644 --- a/apparmor.d/profiles-m-r/pinentry-qt +++ b/apparmor.d/profiles-m-r/pinentry-qt @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -49,3 +48,5 @@ profile pinentry-qt @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pkcs11-register b/apparmor.d/profiles-m-r/pkcs11-register index 04c2298ba..9d15a33b2 100644 --- a/apparmor.d/profiles-m-r/pkcs11-register +++ b/apparmor.d/profiles-m-r/pkcs11-register @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -24,3 +23,5 @@ profile pkcs11-register @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pkexec b/apparmor.d/profiles-m-r/pkexec index e5272cd55..334531ec3 100644 --- a/apparmor.d/profiles-m-r/pkexec +++ b/apparmor.d/profiles-m-r/pkexec @@ -2,7 +2,6 @@ # Copyright (C) 2019-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -64,3 +63,5 @@ deny @{user_share_dirs}/gvfs-metadata/* r, include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pkttyagent b/apparmor.d/profiles-m-r/pkttyagent index ac6a3be06..68c85487b 100644 --- a/apparmor.d/profiles-m-r/pkttyagent +++ b/apparmor.d/profiles-m-r/pkttyagent @@ -2,7 +2,6 @@ # Copyright (C) 2021-2024 Alexandre Pujol # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -34,3 +33,5 @@ profile pkttyagent @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/plank b/apparmor.d/profiles-m-r/plank index 2d677fe19..77bad6788 100644 --- a/apparmor.d/profiles-m-r/plank +++ b/apparmor.d/profiles-m-r/plank @@ -2,7 +2,6 @@ # Copyright (C) 2023 Jeroen Rijken # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -25,3 +24,5 @@ profile plank @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/plocate b/apparmor.d/profiles-m-r/plocate index 574f169d7..e66d0c14c 100644 --- a/apparmor.d/profiles-m-r/plocate +++ b/apparmor.d/profiles-m-r/plocate @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,3 +22,5 @@ profile plocate @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/plocate-build b/apparmor.d/profiles-m-r/plocate-build index e5ca94bef..5e81be8a3 100644 --- a/apparmor.d/profiles-m-r/plocate-build +++ b/apparmor.d/profiles-m-r/plocate-build @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile plocate-build @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/popularity-contest b/apparmor.d/profiles-m-r/popularity-contest index a243b2241..a4b93d5b5 100644 --- a/apparmor.d/profiles-m-r/popularity-contest +++ b/apparmor.d/profiles-m-r/popularity-contest @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -52,3 +51,5 @@ profile popularity-contest @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/power-profiles-daemon b/apparmor.d/profiles-m-r/power-profiles-daemon index ee1521c69..067968258 100644 --- a/apparmor.d/profiles-m-r/power-profiles-daemon +++ b/apparmor.d/profiles-m-r/power-profiles-daemon @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -48,4 +47,6 @@ profile power-profiles-daemon @{exec_path} flags=(attach_disconnected) { @{sys}/firmware/acpi/pm_profile* rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/protonmail-bridge b/apparmor.d/profiles-m-r/protonmail-bridge index b1a9a5919..22aa80d24 100644 --- a/apparmor.d/profiles-m-r/protonmail-bridge +++ b/apparmor.d/profiles-m-r/protonmail-bridge @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Warning: only the protonmail-bridge CLI and service are supported, NOT the GUI. @@ -79,4 +78,6 @@ profile protonmail-bridge @{exec_path} { } include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ps b/apparmor.d/profiles-m-r/ps index 3fd5efdcc..bdcd6cee2 100644 --- a/apparmor.d/profiles-m-r/ps +++ b/apparmor.d/profiles-m-r/ps @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -54,3 +53,5 @@ profile ps @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/ps-mem b/apparmor.d/profiles-m-r/ps-mem index c015f077e..f34992ccb 100644 --- a/apparmor.d/profiles-m-r/ps-mem +++ b/apparmor.d/profiles-m-r/ps-mem @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -32,3 +31,5 @@ profile ps-mem @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pscap b/apparmor.d/profiles-m-r/pscap index 130f6dfdd..8a88b26a4 100644 --- a/apparmor.d/profiles-m-r/pscap +++ b/apparmor.d/profiles-m-r/pscap @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -25,3 +24,5 @@ profile pscap @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/psi b/apparmor.d/profiles-m-r/psi index 51967fb79..90a2e380e 100644 --- a/apparmor.d/profiles-m-r/psi +++ b/apparmor.d/profiles-m-r/psi @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -91,3 +90,5 @@ profile psi @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/psi-plus b/apparmor.d/profiles-m-r/psi-plus index 4117790e9..50a008061 100644 --- a/apparmor.d/profiles-m-r/psi-plus +++ b/apparmor.d/profiles-m-r/psi-plus @@ -2,7 +2,6 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -91,3 +90,5 @@ profile psi-plus @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pstree b/apparmor.d/profiles-m-r/pstree index 86ec8536f..a2630d212 100644 --- a/apparmor.d/profiles-m-r/pstree +++ b/apparmor.d/profiles-m-r/pstree @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -29,3 +28,5 @@ profile pstree @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pulseeffects b/apparmor.d/profiles-m-r/pulseeffects index 7c78de274..0ef899263 100644 --- a/apparmor.d/profiles-m-r/pulseeffects +++ b/apparmor.d/profiles-m-r/pulseeffects @@ -2,7 +2,6 @@ # Copyright (C) 2015-2020 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -39,3 +38,5 @@ profile pulseeffects @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/pwck b/apparmor.d/profiles-m-r/pwck index bba63f378..af459593a 100644 --- a/apparmor.d/profiles-m-r/pwck +++ b/apparmor.d/profiles-m-r/pwck @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -30,3 +29,5 @@ profile pwck @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/qbittorrent b/apparmor.d/profiles-m-r/qbittorrent index 308396ec4..f9502cf75 100644 --- a/apparmor.d/profiles-m-r/qbittorrent +++ b/apparmor.d/profiles-m-r/qbittorrent @@ -2,7 +2,6 @@ # Copyright (C) 2015-2022 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -151,3 +150,5 @@ profile qbittorrent @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/qbittorrent-nox b/apparmor.d/profiles-m-r/qbittorrent-nox index b83fd24e3..87bc84d51 100644 --- a/apparmor.d/profiles-m-r/qbittorrent-nox +++ b/apparmor.d/profiles-m-r/qbittorrent-nox @@ -2,7 +2,6 @@ # Copyright (C) 2015-2020 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -57,3 +56,5 @@ profile qbittorrent-nox @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/qemu-ga b/apparmor.d/profiles-m-r/qemu-ga index 53d8ac0e5..958706374 100644 --- a/apparmor.d/profiles-m-r/qemu-ga +++ b/apparmor.d/profiles-m-r/qemu-ga @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -44,4 +43,6 @@ profile qemu-ga @{exec_path} { /dev/vport@{int}p@{int} rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/qnapi b/apparmor.d/profiles-m-r/qnapi index 5e0a76e90..911519459 100644 --- a/apparmor.d/profiles-m-r/qnapi +++ b/apparmor.d/profiles-m-r/qnapi @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -74,3 +73,5 @@ profile qnapi @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/qpdfview b/apparmor.d/profiles-m-r/qpdfview index ee89f9c6d..99a20ac92 100644 --- a/apparmor.d/profiles-m-r/qpdfview +++ b/apparmor.d/profiles-m-r/qpdfview @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -65,3 +64,5 @@ profile qpdfview @{exec_path} { } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/qt5ct b/apparmor.d/profiles-m-r/qt5ct index d4723b920..43964d950 100644 --- a/apparmor.d/profiles-m-r/qt5ct +++ b/apparmor.d/profiles-m-r/qt5ct @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -40,3 +39,5 @@ profile qt5ct @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/qtchooser b/apparmor.d/profiles-m-r/qtchooser index d6e91f17e..2202d8c5f 100644 --- a/apparmor.d/profiles-m-r/qtchooser +++ b/apparmor.d/profiles-m-r/qtchooser @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -24,3 +23,5 @@ profile qtchooser @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/qtox b/apparmor.d/profiles-m-r/qtox index 2dbaa7d55..e97bcc2ec 100644 --- a/apparmor.d/profiles-m-r/qtox +++ b/apparmor.d/profiles-m-r/qtox @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -59,3 +58,5 @@ profile qtox @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/quiterss b/apparmor.d/profiles-m-r/quiterss index 7fa111f47..f1b6a0f24 100644 --- a/apparmor.d/profiles-m-r/quiterss +++ b/apparmor.d/profiles-m-r/quiterss @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -98,3 +97,5 @@ profile quiterss @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/rdmsr b/apparmor.d/profiles-m-r/rdmsr index 1d092f20b..c3a4a8a22 100644 --- a/apparmor.d/profiles-m-r/rdmsr +++ b/apparmor.d/profiles-m-r/rdmsr @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile rdmsr @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/remmina b/apparmor.d/profiles-m-r/remmina index 170df87a3..dcee35f62 100644 --- a/apparmor.d/profiles-m-r/remmina +++ b/apparmor.d/profiles-m-r/remmina @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -61,3 +60,5 @@ profile remmina @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/repo b/apparmor.d/profiles-m-r/repo index 51335d5e0..6f3ba2417 100644 --- a/apparmor.d/profiles-m-r/repo +++ b/apparmor.d/profiles-m-r/repo @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -75,3 +74,5 @@ profile repo @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/reprepro b/apparmor.d/profiles-m-r/reprepro index 76bb0b228..4ef5e6b42 100644 --- a/apparmor.d/profiles-m-r/reprepro +++ b/apparmor.d/profiles-m-r/reprepro @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -71,3 +70,5 @@ profile reprepro @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/resize2fs b/apparmor.d/profiles-m-r/resize2fs index fd449af74..114846812 100644 --- a/apparmor.d/profiles-m-r/resize2fs +++ b/apparmor.d/profiles-m-r/resize2fs @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -29,3 +28,5 @@ profile resize2fs @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/resolvconf b/apparmor.d/profiles-m-r/resolvconf index f7433f7d4..6dfe82b6e 100644 --- a/apparmor.d/profiles-m-r/resolvconf +++ b/apparmor.d/profiles-m-r/resolvconf @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -38,3 +37,5 @@ profile resolvconf @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/rfkill b/apparmor.d/profiles-m-r/rfkill index 96df69bd3..f64dd20ba 100644 --- a/apparmor.d/profiles-m-r/rfkill +++ b/apparmor.d/profiles-m-r/rfkill @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile rfkill @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/rngd b/apparmor.d/profiles-m-r/rngd index 4eefee054..764e11ee7 100644 --- a/apparmor.d/profiles-m-r/rngd +++ b/apparmor.d/profiles-m-r/rngd @@ -2,7 +2,6 @@ # Copyright (C) 2021-2024 Alexandre Pujol # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -39,3 +38,5 @@ profile rngd @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/rpi-imager b/apparmor.d/profiles-m-r/rpi-imager index fd7ada167..641217f56 100644 --- a/apparmor.d/profiles-m-r/rpi-imager +++ b/apparmor.d/profiles-m-r/rpi-imager @@ -2,7 +2,6 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -67,3 +66,5 @@ profile rpi-imager @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/rredtool b/apparmor.d/profiles-m-r/rredtool index 8ffe134be..d8024b279 100644 --- a/apparmor.d/profiles-m-r/rredtool +++ b/apparmor.d/profiles-m-r/rredtool @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,3 +15,5 @@ profile rredtool @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/rsyslogd b/apparmor.d/profiles-m-r/rsyslogd index c93b67254..423e7e41a 100644 --- a/apparmor.d/profiles-m-r/rsyslogd +++ b/apparmor.d/profiles-m-r/rsyslogd @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -50,3 +49,5 @@ profile rsyslogd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/rtkit-daemon b/apparmor.d/profiles-m-r/rtkit-daemon index 9c58a9548..21e715579 100644 --- a/apparmor.d/profiles-m-r/rtkit-daemon +++ b/apparmor.d/profiles-m-r/rtkit-daemon @@ -2,7 +2,6 @@ # Copyright (C) 2018-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -38,3 +37,5 @@ profile rtkit-daemon @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/rtkitctl b/apparmor.d/profiles-m-r/rtkitctl index 8a45f0339..d855c0a35 100644 --- a/apparmor.d/profiles-m-r/rtkitctl +++ b/apparmor.d/profiles-m-r/rtkitctl @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,3 +15,5 @@ profile rtkitctl @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/run-parts b/apparmor.d/profiles-m-r/run-parts index 135b56622..8fe649ff5 100644 --- a/apparmor.d/profiles-m-r/run-parts +++ b/apparmor.d/profiles-m-r/run-parts @@ -3,7 +3,6 @@ # Copyright (C) 2022-2024 Alexandre Pujol # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -241,3 +240,5 @@ profile run-parts @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/runuser b/apparmor.d/profiles-m-r/runuser index 3992c1993..97100f32a 100644 --- a/apparmor.d/profiles-m-r/runuser +++ b/apparmor.d/profiles-m-r/runuser @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -50,3 +49,5 @@ profile runuser @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/rustdesk b/apparmor.d/profiles-m-r/rustdesk index 718b8fe3b..956aaeaa4 100644 --- a/apparmor.d/profiles-m-r/rustdesk +++ b/apparmor.d/profiles-m-r/rustdesk @@ -1,6 +1,5 @@ # apparmor.d - Full set of apparmor profiles # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -135,3 +134,5 @@ profile rustdesk_shell { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-m-r/rustdesk-utils b/apparmor.d/profiles-m-r/rustdesk-utils index 102536379..0707f9c8f 100644 --- a/apparmor.d/profiles-m-r/rustdesk-utils +++ b/apparmor.d/profiles-m-r/rustdesk-utils @@ -1,6 +1,5 @@ # apparmor.d - Full set of apparmor profiles # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -19,3 +18,5 @@ profile rustdesk-utils @{exec_path} { include if exists } + +# vim:syntax=apparmor From 1517ff0296c04c6a86afacb44406c3d83bb94cea Mon Sep 17 00:00:00 2001 From: REmerald <55359236+REmerald@users.noreply.github.com> Date: Sun, 9 Jun 2024 16:13:59 +0300 Subject: [PATCH 53/70] feat(tunables): vim syntax support Add vim syntax highlighting support introduced in the apparmor package --- apparmor.d/tunables/home.d/apparmor.d | 1 + apparmor.d/tunables/home.d/whonix | 1 + apparmor.d/tunables/multiarch.d/paths | 1 + apparmor.d/tunables/multiarch.d/profiles | 1 + apparmor.d/tunables/multiarch.d/programs | 1 + apparmor.d/tunables/multiarch.d/system | 1 + apparmor.d/tunables/multiarch.d/system-users | 1 + apparmor.d/tunables/xdg-user-dirs.d/apparmor.d | 1 + 8 files changed, 8 insertions(+) diff --git a/apparmor.d/tunables/home.d/apparmor.d b/apparmor.d/tunables/home.d/apparmor.d index 52b30897e..fb68ff20d 100644 --- a/apparmor.d/tunables/home.d/apparmor.d +++ b/apparmor.d/tunables/home.d/apparmor.d @@ -2,6 +2,7 @@ # Extended user XDG directories definition # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # To allow extended personalisation by the user without breaking everything. # All apparmor profiles should always use the variables defined here. diff --git a/apparmor.d/tunables/home.d/whonix b/apparmor.d/tunables/home.d/whonix index f462036f9..2b902472f 100644 --- a/apparmor.d/tunables/home.d/whonix +++ b/apparmor.d/tunables/home.d/whonix @@ -2,6 +2,7 @@ # Copyright (C) 2012-2023 ENCRYPTED SUPPORT LP # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Whonix aliases copied here as they conflict with apparmor.d # Note: only installed on Whonix diff --git a/apparmor.d/tunables/multiarch.d/paths b/apparmor.d/tunables/multiarch.d/paths index 45dfea041..02e21be77 100644 --- a/apparmor.d/tunables/multiarch.d/paths +++ b/apparmor.d/tunables/multiarch.d/paths @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Define some paths for some commonly used programs diff --git a/apparmor.d/tunables/multiarch.d/profiles b/apparmor.d/tunables/multiarch.d/profiles index 5a8348110..72d8b715d 100644 --- a/apparmor.d/tunables/multiarch.d/profiles +++ b/apparmor.d/tunables/multiarch.d/profiles @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Define some variables for some commonly used profile. They may be used in # other profiles peer label. diff --git a/apparmor.d/tunables/multiarch.d/programs b/apparmor.d/tunables/multiarch.d/programs index 33feb30e6..2d5513e2a 100644 --- a/apparmor.d/tunables/multiarch.d/programs +++ b/apparmor.d/tunables/multiarch.d/programs @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Define some some commonly used programs. This is not an exhaustive list. # It is meant to label programs to easily provide access in profiles. diff --git a/apparmor.d/tunables/multiarch.d/system b/apparmor.d/tunables/multiarch.d/system index 300a46b84..10b35c52c 100644 --- a/apparmor.d/tunables/multiarch.d/system +++ b/apparmor.d/tunables/multiarch.d/system @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # To allow extended personalisation without breaking everything. # All apparmor profiles should always use the variables defined here. diff --git a/apparmor.d/tunables/multiarch.d/system-users b/apparmor.d/tunables/multiarch.d/system-users index f39013def..2f90d6c6a 100644 --- a/apparmor.d/tunables/multiarch.d/system-users +++ b/apparmor.d/tunables/multiarch.d/system-users @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Define some extra paths for some commonly used system user diff --git a/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d b/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d index 2c1fedea0..1f0514bd5 100644 --- a/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d +++ b/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # To allow extended personalisation by the user without breaking everything. # All apparmor profiles should always use the variables defined here. From 6b5475c7f257627a7aebff96e3600c93c55f0129 Mon Sep 17 00:00:00 2001 From: REmerald <55359236+REmerald@users.noreply.github.com> Date: Sun, 9 Jun 2024 16:17:55 +0300 Subject: [PATCH 54/70] feat(abstractions): vim syntax highlighting Add vim syntax support. See man apparmor.vim(5) --- apparmor.d/abstractions/X-strict | 1 + apparmor.d/abstractions/X.d/complete | 1 + apparmor.d/abstractions/app-launcher-root | 1 + apparmor.d/abstractions/app-launcher-user | 1 + apparmor.d/abstractions/app-open | 1 + apparmor.d/abstractions/app/chromium | 1 + apparmor.d/abstractions/app/editor | 1 + apparmor.d/abstractions/app/firefox | 1 + apparmor.d/abstractions/app/open | 1 + apparmor.d/abstractions/app/pgrep | 1 + apparmor.d/abstractions/app/sudo | 1 + apparmor.d/abstractions/app/systemctl | 1 + apparmor.d/abstractions/audio-client | 1 + apparmor.d/abstractions/audio-server | 1 + apparmor.d/abstractions/audio.d/complete | 1 + apparmor.d/abstractions/authentication.d/complete | 1 + apparmor.d/abstractions/base.d/complete | 1 + apparmor.d/abstractions/bash-strict | 1 + apparmor.d/abstractions/bash.d/complete | 1 + apparmor.d/abstractions/bus-accessibility | 1 + apparmor.d/abstractions/bus-session | 1 + apparmor.d/abstractions/bus-system | 1 + apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry | 1 + apparmor.d/abstractions/bus/com.canonical.dbusmenu | 1 + apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 | 1 + apparmor.d/abstractions/bus/net.hadess.PowerProfiles | 1 + apparmor.d/abstractions/bus/net.hadess.SwitcherooControl | 1 + apparmor.d/abstractions/bus/net.reactivated.Fprint | 1 + apparmor.d/abstractions/bus/org.a11y | 1 + apparmor.d/abstractions/bus/org.bluez | 1 + apparmor.d/abstractions/bus/org.freedesktop.Accounts | 1 + apparmor.d/abstractions/bus/org.freedesktop.Avahi | 1 + apparmor.d/abstractions/bus/org.freedesktop.ColorManager | 1 + apparmor.d/abstractions/bus/org.freedesktop.FileManager1 | 1 + apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 | 1 + apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 | 1 + apparmor.d/abstractions/bus/org.freedesktop.NetworkManager | 1 + apparmor.d/abstractions/bus/org.freedesktop.Notifications | 1 + apparmor.d/abstractions/bus/org.freedesktop.PackageKit | 1 + apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 | 1 + apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 | 1 + apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver | 1 + apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files | 1 + apparmor.d/abstractions/bus/org.freedesktop.UDisks2 | 1 + apparmor.d/abstractions/bus/org.freedesktop.UPower | 1 + apparmor.d/abstractions/bus/org.freedesktop.background.Monitor | 1 + apparmor.d/abstractions/bus/org.freedesktop.hostname1 | 1 + .../abstractions/bus/org.freedesktop.impl.portal.PermissionStore | 1 + apparmor.d/abstractions/bus/org.freedesktop.locale1 | 1 + apparmor.d/abstractions/bus/org.freedesktop.login1 | 1 + apparmor.d/abstractions/bus/org.freedesktop.login1.Session | 1 + apparmor.d/abstractions/bus/org.freedesktop.network1 | 1 + apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop | 1 + apparmor.d/abstractions/bus/org.freedesktop.resolve1 | 1 + apparmor.d/abstractions/bus/org.freedesktop.secrets | 1 + apparmor.d/abstractions/bus/org.freedesktop.systemd1 | 1 + apparmor.d/abstractions/bus/org.freedesktop.systemd1-session | 1 + apparmor.d/abstractions/bus/org.freedesktop.timedate1 | 1 + apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 | 1 + apparmor.d/abstractions/bus/org.gnome.DisplayManager | 1 + apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig | 1 + apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor | 1 + apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 | 1 + apparmor.d/abstractions/bus/org.gnome.ScreenSaver | 1 + apparmor.d/abstractions/bus/org.gnome.SessionManager | 1 + apparmor.d/abstractions/bus/org.gnome.Shell.Introspect | 1 + apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor | 1 + apparmor.d/abstractions/bus/org.gtk.vfs.Daemon | 1 + apparmor.d/abstractions/bus/org.gtk.vfs.Metadata | 1 + apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker | 1 + apparmor.d/abstractions/bus/org.kde.StatusNotifierItem | 1 + apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher | 1 + apparmor.d/abstractions/bus/org.kde.kwalletd | 1 + apparmor.d/abstractions/common/app | 1 + apparmor.d/abstractions/common/apt | 1 + apparmor.d/abstractions/common/bwrap | 1 + apparmor.d/abstractions/common/chromium | 1 + apparmor.d/abstractions/common/electron | 1 + apparmor.d/abstractions/common/gnome | 1 + apparmor.d/abstractions/common/systemd | 1 + apparmor.d/abstractions/crypto.d/complete | 1 + apparmor.d/abstractions/dconf-write | 1 + apparmor.d/abstractions/deny-sensitive-home | 1 + apparmor.d/abstractions/desktop | 1 + apparmor.d/abstractions/devices-usb | 1 + apparmor.d/abstractions/disks-read | 1 + apparmor.d/abstractions/disks-write | 1 + apparmor.d/abstractions/dri | 1 + apparmor.d/abstractions/fish | 1 + apparmor.d/abstractions/fontconfig-cache-read | 1 + apparmor.d/abstractions/fontconfig-cache-write | 1 + apparmor.d/abstractions/freedesktop.org.d/complete | 1 + apparmor.d/abstractions/gnome-strict | 1 + apparmor.d/abstractions/gnome.d/complete | 1 + apparmor.d/abstractions/graphics | 1 + apparmor.d/abstractions/graphics-full | 1 + apparmor.d/abstractions/gstreamer | 1 + apparmor.d/abstractions/gtk.d/complete | 1 + apparmor.d/abstractions/ibus.d/complete | 1 + apparmor.d/abstractions/kde-open5.d/complete | 1 + apparmor.d/abstractions/kde-strict | 1 + apparmor.d/abstractions/mesa.d/complete | 1 + apparmor.d/abstractions/nameservice-strict | 1 + apparmor.d/abstractions/nvidia-strict | 1 + apparmor.d/abstractions/nvidia.d/complete | 1 + apparmor.d/abstractions/opencl-intel.d/complete | 1 + apparmor.d/abstractions/python.d/complete | 1 + apparmor.d/abstractions/qt5-shader-cache | 1 + apparmor.d/abstractions/qt5.d/complete | 1 + apparmor.d/abstractions/shells | 1 + apparmor.d/abstractions/thumbnails-cache-read | 1 + apparmor.d/abstractions/thumbnails-cache-write | 1 + apparmor.d/abstractions/trash-strict | 1 + apparmor.d/abstractions/trash.d/complete | 1 + apparmor.d/abstractions/uim | 1 + apparmor.d/abstractions/user-download-strict | 1 + apparmor.d/abstractions/user-read | 1 + apparmor.d/abstractions/user-read-strict | 1 + apparmor.d/abstractions/user-write-strict | 1 + apparmor.d/abstractions/user-write.d/complete | 1 + apparmor.d/abstractions/video.d/complete | 1 + apparmor.d/abstractions/vulkan-strict | 1 + apparmor.d/abstractions/vulkan.d/complete | 1 + apparmor.d/abstractions/wayland.d/complete | 1 + apparmor.d/abstractions/xfce | 1 + apparmor.d/abstractions/zsh | 1 + 126 files changed, 126 insertions(+) diff --git a/apparmor.d/abstractions/X-strict b/apparmor.d/abstractions/X-strict index 5ae7743fd..a2922b40a 100644 --- a/apparmor.d/abstractions/X-strict +++ b/apparmor.d/abstractions/X-strict @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # The unix socket to use to connect to the display unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"), diff --git a/apparmor.d/abstractions/X.d/complete b/apparmor.d/abstractions/X.d/complete index 0b654a761..533a132b9 100644 --- a/apparmor.d/abstractions/X.d/complete +++ b/apparmor.d/abstractions/X.d/complete @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Available Xsessions /usr/share/xsessions/{,*.desktop} r, diff --git a/apparmor.d/abstractions/app-launcher-root b/apparmor.d/abstractions/app-launcher-root index 69bcf9007..0f5bf70eb 100644 --- a/apparmor.d/abstractions/app-launcher-root +++ b/apparmor.d/abstractions/app-launcher-root @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor @{bin}/* PUx, /usr/local/{s,}bin/* PUx, diff --git a/apparmor.d/abstractions/app-launcher-user b/apparmor.d/abstractions/app-launcher-user index 4a6c795d6..062cd0967 100644 --- a/apparmor.d/abstractions/app-launcher-user +++ b/apparmor.d/abstractions/app-launcher-user @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor @{bin}/* PUx, /opt/*/** PUx, diff --git a/apparmor.d/abstractions/app-open b/apparmor.d/abstractions/app-open index df0eac9a6..827722575 100644 --- a/apparmor.d/abstractions/app-open +++ b/apparmor.d/abstractions/app-open @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Instead of allowing the run of all software in @{bin}/, @{lib} the purpose of # this abstraction is to list all GUI program that can open resources. diff --git a/apparmor.d/abstractions/app/chromium b/apparmor.d/abstractions/app/chromium index fec42ba98..c69e893ea 100644 --- a/apparmor.d/abstractions/app/chromium +++ b/apparmor.d/abstractions/app/chromium @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Full set of rules for all chromium based browsers. It works as a *function* # and requires some variables to be provided as *arguments* and set in the diff --git a/apparmor.d/abstractions/app/editor b/apparmor.d/abstractions/app/editor index 9b9933b1a..1ec287505 100644 --- a/apparmor.d/abstractions/app/editor +++ b/apparmor.d/abstractions/app/editor @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Zane Zakraisek # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include diff --git a/apparmor.d/abstractions/app/firefox b/apparmor.d/abstractions/app/firefox index 578689aa4..4bb1311b7 100644 --- a/apparmor.d/abstractions/app/firefox +++ b/apparmor.d/abstractions/app/firefox @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Full set of rules for all firefox based browsers. It works as a *function* # and requires some variables to be provided as *arguments* and set in the diff --git a/apparmor.d/abstractions/app/open b/apparmor.d/abstractions/app/open index 0cbb75171..b68c979d0 100644 --- a/apparmor.d/abstractions/app/open +++ b/apparmor.d/abstractions/app/open @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Full set of rules for child-open-* profiles. diff --git a/apparmor.d/abstractions/app/pgrep b/apparmor.d/abstractions/app/pgrep index a225ce11b..9d722ee42 100644 --- a/apparmor.d/abstractions/app/pgrep +++ b/apparmor.d/abstractions/app/pgrep @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Minimal set of rules for pgrep. diff --git a/apparmor.d/abstractions/app/sudo b/apparmor.d/abstractions/app/sudo index f792fc085..6529f5bcb 100644 --- a/apparmor.d/abstractions/app/sudo +++ b/apparmor.d/abstractions/app/sudo @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Minimal set of rules for sudo. Interactive sudo need more rules. diff --git a/apparmor.d/abstractions/app/systemctl b/apparmor.d/abstractions/app/systemctl index aa1e8eff4..e486670c0 100644 --- a/apparmor.d/abstractions/app/systemctl +++ b/apparmor.d/abstractions/app/systemctl @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include include diff --git a/apparmor.d/abstractions/audio-client b/apparmor.d/abstractions/audio-client index c5734f6f8..1733cdbe0 100644 --- a/apparmor.d/abstractions/audio-client +++ b/apparmor.d/abstractions/audio-client @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Most programs do not need access to audio devices, audio-client only includes # configuration files to be used by client applications. diff --git a/apparmor.d/abstractions/audio-server b/apparmor.d/abstractions/audio-server index 22aa6837c..cfb6804e3 100644 --- a/apparmor.d/abstractions/audio-server +++ b/apparmor.d/abstractions/audio-server @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Provide access to audio devices. It should only be used by audio servers that # need direct access to them. diff --git a/apparmor.d/abstractions/audio.d/complete b/apparmor.d/abstractions/audio.d/complete index 51838adcc..e115e1045 100644 --- a/apparmor.d/abstractions/audio.d/complete +++ b/apparmor.d/abstractions/audio.d/complete @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # PulseAudio module-ladspa-sink (plugin sc4m_1916) @{lib}/ladspa/ r, diff --git a/apparmor.d/abstractions/authentication.d/complete b/apparmor.d/abstractions/authentication.d/complete index a6a4e3757..831ad3df8 100644 --- a/apparmor.d/abstractions/authentication.d/complete +++ b/apparmor.d/abstractions/authentication.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor @{bin}/pam-tmpdir-helper rPx, diff --git a/apparmor.d/abstractions/base.d/complete b/apparmor.d/abstractions/base.d/complete index e758d050b..e0e9f7227 100644 --- a/apparmor.d/abstractions/base.d/complete +++ b/apparmor.d/abstractions/base.d/complete @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Allow to receive some signals from new well-known profiles signal (receive) peer=btop, diff --git a/apparmor.d/abstractions/bash-strict b/apparmor.d/abstractions/bash-strict index 86e9fc50b..e79dd7091 100644 --- a/apparmor.d/abstractions/bash-strict +++ b/apparmor.d/abstractions/bash-strict @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # This abstraction is only required when an interactive shell is started. # Classic shell scripts do not need it. diff --git a/apparmor.d/abstractions/bash.d/complete b/apparmor.d/abstractions/bash.d/complete index b8016f6d3..014535a31 100644 --- a/apparmor.d/abstractions/bash.d/complete +++ b/apparmor.d/abstractions/bash.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor /usr/share/bash-completion/{,**} r, diff --git a/apparmor.d/abstractions/bus-accessibility b/apparmor.d/abstractions/bus-accessibility index d69c9501a..e38e6c223 100644 --- a/apparmor.d/abstractions/bus-accessibility +++ b/apparmor.d/abstractions/bus-accessibility @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=accessibility path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/abstractions/bus-session b/apparmor.d/abstractions/bus-session index f8d6ba37f..ed64ad22e 100644 --- a/apparmor.d/abstractions/bus-session +++ b/apparmor.d/abstractions/bus-session @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor unix (bind, listen) type=stream addr="@/tmp/dbus-*", unix (connect, send, receive, accept) type=stream addr="@/tmp/dbus-*", diff --git a/apparmor.d/abstractions/bus-system b/apparmor.d/abstractions/bus-system index 6d2a16beb..9dbc80371 100644 --- a/apparmor.d/abstractions/bus-system +++ b/apparmor.d/abstractions/bus-system @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry b/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry index a763bc5c1..0f6953254 100644 --- a/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry +++ b/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Access required for connecting to/communicating with the Unity Launcher diff --git a/apparmor.d/abstractions/bus/com.canonical.dbusmenu b/apparmor.d/abstractions/bus/com.canonical.dbusmenu index e3ad37725..e28a878a0 100644 --- a/apparmor.d/abstractions/bus/com.canonical.dbusmenu +++ b/apparmor.d/abstractions/bus/com.canonical.dbusmenu @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include if exists diff --git a/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 b/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 index 50cbab8a0..c6c5b5c5b 100644 --- a/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 +++ b/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/fi/w1/wpa_supplicant1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/net.hadess.PowerProfiles b/apparmor.d/abstractions/bus/net.hadess.PowerProfiles index 38922c8b0..1e046af3a 100644 --- a/apparmor.d/abstractions/bus/net.hadess.PowerProfiles +++ b/apparmor.d/abstractions/bus/net.hadess.PowerProfiles @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/net/hadess/PowerProfiles interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl b/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl index ad2e358a2..185117e4d 100644 --- a/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl +++ b/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/net/hadess/SwitcherooControl interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/net.reactivated.Fprint b/apparmor.d/abstractions/bus/net.reactivated.Fprint index 17374de8b..2b0c63376 100644 --- a/apparmor.d/abstractions/bus/net.reactivated.Fprint +++ b/apparmor.d/abstractions/bus/net.reactivated.Fprint @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/net/reactivated/Fprint/Manager interface=net.reactivated.Fprint.Manager diff --git a/apparmor.d/abstractions/bus/org.a11y b/apparmor.d/abstractions/bus/org.a11y index 616029386..306c2291d 100644 --- a/apparmor.d/abstractions/bus/org.a11y +++ b/apparmor.d/abstractions/bus/org.a11y @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Accessibility bus diff --git a/apparmor.d/abstractions/bus/org.bluez b/apparmor.d/abstractions/bus/org.bluez index 2417fb4e2..3a53931e6 100644 --- a/apparmor.d/abstractions/bus/org.bluez +++ b/apparmor.d/abstractions/bus/org.bluez @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus receive bus=system path=/ interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Accounts b/apparmor.d/abstractions/bus/org.freedesktop.Accounts index c6ffc74bc..b53276bbd 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Accounts +++ b/apparmor.d/abstractions/bus/org.freedesktop.Accounts @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/Accounts interface=org.freedesktop.Accounts diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Avahi b/apparmor.d/abstractions/bus/org.freedesktop.Avahi index fc7be18e4..82827f6bb 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Avahi +++ b/apparmor.d/abstractions/bus/org.freedesktop.Avahi @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/ interface=org.freedesktop.DBus.Peer diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ColorManager b/apparmor.d/abstractions/bus/org.freedesktop.ColorManager index c8563e40a..e4ec4c47c 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.ColorManager +++ b/apparmor.d/abstractions/bus/org.freedesktop.ColorManager @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/ColorManager interface=org.freedesktop.ColorManager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 b/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 index 326c65849..a25a1600c 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/FileManager1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 b/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 index 7ebcca741..714ee8c22 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 +++ b/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/GeoClue2/Manager interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 b/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 index 75ee94bf8..655d50d97 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/ModemManager1 interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager b/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager index d37f276b6..6bed5af41 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager +++ b/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Notifications b/apparmor.d/abstractions/bus/org.freedesktop.Notifications index c6d8fc6a6..c898fa710 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Notifications +++ b/apparmor.d/abstractions/bus/org.freedesktop.Notifications @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/Notifications interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.PackageKit b/apparmor.d/abstractions/bus/org.freedesktop.PackageKit index 6775a6e6f..304546862 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.PackageKit +++ b/apparmor.d/abstractions/bus/org.freedesktop.PackageKit @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/PackageKit interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 b/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 index 6f05ae688..2b1dce959 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus receive bus=system path=/org/freedesktop/PolicyKit1/Authority interface=org.freedesktop.PolicyKit1.Authority diff --git a/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 b/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 index 9a0fdf9f2..aa344f841 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/RealtimeKit1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver b/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver index f3029c0b7..eee573b3f 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver +++ b/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/ScreenSaver interface=org.freedesktop.ScreenSaver diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files b/apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files index 82124c494..36cac015e 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files +++ b/apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/Tracker3/Endpoint interface=org.freedesktop.DBus.Peer diff --git a/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 b/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 index 956356c55..a1558529b 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 +++ b/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/UDisks2 interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.UPower b/apparmor.d/abstractions/bus/org.freedesktop.UPower index 3d0963ae8..2cdf18362 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.UPower +++ b/apparmor.d/abstractions/bus/org.freedesktop.UPower @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/UPower interface=org.freedesktop.UPower diff --git a/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor b/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor index 374c0693b..9b094aac4 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor +++ b/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/background/monitor interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.hostname1 b/apparmor.d/abstractions/bus/org.freedesktop.hostname1 index 8544b5036..360440016 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.hostname1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.hostname1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/hostname1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore b/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore index 5176d3f33..f294e038d 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore +++ b/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/impl/portal/PermissionStore interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.locale1 b/apparmor.d/abstractions/bus/org.freedesktop.locale1 index 6d8c9649e..cc86d16a5 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.locale1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.locale1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/locale1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.login1 b/apparmor.d/abstractions/bus/org.freedesktop.login1 index 67d24772a..3ecc5e5bd 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.login1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.login1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.login1.Session b/apparmor.d/abstractions/bus/org.freedesktop.login1.Session index 6541fb803..0c5559e20 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.login1.Session +++ b/apparmor.d/abstractions/bus/org.freedesktop.login1.Session @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.network1 b/apparmor.d/abstractions/bus/org.freedesktop.network1 index 7abc771f2..67c2c4012 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.network1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.network1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/network1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop b/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop index 5ce45ef8f..949527dbf 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop +++ b/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/portal/desktop interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.resolve1 b/apparmor.d/abstractions/bus/org.freedesktop.resolve1 index 7c1260c7d..38f102a06 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.resolve1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.resolve1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/resolve1 interface=org.freedesktop.resolve1.Manager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.secrets b/apparmor.d/abstractions/bus/org.freedesktop.secrets index 5f53407c3..4eb008995 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.secrets +++ b/apparmor.d/abstractions/bus/org.freedesktop.secrets @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/secrets{,/**} interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.systemd1 b/apparmor.d/abstractions/bus/org.freedesktop.systemd1 index 46d5fdc82..134af5525 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.systemd1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.systemd1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/systemd1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session b/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session index 2f6bb9922..12a6c94a0 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session +++ b/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/systemd1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.timedate1 b/apparmor.d/abstractions/bus/org.freedesktop.timedate1 index d6748c8da..283313780 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.timedate1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.timedate1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/timedate1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 b/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 index 087a8f08c..69c06a28f 100644 --- a/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 +++ b/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/gnome/ArchiveManager1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.gnome.DisplayManager b/apparmor.d/abstractions/bus/org.gnome.DisplayManager index 3eeb35b69..3048d23ba 100644 --- a/apparmor.d/abstractions/bus/org.gnome.DisplayManager +++ b/apparmor.d/abstractions/bus/org.gnome.DisplayManager @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/gnome/DisplayManager/Manager interface=org.gnome.DisplayManager.Manager diff --git a/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig b/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig index 04d550761..63107f697 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig +++ b/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/gnome/Mutter/DisplayConfig interface=org.gnome.Mutter.DisplayConfig diff --git a/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor b/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor index 648e707c4..2ecc4ad9b 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor +++ b/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/gnome/Mutter/IdleMonitor interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 b/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 index 1a3dc2e0f..50966aa21 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 +++ b/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/gnome/Nautilus/FileOperations2 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.gnome.ScreenSaver b/apparmor.d/abstractions/bus/org.gnome.ScreenSaver index 24c4e37ec..692dc5bd9 100644 --- a/apparmor.d/abstractions/bus/org.gnome.ScreenSaver +++ b/apparmor.d/abstractions/bus/org.gnome.ScreenSaver @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/gnome/ScreenSaver interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.gnome.SessionManager b/apparmor.d/abstractions/bus/org.gnome.SessionManager index 07576ff52..c4a2227b2 100644 --- a/apparmor.d/abstractions/bus/org.gnome.SessionManager +++ b/apparmor.d/abstractions/bus/org.gnome.SessionManager @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # FIXME: Too large, restrict it. diff --git a/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect b/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect index 4356c487b..d65ff07e0 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect +++ b/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/gnome/Shell/Introspect interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor b/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor index 1c3349dc7..b57c53d83 100644 --- a/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor +++ b/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/gtk/Private/RemoteVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor diff --git a/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon b/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon index 5bbfd7594..634b759f8 100644 --- a/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon +++ b/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/gtk/vfs/Daemon interface=org.gtk.vfs.Daemon diff --git a/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata b/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata index a547bc5d4..cccfae178 100644 --- a/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata +++ b/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/gtk/vfs/metadata interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker b/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker index 262982bb1..1538e6ea1 100644 --- a/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker +++ b/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/gtk/vfs/mounttracker interface=org.gtk.vfs.MountTracker diff --git a/apparmor.d/abstractions/bus/org.kde.StatusNotifierItem b/apparmor.d/abstractions/bus/org.kde.StatusNotifierItem index 553195bbc..9bf19f219 100644 --- a/apparmor.d/abstractions/bus/org.kde.StatusNotifierItem +++ b/apparmor.d/abstractions/bus/org.kde.StatusNotifierItem @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include if exists diff --git a/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher b/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher index 28ccc4a4b..7fe310d4c 100644 --- a/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher +++ b/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/StatusNotifierWatcher interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.kde.kwalletd b/apparmor.d/abstractions/bus/org.kde.kwalletd index db103ba85..2a27c0367 100644 --- a/apparmor.d/abstractions/bus/org.kde.kwalletd +++ b/apparmor.d/abstractions/bus/org.kde.kwalletd @@ -1,5 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include if exists diff --git a/apparmor.d/abstractions/common/app b/apparmor.d/abstractions/common/app index 84cd974a0..ea2444117 100644 --- a/apparmor.d/abstractions/common/app +++ b/apparmor.d/abstractions/common/app @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # LOGPROF-SUGGEST: no # Common rules for applications sandboxed using bwrap. diff --git a/apparmor.d/abstractions/common/apt b/apparmor.d/abstractions/common/apt index baa14757d..490943625 100644 --- a/apparmor.d/abstractions/common/apt +++ b/apparmor.d/abstractions/common/apt @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor /usr/share/dpkg/cputable r, /usr/share/dpkg/tupletable r, diff --git a/apparmor.d/abstractions/common/bwrap b/apparmor.d/abstractions/common/bwrap index 4b9610472..d9bca7b09 100644 --- a/apparmor.d/abstractions/common/bwrap +++ b/apparmor.d/abstractions/common/bwrap @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # A minimal set of rules for sandboxed programs using bwrap. # A profile using this abstraction still needs to set: diff --git a/apparmor.d/abstractions/common/chromium b/apparmor.d/abstractions/common/chromium index 842e1f33c..b46fe9051 100644 --- a/apparmor.d/abstractions/common/chromium +++ b/apparmor.d/abstractions/common/chromium @@ -2,6 +2,7 @@ # Copyright (C) 2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # This abstraction is for chromium based application. Chromium based browsers # need to use abstractions/chromium instead. diff --git a/apparmor.d/abstractions/common/electron b/apparmor.d/abstractions/common/electron index 22aa0d784..9061d14e7 100644 --- a/apparmor.d/abstractions/common/electron +++ b/apparmor.d/abstractions/common/electron @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Minimal set of rules for all electron based UI application. It works as a # *function* and requires some variables to be provided as *arguments* and set diff --git a/apparmor.d/abstractions/common/gnome b/apparmor.d/abstractions/common/gnome index 275853d51..03a449cd4 100644 --- a/apparmor.d/abstractions/common/gnome +++ b/apparmor.d/abstractions/common/gnome @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Minimal set of rules for all gnome based UI application. diff --git a/apparmor.d/abstractions/common/systemd b/apparmor.d/abstractions/common/systemd index b98291bf5..bc7c22e71 100644 --- a/apparmor.d/abstractions/common/systemd +++ b/apparmor.d/abstractions/common/systemd @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor ptrace (read) peer=@{p_systemd}, diff --git a/apparmor.d/abstractions/crypto.d/complete b/apparmor.d/abstractions/crypto.d/complete index ccf3d799a..68486ad1c 100644 --- a/apparmor.d/abstractions/crypto.d/complete +++ b/apparmor.d/abstractions/crypto.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include diff --git a/apparmor.d/abstractions/dconf-write b/apparmor.d/abstractions/dconf-write index 58aad166e..6b75c34d3 100644 --- a/apparmor.d/abstractions/dconf-write +++ b/apparmor.d/abstractions/dconf-write @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Permissions for querying dconf settings with write access; use the dconf # abstraction first, and dconf-write only for specific application's profile. diff --git a/apparmor.d/abstractions/deny-sensitive-home b/apparmor.d/abstractions/deny-sensitive-home index ccae3cf45..fef546b67 100644 --- a/apparmor.d/abstractions/deny-sensitive-home +++ b/apparmor.d/abstractions/deny-sensitive-home @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # DO NOT USE IT WITHOUT EXPLICIT AUTHORISATION FROM THE PROJECT MAINTAINER diff --git a/apparmor.d/abstractions/desktop b/apparmor.d/abstractions/desktop index bc273a006..e30be1cec 100644 --- a/apparmor.d/abstractions/desktop +++ b/apparmor.d/abstractions/desktop @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Unified minimal abstraction for all UI application regardless of the desktop environment. diff --git a/apparmor.d/abstractions/devices-usb b/apparmor.d/abstractions/devices-usb index 9d9db462e..48c5b783f 100644 --- a/apparmor.d/abstractions/devices-usb +++ b/apparmor.d/abstractions/devices-usb @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor /dev/ r, /dev/bus/usb/ r, diff --git a/apparmor.d/abstractions/disks-read b/apparmor.d/abstractions/disks-read index 2b89a1308..90453aac5 100644 --- a/apparmor.d/abstractions/disks-read +++ b/apparmor.d/abstractions/disks-read @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # The /sys/ entries probably should be tightened diff --git a/apparmor.d/abstractions/disks-write b/apparmor.d/abstractions/disks-write index b6937698c..725beba73 100644 --- a/apparmor.d/abstractions/disks-write +++ b/apparmor.d/abstractions/disks-write @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # The /sys/ entries probably should be tightened diff --git a/apparmor.d/abstractions/dri b/apparmor.d/abstractions/dri index b6c6dc23b..8c1341dc7 100644 --- a/apparmor.d/abstractions/dri +++ b/apparmor.d/abstractions/dri @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # The Direct Rendering Infrastructure (DRI) is the framework comprising the modern # Linux graphics stack which allows unprivileged user-space programs to issue diff --git a/apparmor.d/abstractions/fish b/apparmor.d/abstractions/fish index c5ed229c0..af02b010b 100644 --- a/apparmor.d/abstractions/fish +++ b/apparmor.d/abstractions/fish @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # This abstraction is only required when an interactive shell is started. # Classic shell scripts do not need it. diff --git a/apparmor.d/abstractions/fontconfig-cache-read b/apparmor.d/abstractions/fontconfig-cache-read index 2873ebe45..252b56590 100644 --- a/apparmor.d/abstractions/fontconfig-cache-read +++ b/apparmor.d/abstractions/fontconfig-cache-read @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # The fontconfig cache can be generated via the following command: # $ fc-cache -f -v diff --git a/apparmor.d/abstractions/fontconfig-cache-write b/apparmor.d/abstractions/fontconfig-cache-write index c9bb799cd..73ebe1503 100644 --- a/apparmor.d/abstractions/fontconfig-cache-write +++ b/apparmor.d/abstractions/fontconfig-cache-write @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor owner @{user_cache_dirs}/fontconfig/ rw, owner @{user_cache_dirs}/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw, diff --git a/apparmor.d/abstractions/freedesktop.org.d/complete b/apparmor.d/abstractions/freedesktop.org.d/complete index 7313fbca1..91fadcf5f 100644 --- a/apparmor.d/abstractions/freedesktop.org.d/complete +++ b/apparmor.d/abstractions/freedesktop.org.d/complete @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor @{system_share_dirs}/*ubuntu/applications/{,**} r, @{system_share_dirs}/gnome/applications/{,**} r, diff --git a/apparmor.d/abstractions/gnome-strict b/apparmor.d/abstractions/gnome-strict index ba566cd69..71f266b00 100644 --- a/apparmor.d/abstractions/gnome-strict +++ b/apparmor.d/abstractions/gnome-strict @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include include diff --git a/apparmor.d/abstractions/gnome.d/complete b/apparmor.d/abstractions/gnome.d/complete index 3d204be7d..0dc468632 100644 --- a/apparmor.d/abstractions/gnome.d/complete +++ b/apparmor.d/abstractions/gnome.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include diff --git a/apparmor.d/abstractions/graphics b/apparmor.d/abstractions/graphics index 85589272f..a222c1db9 100644 --- a/apparmor.d/abstractions/graphics +++ b/apparmor.d/abstractions/graphics @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include include diff --git a/apparmor.d/abstractions/graphics-full b/apparmor.d/abstractions/graphics-full index e9480d217..62334b864 100644 --- a/apparmor.d/abstractions/graphics-full +++ b/apparmor.d/abstractions/graphics-full @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include diff --git a/apparmor.d/abstractions/gstreamer b/apparmor.d/abstractions/gstreamer index 87bf1c1b3..58aa8eca4 100644 --- a/apparmor.d/abstractions/gstreamer +++ b/apparmor.d/abstractions/gstreamer @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor @{lib}/@{multiarch}/libproxy/*/modules/*.so mr, @{lib}/@{multiarch}/libvisual-[0-9].[0-9]/*/*.so mr, diff --git a/apparmor.d/abstractions/gtk.d/complete b/apparmor.d/abstractions/gtk.d/complete index 942713159..1efef2f9c 100644 --- a/apparmor.d/abstractions/gtk.d/complete +++ b/apparmor.d/abstractions/gtk.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session interface=org.gtk.Actions diff --git a/apparmor.d/abstractions/ibus.d/complete b/apparmor.d/abstractions/ibus.d/complete index c09e3ad6f..c5a56891a 100644 --- a/apparmor.d/abstractions/ibus.d/complete +++ b/apparmor.d/abstractions/ibus.d/complete @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # abstract path in ibus < 1.5.22 uses /tmp unix (connect, receive, send) diff --git a/apparmor.d/abstractions/kde-open5.d/complete b/apparmor.d/abstractions/kde-open5.d/complete index c3206ba85..dd4266623 100644 --- a/apparmor.d/abstractions/kde-open5.d/complete +++ b/apparmor.d/abstractions/kde-open5.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor @{bin}/kde-open rix, diff --git a/apparmor.d/abstractions/kde-strict b/apparmor.d/abstractions/kde-strict index e05ad466a..e89ad2acd 100644 --- a/apparmor.d/abstractions/kde-strict +++ b/apparmor.d/abstractions/kde-strict @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include include diff --git a/apparmor.d/abstractions/mesa.d/complete b/apparmor.d/abstractions/mesa.d/complete index 1a77e3e7c..e0e1aab2e 100644 --- a/apparmor.d/abstractions/mesa.d/complete +++ b/apparmor.d/abstractions/mesa.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Extra Mesa rules for desktop environments owner @{desktop_cache_dirs}/ w, diff --git a/apparmor.d/abstractions/nameservice-strict b/apparmor.d/abstractions/nameservice-strict index ad10304c4..6a43b8db0 100644 --- a/apparmor.d/abstractions/nameservice-strict +++ b/apparmor.d/abstractions/nameservice-strict @@ -2,6 +2,7 @@ # Copyright (C) 2019-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Many programs wish to perform nameservice-like operations, such as looking up # users by name or id, groups by name or id, hosts by name or IP, etc. diff --git a/apparmor.d/abstractions/nvidia-strict b/apparmor.d/abstractions/nvidia-strict index e5102cb24..b112e99eb 100644 --- a/apparmor.d/abstractions/nvidia-strict +++ b/apparmor.d/abstractions/nvidia-strict @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor @{bin}/nvidia-modprobe Px -> child-modprobe-nvidia, diff --git a/apparmor.d/abstractions/nvidia.d/complete b/apparmor.d/abstractions/nvidia.d/complete index 08d3b91bc..1c79790cc 100644 --- a/apparmor.d/abstractions/nvidia.d/complete +++ b/apparmor.d/abstractions/nvidia.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor unix (send, receive) type=dgram peer=(addr="@var/run/nvidia-xdriver-*"), diff --git a/apparmor.d/abstractions/opencl-intel.d/complete b/apparmor.d/abstractions/opencl-intel.d/complete index c250a369a..f3fc8cc7e 100644 --- a/apparmor.d/abstractions/opencl-intel.d/complete +++ b/apparmor.d/abstractions/opencl-intel.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor /opt/intel/oneapi/{compiler,lib,mkl}/**/ r, /opt/intel/oneapi/{compiler,lib,mkl}/**.so* mr, diff --git a/apparmor.d/abstractions/python.d/complete b/apparmor.d/abstractions/python.d/complete index 9638a61a5..405e6a808 100644 --- a/apparmor.d/abstractions/python.d/complete +++ b/apparmor.d/abstractions/python.d/complete @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor @{bin}/ r, @{bin}/python{2.[4-7],3,3.[0-9],3.1[0-9]} r, diff --git a/apparmor.d/abstractions/qt5-shader-cache b/apparmor.d/abstractions/qt5-shader-cache index 05c4091f0..a6224251c 100644 --- a/apparmor.d/abstractions/qt5-shader-cache +++ b/apparmor.d/abstractions/qt5-shader-cache @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor owner @{user_cache_dirs}/ w, owner @{user_cache_dirs}/qtshadercache/ rw, diff --git a/apparmor.d/abstractions/qt5.d/complete b/apparmor.d/abstractions/qt5.d/complete index fadb39931..d02f57303 100644 --- a/apparmor.d/abstractions/qt5.d/complete +++ b/apparmor.d/abstractions/qt5.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor /usr/share/qt{,5,6}/qtlogging.ini r, /usr/share/qt{,5,6}/resources/*.pak r, diff --git a/apparmor.d/abstractions/shells b/apparmor.d/abstractions/shells index 5583f599d..adf995036 100644 --- a/apparmor.d/abstractions/shells +++ b/apparmor.d/abstractions/shells @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # This abstraction is only required when an interactive shell is started. # Classic shell scripts do not need it. diff --git a/apparmor.d/abstractions/thumbnails-cache-read b/apparmor.d/abstractions/thumbnails-cache-read index 3c947d2ae..f191fc9e8 100644 --- a/apparmor.d/abstractions/thumbnails-cache-read +++ b/apparmor.d/abstractions/thumbnails-cache-read @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor owner @{user_cache_dirs}/thumbnails/ r, owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/ r, diff --git a/apparmor.d/abstractions/thumbnails-cache-write b/apparmor.d/abstractions/thumbnails-cache-write index 5bcca4d4b..100dc6296 100644 --- a/apparmor.d/abstractions/thumbnails-cache-write +++ b/apparmor.d/abstractions/thumbnails-cache-write @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor owner @{user_cache_dirs}/thumbnails/ rw, owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/ rw, diff --git a/apparmor.d/abstractions/trash-strict b/apparmor.d/abstractions/trash-strict index 212385774..e3c3b3bf8 100644 --- a/apparmor.d/abstractions/trash-strict +++ b/apparmor.d/abstractions/trash-strict @@ -2,6 +2,7 @@ # Copyright (C) 2018-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Already upstreamed. Different because recent change does not play well # with upstream's version. diff --git a/apparmor.d/abstractions/trash.d/complete b/apparmor.d/abstractions/trash.d/complete index 29d5d021a..cbc79c530 100644 --- a/apparmor.d/abstractions/trash.d/complete +++ b/apparmor.d/abstractions/trash.d/complete @@ -2,6 +2,7 @@ # Copyright (C) 2018-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor owner @{user_config_dirs}/trashrc rw, owner @{user_config_dirs}/trashrc.lock rwk, diff --git a/apparmor.d/abstractions/uim b/apparmor.d/abstractions/uim index 24b430b10..7d9d64e0e 100644 --- a/apparmor.d/abstractions/uim +++ b/apparmor.d/abstractions/uim @@ -2,6 +2,7 @@ # Copyright (C) 2024 Alexandre Pujol # Copyright (C) 2024 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor /usr/share/uim/* r, diff --git a/apparmor.d/abstractions/user-download-strict b/apparmor.d/abstractions/user-download-strict index ee23bce39..89cc65156 100644 --- a/apparmor.d/abstractions/user-download-strict +++ b/apparmor.d/abstractions/user-download-strict @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor owner @{HOME}/@{XDG_DESKTOP_DIR}/ w, owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ w, diff --git a/apparmor.d/abstractions/user-read b/apparmor.d/abstractions/user-read index b79e78eae..7c54c8af7 100644 --- a/apparmor.d/abstractions/user-read +++ b/apparmor.d/abstractions/user-read @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Warning: This abstraction gives unrestricted read access on all non hidden user directories. diff --git a/apparmor.d/abstractions/user-read-strict b/apparmor.d/abstractions/user-read-strict index 3ff81e66a..b3274bfe6 100644 --- a/apparmor.d/abstractions/user-read-strict +++ b/apparmor.d/abstractions/user-read-strict @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # This abstraction gives read access on all defined user directories. It should # only be used if access to **ALL** folders is required. diff --git a/apparmor.d/abstractions/user-write-strict b/apparmor.d/abstractions/user-write-strict index 51fe3e08d..c18bfd47b 100644 --- a/apparmor.d/abstractions/user-write-strict +++ b/apparmor.d/abstractions/user-write-strict @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # This abstraction gives write only access on all defined user directories. It should # only be used if access to **ALL** folders is required. diff --git a/apparmor.d/abstractions/user-write.d/complete b/apparmor.d/abstractions/user-write.d/complete index 8f73b06e6..dc39c5efe 100644 --- a/apparmor.d/abstractions/user-write.d/complete +++ b/apparmor.d/abstractions/user-write.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Warning: This abstraction gives unrestricted write access on all non hidden user directories. diff --git a/apparmor.d/abstractions/video.d/complete b/apparmor.d/abstractions/video.d/complete index e36b3128b..46628d3e4 100644 --- a/apparmor.d/abstractions/video.d/complete +++ b/apparmor.d/abstractions/video.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor @{run}/udev/data/c81:@{int} r, # For video4linux diff --git a/apparmor.d/abstractions/vulkan-strict b/apparmor.d/abstractions/vulkan-strict index f5926fc20..1cdf3bc8d 100644 --- a/apparmor.d/abstractions/vulkan-strict +++ b/apparmor.d/abstractions/vulkan-strict @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor /usr/share/egl/egl_external_platform.d/{,*.json} r, /usr/share/glvnd/egl_vendor.d/{,*.json} r, diff --git a/apparmor.d/abstractions/vulkan.d/complete b/apparmor.d/abstractions/vulkan.d/complete index 9df2edd4b..41b308d98 100644 --- a/apparmor.d/abstractions/vulkan.d/complete +++ b/apparmor.d/abstractions/vulkan.d/complete @@ -1,5 +1,6 @@ # apparmor.d - Full set of apparmor profiles # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor /etc/glvnd/egl_vendor.d/{,*.json} r, /usr/share/glvnd/egl_vendor.d/{,*.json} r, diff --git a/apparmor.d/abstractions/wayland.d/complete b/apparmor.d/abstractions/wayland.d/complete index 1029e0a1f..b228c4fd0 100644 --- a/apparmor.d/abstractions/wayland.d/complete +++ b/apparmor.d/abstractions/wayland.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor owner @{user_config_dirs}/ibus/bus/@{hex32}-unix-wayland-@{int} r, diff --git a/apparmor.d/abstractions/xfce b/apparmor.d/abstractions/xfce index eff45b142..810079c9c 100644 --- a/apparmor.d/abstractions/xfce +++ b/apparmor.d/abstractions/xfce @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include include diff --git a/apparmor.d/abstractions/zsh b/apparmor.d/abstractions/zsh index 4addfdac9..a914fed89 100644 --- a/apparmor.d/abstractions/zsh +++ b/apparmor.d/abstractions/zsh @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # This abstraction is only required when an interactive shell is started. # Classic shell scripts do not need it. From eb480672f32873d71f03394c7904381a24eb5949 Mon Sep 17 00:00:00 2001 From: REmerald <55359236+REmerald@users.noreply.github.com> Date: Sat, 15 Jun 2024 16:52:31 +0300 Subject: [PATCH 55/70] fix(abstractions, tunables): move vim modeline Move vim syntax comment to the end of the file, separated by newline, as requested in #380. --- apparmor.d/abstractions/X-strict | 3 ++- apparmor.d/abstractions/X.d/complete | 3 ++- apparmor.d/abstractions/app-launcher-root | 5 +++-- apparmor.d/abstractions/app-launcher-user | 5 +++-- apparmor.d/abstractions/app-open | 3 ++- apparmor.d/abstractions/app/chromium | 3 ++- apparmor.d/abstractions/app/editor | 3 ++- apparmor.d/abstractions/app/firefox | 3 ++- apparmor.d/abstractions/app/open | 3 ++- apparmor.d/abstractions/app/pgrep | 3 ++- apparmor.d/abstractions/app/sudo | 3 ++- apparmor.d/abstractions/app/systemctl | 3 ++- apparmor.d/abstractions/audio-client | 3 ++- apparmor.d/abstractions/audio-server | 3 ++- apparmor.d/abstractions/audio.d/complete | 3 ++- apparmor.d/abstractions/authentication.d/complete | 2 +- apparmor.d/abstractions/base.d/complete | 3 ++- apparmor.d/abstractions/bash-strict | 3 ++- apparmor.d/abstractions/bash.d/complete | 3 ++- apparmor.d/abstractions/bus-accessibility | 3 ++- apparmor.d/abstractions/bus-session | 3 ++- apparmor.d/abstractions/bus-system | 3 ++- .../abstractions/bus/com.canonical.Unity.LauncherEntry | 3 ++- apparmor.d/abstractions/bus/com.canonical.dbusmenu | 3 ++- apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 | 3 ++- apparmor.d/abstractions/bus/net.hadess.PowerProfiles | 3 ++- apparmor.d/abstractions/bus/net.hadess.SwitcherooControl | 3 ++- apparmor.d/abstractions/bus/net.reactivated.Fprint | 3 ++- apparmor.d/abstractions/bus/org.a11y | 3 ++- apparmor.d/abstractions/bus/org.bluez | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.Accounts | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.Avahi | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.ColorManager | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.FileManager1 | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.NetworkManager | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.Notifications | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.PackageKit | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver | 3 ++- .../abstractions/bus/org.freedesktop.Tracker3.Miner.Files | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.UDisks2 | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.UPower | 3 ++- .../abstractions/bus/org.freedesktop.background.Monitor | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.hostname1 | 3 ++- .../bus/org.freedesktop.impl.portal.PermissionStore | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.locale1 | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.login1 | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.login1.Session | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.network1 | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.resolve1 | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.secrets | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.systemd1 | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.systemd1-session | 3 ++- apparmor.d/abstractions/bus/org.freedesktop.timedate1 | 3 ++- apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 | 3 ++- apparmor.d/abstractions/bus/org.gnome.DisplayManager | 3 ++- apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig | 3 ++- apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor | 3 ++- .../abstractions/bus/org.gnome.Nautilus.FileOperations2 | 3 ++- apparmor.d/abstractions/bus/org.gnome.ScreenSaver | 3 ++- apparmor.d/abstractions/bus/org.gnome.SessionManager | 3 ++- apparmor.d/abstractions/bus/org.gnome.Shell.Introspect | 3 ++- .../abstractions/bus/org.gtk.Private.RemoteVolumeMonitor | 3 ++- apparmor.d/abstractions/bus/org.gtk.vfs.Daemon | 3 ++- apparmor.d/abstractions/bus/org.gtk.vfs.Metadata | 3 ++- apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker | 3 ++- apparmor.d/abstractions/bus/org.kde.StatusNotifierItem | 3 ++- apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher | 3 ++- apparmor.d/abstractions/bus/org.kde.kwalletd | 3 ++- apparmor.d/abstractions/common/app | 5 +++-- apparmor.d/abstractions/common/apt | 5 +++-- apparmor.d/abstractions/common/bwrap | 3 ++- apparmor.d/abstractions/common/chromium | 5 +++-- apparmor.d/abstractions/common/electron | 5 +++-- apparmor.d/abstractions/common/gnome | 5 +++-- apparmor.d/abstractions/common/systemd | 5 +++-- apparmor.d/abstractions/crypto.d/complete | 3 ++- apparmor.d/abstractions/dconf-write | 3 ++- apparmor.d/abstractions/deny-sensitive-home | 3 ++- apparmor.d/abstractions/desktop | 3 ++- apparmor.d/abstractions/devices-usb | 5 +++-- apparmor.d/abstractions/disks-read | 3 ++- apparmor.d/abstractions/disks-write | 3 ++- apparmor.d/abstractions/dri | 3 ++- apparmor.d/abstractions/fish | 3 ++- apparmor.d/abstractions/fontconfig-cache-read | 3 ++- apparmor.d/abstractions/fontconfig-cache-write | 3 ++- apparmor.d/abstractions/freedesktop.org.d/complete | 3 ++- apparmor.d/abstractions/gnome-strict | 3 ++- apparmor.d/abstractions/gnome.d/complete | 3 ++- apparmor.d/abstractions/graphics | 3 ++- apparmor.d/abstractions/graphics-full | 3 ++- apparmor.d/abstractions/gstreamer | 3 ++- apparmor.d/abstractions/gtk.d/complete | 3 ++- apparmor.d/abstractions/ibus.d/complete | 3 ++- apparmor.d/abstractions/kde-open5.d/complete | 3 ++- apparmor.d/abstractions/kde-strict | 3 ++- apparmor.d/abstractions/mesa.d/complete | 3 ++- apparmor.d/abstractions/nameservice-strict | 3 ++- apparmor.d/abstractions/nvidia-strict | 3 ++- apparmor.d/abstractions/nvidia.d/complete | 3 ++- apparmor.d/abstractions/opencl-intel.d/complete | 3 ++- apparmor.d/abstractions/python.d/complete | 3 ++- apparmor.d/abstractions/qt5-shader-cache | 3 ++- apparmor.d/abstractions/qt5.d/complete | 3 ++- apparmor.d/abstractions/shells | 3 ++- apparmor.d/abstractions/thumbnails-cache-read | 3 ++- apparmor.d/abstractions/thumbnails-cache-write | 3 ++- apparmor.d/abstractions/trash-strict | 3 ++- apparmor.d/abstractions/trash.d/complete | 3 ++- apparmor.d/abstractions/uim | 5 +++-- apparmor.d/abstractions/user-download-strict | 3 ++- apparmor.d/abstractions/user-read | 5 +++-- apparmor.d/abstractions/user-read-strict | 5 +++-- apparmor.d/abstractions/user-write-strict | 5 +++-- apparmor.d/abstractions/user-write.d/complete | 3 ++- apparmor.d/abstractions/video.d/complete | 3 ++- apparmor.d/abstractions/vulkan-strict | 3 ++- apparmor.d/abstractions/vulkan.d/complete | 3 ++- apparmor.d/abstractions/wayland.d/complete | 3 ++- apparmor.d/abstractions/xfce | 3 ++- apparmor.d/abstractions/zsh | 5 +++-- apparmor.d/tunables/home.d/apparmor.d | 3 ++- apparmor.d/tunables/home.d/whonix | 3 ++- apparmor.d/tunables/multiarch.d/paths | 3 ++- apparmor.d/tunables/multiarch.d/profiles | 3 ++- apparmor.d/tunables/multiarch.d/programs | 3 ++- apparmor.d/tunables/multiarch.d/system | 3 ++- apparmor.d/tunables/multiarch.d/system-users | 3 ++- apparmor.d/tunables/xdg-user-dirs.d/apparmor.d | 3 ++- 134 files changed, 281 insertions(+), 148 deletions(-) diff --git a/apparmor.d/abstractions/X-strict b/apparmor.d/abstractions/X-strict index a2922b40a..0998bbb44 100644 --- a/apparmor.d/abstractions/X-strict +++ b/apparmor.d/abstractions/X-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # The unix socket to use to connect to the display unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"), @@ -30,3 +29,5 @@ owner @{run}/user/@{uid}/xauth_@{rand6} rl -> @{run}/user/@{uid}/#@{int}, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/X.d/complete b/apparmor.d/abstractions/X.d/complete index 533a132b9..8a6636664 100644 --- a/apparmor.d/abstractions/X.d/complete +++ b/apparmor.d/abstractions/X.d/complete @@ -2,7 +2,8 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Available Xsessions /usr/share/xsessions/{,*.desktop} r, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/app-launcher-root b/apparmor.d/abstractions/app-launcher-root index 0f5bf70eb..c31d328fb 100644 --- a/apparmor.d/abstractions/app-launcher-root +++ b/apparmor.d/abstractions/app-launcher-root @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{bin}/* PUx, /usr/local/{s,}bin/* PUx, @@ -12,4 +11,6 @@ /usr/ r, /usr/local/{s,}bin/ r, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/app-launcher-user b/apparmor.d/abstractions/app-launcher-user index 062cd0967..5e7c50824 100644 --- a/apparmor.d/abstractions/app-launcher-user +++ b/apparmor.d/abstractions/app-launcher-user @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{bin}/* PUx, /opt/*/** PUx, @@ -22,4 +21,6 @@ /usr/ r, /usr/local/bin/ r, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/app-open b/apparmor.d/abstractions/app-open index 827722575..513924de6 100644 --- a/apparmor.d/abstractions/app-open +++ b/apparmor.d/abstractions/app-open @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Instead of allowing the run of all software in @{bin}/, @{lib} the purpose of # this abstraction is to list all GUI program that can open resources. @@ -52,3 +51,5 @@ include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/app/chromium b/apparmor.d/abstractions/app/chromium index c69e893ea..41bbab892 100644 --- a/apparmor.d/abstractions/app/chromium +++ b/apparmor.d/abstractions/app/chromium @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Full set of rules for all chromium based browsers. It works as a *function* # and requires some variables to be provided as *arguments* and set in the @@ -210,3 +209,5 @@ deny @{user_share_dirs}/gvfs-metadata/* r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/app/editor b/apparmor.d/abstractions/app/editor index 1ec287505..f0972f3e7 100644 --- a/apparmor.d/abstractions/app/editor +++ b/apparmor.d/abstractions/app/editor @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Zane Zakraisek # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include @@ -27,3 +26,5 @@ owner @{user_config_dirs}/vim/{,**} r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/app/firefox b/apparmor.d/abstractions/app/firefox index 4bb1311b7..bf86f419c 100644 --- a/apparmor.d/abstractions/app/firefox +++ b/apparmor.d/abstractions/app/firefox @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Full set of rules for all firefox based browsers. It works as a *function* # and requires some variables to be provided as *arguments* and set in the @@ -159,3 +158,5 @@ deny @{run}/user/@{uid}/gnome-shell-disable-extensions w, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/app/open b/apparmor.d/abstractions/app/open index b68c979d0..f93a1c444 100644 --- a/apparmor.d/abstractions/app/open +++ b/apparmor.d/abstractions/app/open @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Full set of rules for child-open-* profiles. @@ -14,3 +13,5 @@ /dev/tty rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/app/pgrep b/apparmor.d/abstractions/app/pgrep index 9d722ee42..4bab75387 100644 --- a/apparmor.d/abstractions/app/pgrep +++ b/apparmor.d/abstractions/app/pgrep @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Minimal set of rules for pgrep. @@ -24,3 +23,5 @@ @{PROC}/uptime r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/app/sudo b/apparmor.d/abstractions/app/sudo index 6529f5bcb..6fba1adfd 100644 --- a/apparmor.d/abstractions/app/sudo +++ b/apparmor.d/abstractions/app/sudo @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Minimal set of rules for sudo. Interactive sudo need more rules. @@ -69,3 +68,5 @@ deny @{user_share_dirs}/gvfs-metadata/* r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/app/systemctl b/apparmor.d/abstractions/app/systemctl index e486670c0..62b4aafdf 100644 --- a/apparmor.d/abstractions/app/systemctl +++ b/apparmor.d/abstractions/app/systemctl @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include include @@ -27,3 +26,5 @@ owner @{PROC}/@{pid}/stat r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/audio-client b/apparmor.d/abstractions/audio-client index 1733cdbe0..ca4a8e16c 100644 --- a/apparmor.d/abstractions/audio-client +++ b/apparmor.d/abstractions/audio-client @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Most programs do not need access to audio devices, audio-client only includes # configuration files to be used by client applications. @@ -59,3 +58,5 @@ owner /dev/shm/pulse-shm-@{int} rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/audio-server b/apparmor.d/abstractions/audio-server index cfb6804e3..619ba1111 100644 --- a/apparmor.d/abstractions/audio-server +++ b/apparmor.d/abstractions/audio-server @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Provide access to audio devices. It should only be used by audio servers that # need direct access to them. @@ -44,3 +43,5 @@ /dev/sound/* rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/audio.d/complete b/apparmor.d/abstractions/audio.d/complete index e115e1045..01d94e067 100644 --- a/apparmor.d/abstractions/audio.d/complete +++ b/apparmor.d/abstractions/audio.d/complete @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # PulseAudio module-ladspa-sink (plugin sc4m_1916) @{lib}/ladspa/ r, @@ -12,3 +11,5 @@ @{sys}/class/ r, @{sys}/class/sound/ r, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/authentication.d/complete b/apparmor.d/abstractions/authentication.d/complete index 831ad3df8..63819cc1b 100644 --- a/apparmor.d/abstractions/authentication.d/complete +++ b/apparmor.d/abstractions/authentication.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{bin}/pam-tmpdir-helper rPx, @@ -13,3 +12,4 @@ @{lib}/security-misc/pam-abort-on-locked-password rPx, @{lib}/security-misc/pam-info rPx, +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/base.d/complete b/apparmor.d/abstractions/base.d/complete index e0e9f7227..e9761b843 100644 --- a/apparmor.d/abstractions/base.d/complete +++ b/apparmor.d/abstractions/base.d/complete @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Allow to receive some signals from new well-known profiles signal (receive) peer=btop, @@ -30,3 +29,5 @@ @{PROC}/sys/kernel/core_pattern r, deny /apparmor/.null rw, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bash-strict b/apparmor.d/abstractions/bash-strict index e79dd7091..eb4f65230 100644 --- a/apparmor.d/abstractions/bash-strict +++ b/apparmor.d/abstractions/bash-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction is only required when an interactive shell is started. # Classic shell scripts do not need it. @@ -34,3 +33,5 @@ owner @{PROC}/@{pid}/mounts r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bash.d/complete b/apparmor.d/abstractions/bash.d/complete index 014535a31..6d16109de 100644 --- a/apparmor.d/abstractions/bash.d/complete +++ b/apparmor.d/abstractions/bash.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /usr/share/bash-completion/{,**} r, @@ -10,3 +9,5 @@ owner @{HOME}/.alias r, owner @{HOME}/.i18n r, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus-accessibility b/apparmor.d/abstractions/bus-accessibility index e38e6c223..f032f842b 100644 --- a/apparmor.d/abstractions/bus-accessibility +++ b/apparmor.d/abstractions/bus-accessibility @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=accessibility path=/org/freedesktop/DBus interface=org.freedesktop.DBus @@ -18,3 +17,5 @@ owner @{run}/user/@{uid}/at-spi/bus_@{int} rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus-session b/apparmor.d/abstractions/bus-session index ed64ad22e..d5ca957e8 100644 --- a/apparmor.d/abstractions/bus-session +++ b/apparmor.d/abstractions/bus-session @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor unix (bind, listen) type=stream addr="@/tmp/dbus-*", unix (connect, send, receive, accept) type=stream addr="@/tmp/dbus-*", @@ -26,3 +25,5 @@ owner @{run}/user/@{uid}/bus rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus-system b/apparmor.d/abstractions/bus-system index 9dbc80371..0148d0711 100644 --- a/apparmor.d/abstractions/bus-system +++ b/apparmor.d/abstractions/bus-system @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus @@ -16,3 +15,5 @@ @{run}/dbus/system_bus_socket rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry b/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry index 0f6953254..3eceb53ab 100644 --- a/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry +++ b/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Access required for connecting to/communicating with the Unity Launcher @@ -21,3 +20,5 @@ peer=(name=:*, label=gnome-shell), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/com.canonical.dbusmenu b/apparmor.d/abstractions/bus/com.canonical.dbusmenu index e28a878a0..290a86de8 100644 --- a/apparmor.d/abstractions/bus/com.canonical.dbusmenu +++ b/apparmor.d/abstractions/bus/com.canonical.dbusmenu @@ -1,7 +1,8 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 b/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 index c6c5b5c5b..a8e3d52a5 100644 --- a/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 +++ b/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/fi/w1/wpa_supplicant1 interface=org.freedesktop.DBus.Properties @@ -49,3 +48,5 @@ peer=(name=:*, label=wpa-supplicant), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/net.hadess.PowerProfiles b/apparmor.d/abstractions/bus/net.hadess.PowerProfiles index 1e046af3a..b4032e033 100644 --- a/apparmor.d/abstractions/bus/net.hadess.PowerProfiles +++ b/apparmor.d/abstractions/bus/net.hadess.PowerProfiles @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/net/hadess/PowerProfiles interface=org.freedesktop.DBus.Properties @@ -9,3 +8,5 @@ peer=(name=:*, label=power-profiles-daemon), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl b/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl index 185117e4d..55e4f414d 100644 --- a/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl +++ b/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/net/hadess/SwitcherooControl interface=org.freedesktop.DBus.Properties @@ -9,3 +8,5 @@ peer=(name=:*, label=switcheroo-control), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/net.reactivated.Fprint b/apparmor.d/abstractions/bus/net.reactivated.Fprint index 2b0c63376..7e7b21565 100644 --- a/apparmor.d/abstractions/bus/net.reactivated.Fprint +++ b/apparmor.d/abstractions/bus/net.reactivated.Fprint @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/net/reactivated/Fprint/Manager interface=net.reactivated.Fprint.Manager @@ -19,3 +18,5 @@ peer=(name=net.reactivated.Fprint, label=fprintd), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.a11y b/apparmor.d/abstractions/bus/org.a11y index 306c2291d..5103361c9 100644 --- a/apparmor.d/abstractions/bus/org.a11y +++ b/apparmor.d/abstractions/bus/org.a11y @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Accessibility bus @@ -43,3 +42,5 @@ peer=(name=org.a11y.Bus), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.bluez b/apparmor.d/abstractions/bus/org.bluez index 3a53931e6..7c86817f5 100644 --- a/apparmor.d/abstractions/bus/org.bluez +++ b/apparmor.d/abstractions/bus/org.bluez @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus receive bus=system path=/ interface=org.freedesktop.DBus.ObjectManager @@ -44,3 +43,5 @@ peer=(name=org.bluez, label=bluetoothd), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Accounts b/apparmor.d/abstractions/bus/org.freedesktop.Accounts index b53276bbd..10a9e8fc0 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Accounts +++ b/apparmor.d/abstractions/bus/org.freedesktop.Accounts @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/Accounts interface=org.freedesktop.Accounts @@ -29,3 +28,5 @@ peer=(name=:*, label=accounts-daemon), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Avahi b/apparmor.d/abstractions/bus/org.freedesktop.Avahi index 82827f6bb..8b24700db 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Avahi +++ b/apparmor.d/abstractions/bus/org.freedesktop.Avahi @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/ interface=org.freedesktop.DBus.Peer @@ -24,3 +23,5 @@ peer=(name=:*, label=avahi-daemon), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ColorManager b/apparmor.d/abstractions/bus/org.freedesktop.ColorManager index e4ec4c47c..3950b77aa 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.ColorManager +++ b/apparmor.d/abstractions/bus/org.freedesktop.ColorManager @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/ColorManager interface=org.freedesktop.ColorManager @@ -24,3 +23,5 @@ peer=(name=:*, label=colord), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 b/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 index a25a1600c..b4e985b9e 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/FileManager1 interface=org.freedesktop.DBus.Properties @@ -14,3 +13,5 @@ peer=(name=:*, label=nautilus), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 b/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 index 714ee8c22..836e99d94 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 +++ b/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/GeoClue2/Manager interface=org.freedesktop.DBus.Properties @@ -34,3 +33,5 @@ peer=(name=:*, label=geoclue), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 b/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 index 655d50d97..217b588a4 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/ModemManager1 interface=org.freedesktop.DBus.ObjectManager @@ -19,3 +18,5 @@ peer=(name=:*, label=ModemManager), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager b/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager index 6bed5af41..0fa92d3cc 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager +++ b/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop interface=org.freedesktop.DBus.ObjectManager @@ -74,3 +73,5 @@ peer=(name="{:*,org.freedesktop.NetworkManager}", label=NetworkManager), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Notifications b/apparmor.d/abstractions/bus/org.freedesktop.Notifications index c898fa710..90ee1aefc 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Notifications +++ b/apparmor.d/abstractions/bus/org.freedesktop.Notifications @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/Notifications interface=org.freedesktop.DBus.Properties @@ -24,3 +23,5 @@ peer=(name=org.freedesktop.DBus, label=gjs-console), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.PackageKit b/apparmor.d/abstractions/bus/org.freedesktop.PackageKit index 304546862..7cdd9a3ce 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.PackageKit +++ b/apparmor.d/abstractions/bus/org.freedesktop.PackageKit @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/PackageKit interface=org.freedesktop.DBus.Properties @@ -23,3 +22,5 @@ peer=(name=org.freedesktop.PackageKit, label=packagekitd), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 b/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 index 2b1dce959..3201e48ce 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus receive bus=system path=/org/freedesktop/PolicyKit1/Authority interface=org.freedesktop.PolicyKit1.Authority @@ -33,3 +32,5 @@ peer=(name=:*, label=polkitd), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 b/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 index aa344f841..474c4c625 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/RealtimeKit1 interface=org.freedesktop.DBus.Properties @@ -29,3 +28,5 @@ peer=(name=org.freedesktop.RealtimeKit1, label=rtkit-daemon), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver b/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver index eee573b3f..842057a1d 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver +++ b/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/ScreenSaver interface=org.freedesktop.ScreenSaver @@ -9,3 +8,5 @@ peer=(name=org.freedesktop.ScreenSaver), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files b/apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files index 36cac015e..567740a35 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files +++ b/apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/Tracker3/Endpoint interface=org.freedesktop.DBus.Peer @@ -14,3 +13,5 @@ peer=(name=org.freedesktop.Tracker3.Miner.Files, label=tracker-miner), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 b/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 index a1558529b..79b882e51 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 +++ b/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/UDisks2 interface=org.freedesktop.DBus.ObjectManager @@ -54,3 +53,5 @@ peer=(name="{:*,org.freedesktop.UDisks2}", label=udisksd), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.UPower b/apparmor.d/abstractions/bus/org.freedesktop.UPower index 2cdf18362..d8341d33c 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.UPower +++ b/apparmor.d/abstractions/bus/org.freedesktop.UPower @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/UPower interface=org.freedesktop.UPower @@ -43,3 +42,5 @@ peer=(name="{:*,org.freedesktop.UPower}", label=upowerd), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor b/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor index 9b094aac4..5f951381b 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor +++ b/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/background/monitor interface=org.freedesktop.DBus.Properties @@ -14,3 +13,5 @@ peer=(name=:*, label=xdg-desktop-portal), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.hostname1 b/apparmor.d/abstractions/bus/org.freedesktop.hostname1 index 360440016..54196d16b 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.hostname1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.hostname1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/hostname1 interface=org.freedesktop.DBus.Properties @@ -14,3 +13,5 @@ peer=(name=org.freedesktop.hostname1), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore b/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore index f294e038d..6b965a2f5 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore +++ b/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/impl/portal/PermissionStore interface=org.freedesktop.DBus.Properties @@ -14,3 +13,5 @@ peer=(name=:*, label=xdg-permission-store), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.locale1 b/apparmor.d/abstractions/bus/org.freedesktop.locale1 index cc86d16a5..a2865c7c9 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.locale1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.locale1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/locale1 interface=org.freedesktop.DBus.Properties @@ -13,3 +12,5 @@ peer=(name=org.freedesktop.locale1), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.login1 b/apparmor.d/abstractions/bus/org.freedesktop.login1 index 3ecc5e5bd..fdceceea4 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.login1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.login1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.DBus.Properties @@ -34,3 +33,5 @@ peer=(name=org.freedesktop.login1, label=systemd-logind), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.login1.Session b/apparmor.d/abstractions/bus/org.freedesktop.login1.Session index 0c5559e20..24d5c1452 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.login1.Session +++ b/apparmor.d/abstractions/bus/org.freedesktop.login1.Session @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager @@ -39,3 +38,5 @@ peer=(name="{:*,org.freedesktop.login1}", label=systemd-logind), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.network1 b/apparmor.d/abstractions/bus/org.freedesktop.network1 index 67c2c4012..268a21dea 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.network1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.network1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/network1 interface=org.freedesktop.DBus.Properties @@ -9,3 +8,5 @@ peer=(name=org.freedesktop.network1, label=systemd-networkd), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop b/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop index 949527dbf..a2a1a94a0 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop +++ b/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/portal/desktop interface=org.freedesktop.DBus.Properties @@ -29,3 +28,5 @@ peer=(name=:*, label=xdg-desktop-portal), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.resolve1 b/apparmor.d/abstractions/bus/org.freedesktop.resolve1 index 38f102a06..3057282c9 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.resolve1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.resolve1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/resolve1 interface=org.freedesktop.resolve1.Manager @@ -9,3 +8,5 @@ peer=(name="{:*,org.freedesktop.resolve1}", label=systemd-resolved), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.secrets b/apparmor.d/abstractions/bus/org.freedesktop.secrets index 4eb008995..01ecf0786 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.secrets +++ b/apparmor.d/abstractions/bus/org.freedesktop.secrets @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/secrets{,/**} interface=org.freedesktop.DBus.Properties @@ -29,3 +28,5 @@ peer=(name=:*, label=gnome-keyring-daemon), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.systemd1 b/apparmor.d/abstractions/bus/org.freedesktop.systemd1 index 134af5525..49e4b014d 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.systemd1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.systemd1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/systemd1 interface=org.freedesktop.DBus.Properties @@ -19,3 +18,5 @@ peer=(name=org.freedesktop.systemd1), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session b/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session index 12a6c94a0..c0e852662 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session +++ b/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/systemd1 interface=org.freedesktop.DBus.Properties @@ -19,3 +18,5 @@ peer=(name="{:*,org.freedesktop.systemd1}", label="@{p_systemd_user}"), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.timedate1 b/apparmor.d/abstractions/bus/org.freedesktop.timedate1 index 283313780..883c5c165 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.timedate1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.timedate1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/timedate1 interface=org.freedesktop.DBus.Properties @@ -20,3 +19,5 @@ peer=(name=:*, label=systemd-timedated), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 b/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 index 69c06a28f..9953ee8bf 100644 --- a/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 +++ b/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gnome/ArchiveManager1 interface=org.freedesktop.DBus.Properties @@ -14,3 +13,5 @@ peer=(name=:*, label=file-roller), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gnome.DisplayManager b/apparmor.d/abstractions/bus/org.gnome.DisplayManager index 3048d23ba..05945a253 100644 --- a/apparmor.d/abstractions/bus/org.gnome.DisplayManager +++ b/apparmor.d/abstractions/bus/org.gnome.DisplayManager @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/gnome/DisplayManager/Manager interface=org.gnome.DisplayManager.Manager @@ -9,3 +8,5 @@ peer=(name=:*, label=gdm), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig b/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig index 63107f697..d701792a6 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig +++ b/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gnome/Mutter/DisplayConfig interface=org.gnome.Mutter.DisplayConfig @@ -29,3 +28,5 @@ peer=(name=:*, label=gnome-shell), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor b/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor index 2ecc4ad9b..7ada64f05 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor +++ b/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gnome/Mutter/IdleMonitor interface=org.freedesktop.DBus.ObjectManager @@ -19,3 +18,5 @@ peer=(name=:*, label=gnome-shell), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 b/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 index 50966aa21..e547ab2c5 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 +++ b/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gnome/Nautilus/FileOperations2 interface=org.freedesktop.DBus.Properties @@ -19,3 +18,5 @@ peer=(name=:*, label=nautilus), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gnome.ScreenSaver b/apparmor.d/abstractions/bus/org.gnome.ScreenSaver index 692dc5bd9..3e228ad1f 100644 --- a/apparmor.d/abstractions/bus/org.gnome.ScreenSaver +++ b/apparmor.d/abstractions/bus/org.gnome.ScreenSaver @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gnome/ScreenSaver interface=org.freedesktop.DBus.Properties @@ -19,3 +18,5 @@ peer=(name=:*, label=gjs-console), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gnome.SessionManager b/apparmor.d/abstractions/bus/org.gnome.SessionManager index c4a2227b2..4197fb4cf 100644 --- a/apparmor.d/abstractions/bus/org.gnome.SessionManager +++ b/apparmor.d/abstractions/bus/org.gnome.SessionManager @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # FIXME: Too large, restrict it. @@ -61,3 +60,5 @@ peer=(name=org.gnome.SessionManager, label=gnome-session-binary), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect b/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect index d65ff07e0..72e4525bc 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect +++ b/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gnome/Shell/Introspect interface=org.freedesktop.DBus.Properties @@ -29,3 +28,5 @@ peer=(name=:*, label=gnome-shell), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor b/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor index b57c53d83..73d958513 100644 --- a/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor +++ b/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gtk/Private/RemoteVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor @@ -19,3 +18,5 @@ peer=(name=:*, label=gvfs-*-volume-monitor), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon b/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon index 634b759f8..35cd640d6 100644 --- a/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon +++ b/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gtk/vfs/Daemon interface=org.gtk.vfs.Daemon @@ -9,3 +8,5 @@ peer=(name=:*, label=gvfsd), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata b/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata index cccfae178..33d3c1c36 100644 --- a/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata +++ b/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gtk/vfs/metadata interface=org.freedesktop.DBus.Properties @@ -14,3 +13,5 @@ peer=(name=:*, label=gvfsd-metadata), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker b/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker index 1538e6ea1..4d59f0afc 100644 --- a/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker +++ b/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gtk/vfs/mounttracker interface=org.gtk.vfs.MountTracker @@ -19,3 +18,5 @@ peer=(name=:*, label=gvfsd), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.kde.StatusNotifierItem b/apparmor.d/abstractions/bus/org.kde.StatusNotifierItem index 9bf19f219..4fca40e84 100644 --- a/apparmor.d/abstractions/bus/org.kde.StatusNotifierItem +++ b/apparmor.d/abstractions/bus/org.kde.StatusNotifierItem @@ -1,7 +1,8 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher b/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher index 7fe310d4c..67ac1fb6d 100644 --- a/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher +++ b/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/StatusNotifierWatcher interface=org.freedesktop.DBus.Properties @@ -19,3 +18,5 @@ peer=(name=org.kde.StatusNotifierWatcher, label=gnome-shell), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.kde.kwalletd b/apparmor.d/abstractions/bus/org.kde.kwalletd index 2a27c0367..c0d2ecba2 100644 --- a/apparmor.d/abstractions/bus/org.kde.kwalletd +++ b/apparmor.d/abstractions/bus/org.kde.kwalletd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/common/app b/apparmor.d/abstractions/common/app index ea2444117..e44d8509c 100644 --- a/apparmor.d/abstractions/common/app +++ b/apparmor.d/abstractions/common/app @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # LOGPROF-SUGGEST: no # Common rules for applications sandboxed using bwrap. @@ -130,4 +129,6 @@ /dev/pts/ptmx rw, /dev/tty rw, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/common/apt b/apparmor.d/abstractions/common/apt index 490943625..77c5a0b7e 100644 --- a/apparmor.d/abstractions/common/apt +++ b/apparmor.d/abstractions/common/apt @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /usr/share/dpkg/cputable r, /usr/share/dpkg/tupletable r, @@ -29,4 +28,6 @@ owner @{tmp}/#@{int} rw, owner @{tmp}/clearsigned.message.* rw, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/common/bwrap b/apparmor.d/abstractions/common/bwrap index d9bca7b09..a73626bb1 100644 --- a/apparmor.d/abstractions/common/bwrap +++ b/apparmor.d/abstractions/common/bwrap @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # A minimal set of rules for sandboxed programs using bwrap. # A profile using this abstraction still needs to set: @@ -54,3 +53,5 @@ owner @{PROC}/@{pid}/uid_map rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/common/chromium b/apparmor.d/abstractions/common/chromium index b46fe9051..2e98c515a 100644 --- a/apparmor.d/abstractions/common/chromium +++ b/apparmor.d/abstractions/common/chromium @@ -2,7 +2,6 @@ # Copyright (C) 2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction is for chromium based application. Chromium based browsers # need to use abstractions/chromium instead. @@ -40,4 +39,6 @@ owner @{PROC}/@{pid}/gid_map w, owner @{PROC}/@{pid}/uid_map w, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/common/electron b/apparmor.d/abstractions/common/electron index 9061d14e7..732129c26 100644 --- a/apparmor.d/abstractions/common/electron +++ b/apparmor.d/abstractions/common/electron @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Minimal set of rules for all electron based UI application. It works as a # *function* and requires some variables to be provided as *arguments* and set @@ -87,4 +86,6 @@ owner @{PROC}/@{pid}/task/@{tid}/status r, owner @{PROC}/@{pid}/uid_map w, # If kernel.unprivileged_userns_clone = 1 - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/common/gnome b/apparmor.d/abstractions/common/gnome index 03a449cd4..c93f9bc05 100644 --- a/apparmor.d/abstractions/common/gnome +++ b/apparmor.d/abstractions/common/gnome @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Minimal set of rules for all gnome based UI application. @@ -25,4 +24,6 @@ owner @{PROC}/@{pid}/cmdline r, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/common/systemd b/apparmor.d/abstractions/common/systemd index bc7c22e71..0ed3a824b 100644 --- a/apparmor.d/abstractions/common/systemd +++ b/apparmor.d/abstractions/common/systemd @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor ptrace (read) peer=@{p_systemd}, @@ -19,4 +18,6 @@ /dev/kmsg w, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/crypto.d/complete b/apparmor.d/abstractions/crypto.d/complete index 68486ad1c..a163af66d 100644 --- a/apparmor.d/abstractions/crypto.d/complete +++ b/apparmor.d/abstractions/crypto.d/complete @@ -1,9 +1,10 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include @{etc_ro}/gnutls/config r, @{etc_ro}/gnutls/pkcs11.conf r, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/dconf-write b/apparmor.d/abstractions/dconf-write index 6b75c34d3..f25e1c3e6 100644 --- a/apparmor.d/abstractions/dconf-write +++ b/apparmor.d/abstractions/dconf-write @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Permissions for querying dconf settings with write access; use the dconf # abstraction first, and dconf-write only for specific application's profile. @@ -26,3 +25,5 @@ owner @{run}/user/@{uid}/dconf/user rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/deny-sensitive-home b/apparmor.d/abstractions/deny-sensitive-home index fef546b67..d8e1fdfb8 100644 --- a/apparmor.d/abstractions/deny-sensitive-home +++ b/apparmor.d/abstractions/deny-sensitive-home @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # DO NOT USE IT WITHOUT EXPLICIT AUTHORISATION FROM THE PROJECT MAINTAINER @@ -50,3 +49,5 @@ deny @{HOME}/.{,cache/}fontconfig/** mrwl, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/desktop b/apparmor.d/abstractions/desktop index e30be1cec..befea8bcb 100644 --- a/apparmor.d/abstractions/desktop +++ b/apparmor.d/abstractions/desktop @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Unified minimal abstraction for all UI application regardless of the desktop environment. @@ -64,3 +63,5 @@ owner @{user_share_dirs}/ rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/devices-usb b/apparmor.d/abstractions/devices-usb index 48c5b783f..5a2a8b742 100644 --- a/apparmor.d/abstractions/devices-usb +++ b/apparmor.d/abstractions/devices-usb @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /dev/ r, /dev/bus/usb/ r, @@ -23,4 +22,6 @@ @{run}/udev/data/c16[6,7]:@{int} r, # USB modems @{run}/udev/data/c18[0,8,9]:@{int} r, # USB devices & USB serial converters - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/disks-read b/apparmor.d/abstractions/disks-read index 90453aac5..10beb258d 100644 --- a/apparmor.d/abstractions/disks-read +++ b/apparmor.d/abstractions/disks-read @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # The /sys/ entries probably should be tightened @@ -96,3 +95,5 @@ @{run}/udev/data/+usb:* r, # for disk over usb hub include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/disks-write b/apparmor.d/abstractions/disks-write index 725beba73..361b60d82 100644 --- a/apparmor.d/abstractions/disks-write +++ b/apparmor.d/abstractions/disks-write @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # The /sys/ entries probably should be tightened @@ -96,3 +95,5 @@ @{run}/udev/data/+usb:* r, # for disk over usb hub include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/dri b/apparmor.d/abstractions/dri index 8c1341dc7..a1eb1cd41 100644 --- a/apparmor.d/abstractions/dri +++ b/apparmor.d/abstractions/dri @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # The Direct Rendering Infrastructure (DRI) is the framework comprising the modern # Linux graphics stack which allows unprivileged user-space programs to issue @@ -33,3 +32,5 @@ /dev/dri/renderD129 rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/fish b/apparmor.d/abstractions/fish index af02b010b..fe3cab891 100644 --- a/apparmor.d/abstractions/fish +++ b/apparmor.d/abstractions/fish @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction is only required when an interactive shell is started. # Classic shell scripts do not need it. @@ -13,3 +12,5 @@ owner @{user_config_dirs}/fish/{,**} r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/fontconfig-cache-read b/apparmor.d/abstractions/fontconfig-cache-read index 252b56590..216075648 100644 --- a/apparmor.d/abstractions/fontconfig-cache-read +++ b/apparmor.d/abstractions/fontconfig-cache-read @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # The fontconfig cache can be generated via the following command: # $ fc-cache -f -v @@ -47,3 +46,5 @@ deny "@{user_share_dirs}/fonts/**/.uuid{,.NEW,.LCK,.TMP-*}" w, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/fontconfig-cache-write b/apparmor.d/abstractions/fontconfig-cache-write index 73ebe1503..19fa7c53a 100644 --- a/apparmor.d/abstractions/fontconfig-cache-write +++ b/apparmor.d/abstractions/fontconfig-cache-write @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{user_cache_dirs}/fontconfig/ rw, owner @{user_cache_dirs}/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw, @@ -40,3 +39,5 @@ link @{user_share_dirs}/fonts/**/.uuid.LCK -> @{user_share_dirs}/fonts/**/.uuid.TMP-*, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/freedesktop.org.d/complete b/apparmor.d/abstractions/freedesktop.org.d/complete index 91fadcf5f..3e669f4dc 100644 --- a/apparmor.d/abstractions/freedesktop.org.d/complete +++ b/apparmor.d/abstractions/freedesktop.org.d/complete @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{system_share_dirs}/*ubuntu/applications/{,**} r, @{system_share_dirs}/gnome/applications/{,**} r, @@ -23,3 +22,5 @@ /var/lib/snapd/desktop/icons/{,**} r, owner @{HOME}/.icons/{,**} r, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/gnome-strict b/apparmor.d/abstractions/gnome-strict index 71f266b00..891e5a573 100644 --- a/apparmor.d/abstractions/gnome-strict +++ b/apparmor.d/abstractions/gnome-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include include @@ -29,3 +28,5 @@ owner @{user_share_dirs}/ rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/gnome.d/complete b/apparmor.d/abstractions/gnome.d/complete index 0dc468632..90f705ac7 100644 --- a/apparmor.d/abstractions/gnome.d/complete +++ b/apparmor.d/abstractions/gnome.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include @@ -11,3 +10,5 @@ peer=(name=:*, label=gnome-shell), /var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/graphics b/apparmor.d/abstractions/graphics index a222c1db9..9b7954f0d 100644 --- a/apparmor.d/abstractions/graphics +++ b/apparmor.d/abstractions/graphics @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include include @@ -21,3 +20,5 @@ @{sys}/devices/system/node/node@{int}/meminfo r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/graphics-full b/apparmor.d/abstractions/graphics-full index 62334b864..fe2d2001c 100644 --- a/apparmor.d/abstractions/graphics-full +++ b/apparmor.d/abstractions/graphics-full @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include @@ -10,3 +9,5 @@ /dev/nvidia-uvm-tools rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/gstreamer b/apparmor.d/abstractions/gstreamer index 58aa8eca4..60bac614e 100644 --- a/apparmor.d/abstractions/gstreamer +++ b/apparmor.d/abstractions/gstreamer @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{lib}/@{multiarch}/libproxy/*/modules/*.so mr, @{lib}/@{multiarch}/libvisual-[0-9].[0-9]/*/*.so mr, @@ -55,3 +54,5 @@ /dev/dri/ r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/gtk.d/complete b/apparmor.d/abstractions/gtk.d/complete index 1efef2f9c..ac702a70f 100644 --- a/apparmor.d/abstractions/gtk.d/complete +++ b/apparmor.d/abstractions/gtk.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session interface=org.gtk.Actions @@ -41,3 +40,5 @@ owner @{user_config_dirs}/gtk-{3,4}.0/servers r, owner @{user_config_dirs}/gtk-{3,4}.0/settings.ini r, owner @{user_config_dirs}/gtk-{3,4}.0/window_decorations.css r, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/ibus.d/complete b/apparmor.d/abstractions/ibus.d/complete index c5a56891a..33d034b5a 100644 --- a/apparmor.d/abstractions/ibus.d/complete +++ b/apparmor.d/abstractions/ibus.d/complete @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # abstract path in ibus < 1.5.22 uses /tmp unix (connect, receive, send) @@ -23,3 +22,5 @@ addr="@/home/*/.cache/ibus/dbus-????????", owner @{user_cache_dirs}/ibus/dbus-@{rand8} rw, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/kde-open5.d/complete b/apparmor.d/abstractions/kde-open5.d/complete index dd4266623..37038b129 100644 --- a/apparmor.d/abstractions/kde-open5.d/complete +++ b/apparmor.d/abstractions/kde-open5.d/complete @@ -1,10 +1,11 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{bin}/kde-open rix, owner @{user_config_dirs}/menus/{,**} r, owner @{run}/user/@{uid}/kioclient*.@{int}.kioworker.socket rwl -> @{run}/user/@{uid}/#@{int}, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/kde-strict b/apparmor.d/abstractions/kde-strict index e89ad2acd..c164bd434 100644 --- a/apparmor.d/abstractions/kde-strict +++ b/apparmor.d/abstractions/kde-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include include @@ -35,3 +34,5 @@ owner @{user_config_dirs}/kwinrc r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/mesa.d/complete b/apparmor.d/abstractions/mesa.d/complete index e0e1aab2e..ed3306e42 100644 --- a/apparmor.d/abstractions/mesa.d/complete +++ b/apparmor.d/abstractions/mesa.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Extra Mesa rules for desktop environments owner @{desktop_cache_dirs}/ w, @@ -11,3 +10,5 @@ owner @{desktop_cache_dirs}/mesa_shader_cache/@{hex2}/@{hex38}.tmp rwk, owner @{desktop_cache_dirs}/mesa_shader_cache/index rw, owner @{desktop_cache_dirs}/mesa_shader_cache/marker rw, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/nameservice-strict b/apparmor.d/abstractions/nameservice-strict index 6a43b8db0..b1d474717 100644 --- a/apparmor.d/abstractions/nameservice-strict +++ b/apparmor.d/abstractions/nameservice-strict @@ -2,7 +2,6 @@ # Copyright (C) 2019-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Many programs wish to perform nameservice-like operations, such as looking up # users by name or id, groups by name or id, hosts by name or IP, etc. @@ -50,3 +49,5 @@ @{PROC}/sys/kernel/random/boot_id r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/nvidia-strict b/apparmor.d/abstractions/nvidia-strict index b112e99eb..6521c9840 100644 --- a/apparmor.d/abstractions/nvidia-strict +++ b/apparmor.d/abstractions/nvidia-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{bin}/nvidia-modprobe Px -> child-modprobe-nvidia, @@ -35,3 +34,5 @@ deny owner @{HOME}/.nv/.local/share/gvfs-metadata/* r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/nvidia.d/complete b/apparmor.d/abstractions/nvidia.d/complete index 1c79790cc..ef9d0c40d 100644 --- a/apparmor.d/abstractions/nvidia.d/complete +++ b/apparmor.d/abstractions/nvidia.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor unix (send, receive) type=dgram peer=(addr="@var/run/nvidia-xdriver-*"), @@ -10,3 +9,5 @@ /etc/nvidia/nvidia-application-profiles* r, /dev/char/195:@{int} rw, # Nvidia graphics devices + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/opencl-intel.d/complete b/apparmor.d/abstractions/opencl-intel.d/complete index f3fc8cc7e..1845cd61d 100644 --- a/apparmor.d/abstractions/opencl-intel.d/complete +++ b/apparmor.d/abstractions/opencl-intel.d/complete @@ -1,7 +1,8 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /opt/intel/oneapi/{compiler,lib,mkl}/**/ r, /opt/intel/oneapi/{compiler,lib,mkl}/**.so* mr, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/python.d/complete b/apparmor.d/abstractions/python.d/complete index 405e6a808..e6eea6744 100644 --- a/apparmor.d/abstractions/python.d/complete +++ b/apparmor.d/abstractions/python.d/complete @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{bin}/ r, @{bin}/python{2.[4-7],3,3.[0-9],3.1[0-9]} r, @@ -11,3 +10,5 @@ owner @{user_lib_dirs}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/**.{egg,py,pth} r, owner @{user_lib_dirs}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/{site,dist}-packages/ r, owner @{user_lib_dirs}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/{site,dist}-packages/**/ r, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/qt5-shader-cache b/apparmor.d/abstractions/qt5-shader-cache index a6224251c..4ac0f7f1d 100644 --- a/apparmor.d/abstractions/qt5-shader-cache +++ b/apparmor.d/abstractions/qt5-shader-cache @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{user_cache_dirs}/ w, owner @{user_cache_dirs}/qtshadercache/ rw, @@ -13,3 +12,5 @@ owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/@{hex}* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{int}, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/qt5.d/complete b/apparmor.d/abstractions/qt5.d/complete index d02f57303..6063b47e2 100644 --- a/apparmor.d/abstractions/qt5.d/complete +++ b/apparmor.d/abstractions/qt5.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /usr/share/qt{,5,6}/qtlogging.ini r, /usr/share/qt{,5,6}/resources/*.pak r, @@ -10,3 +9,5 @@ /usr/share/qt{,5,6}ct/{,**} r, owner @{user_config_dirs}/qt{,5,6}ct/{,**} r, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/shells b/apparmor.d/abstractions/shells index adf995036..b269f2335 100644 --- a/apparmor.d/abstractions/shells +++ b/apparmor.d/abstractions/shells @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction is only required when an interactive shell is started. # Classic shell scripts do not need it. @@ -11,3 +10,5 @@ include include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/thumbnails-cache-read b/apparmor.d/abstractions/thumbnails-cache-read index f191fc9e8..dc164c6ba 100644 --- a/apparmor.d/abstractions/thumbnails-cache-read +++ b/apparmor.d/abstractions/thumbnails-cache-read @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{user_cache_dirs}/thumbnails/ r, owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/ r, @@ -13,3 +12,5 @@ owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/#@{int} r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/thumbnails-cache-write b/apparmor.d/abstractions/thumbnails-cache-write index 100dc6296..01de0407e 100644 --- a/apparmor.d/abstractions/thumbnails-cache-write +++ b/apparmor.d/abstractions/thumbnails-cache-write @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{user_cache_dirs}/thumbnails/ rw, owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/ rw, @@ -13,3 +12,5 @@ owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/#@{int} rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/trash-strict b/apparmor.d/abstractions/trash-strict index e3c3b3bf8..1f4202818 100644 --- a/apparmor.d/abstractions/trash-strict +++ b/apparmor.d/abstractions/trash-strict @@ -2,7 +2,6 @@ # Copyright (C) 2018-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Already upstreamed. Different because recent change does not play well # with upstream's version. @@ -81,3 +80,5 @@ @{MOUNTS}/*/.Trash-@{uid}/expunged/@{int}/** rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/trash.d/complete b/apparmor.d/abstractions/trash.d/complete index cbc79c530..a80a1e5a6 100644 --- a/apparmor.d/abstractions/trash.d/complete +++ b/apparmor.d/abstractions/trash.d/complete @@ -2,7 +2,6 @@ # Copyright (C) 2018-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{user_config_dirs}/trashrc rw, owner @{user_config_dirs}/trashrc.lock rwk, @@ -26,3 +25,5 @@ # Removable media's trash location when the admin doesn't create the .Trash/ folder in the top lvl dir owner /{media,mnt}/*/*/.Trash-@{int}/{,**} rwl, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/uim b/apparmor.d/abstractions/uim index 7d9d64e0e..03ae9e3e8 100644 --- a/apparmor.d/abstractions/uim +++ b/apparmor.d/abstractions/uim @@ -2,7 +2,6 @@ # Copyright (C) 2024 Alexandre Pujol # Copyright (C) 2024 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /usr/share/uim/* r, @@ -13,4 +12,6 @@ owner @{run}/user/@{uid}/uim/socket/uim-helper rw, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/user-download-strict b/apparmor.d/abstractions/user-download-strict index 89cc65156..3feed5cd8 100644 --- a/apparmor.d/abstractions/user-download-strict +++ b/apparmor.d/abstractions/user-download-strict @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{HOME}/@{XDG_DESKTOP_DIR}/ w, owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ w, @@ -14,3 +13,5 @@ owner @{user_download_dirs}/** rwkl, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/user-read b/apparmor.d/abstractions/user-read index 7c54c8af7..4187ab9e2 100644 --- a/apparmor.d/abstractions/user-read +++ b/apparmor.d/abstractions/user-read @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Warning: This abstraction gives unrestricted read access on all non hidden user directories. @@ -11,4 +10,6 @@ owner @{HOME}/[^.]** r, owner @{MOUNTS}/[^.]** r, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/user-read-strict b/apparmor.d/abstractions/user-read-strict index b3274bfe6..5211b0345 100644 --- a/apparmor.d/abstractions/user-read-strict +++ b/apparmor.d/abstractions/user-read-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction gives read access on all defined user directories. It should # only be used if access to **ALL** folders is required. @@ -31,4 +30,6 @@ owner @{user_vm_dirs}/{,**} rk, owner @{user_work_dirs}/{,**} rk, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/user-write-strict b/apparmor.d/abstractions/user-write-strict index c18bfd47b..223fc660a 100644 --- a/apparmor.d/abstractions/user-write-strict +++ b/apparmor.d/abstractions/user-write-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction gives write only access on all defined user directories. It should # only be used if access to **ALL** folders is required. @@ -31,4 +30,6 @@ owner @{user_vm_dirs}/{,**} wl, owner @{user_work_dirs}/{,**} wl, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/user-write.d/complete b/apparmor.d/abstractions/user-write.d/complete index dc39c5efe..a529324f5 100644 --- a/apparmor.d/abstractions/user-write.d/complete +++ b/apparmor.d/abstractions/user-write.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Warning: This abstraction gives unrestricted write access on all non hidden user directories. @@ -10,3 +9,5 @@ owner @{HOME}/[^.]** wl, owner @{MOUNTS}/[^.]** wl, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/video.d/complete b/apparmor.d/abstractions/video.d/complete index 46628d3e4..97b7f1a2a 100644 --- a/apparmor.d/abstractions/video.d/complete +++ b/apparmor.d/abstractions/video.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{run}/udev/data/c81:@{int} r, # For video4linux @@ -9,3 +8,5 @@ # Access to video /dev devices /dev/video@{int} rw, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/vulkan-strict b/apparmor.d/abstractions/vulkan-strict index 1cdf3bc8d..fd86f1e81 100644 --- a/apparmor.d/abstractions/vulkan-strict +++ b/apparmor.d/abstractions/vulkan-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /usr/share/egl/egl_external_platform.d/{,*.json} r, /usr/share/glvnd/egl_vendor.d/{,*.json} r, @@ -30,3 +29,5 @@ include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/vulkan.d/complete b/apparmor.d/abstractions/vulkan.d/complete index 41b308d98..8e5b68c08 100644 --- a/apparmor.d/abstractions/vulkan.d/complete +++ b/apparmor.d/abstractions/vulkan.d/complete @@ -1,7 +1,8 @@ # apparmor.d - Full set of apparmor profiles # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /etc/glvnd/egl_vendor.d/{,*.json} r, /usr/share/glvnd/egl_vendor.d/{,*.json} r, /usr/share/egl/egl_external_platform.d/{,*.json} r, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/wayland.d/complete b/apparmor.d/abstractions/wayland.d/complete index b228c4fd0..245b9238d 100644 --- a/apparmor.d/abstractions/wayland.d/complete +++ b/apparmor.d/abstractions/wayland.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{user_config_dirs}/ibus/bus/@{hex32}-unix-wayland-@{int} r, @@ -12,3 +11,5 @@ owner /dev/shm/sway* rw, owner /dev/shm/dunst-@{rand6} rw, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/xfce b/apparmor.d/abstractions/xfce index 810079c9c..067de9148 100644 --- a/apparmor.d/abstractions/xfce +++ b/apparmor.d/abstractions/xfce @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include include @@ -20,3 +19,5 @@ owner @{user_share_dirs}/ rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/zsh b/apparmor.d/abstractions/zsh index a914fed89..15711713c 100644 --- a/apparmor.d/abstractions/zsh +++ b/apparmor.d/abstractions/zsh @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction is only required when an interactive shell is started. # Classic shell scripts do not need it. @@ -27,4 +26,6 @@ owner @{user_config_dirs}/zsh/.zcompdump-* rw, owner @{user_config_dirs}/zsh/{,**} r, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/tunables/home.d/apparmor.d b/apparmor.d/tunables/home.d/apparmor.d index fb68ff20d..87daf969e 100644 --- a/apparmor.d/tunables/home.d/apparmor.d +++ b/apparmor.d/tunables/home.d/apparmor.d @@ -2,7 +2,6 @@ # Extended user XDG directories definition # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # To allow extended personalisation by the user without breaking everything. # All apparmor profiles should always use the variables defined here. @@ -66,3 +65,5 @@ @{user_sync_dirs}=@{HOME}/@{XDG_SYNC_DIR} @{MOUNTS}/*/@{XDG_SYNC_DIR} @{user_torrents_dirs}=@{HOME}/@{XDG_TORRENTS_DIR} @{MOUNTS}/@{XDG_TORRENTS_DIR} @{user_vm_dirs}=@{HOME}/@{XDG_VM_DIR} @{MOUNTS}/@{XDG_VM_DIR} + +# vim:syntax=apparmor \ No newline at end of file diff --git a/apparmor.d/tunables/home.d/whonix b/apparmor.d/tunables/home.d/whonix index 2b902472f..e3c3f3d8a 100644 --- a/apparmor.d/tunables/home.d/whonix +++ b/apparmor.d/tunables/home.d/whonix @@ -2,7 +2,6 @@ # Copyright (C) 2012-2023 ENCRYPTED SUPPORT LP # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Whonix aliases copied here as they conflict with apparmor.d # Note: only installed on Whonix @@ -71,3 +70,5 @@ alias /etc/timezone -> /etc/timezone.anondist-orig, alias /etc/timezone -> /etc/timezone.anondist, alias /etc/tor/torrc -> /etc/tor/torrc.anondist-orig, alias /etc/tor/torrc -> /etc/tor/torrc.anondist, + +# vim:syntax=apparmor diff --git a/apparmor.d/tunables/multiarch.d/paths b/apparmor.d/tunables/multiarch.d/paths index 02e21be77..67f32bf8c 100644 --- a/apparmor.d/tunables/multiarch.d/paths +++ b/apparmor.d/tunables/multiarch.d/paths @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Define some paths for some commonly used programs @@ -54,3 +53,5 @@ # Office suites @{offices_path} = @{bin}/@{offices} @{lib}/libreoffice/program/soffice + +# vim:syntax=apparmor diff --git a/apparmor.d/tunables/multiarch.d/profiles b/apparmor.d/tunables/multiarch.d/profiles index 72d8b715d..dd9386b09 100644 --- a/apparmor.d/tunables/multiarch.d/profiles +++ b/apparmor.d/tunables/multiarch.d/profiles @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Define some variables for some commonly used profile. They may be used in # other profiles peer label. @@ -11,3 +10,5 @@ # Name of the systemd profiles. Can be `unconfined` or `systemd`, `systemd-user` @{p_systemd}=unconfined @{p_systemd_user}=unconfined + +# vim:syntax=apparmor diff --git a/apparmor.d/tunables/multiarch.d/programs b/apparmor.d/tunables/multiarch.d/programs index 2d5513e2a..a118d0cbe 100644 --- a/apparmor.d/tunables/multiarch.d/programs +++ b/apparmor.d/tunables/multiarch.d/programs @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Define some some commonly used programs. This is not an exhaustive list. # It is meant to label programs to easily provide access in profiles. @@ -69,3 +68,5 @@ # Office suites @{offices} = libreoffice soffice + +# vim:syntax=apparmor diff --git a/apparmor.d/tunables/multiarch.d/system b/apparmor.d/tunables/multiarch.d/system index 10b35c52c..d219c1d4d 100644 --- a/apparmor.d/tunables/multiarch.d/system +++ b/apparmor.d/tunables/multiarch.d/system @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # To allow extended personalisation without breaking everything. # All apparmor profiles should always use the variables defined here. @@ -89,3 +88,5 @@ # OpenSUSE does not have the same multiarch structure @{multiarch}+=*-suse-linux* #aa:only opensuse + +# vim:syntax=apparmor diff --git a/apparmor.d/tunables/multiarch.d/system-users b/apparmor.d/tunables/multiarch.d/system-users index 2f90d6c6a..885913da3 100644 --- a/apparmor.d/tunables/multiarch.d/system-users +++ b/apparmor.d/tunables/multiarch.d/system-users @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Define some extra paths for some commonly used system user @@ -32,3 +31,5 @@ @{desktop_config_dirs}=@{gdm_config_dirs} @{sddm_config_dirs} @{lightdm_config_dirs} @{desktop_local_dirs}=@{gdm_local_dirs} @{sddm_local_dirs} @{lightdm_local_dirs} @{desktop_share_dirs}=@{gdm_share_dirs} @{sddm_share_dirs} @{lightdm_share_dirs} + +# vim:syntax=apparmor diff --git a/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d b/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d index 1f0514bd5..00231cbce 100644 --- a/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d +++ b/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # To allow extended personalisation by the user without breaking everything. # All apparmor profiles should always use the variables defined here. @@ -25,3 +24,5 @@ @{user_vm_shares}=@{HOME}/@{XDG_VM_SHARES_DIR} @{MOUNTS}/@{XDG_VM_SHARES_DIR} include if exists + +# vim:syntax=apparmor From 637c2b4ccd30873361a987976f7a216277554a6f Mon Sep 17 00:00:00 2001 From: REmerald <55359236+REmerald@users.noreply.github.com> Date: Sat, 15 Jun 2024 16:56:54 +0300 Subject: [PATCH 56/70] feat(development/index.md): add vim modeline Add vim syntax comment to the example as requested in #380. --- docs/development/index.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/development/index.md b/docs/development/index.md index 6da12d47d..c12226a7a 100644 --- a/docs/development/index.md +++ b/docs/development/index.md @@ -85,6 +85,8 @@ profile foo @{exec_path} { include if exists } + +# vim:syntax=apparmor ``` From 39bfa9a40bc0fddc791104e80e986e9c95089e69 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sat, 15 Jun 2024 16:35:44 +0100 Subject: [PATCH 57/70] feat(profile): update steam profiles. --- apparmor.d/abstractions/common/steam-game | 19 ++++++++---- apparmor.d/profiles-s-z/steam | 35 ++++++++++++++++++----- apparmor.d/profiles-s-z/steam-game-native | 1 + apparmor.d/profiles-s-z/steam-game-proton | 6 ++-- apparmor.d/profiles-s-z/steam-runtime | 1 + apparmor.d/tunables/home.d/apparmor.d | 1 + 6 files changed, 49 insertions(+), 14 deletions(-) diff --git a/apparmor.d/abstractions/common/steam-game b/apparmor.d/abstractions/common/steam-game index 5a2cbd6db..88bd3d1b6 100644 --- a/apparmor.d/abstractions/common/steam-game +++ b/apparmor.d/abstractions/common/steam-game @@ -36,19 +36,28 @@ owner @{user_games_dirs}/*/ r, owner @{user_games_dirs}/*/{,**} rwkl, - owner @{user_config_dirs}/unity3d/{,**} rwk, + owner @{user_config_dirs}/@{XDG_GAMESSTUDIO_DIR}/ rw, + owner @{user_config_dirs}/@{XDG_GAMESSTUDIO_DIR}/** rwlk, + + owner @{user_share_dirs}/@{XDG_GAMESSTUDIO_DIR}/ rw, + owner @{user_share_dirs}/@{XDG_GAMESSTUDIO_DIR}/** rwlk, owner @{share_dirs}/ r, owner @{share_dirs}/* r, - owner @{share_dirs}/config/*.vdf* rw, - owner @{share_dirs}/logs/* rw, + owner @{share_dirs}/appcache/** rk, + owner @{share_dirs}/config/ r, + owner @{share_dirs}/config/* rwk, + owner @{share_dirs}/logs/ rw, + owner @{share_dirs}/logs/* rwk, + owner @{share_dirs}/shader_cache_temp_dir_*/fozpipelinesv@{int}/{,**} rw, owner @{share_dirs}/steamapps/ r, owner @{share_dirs}/steamapps/common/ r, - owner @{share_dirs}/steamapps/common/*/** rwlk, + owner @{share_dirs}/steamapps/common/[^S]*/** rwlk, owner @{share_dirs}/steamapps/shadercache/{,**} rwk, - owner @{share_dirs}/shader_cache_temp_dir_*/fozpipelinesv@{int}/{,**} rw, @{tmp}/ r, + owner @{tmp}/@{XDG_GAMESSTUDIO_DIR}/ rw, + owner @{tmp}/@{XDG_GAMESSTUDIO_DIR}/** rwlk, owner @{tmp}/#@{int} rw, owner @{tmp}/CASESENSITIVETEST@{hex32} rw, owner @{tmp}/crashes/ rw, diff --git a/apparmor.d/profiles-s-z/steam b/apparmor.d/profiles-s-z/steam index 36b8bd54d..49157e257 100644 --- a/apparmor.d/profiles-s-z/steam +++ b/apparmor.d/profiles-s-z/steam @@ -49,7 +49,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { network inet stream, network inet6 stream, network netlink raw, - network unix stream, + network unix, ptrace read, ptrace trace peer=steam, @@ -59,6 +59,8 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { signal send peer=steam//journalctl, signal send peer=steam//web, + unix, + @{exec_path} mrix, @{sh_path} rix, @@ -88,9 +90,11 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{share_dirs}/linux{32,64}/steamerrorreporter rpx, + @{runtime_dirs}/@{arch}/@{bin}/srt-logger rix, @{runtime_dirs}/@{arch}/@{bin}/steam-runtime-check-requirements rcx -> check, @{runtime_dirs}/@{arch}/@{bin}/steam-runtime-identify-library-abi rix, @{runtime_dirs}/@{arch}/@{bin}/steam-runtime-launcher-service rpx, + @{runtime_dirs}/@{arch}/@{bin}/steam-runtime-supervisor rix, @{runtime_dirs}/@{arch}/@{bin}/steam-runtime-system-info rix, @{runtime_dirs}/@{lib}/steam-runtime-tools-@{int}/@{multiarch}-* rix, @{runtime_dirs}/*entry-point rix, @@ -132,18 +136,22 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { owner @{user_games_dirs}/ rw, owner @{user_games_dirs}/** rwlk -> @{user_games_dirs}/**, + owner @{user_config_dirs}/@{XDG_GAMESSTUDIO_DIR}/ rw, + owner @{user_config_dirs}/@{XDG_GAMESSTUDIO_DIR}/** rwlk, owner @{user_config_dirs}/autostart/ r, owner @{user_config_dirs}/cef_user_data/{,**} r, owner @{user_config_dirs}/cef_user_data/Dictionaries/* rw, owner @{user_config_dirs}/cef_user_data/WidevineCdm/** rwm, - owner @{user_config_dirs}/unity3d/{,**} rwk, - owner @{user_config_dirs}/user-dirs.dirs r, + owner @{user_share_dirs}/@{XDG_GAMESSTUDIO_DIR}/ rw, + owner @{user_share_dirs}/@{XDG_GAMESSTUDIO_DIR}/** rwlk, owner @{user_share_dirs}/applications/*.desktop w, owner @{user_share_dirs}/icons/hicolor/**/apps/steam*.png rw, owner @{user_share_dirs}/vulkan/implicit_layer.d/steam*.json rwk, @{tmp}/ r, + owner @{tmp}/@{XDG_GAMESSTUDIO_DIR}/ rw, + owner @{tmp}/@{XDG_GAMESSTUDIO_DIR}/** rwlk, owner @{tmp}/#@{int} rw, owner @{tmp}/dumps/ rw, owner @{tmp}/dumps/** rwk, @@ -155,7 +163,6 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { owner @{tmp}/steam/** rwk, owner @{tmp}/vdpau-drivers-@{rand6}/{,**} rw, - /dev/shm/ r, owner /dev/shm/fossilize-*-@{int}-@{int} rw, owner /dev/shm/u@{uid}-Shm_@{hex6} rw, owner /dev/shm/u@{uid}-Shm_@{hex6}@{h} rw, @@ -176,6 +183,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{sys}/class/hidraw/ r, @{sys}/class/input/ r, @{sys}/class/net/ r, + @{sys}/class/power_supply/ r, @{sys}/devices/ r, @{sys}/devices/@{pci}/boot_vga r, @{sys}/devices/@{pci}/sound/card@{int}/input@{int}/properties r, @@ -183,6 +191,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{sys}/devices/**/input@{int}/capabilities/* r, @{sys}/devices/**/input/input@{int}/ r, @{sys}/devices/**/input/input@{int}/properties r, + @{sys}/devices/**/power_supply/{AC,BAT@{int},hidpp_battery_@{int}}/{,*} r, @{sys}/devices/**/report_descriptor r, @{sys}/devices/**/uevent r, @{sys}/devices/system/ r, @@ -204,15 +213,19 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{PROC}/1/cgroup r, @{PROC}/locks r, @{PROC}/sys/kernel/sched_autogroup_enabled r, + @{PROC}/sys/kernel/unprivileged_userns_clone r, @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r, + @{PROC}/sys/user/max_user_namespaces r, @{PROC}/version r, owner @{PROC}/@{pid}/autogroup rw, owner @{PROC}/@{pid}/cmdline rk, owner @{PROC}/@{pid}/environ r, owner @{PROC}/@{pid}/fd/ r, + owner @{PROC}/@{pid}/fd/@{int} rw, owner @{PROC}/@{pid}/mem r, owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/task/ r, + owner @{PROC}/@{pid}/task/@{tid}/children r, owner @{PROC}/@{pid}/task/@{tid}/comm rw, /dev/input/ r, @@ -230,6 +243,9 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { include include + capability dac_read_search, + capability sys_chroot, + network inet dgram, network inet6 dgram, network inet stream, @@ -302,6 +318,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { /dev/shm/ r, owner /dev/shm/.org.chromium.Chromium.@{rand6} rw, + owner /dev/shm/u@{uid}-Shm_@{hex4}@{h} rw, owner /dev/shm/u@{uid}-Shm_@{hex6} rw, owner /dev/shm/u@{uid}-Shm_@{hex6}@{h} rw, owner /dev/shm/u@{uid}-Shm_@{hex8} rw, @@ -325,9 +342,11 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{PROC}/sys/fs/inotify/max_user_watches r, @{PROC}/sys/kernel/yama/ptrace_scope r, owner @{PROC}/@{pid}/cmdline r, + owner @{PROC}/@{pid}/mem r, owner @{PROC}/@{pid}/oom_score_adj w, owner @{PROC}/@{pid}/statm r, owner @{PROC}/@{pid}/task/ r, + owner @{PROC}/@{pid}/task/@{tid}/comm r, owner @{PROC}/@{pid}/task/@{tid}/status r, /dev/hidraw@{int} rw, @@ -341,6 +360,8 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { include include + capability dac_read_search, + unix receive type=stream, @{bin}/true rix, @@ -376,7 +397,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{sys}/bus/pci/slots/ r, @{sys}/bus/pci/slots/@{int}/address r, @{sys}/devices/@{pci}/** r, - + owner /dev/shm/ValveIPCSHM_@{uid} rw, include if exists @@ -385,7 +406,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { profile systemctl { include include - + /{run,var}/log/journal/ r, /{run,var}/log/journal/@{hex32}/ r, /{run,var}/log/journal/@{hex32}/system.journal* r, @@ -394,6 +415,6 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { include if exists } - + include if exists } diff --git a/apparmor.d/profiles-s-z/steam-game-native b/apparmor.d/profiles-s-z/steam-game-native index da72bf279..0a79b99d8 100644 --- a/apparmor.d/profiles-s-z/steam-game-native +++ b/apparmor.d/profiles-s-z/steam-game-native @@ -22,6 +22,7 @@ profile steam-game-native @{exec_path} flags=(attach_disconnected) { network inet6 dgram, network inet stream, network inet6 stream, + network netlink raw, network unix stream, signal receive peer=steam, diff --git a/apparmor.d/profiles-s-z/steam-game-proton b/apparmor.d/profiles-s-z/steam-game-proton index 7f1e29820..ed67e72b9 100644 --- a/apparmor.d/profiles-s-z/steam-game-proton +++ b/apparmor.d/profiles-s-z/steam-game-proton @@ -20,6 +20,8 @@ profile steam-game-proton @{exec_path} flags=(attach_disconnected) { include include + capability dac_read_search, + network inet dgram, network inet6 dgram, network inet stream, @@ -74,14 +76,14 @@ profile steam-game-proton @{exec_path} flags=(attach_disconnected) { owner @{app_dirs}/Proton*/** rwkl, owner @{share_dirs}/*.dll r, - owner @{share_dirs}/steamapps/compatdata/{,**} rwk, + owner @{share_dirs}/bin/ r, owner @{share_dirs}/legacycompat/ r, owner @{share_dirs}/legacycompat/** mr, + owner @{share_dirs}/steamapps/compatdata/{,**} rwk, owner @{user_share_dirs}/applications/wine/ rw, owner @{user_share_dirs}/applications/wine/**/ rw, - owner @{tmp}/ r, owner @{tmp}/.wine-@{uid}/ rw, owner @{tmp}/.wine-@{uid}/** rwk, owner @{tmp}/glx-icds-@{rand6}/{,**} w, diff --git a/apparmor.d/profiles-s-z/steam-runtime b/apparmor.d/profiles-s-z/steam-runtime index 6893dbe2d..9beaa2e8c 100644 --- a/apparmor.d/profiles-s-z/steam-runtime +++ b/apparmor.d/profiles-s-z/steam-runtime @@ -54,6 +54,7 @@ profile steam-runtime @{exec_path} flags=(attach_disconnected) { owner @{HOME}/.steam/steam.pipe r, owner @{app_dirs}/*/ r, + owner @{app_dirs}/config/config.vdf rw, owner @{app_dirs}/@{runtime}/** r, owner @{app_dirs}/@{runtime}/pressure-vessel/** rwk, owner @{app_dirs}/@{runtime}/sniper_platform_*/** rwk, diff --git a/apparmor.d/tunables/home.d/apparmor.d b/apparmor.d/tunables/home.d/apparmor.d index 87daf969e..963e4bc88 100644 --- a/apparmor.d/tunables/home.d/apparmor.d +++ b/apparmor.d/tunables/home.d/apparmor.d @@ -24,6 +24,7 @@ @{XDG_VM_DIR}=".vm" @{XDG_VM_SHARES_DIR}="VM_Shares" @{XDG_IMG_DIR}="images" +@{XDG_GAMESSTUDIO_DIR}="unity3d" # User personal keyrings @{XDG_GPG_DIR}=".gnupg" From 035e1da7b205798df14468333ce43a491889f7e3 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sat, 15 Jun 2024 16:40:11 +0100 Subject: [PATCH 58/70] feat(abs): add udevadm app abstraction. --- apparmor.d/abstractions/app/udevadm | 26 +++++++++++++++++++ .../groups/display-manager/x11-xsession | 13 +--------- apparmor.d/groups/network/netplan.script | 6 +---- apparmor.d/profiles-a-f/f3fix | 22 +++------------- apparmor.d/profiles-a-f/fatresize | 22 +++------------- apparmor.d/profiles-g-l/gparted | 8 +----- apparmor.d/profiles-g-l/gpartedbin | 18 ++----------- apparmor.d/profiles-g-l/hw-probe | 14 ++-------- apparmor.d/profiles-g-l/hwinfo | 16 ++---------- apparmor.d/profiles-g-l/inxi | 10 +------ apparmor.d/profiles-m-r/parted | 20 +++----------- apparmor.d/profiles-m-r/partprobe | 22 +++------------- apparmor.d/profiles-s-z/sensors-detect | 8 +----- apparmor.d/profiles-s-z/xinit | 24 +---------------- 14 files changed, 51 insertions(+), 178 deletions(-) create mode 100644 apparmor.d/abstractions/app/udevadm diff --git a/apparmor.d/abstractions/app/udevadm b/apparmor.d/abstractions/app/udevadm new file mode 100644 index 000000000..1c36ea8b2 --- /dev/null +++ b/apparmor.d/abstractions/app/udevadm @@ -0,0 +1,26 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + + ptrace read peer=@{p_systemd}, + + @{bin}/udevadm mr, + + /etc/udev/udev.conf r, + + @{run}/udev/data/* r, + + @{sys}/** r, + + @{PROC}/1/cgroup r, + @{PROC}/1/environ r, + @{PROC}/1/sched r, + @{PROC}/cmdline r, + @{PROC}/sys/kernel/osrelease r, + @{PROC}/sys/kernel/random/boot_id r, + owner @{PROC}/@{pid}/cgroup r, + owner @{PROC}/@{pid}/stat r, + + include if exists + +# vim:syntax=apparmor \ No newline at end of file diff --git a/apparmor.d/groups/display-manager/x11-xsession b/apparmor.d/groups/display-manager/x11-xsession index bafc9a31b..39169eaf7 100644 --- a/apparmor.d/groups/display-manager/x11-xsession +++ b/apparmor.d/groups/display-manager/x11-xsession @@ -139,18 +139,7 @@ profile x11-xsession @{exec_path} { profile udevadm { include - include - - @{bin}/udevadm mr, - - /etc/udev/udev.conf r, - - @{sys}/bus/ r, - @{sys}/bus/*/devices/ r, - @{sys}/class/ r, - @{sys}/class/*/ r, - @{sys}/devices/**/uevent r, - @{run}/udev/data/* r, + include include if exists } diff --git a/apparmor.d/groups/network/netplan.script b/apparmor.d/groups/network/netplan.script index b72b5c8af..dacb3711c 100644 --- a/apparmor.d/groups/network/netplan.script +++ b/apparmor.d/groups/network/netplan.script @@ -34,11 +34,7 @@ profile netplan.script @{exec_path} flags=(attach_disconnected) { profile udevadm { include - include - - @{bin}/udevadm mr, - - /etc/udev/udev.conf r, + include @{run}/udev/control rw, @{run}/udev/rules.d/90-netplan.rules rw, diff --git a/apparmor.d/profiles-a-f/f3fix b/apparmor.d/profiles-a-f/f3fix index f31f6cfe3..307e3270d 100644 --- a/apparmor.d/profiles-a-f/f3fix +++ b/apparmor.d/profiles-a-f/f3fix @@ -37,26 +37,12 @@ profile f3fix @{exec_path} { profile udevadm { include + include + include - ptrace (read), - - @{bin}/udevadm mr, - - /etc/udev/udev.conf r, - - owner @{PROC}/@{pid}/stat r, - owner @{PROC}/@{pid}/cgroup r, - @{PROC}/cmdline r, - @{PROC}/1/sched r, - @{PROC}/1/environ r, - @{PROC}/sys/kernel/osrelease r, - @{PROC}/sys/kernel/random/boot_id r, - - @{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r, - - # file_inherit - /dev/sd[a-z]* rw, + ptrace read, + include if exists } include if exists diff --git a/apparmor.d/profiles-a-f/fatresize b/apparmor.d/profiles-a-f/fatresize index 08d5124ae..261aea0e4 100644 --- a/apparmor.d/profiles-a-f/fatresize +++ b/apparmor.d/profiles-a-f/fatresize @@ -36,26 +36,10 @@ profile fatresize @{exec_path} { profile udevadm { include + include + include - ptrace (read), - - @{bin}/udevadm mr, - - /etc/udev/udev.conf r, - - owner @{PROC}/@{pid}/stat r, - owner @{PROC}/@{pid}/cgroup r, - @{PROC}/cmdline r, - @{PROC}/1/sched r, - @{PROC}/1/environ r, - @{PROC}/sys/kernel/osrelease r, - @{PROC}/sys/kernel/random/boot_id r, - - @{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r, - - # file_inherit - /dev/{s,v}d[a-z]* rw, - + include if exists } include if exists diff --git a/apparmor.d/profiles-g-l/gparted b/apparmor.d/profiles-g-l/gparted index 1e6be52c8..ca42f4669 100644 --- a/apparmor.d/profiles-g-l/gparted +++ b/apparmor.d/profiles-g-l/gparted @@ -60,16 +60,10 @@ profile gparted @{exec_path} { profile udevadm { include - include + include - @{bin}/udevadm mr, - - /etc/udev/udev.conf r, - - @{sys}/** r, @{sys}/devices/virtual/block/**/uevent rw, @{sys}/devices/@{pci}/block/**/uevent rw, - @{run}/udev/data/* r, include if exists } diff --git a/apparmor.d/profiles-g-l/gpartedbin b/apparmor.d/profiles-g-l/gpartedbin index ede60499d..dc3b1fe10 100644 --- a/apparmor.d/profiles-g-l/gpartedbin +++ b/apparmor.d/profiles-g-l/gpartedbin @@ -132,24 +132,10 @@ profile gpartedbin @{exec_path} { profile udevadm { include + include include - ptrace (read), - - @{bin}/udevadm mr, - - /etc/udev/udev.conf r, - - @{PROC}/1/environ r, - @{PROC}/1/sched r, - @{PROC}/cmdline r, - @{PROC}/sys/kernel/osrelease r, - @{PROC}/sys/kernel/random/boot_id r, - owner @{PROC}/@{pid}/cgroup r, - owner @{PROC}/@{pid}/stat r, - - /dev/mapper/control rw, - + include if exists } include if exists diff --git a/apparmor.d/profiles-g-l/hw-probe b/apparmor.d/profiles-g-l/hw-probe index 8c179e0d9..be5916132 100644 --- a/apparmor.d/profiles-g-l/hw-probe +++ b/apparmor.d/profiles-g-l/hw-probe @@ -163,19 +163,9 @@ profile hw-probe @{exec_path} { include if exists } - profile udevadm { + profile udevadm flags=(attach_disconnected) { include - include - - @{bin}/udevadm mr, - - /etc/udev/udev.conf r, - - @{sys}/bus/ r, - @{sys}/bus/*/devices/ r, - @{sys}/class/ r, - @{sys}/class/*/ r, - @{sys}/devices/**/uevent r, + include include if exists } diff --git a/apparmor.d/profiles-g-l/hwinfo b/apparmor.d/profiles-g-l/hwinfo index 277ce6e72..23cb006c9 100644 --- a/apparmor.d/profiles-g-l/hwinfo +++ b/apparmor.d/profiles-g-l/hwinfo @@ -92,23 +92,11 @@ profile hwinfo @{exec_path} { profile udevadm { include + include - @{bin}/udevadm mr, - - /etc/udev/udev.conf r, - - owner @{PROC}/@{pid}/stat r, - @{PROC}/cmdline r, - @{PROC}/1/sched r, - @{PROC}/1/environ r, - @{PROC}/sys/kernel/osrelease r, - - @{sys}/** r, - @{run}/udev/data/* r, - - # file_inherit owner @{tmp}/hwinfo*.txt rw, + include if exists } include if exists diff --git a/apparmor.d/profiles-g-l/inxi b/apparmor.d/profiles-g-l/inxi index 9f5632291..bc59dedb2 100644 --- a/apparmor.d/profiles-g-l/inxi +++ b/apparmor.d/profiles-g-l/inxi @@ -138,15 +138,7 @@ profile inxi @{exec_path} { profile udevadm { include - include - - @{bin}/udevadm mr, - - /etc/udev/udev.conf r, - - @{run}/udev/data/b* r, - - @{sys}/devices/@{pci}/block/**/uevent r, + include include if exists } diff --git a/apparmor.d/profiles-m-r/parted b/apparmor.d/profiles-m-r/parted index c403e7018..2b02eb398 100644 --- a/apparmor.d/profiles-m-r/parted +++ b/apparmor.d/profiles-m-r/parted @@ -48,26 +48,12 @@ profile parted @{exec_path} { profile udevadm { include + include + include - ptrace (read), - - @{bin}/udevadm mr, - - /etc/udev/udev.conf r, - - @{PROC}/1/cgroup r, - @{PROC}/1/environ r, - @{PROC}/1/sched r, - @{PROC}/cmdline r, - @{PROC}/sys/kernel/osrelease r, - @{PROC}/sys/kernel/random/boot_id r, - owner @{PROC}/@{pid}/cgroup r, - owner @{PROC}/@{pid}/stat r, - - # file_inherit - include # lots of files in this abstraction get inherited owner @{user_img_dirs}/{,**} rwk, + include if exists } include if exists diff --git a/apparmor.d/profiles-m-r/partprobe b/apparmor.d/profiles-m-r/partprobe index d1fade820..3138c13e2 100644 --- a/apparmor.d/profiles-m-r/partprobe +++ b/apparmor.d/profiles-m-r/partprobe @@ -43,26 +43,10 @@ profile partprobe @{exec_path} { profile udevadm { include + include + include - ptrace (read), - - @{bin}/udevadm mr, - - /etc/udev/udev.conf r, - - owner @{PROC}/@{pid}/stat r, - owner @{PROC}/@{pid}/cgroup r, - @{PROC}/cmdline r, - @{PROC}/1/sched r, - @{PROC}/1/environ r, - @{PROC}/1/cgroup r, - @{PROC}/sys/kernel/osrelease r, - @{PROC}/sys/kernel/random/boot_id r, - - # file_inherit - include # lots of files in this abstraction get inherited - /dev/mapper/control rw, - + include if exists } include if exists diff --git a/apparmor.d/profiles-s-z/sensors-detect b/apparmor.d/profiles-s-z/sensors-detect index 820c31d1f..6fcc6cac1 100644 --- a/apparmor.d/profiles-s-z/sensors-detect +++ b/apparmor.d/profiles-s-z/sensors-detect @@ -41,13 +41,7 @@ profile sensors-detect @{exec_path} { profile udevadm { include - include - - capability sys_ptrace, - - @{bin}/udevadm mr, - - /etc/udev/udev.conf r, + include include if exists } diff --git a/apparmor.d/profiles-s-z/xinit b/apparmor.d/profiles-s-z/xinit index 03ec3ff92..a789cc90f 100644 --- a/apparmor.d/profiles-s-z/xinit +++ b/apparmor.d/profiles-s-z/xinit @@ -92,29 +92,7 @@ profile xinit @{exec_path} { profile udevadm { include - - @{bin}/udevadm mr, - - /etc/udev/udev.conf r, - - @{run}/udev/data/* r, - - @{sys}/bus/ r, - @{sys}/bus/*/devices/ r, - @{sys}/class/ r, - @{sys}/class/*/ r, - @{sys}/devices/**/uevent r, - @{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r, - - @{PROC}/1/environ r, - @{PROC}/1/sched r, - @{PROC}/cmdline r, - @{PROC}/sys/kernel/osrelease r, - owner @{PROC}/@{pid}/stat r, - - # file_inherit - owner /dev/tty@{int} rw, - owner @{HOME}/.xsession-errors w, + include include if exists } From 79eed4b93df6f79eaaef3ef4e8ad5484c6950d75 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sat, 15 Jun 2024 16:42:32 +0100 Subject: [PATCH 59/70] feat(profile): improve sqlite temp file definition. --- apparmor.d/groups/apps/dropbox | 2 +- apparmor.d/groups/gnome/tracker-miner | 4 ++-- apparmor.d/profiles-a-f/flatpak-app | 2 +- apparmor.d/profiles-a-f/fwupd | 2 +- apparmor.d/profiles-g-l/gpo | 10 +++++----- apparmor.d/profiles-m-r/protonmail-bridge-core | 4 ++-- apparmor.d/profiles-m-r/psi | 2 +- apparmor.d/profiles-m-r/psi-plus | 2 +- apparmor.d/profiles-m-r/quiterss | 2 +- apparmor.d/profiles-s-z/strawberry | 2 +- 10 files changed, 16 insertions(+), 16 deletions(-) diff --git a/apparmor.d/groups/apps/dropbox b/apparmor.d/groups/apps/dropbox index 961850c9e..066f9a5b7 100644 --- a/apparmor.d/groups/apps/dropbox +++ b/apparmor.d/groups/apps/dropbox @@ -58,7 +58,7 @@ profile dropbox @{exec_path} { # Dropbox first tries the /tmp/ dir, and if it's denied it uses the /var/tmp/ dir instead owner @{tmp}/dropbox-antifreeze-* rw, owner @{tmp}/#@{int} rw, - owner /var/tmp/etilqs_@{hex} rw, + owner /var/tmp/etilqs_@{hex16} rw, @{run}/systemd/users/@{uid} r, diff --git a/apparmor.d/groups/gnome/tracker-miner b/apparmor.d/groups/gnome/tracker-miner index 6646d69d7..5e073215a 100644 --- a/apparmor.d/groups/gnome/tracker-miner +++ b/apparmor.d/groups/gnome/tracker-miner @@ -65,8 +65,8 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) { owner @{gdm_config_dirs}/dconf/user r, owner @{gdm_share_dirs}/applications/ r, - owner /var/tmp/etilqs_@{hex} rw, - owner @{tmp}/etilqs_@{hex} rw, + owner /var/tmp/etilqs_@{hex16} rw, + owner @{tmp}/etilqs_@{hex16} rw, # Allow to search user files owner @{HOME}/{,**} r, diff --git a/apparmor.d/profiles-a-f/flatpak-app b/apparmor.d/profiles-a-f/flatpak-app index 9d06b4595..a4f994d04 100644 --- a/apparmor.d/profiles-a-f/flatpak-app +++ b/apparmor.d/profiles-a-f/flatpak-app @@ -78,7 +78,7 @@ profile flatpak-app flags=(attach_disconnected,mediate_deleted) { /var/lib/flatpak/app/{,**} r, /var/lib/flatpak/exports/** rw, - /var/tmp/etilqs_@{hex} rw, + /var/tmp/etilqs_@{hex16} rw, @{run}/.userns r, @{run}/parent/** r, diff --git a/apparmor.d/profiles-a-f/fwupd b/apparmor.d/profiles-a-f/fwupd index 57e006500..b9f095daa 100644 --- a/apparmor.d/profiles-a-f/fwupd +++ b/apparmor.d/profiles-a-f/fwupd @@ -65,7 +65,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) { /var/lib/flatpak/exports/share/mime/mime.cache r, /var/lib/fwupd/{,**} rw, /var/lib/fwupd/pending.db rwk, - /var/tmp/etilqs_@{hex} rw, + /var/tmp/etilqs_@{hex16} rw, /boot/{,**} r, /boot/EFI/*/.goutputstream-@{rand6} rw, diff --git a/apparmor.d/profiles-g-l/gpo b/apparmor.d/profiles-g-l/gpo index da33f7bca..208036d8e 100644 --- a/apparmor.d/profiles-g-l/gpo +++ b/apparmor.d/profiles-g-l/gpo @@ -31,16 +31,16 @@ profile gpo @{exec_path} { @{bin}/less rPx -> child-pager, @{bin}/more rPx -> child-pager, - owner @{PROC}/@{pid}/fd/ r, + /etc/inputrc r, + + /usr/share/gpodder/extensions/{,*.py} r, owner @{HOME}/gPodder/ rw, owner @{HOME}/gPodder/** rwk, - /usr/share/gpodder/extensions/{,*.py} r, + owner /var/tmp/etilqs_@{hex16} rw, - /etc/inputrc r, - - owner /var/tmp/etilqs_@{hex} rw, + owner @{PROC}/@{pid}/fd/ r, include if exists } diff --git a/apparmor.d/profiles-m-r/protonmail-bridge-core b/apparmor.d/profiles-m-r/protonmail-bridge-core index ef7ec136c..b0d153ec2 100644 --- a/apparmor.d/profiles-m-r/protonmail-bridge-core +++ b/apparmor.d/profiles-m-r/protonmail-bridge-core @@ -39,8 +39,8 @@ profile protonmail-bridge-core @{exec_path} { owner "@{user_config_dirs}/autostart/Proton Mail Bridge.desktop" rw, owner @{tmp}/bridge@{int} rw, - owner @{tmp}/user/@{uid}/etilqs_@{hex} rw, - owner /var/tmp/etilqs_@{hex} rw, + owner @{tmp}/etilqs_@{hex16} rw, + owner /var/tmp/etilqs_@{hex16} rw, @{PROC}/ r, @{PROC}/sys/net/core/somaxconn r, diff --git a/apparmor.d/profiles-m-r/psi b/apparmor.d/profiles-m-r/psi index 90a2e380e..e764b69f8 100644 --- a/apparmor.d/profiles-m-r/psi +++ b/apparmor.d/profiles-m-r/psi @@ -56,7 +56,7 @@ profile psi @{exec_path} { owner @{user_share_dirs}/psi/** rwk, owner @{tmp}/#@{int} rw, - owner @{tmp}/etilqs_@{hex} rw, + owner @{tmp}/etilqs_@{hex16} rw, owner @{tmp}/Psi.* rwl -> /tmp/#@{int}, @{run}/systemd/inhibit/[0-9]*.ref rw, diff --git a/apparmor.d/profiles-m-r/psi-plus b/apparmor.d/profiles-m-r/psi-plus index 50a008061..d9b1f7fd5 100644 --- a/apparmor.d/profiles-m-r/psi-plus +++ b/apparmor.d/profiles-m-r/psi-plus @@ -56,7 +56,7 @@ profile psi-plus @{exec_path} { owner @{user_share_dirs}/psi+/** rwk, owner @{tmp}/#@{int} rw, - owner @{tmp}/etilqs_@{hex} rw, + owner @{tmp}/etilqs_@{hex16} rw, owner @{tmp}/Psi+.* rwl -> /tmp/#@{int}, @{run}/systemd/inhibit/[0-9]*.ref rw, diff --git a/apparmor.d/profiles-m-r/quiterss b/apparmor.d/profiles-m-r/quiterss index f1b6a0f24..1154ff337 100644 --- a/apparmor.d/profiles-m-r/quiterss +++ b/apparmor.d/profiles-m-r/quiterss @@ -63,7 +63,7 @@ profile quiterss @{exec_path} { owner @{tmp}/qtsingleapp-quiter-@{int}-@{int} rw, owner @{tmp}/qtsingleapp-quiter-@{int}-@{int}-lockfile rwk, - owner /var/tmp/etilqs_@{hex} rw, + owner /var/tmp/etilqs_@{hex16} rw, # Allowed apps to open @{lib}/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-s-z/strawberry b/apparmor.d/profiles-s-z/strawberry index 39c68f5ed..5ed3ceace 100644 --- a/apparmor.d/profiles-s-z/strawberry +++ b/apparmor.d/profiles-s-z/strawberry @@ -64,7 +64,7 @@ profile strawberry @{exec_path} { owner @{tmp}/.*/s rw, owner @{tmp}/*= w, owner @{tmp}/#@{int} rw, - owner @{tmp}/etilqs_@{hex} rw, + owner @{tmp}/etilqs_@{hex16} rw, owner @{tmp}/qipc_{systemsem,sharedmemory}_*[a-f0-9]* rw, owner @{tmp}/strawberry-cover-@{rand6}.jpg rwl -> @{tmp}/#@{int}, owner @{tmp}/strawberry*[0-9] w, From faab4928ed223960bd5e38a2fb84b8bf0f2b32c0 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sat, 15 Jun 2024 16:49:06 +0100 Subject: [PATCH 60/70] feat(profile): general update. --- apparmor.d/groups/freedesktop/fc-cache | 4 +- apparmor.d/groups/freedesktop/xdg-mime | 1 + apparmor.d/groups/freedesktop/xdg-screensaver | 2 +- apparmor.d/groups/gnome/gnome-music | 2 +- apparmor.d/groups/pacman/aurpublish | 2 +- apparmor.d/groups/pacman/pacman | 1 + apparmor.d/groups/virt/libvirtd | 1 + apparmor.d/profiles-a-f/acpid | 2 +- apparmor.d/profiles-a-f/dmesg | 7 +- apparmor.d/profiles-a-f/f3fix | 16 +- apparmor.d/profiles-a-f/fatresize | 15 +- apparmor.d/profiles-a-f/findmnt | 1 + apparmor.d/profiles-g-l/gpartedbin | 35 ++-- apparmor.d/profiles-g-l/gpodder | 74 ++----- apparmor.d/profiles-g-l/hw-probe | 195 +++++++++--------- apparmor.d/profiles-g-l/hwinfo | 74 +++---- apparmor.d/profiles-g-l/libreoffice | 1 + apparmor.d/profiles-m-r/parted | 18 +- apparmor.d/profiles-m-r/partprobe | 21 +- apparmor.d/profiles-m-r/pass-import | 4 +- apparmor.d/profiles-m-r/pkexec | 7 +- apparmor.d/profiles-m-r/protonmail-bridge | 2 + apparmor.d/profiles-s-z/usb-devices | 14 +- 23 files changed, 213 insertions(+), 286 deletions(-) diff --git a/apparmor.d/groups/freedesktop/fc-cache b/apparmor.d/groups/freedesktop/fc-cache index affeb182c..a3e5beebb 100644 --- a/apparmor.d/groups/freedesktop/fc-cache +++ b/apparmor.d/groups/freedesktop/fc-cache @@ -7,7 +7,9 @@ abi , include -@{exec_path} = /{snap/snapd/@{int}/,}{usr/,}bin/fc-cache{,-32,-v*} +@{bin_dirs} = @{bin}/ /snap/{snapd,core}/@{int}@{bin} + +@{exec_path} = @{bin_dirs}/fc-cache{,-32,-v*} profile fc-cache @{exec_path} { include include diff --git a/apparmor.d/groups/freedesktop/xdg-mime b/apparmor.d/groups/freedesktop/xdg-mime index df733b16a..4ea8970b3 100644 --- a/apparmor.d/groups/freedesktop/xdg-mime +++ b/apparmor.d/groups/freedesktop/xdg-mime @@ -18,6 +18,7 @@ profile xdg-mime @{exec_path} flags=(attach_disconnected) { @{bin}/{,e}grep rix, @{bin}/{m,g,}awk rix, @{bin}/basename rix, + @{bin}/cat rix, @{bin}/cut rix, @{bin}/file rix, @{bin}/head rix, diff --git a/apparmor.d/groups/freedesktop/xdg-screensaver b/apparmor.d/groups/freedesktop/xdg-screensaver index 9b655a40b..353bb7b1b 100644 --- a/apparmor.d/groups/freedesktop/xdg-screensaver +++ b/apparmor.d/groups/freedesktop/xdg-screensaver @@ -32,7 +32,7 @@ profile xdg-screensaver @{exec_path} { @{bin}/xset rPx, @{bin}/hostname rix, - /dev/dri/card[0-9] rw, + /dev/dri/card@{int} rw, owner @{HOME}/ r, owner @{HOME}/.Xauthority r, diff --git a/apparmor.d/groups/gnome/gnome-music b/apparmor.d/groups/gnome/gnome-music index f22cde879..2eda9bb05 100644 --- a/apparmor.d/groups/gnome/gnome-music +++ b/apparmor.d/groups/gnome/gnome-music @@ -48,7 +48,7 @@ profile gnome-music @{exec_path} flags=(attach_disconnected) { @{run}/systemd/inhibit/[0-9]*.ref rw, owner @{tmp}/grilo-plugin-cache-[0-9A-Z]*/ rw, - owner /var/tmp/etilqs_@{hex} rw, + owner /var/tmp/etilqs_@{hex16} rw, @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/groups/pacman/aurpublish b/apparmor.d/groups/pacman/aurpublish index 1a3a6ec46..4446ad039 100644 --- a/apparmor.d/groups/pacman/aurpublish +++ b/apparmor.d/groups/pacman/aurpublish @@ -55,7 +55,7 @@ profile aurpublish @{exec_path} { owner @{user_cache_dirs}/makepkg/src/* rw, owner @{user_config_dirs}/pacman/makepkg.conf r, - owner @{tmp}/tmp.* rw, + owner @{tmp}/tmp.@{rand10} rw, owner @{PROC}/@{pid}/maps r, diff --git a/apparmor.d/groups/pacman/pacman b/apparmor.d/groups/pacman/pacman index 7207c714c..5a873f187 100644 --- a/apparmor.d/groups/pacman/pacman +++ b/apparmor.d/groups/pacman/pacman @@ -146,6 +146,7 @@ profile pacman @{exec_path} flags=(attach_disconnected) { # Silencer, deny @{HOME}/ r, + deny @{HOME}/**/ r, deny /tmp/ r, profile gpg { diff --git a/apparmor.d/groups/virt/libvirtd b/apparmor.d/groups/virt/libvirtd index 32428f2b5..96be24919 100644 --- a/apparmor.d/groups/virt/libvirtd +++ b/apparmor.d/groups/virt/libvirtd @@ -117,6 +117,7 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) { @{sh_path} rix, @{bin}/ip rix, + @{bin}/nft rix, @{bin}/qemu-img rUx, # TODO: Integration with virt-aa-helper @{bin}/qemu-system* rUx, # TODO: Integration with virt-aa-helper @{bin}/tc rix, diff --git a/apparmor.d/profiles-a-f/acpid b/apparmor.d/profiles-a-f/acpid index 95eb98c61..e994edb95 100644 --- a/apparmor.d/profiles-a-f/acpid +++ b/apparmor.d/profiles-a-f/acpid @@ -18,7 +18,7 @@ profile acpid @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{ba,da,}sh rix, + @{sh_path} rix, @{bin}/logger rix, /etc/acpi/powerbtn-acpi-support.sh rPx -> acpi-powerbtn, diff --git a/apparmor.d/profiles-a-f/dmesg b/apparmor.d/profiles-a-f/dmesg index 85943afa7..346a91c8c 100644 --- a/apparmor.d/profiles-a-f/dmesg +++ b/apparmor.d/profiles-a-f/dmesg @@ -12,8 +12,8 @@ profile dmesg @{exec_path} { include include - capability syslog, capability dac_read_search, + capability syslog, @{exec_path} mr, @@ -28,8 +28,11 @@ profile dmesg @{exec_path} { /dev/kmsg r, - deny /{usr/,}local/bin/ r, deny @{bin}/{,*/} r, + deny /{usr/,}local/{,s}bin/ r, + deny /var/lib/flatpak/exports/bin/ r, + deny @{HOME}/.go/bin/ r, + deny @{user_bin_dirs}/ r, include if exists } diff --git a/apparmor.d/profiles-a-f/f3fix b/apparmor.d/profiles-a-f/f3fix index 307e3270d..75d11148d 100644 --- a/apparmor.d/profiles-a-f/f3fix +++ b/apparmor.d/profiles-a-f/f3fix @@ -12,28 +12,20 @@ profile f3fix @{exec_path} { include include - # To remove the following errors: - # Error: Partition(s) * on /dev/sdb have been written, but we have been unable to inform the - # kernel of the change, probably because it/they are in use. As a result, the old partition(s) - # will remain in use. You should reboot now before making further changes. capability sys_admin, - - # Needed? (##FIXME##) capability sys_rawio, - # Needed? - ptrace (read), + ptrace read, @{exec_path} mr, - @{sh_path} rix, + @{sh_path} rix, @{bin}/dmidecode rPx, + @{bin}/udevadm rCx -> udevadm, - @{bin}/udevadm rCx -> udevadm, - - owner @{PROC}/@{pid}/mounts r, @{PROC}/swaps r, + owner @{PROC}/@{pid}/mounts r, profile udevadm { include diff --git a/apparmor.d/profiles-a-f/fatresize b/apparmor.d/profiles-a-f/fatresize index 261aea0e4..71fc917fb 100644 --- a/apparmor.d/profiles-a-f/fatresize +++ b/apparmor.d/profiles-a-f/fatresize @@ -12,27 +12,20 @@ profile fatresize @{exec_path} { include include - # Needed to inform the system of newly created/removed partitions - # ioctl(3, BLKFLSBUF) = -1 EACCES (Permission denied) capability sys_admin, - - # Needed? (##FIXME##) capability sys_rawio, - # Needed? - ptrace (read), + ptrace read, @{exec_path} mr, - @{sh_path} rix, + @{sh_path} rix, @{bin}/dmidecode rPx, + @{bin}/udevadm rCx -> udevadm, - @{bin}/udevadm rCx -> udevadm, - - owner @{PROC}/@{pid}/mounts r, @{PROC}/swaps r, - + owner @{PROC}/@{pid}/mounts r, profile udevadm { include diff --git a/apparmor.d/profiles-a-f/findmnt b/apparmor.d/profiles-a-f/findmnt index 663e40251..4aef829c7 100644 --- a/apparmor.d/profiles-a-f/findmnt +++ b/apparmor.d/profiles-a-f/findmnt @@ -14,6 +14,7 @@ profile findmnt @{exec_path} flags=(attach_disconnected,complain) { include capability dac_read_search, + capability sys_rawio, @{exec_path} mr, diff --git a/apparmor.d/profiles-g-l/gpartedbin b/apparmor.d/profiles-g-l/gpartedbin index dc3b1fe10..65f6bbc12 100644 --- a/apparmor.d/profiles-g-l/gpartedbin +++ b/apparmor.d/profiles-g-l/gpartedbin @@ -7,30 +7,26 @@ abi , include -@{exec_path} = @{bin}/gpartedbin -@{exec_path} += @{lib}/gpartedbin -@{exec_path} += @{lib}/gparted/gpartedbin +@{exec_path} = @{bin}/gpartedbin @{lib}/{,gparted/}gpartedbin profile gpartedbin @{exec_path} { include include + include include include - include - include - include capability dac_read_search, capability ipc_lock, capability sys_admin, capability sys_rawio, - ptrace (read), + ptrace read, - signal (send) peer=mke2fs, + signal send peer=mke2fs, @{exec_path} mr, - @{sh_path} rix, + @{sh_path} rix, @{bin}/blkid rPx, @{bin}/dmidecode rPx, @@ -84,29 +80,21 @@ profile gpartedbin @{exec_path} { owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, - /dev/mapper/control rw, - profile mount { include + include capability sys_admin, - mount /dev/{s,v}d[a-z]*[0-9]* -> /tmp/gparted-*/, + mount /dev/{s,v}d[a-z]*@{int} -> /tmp/gparted-*/, - mount /dev/{s,v}d[a-z]*[0-9]* -> /boot/, - mount /dev/{s,v}d[a-z]*[0-9]* -> @{MOUNTS}/, - mount /dev/{s,v}d[a-z]*[0-9]* -> @{MOUNTS}/*/, + mount /dev/{s,v}d[a-z]*@{int} -> /boot/, + mount /dev/{s,v}d[a-z]*@{int} -> @{MOUNTS}/, + mount /dev/{s,v}d[a-z]*@{int} -> @{MOUNTS}/*/, @{bin}/mount mr, - @{sys}/devices/@{pci}/block/{s,v}d[a-z]/ r, - @{sys}/devices/@{pci}/block/{s,v}d[a-z]/dev r, - @{sys}/devices/@{pci}/block/{s,v}d[a-z]/{s,v}d[a-z][0-9]*/ r, - @{sys}/devices/@{pci}/block/{s,v}d[a-z]/{s,v}d[a-z][0-9]*/{start,size} r, - - /dev/{s,v}d[a-z]* r, - /dev/{s,v}d[a-z]*[0-9]* r, - + include if exists } profile umount { @@ -128,6 +116,7 @@ profile gpartedbin @{exec_path} { owner @{PROC}/@{pid}/mountinfo r, + include if exists } profile udevadm { diff --git a/apparmor.d/profiles-g-l/gpodder b/apparmor.d/profiles-g-l/gpodder index 60fe931f3..c945d59cb 100644 --- a/apparmor.d/profiles-g-l/gpodder +++ b/apparmor.d/profiles-g-l/gpodder @@ -10,14 +10,12 @@ include @{exec_path} = @{bin}/gpodder profile gpodder @{exec_path} { include - include - include + include include - include - include include - include + include include + include network inet dgram, network inet6 dgram, @@ -32,64 +30,30 @@ profile gpodder @{exec_path} { @{sh_path} rix, @{bin}/uname rix, - owner @{HOME}/ r, - owner @{HOME}/gPodder/ rw, - owner @{HOME}/gPodder/** rwk, - - /usr/share/gpodder/{,**} r, - - owner @{PROC}/@{pid}/fd/ r, - owner @{PROC}/@{pid}/mounts r, - owner @{PROC}/@{pid}/mountinfo r, - - /etc/fstab r, - - owner /var/tmp/etilqs_@{hex} rw, - - /etc/mime.types r, - - /usr/share/*/*.desktop r, - - @{bin}/xdg-settings rPUx, - - @{bin}/xdg-open rCx -> open, - @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rCx -> open, + @{bin}/xdg-settings rPx, + @{open_path} rPx -> child-open, # A/V players @{bin}/smplayer rPUx, @{bin}/vlc rPUx, @{bin}/mpv rPUx, - # Open in a web browser - @{lib}/firefox/firefox rPUx, + /usr/share/gpodder/{,**} r, + + /etc/fstab r, + /etc/mime.types r, + + owner @{HOME}/ r, + owner @{HOME}/gPodder/ rw, + owner @{HOME}/gPodder/** rwk, + + owner /var/tmp/etilqs_@{hex16} rw, + + owner @{PROC}/@{pid}/fd/ r, + owner @{PROC}/@{pid}/mounts r, + owner @{PROC}/@{pid}/mountinfo r, - # file_inherit owner /dev/tty@{int} rw, - - profile open { - include - include - - @{bin}/xdg-open mr, - @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop mr, - - @{sh_path} rix, - @{bin}/{m,g,}awk rix, - @{bin}/readlink rix, - @{bin}/basename rix, - - owner @{HOME}/ r, - - owner @{run}/user/@{uid}/ r, - - # Allowed apps to open - @{lib}/firefox/firefox rPUx, - - # file_inherit - owner @{HOME}/.xsession-errors w, - - } - include if exists } diff --git a/apparmor.d/profiles-g-l/hw-probe b/apparmor.d/profiles-g-l/hw-probe index be5916132..c9aa1469c 100644 --- a/apparmor.d/profiles-g-l/hw-probe +++ b/apparmor.d/profiles-g-l/hw-probe @@ -8,9 +8,10 @@ abi , include @{exec_path} = @{bin}/hw-probe -profile hw-probe @{exec_path} { +profile hw-probe @{exec_path} flags=(attach_disconnected) { include include + include capability sys_admin, @@ -20,111 +21,134 @@ profile hw-probe @{exec_path} { @{exec_path} rm, @{bin}/perl r, - @{sh_path} rix, - @{bin}/{,e}grep rix, - @{bin}/{m,g,}awk rix, - @{bin}/dd rix, - @{bin}/efibootmgr rix, - @{bin}/efivar rix, - @{bin}/md5sum rix, - @{bin}/pwd rix, - @{bin}/sleep rix, - @{bin}/tar rix, - @{bin}/uname rix, - - @{bin}/lsb_release rPx -> lsb_release, - @{bin}/dpkg rPx -> child-dpkg, - - @{bin}/acpi rPx, - @{bin}/amixer rPx, - @{bin}/aplay rPx, - @{bin}/biosdecode rPx, - @{bin}/cpuid rPx, - @{bin}/cpupower rPx, - @{bin}/df rPx, - @{bin}/dkms rPx, - @{bin}/dmesg rPx, - @{bin}/dmidecode rPx, - @{bin}/edid-decode rPx, - @{bin}/fdisk rPx, - @{bin}/glxgears rPx, - @{bin}/glxinfo rPx, - @{bin}/hciconfig rPx, - @{bin}/hdparm rPx, - @{bin}/hwinfo rPx, - @{bin}/i2cdetect rPx, - @{bin}/inxi rPx, - @{bin}/lsblk rPx, - @{bin}/lscpu rPx, - @{bin}/lspci rPx, - @{bin}/lsusb rPx, - @{bin}/memtester rPx, - @{bin}/rfkill rPx, - @{bin}/sensors rPx, - @{bin}/smartctl rPx, - @{bin}/upower rPx, - @{bin}/uptime rPx, - @{bin}/usb-devices rPx, - @{bin}/xdpyinfo rPx, - @{bin}/xinput rPx, - @{bin}/xrandr rPx, + @{sh_path} rix, + @{bin}/{,e}grep rix, + @{bin}/{m,g,}awk rix, + @{bin}/dd rix, + @{bin}/efibootmgr rix, + @{bin}/efivar rix, + @{bin}/find rix, + @{bin}/md5sum rix, + @{bin}/pwd rix, + @{bin}/sleep rix, + @{bin}/sort rix, + @{bin}/tar rix, + @{bin}/uname rix, + @{bin}/acpi rPx, + @{bin}/amixer rPx, + @{bin}/aplay rPx, + @{bin}/biosdecode rPx, + @{bin}/cpuid rPx, + @{bin}/cpupower rPx, @{bin}/curl rCx -> curl, + @{bin}/df rPx, + @{bin}/dkms rPx, + @{bin}/dmesg rPx, + @{bin}/dmidecode rPx, + @{bin}/dpkg rPx -> child-dpkg, + @{bin}/edid-decode rPx, @{bin}/ethtool rCx -> netconfig, - @{bin}/find rCx -> find, + @{bin}/fdisk rPx, + @{bin}/glxgears rPx, + @{bin}/glxinfo rPx, + @{bin}/hciconfig rPx, + @{bin}/hdparm rPx, + @{bin}/hwinfo rPx, + @{bin}/i2cdetect rPx, @{bin}/ifconfig rCx -> netconfig, + @{bin}/inxi rPx, @{bin}/iw rCx -> netconfig, @{bin}/iwconfig rCx -> netconfig, @{bin}/journalctl rCx -> journalctl, @{bin}/killall rCx -> killall, - @{bin}/kmod rCx -> kmod, + @{bin}/kmod rix, + @{bin}/lsb_release rPx -> lsb_release, + @{bin}/lsblk rPx, + @{bin}/lscpu rPx, + @{bin}/lspci rPx, + @{bin}/lsusb rPx, + @{bin}/memtester rPx, + @{bin}/nmcli rPx, + @{bin}/pacman rCx -> pacman, + @{bin}/rfkill rPx, + @{bin}/rpm rCx -> rpm, + @{bin}/sensors rPx, + @{bin}/smartctl rPx, @{bin}/systemctl rCx -> systemctl, @{bin}/systemd-analyze rPx, @{bin}/udevadm rCx -> udevadm, - - /usr/share/X11/xorg.conf.d/{,*.conf} r, + @{bin}/upower rPx, + @{bin}/uptime rPx, + @{bin}/usb-devices rPx, + @{bin}/xdpyinfo rPx, + @{bin}/xinput rPx, + @{bin}/xrandr rPx, /etc/modprobe.d/{,*.conf} r, - /etc/X11/xorg.conf.d/{,*.conf} r, - /var/log/Xorg.[0-9].log{,.old} r, + owner @{HOME}/HW_PROBE/{,**} rw, - owner /root/HW_PROBE/{,**} rw, - - owner @{tmp}/*/ rw, + audit owner @{tmp}/*/ rw, owner @{tmp}/*/cpu_perf rw, @{sys}/class/drm/ r, @{sys}/class/power_supply/ r, - - @{sys}/devices/virtual/dmi/id/* r, @{sys}/devices/@{pci}/drm/card@{int}/*/edid r, @{sys}/devices/**/power_supply/*/uevent r, - + @{sys}/devices/virtual/dmi/id/* r, @{sys}/firmware/efi/efivars/ r, @{sys}/firmware/efi/efivars/* r, + @{sys}/module/*/ r, + @{sys}/module/*/{coresize,refcnt} r, + @{sys}/module/*/holders/ r, @{PROC}/bus/input/devices r, + @{PROC}/cmdline r, @{PROC}/interrupts r, @{PROC}/ioports r, + @{PROC}/modules r, @{PROC}/scsi/scsi r, - profile find { + /dev/{,**} r, + + profile pacman flags=(attach_disconnected) { include - include + include + + @{bin}/pacman mr, + + @{bin}/gpg rPx -> pacman//gpg, + @{bin}/gpgconf rPx -> pacman//gpg, + @{bin}/gpgsm rPx -> pacman//gpg, + + /etc/pacman.conf r, + /etc/pacman.d/{,**} r, + + /var/lib/pacman/{,**} r, + + include if exists + } + + profile rpm flags=(attach_disconnected) { + include + include capability dac_read_search, - @{bin}/find mr, + @{bin}/rpm mr, - /root/ r, + /var/ r, + /var/lib/ r, + /var/lib/rpm/ r, + /var/lib/rpm/rpmdb.sqlite rk, + /var/lib/rpm/rpmdb.sqlite-shm rwk, + /var/lib/rpm/rpmdb.sqlite-wal rw, - /dev/{,**} r, - - include if exists + include if exists } - profile journalctl { + profile journalctl flags=(attach_disconnected) { include @{bin}/journalctl mr, @@ -133,18 +157,18 @@ profile hw-probe @{exec_path} { /etc/machine-id r, @{run}/log/ rw, - /{run,var}/log/journal/ rw, - /{run,var}/log/journal/@{hex32}/ rw, - /{run,var}/log/journal/@{hex32}/user-@{hex}.journal* rw, - /{run,var}/log/journal/@{hex32}/system.journal* rw, - /{run,var}/log/journal/@{hex32}/system@@{hex}.journal* rw, + /{run,var}/log/journal/ r, + /{run,var}/log/journal/@{hex32}/ r, + /{run,var}/log/journal/@{hex32}/user-@{hex}.journal* r, + /{run,var}/log/journal/@{hex32}/system.journal* r, + /{run,var}/log/journal/@{hex32}/system@@{hex}.journal* r, owner @{PROC}/@{pid}/stat r, include if exists } - profile killall { + profile killall flags=(attach_disconnected) { include capability sys_ptrace, @@ -155,8 +179,6 @@ profile hw-probe @{exec_path} { @{bin}/killall mr, - # The /proc/ dir is needed to avoid the following error: - # /proc: Permission denied @{PROC}/ r, @{PROC}/@{pids}/stat r, @@ -170,22 +192,7 @@ profile hw-probe @{exec_path} { include if exists } - profile kmod { - include - - @{bin}/kmod mr, - - @{sys}/module/*/ r, - @{sys}/module/*/{coresize,refcnt} r, - @{sys}/module/*/holders/ r, - - @{PROC}/cmdline r, - @{PROC}/modules r, - - include if exists - } - - profile netconfig { + profile netconfig flags=(attach_disconnected) { include # Not needed @@ -210,7 +217,7 @@ profile hw-probe @{exec_path} { include if exists } - profile systemctl { + profile systemctl flags=(attach_disconnected) { include include diff --git a/apparmor.d/profiles-g-l/hwinfo b/apparmor.d/profiles-g-l/hwinfo index 23cb006c9..b8c46b96c 100644 --- a/apparmor.d/profiles-g-l/hwinfo +++ b/apparmor.d/profiles-g-l/hwinfo @@ -12,19 +12,10 @@ profile hwinfo @{exec_path} { include include - # Without the sys_admin CAP, some information, for instance the reserved I/O port address range - # in the /proc/ioports, will be hidden. - capability sys_admin, - - # For the kernel log entries to be shown in the output - capability syslog, - - # To remove the following errors: - # eth0: socket failed: Operation not permitted - capability net_raw, - - # Needed when passed disk related options (--block, --partition, --floppy) - capability sys_rawio, + capability net_raw, # Needed for network related options + capability sys_admin, # Needed for /proc/ioports + capability sys_rawio, # Needed for disk related options + capability syslog, # Needed for /proc/kmsg network inet dgram, network inet6 dgram, @@ -36,58 +27,61 @@ profile hwinfo @{exec_path} { @{bin}/kmod rCx -> kmod, @{bin}/udevadm rCx -> udevadm, + @{bin}/acpidump rPUx, @{bin}/dmraid rPUx, - @{PROC}/version r, - @{PROC}/cmdline r, - @{PROC}/dma r, - @{PROC}/interrupts r, - @{PROC}/modules r, - @{PROC}/tty/driver/serial r, - @{PROC}/ioports r, - @{PROC}/bus/input/devices r, - @{PROC}/partitions r, - @{PROC}/driver/nvram r, - @{PROC}/sys/dev/cdrom/info r, + /usr/share/hwinfo/{,**} r, - /dev/mem r, - /dev/nvram r, - /dev/psaux r, - /dev/console rw, - /dev/ttyS@{int} r, - /dev/fb@{int} r, + /var/lib/hardware/udi/{,**} r, + + owner @{tmp}/hwinfo*.txt rw, @{sys}/bus/{,**/} r, @{sys}/class/*/ r, - @{sys}/devices/@{pci_bus}/** r, - @{sys}/devices/**/input/**/dev r, + @{sys}/devices/@{pci}/** r, @{sys}/devices/**/{modalias,uevent} r, + @{sys}/devices/**/input/**/dev r, @{sys}/devices/virtual/net/*/{type,carrier,address} r, @{sys}/firmware/dmi/tables/DMI r, @{sys}/firmware/dmi/tables/smbios_entry_point r, @{sys}/firmware/edd/{,**} r, - /var/lib/hardware/udi/ r, - - # For a log file - owner @{tmp}/hwinfo*.txt rw, + @{PROC}/bus/input/devices r, + @{PROC}/cmdline r, + @{PROC}/dma r, + @{PROC}/driver/nvram r, + @{PROC}/interrupts r, + @{PROC}/ioports r, + @{PROC}/modules r, + @{PROC}/partitions r, + @{PROC}/sys/dev/cdrom/info r, + @{PROC}/tty/driver/serial r, + @{PROC}/version r, + /dev/console rw, + /dev/fb@{int} r, + /dev/mem r, + /dev/nvram r, + /dev/psaux r, + /dev/ttyS@{int} r, profile kmod { include + include @{bin}/kmod mr, /etc/modprobe.d/{,*.conf} r, - @{PROC}/cmdline r, - - # file_inherit - /dev/ttyS@{int} r, owner @{tmp}/hwinfo*.txt rw, + @{sys}/devices/@{pci}/drm/card@{int}/ r, + @{PROC}/cmdline r, + @{PROC}/modules r, + + include if exists } profile udevadm { diff --git a/apparmor.d/profiles-g-l/libreoffice b/apparmor.d/profiles-g-l/libreoffice index f9dc76461..c035517cc 100644 --- a/apparmor.d/profiles-g-l/libreoffice +++ b/apparmor.d/profiles-g-l/libreoffice @@ -10,6 +10,7 @@ include @{exec_path} += @{lib}/libreoffice/program/soffice profile libreoffice @{exec_path} { include + include include include include diff --git a/apparmor.d/profiles-m-r/parted b/apparmor.d/profiles-m-r/parted index 2b02eb398..9408674f8 100644 --- a/apparmor.d/profiles-m-r/parted +++ b/apparmor.d/profiles-m-r/parted @@ -12,40 +12,26 @@ profile parted @{exec_path} { include include - # Needed to inform the system of newly created/removed partitions - # ioctl(3, BLKRRPART) = -1 EACCES (Permission denied) - # - # Error: Partition(s) * on /dev/sd* have been written, but we have been unable to inform the - # kernel of the change, probably because it/they are in use. As a result, the old partition(s) - # will remain in use. You should reboot now before making further changes. capability sys_admin, - - # Needed? (#FIXME#) capability sys_rawio, - # Needed? - ptrace (read), + ptrace read, @{exec_path} mr, @{sh_path} rix, @{bin}/udevadm rCx -> udevadm, - - @{bin}/dmidecode rPx, + @{bin}/dmidecode rPx, /etc/inputrc r, - # Image files owner @{user_img_dirs}/{,**} rwk, @{PROC}/devices r, @{PROC}/swaps r, owner @{PROC}/@{pid}/mounts r, - /dev/mapper/ r, - /dev/mapper/control rw, - profile udevadm { include include diff --git a/apparmor.d/profiles-m-r/partprobe b/apparmor.d/profiles-m-r/partprobe index 3138c13e2..9e384c66c 100644 --- a/apparmor.d/profiles-m-r/partprobe +++ b/apparmor.d/profiles-m-r/partprobe @@ -12,34 +12,21 @@ profile partprobe @{exec_path} { include include - # To remove the following errors: - # device-mapper: version ioctl on failed: Permission denied - # Incompatible libdevmapper 1.02.167 (2019-11-30) and kernel driver (unknown version). capability sys_admin, - - # To remove the following errors: - # kernel: device-mapper: core: partprobe: sending ioctl 1261 to DM device without required - # privilege. capability sys_rawio, - # Needed? - ptrace (read), + ptrace read, @{exec_path} mr, @{sh_path} rix, @{bin}/udevadm rCx -> udevadm, + @{bin}/dmidecode rPx, - @{bin}/dmidecode rPx, - - owner @{PROC}/@{pid}/mounts r, - @{PROC}/swaps r, @{PROC}/devices r, - - /dev/mapper/ r, - /dev/mapper/control rw, - + @{PROC}/swaps r, + owner @{PROC}/@{pid}/mounts r, profile udevadm { include diff --git a/apparmor.d/profiles-m-r/pass-import b/apparmor.d/profiles-m-r/pass-import index ec77d7ca7..655804ccc 100644 --- a/apparmor.d/profiles-m-r/pass-import +++ b/apparmor.d/profiles-m-r/pass-import @@ -9,8 +9,10 @@ include @{exec_path} = @{bin}/pimport profile pass-import @{exec_path} { include - include + include include + include + include network inet dgram, network inet6 dgram, diff --git a/apparmor.d/profiles-m-r/pkexec b/apparmor.d/profiles-m-r/pkexec index 334531ec3..923d955af 100644 --- a/apparmor.d/profiles-m-r/pkexec +++ b/apparmor.d/profiles-m-r/pkexec @@ -37,12 +37,11 @@ profile pkexec @{exec_path} { # Apps to be run via pkexec @{bin}/* rPUx, + @{lib}/{,gvfs/}gvfsd-admin rPx, @{lib}/cc-remote-login-helper rPx, - @{lib}/gvfs/gvfsd-admin rPUx, #(#FIXME#) - @{lib}/polkit-[0-9]/polkit-agent-helper-[0-9] rPx, - @{lib}/polkit-agent-helper-[0-9] rPx, @{lib}/update-notifier/package-system-locked rPx, /usr/share/apport/apport-gtk rPx, + #aa:exec polkit-agent-helper @{etc_ro}/environment r, @{etc_ro}/security/limits.d/{,*} r, @@ -59,7 +58,7 @@ profile pkexec @{exec_path} { owner @{HOME}/.xsession-errors w, # Silencer -deny @{user_share_dirs}/gvfs-metadata/* r, + deny @{user_share_dirs}/gvfs-metadata/* r, include if exists } diff --git a/apparmor.d/profiles-m-r/protonmail-bridge b/apparmor.d/profiles-m-r/protonmail-bridge index 8d8920557..3d3878c3e 100644 --- a/apparmor.d/profiles-m-r/protonmail-bridge +++ b/apparmor.d/profiles-m-r/protonmail-bridge @@ -41,6 +41,8 @@ profile protonmail-bridge @{exec_path} { owner @{share_dirs}/ rw, owner @{share_dirs}/** rwlk -> @{share_dirs}/**, + owner @{tmp}/@{uuid}.txt w, + owner @{PROC}/@{pid}/cmdline r, include if exists diff --git a/apparmor.d/profiles-s-z/usb-devices b/apparmor.d/profiles-s-z/usb-devices index 881e35c45..188c6ec6b 100644 --- a/apparmor.d/profiles-s-z/usb-devices +++ b/apparmor.d/profiles-s-z/usb-devices @@ -13,17 +13,19 @@ profile usb-devices @{exec_path} { include include - capability dac_read_search, - deny capability dac_override, + capability dac_override, + capability dac_read_search, + + @{exec_path} mr, - @{exec_path} r, @{sh_path} rix, - - @{bin}/cat rix, - @{bin}/cut rix, @{bin}/{,e}grep rix, @{bin}/basename rix, + @{bin}/cat rix, + @{bin}/cut rix, + @{bin}/find rix, @{bin}/readlink rix, + @{bin}/sort rix, # For shell pwd /root/ r, From 275b77d2ac94dee2643701b102b5392b8a41fb13 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sat, 15 Jun 2024 17:14:15 +0100 Subject: [PATCH 61/70] fix: profile compilation. --- apparmor.d/abstractions/app/udevadm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apparmor.d/abstractions/app/udevadm b/apparmor.d/abstractions/app/udevadm index 1c36ea8b2..72fb4c61b 100644 --- a/apparmor.d/abstractions/app/udevadm +++ b/apparmor.d/abstractions/app/udevadm @@ -23,4 +23,4 @@ include if exists -# vim:syntax=apparmor \ No newline at end of file +# vim:syntax=apparmor From 5999fc5d409ef5468ec414ae750a2fcbe6b23e84 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sat, 15 Jun 2024 17:34:36 +0100 Subject: [PATCH 62/70] feat(aa): simplify unix log parsing. --- pkg/aa/profile.go | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/pkg/aa/profile.go b/pkg/aa/profile.go index 365bf1eba..97349a456 100644 --- a/pkg/aa/profile.go +++ b/pkg/aa/profile.go @@ -176,13 +176,7 @@ var ( newRule := newLogMountMap[log["operation"]] return newRule(log) }, - "net": func(log map[string]string) Rule { - if log["family"] == "unix" { - return newUnixFromLog(log) - } else { - return newNetworkFromLog(log) - } - }, + "net": newNetworkFromLog, "file": func(log map[string]string) Rule { if log["operation"] == "change_onexec" { return newChangeProfileFromLog(log) From 72b11e5d050fe9b2f22856a83d275c654843f187 Mon Sep 17 00:00:00 2001 From: REmerald <55359236+REmerald@users.noreply.github.com> Date: Sun, 9 Jun 2024 19:31:02 +0300 Subject: [PATCH 63/70] feat(profiles-a-f): vim syntax support Add vim modeline instructing the editor to use syntax plugin provided by apparmor --- apparmor.d/profiles-a-f/aa-enabled | 1 + apparmor.d/profiles-a-f/aa-enforce | 1 + apparmor.d/profiles-a-f/aa-log | 1 + apparmor.d/profiles-a-f/aa-notify | 1 + apparmor.d/profiles-a-f/aa-status | 1 + apparmor.d/profiles-a-f/aa-teardown | 1 + apparmor.d/profiles-a-f/abook | 1 + apparmor.d/profiles-a-f/acpi | 1 + apparmor.d/profiles-a-f/acpi-powerbtn | 1 + apparmor.d/profiles-a-f/acpid | 1 + apparmor.d/profiles-a-f/adb | 1 + apparmor.d/profiles-a-f/adduser | 1 + apparmor.d/profiles-a-f/adequate | 1 + apparmor.d/profiles-a-f/agetty | 1 + apparmor.d/profiles-a-f/alacarte | 1 + apparmor.d/profiles-a-f/alsactl | 1 + apparmor.d/profiles-a-f/amixer | 1 + apparmor.d/profiles-a-f/anacron | 1 + apparmor.d/profiles-a-f/anyremote | 1 + apparmor.d/profiles-a-f/aplay | 1 + apparmor.d/profiles-a-f/apparmor.systemd | 1 + apparmor.d/profiles-a-f/apparmor_parser | 1 + apparmor.d/profiles-a-f/appstreamcli | 1 + apparmor.d/profiles-a-f/arandr | 1 + apparmor.d/profiles-a-f/archivemount | 1 + apparmor.d/profiles-a-f/arduino | 1 + apparmor.d/profiles-a-f/arduino-builder | 1 + apparmor.d/profiles-a-f/arduino-ctags | 1 + apparmor.d/profiles-a-f/aspell | 1 + apparmor.d/profiles-a-f/aspell-autobuildhash | 1 + apparmor.d/profiles-a-f/at | 1 + apparmor.d/profiles-a-f/atd | 1 + apparmor.d/profiles-a-f/atftpd | 1 + apparmor.d/profiles-a-f/atool | 1 + apparmor.d/profiles-a-f/atril | 1 + apparmor.d/profiles-a-f/atrild | 1 + apparmor.d/profiles-a-f/auditctl | 1 + apparmor.d/profiles-a-f/auditd | 1 + apparmor.d/profiles-a-f/augenrules | 1 + apparmor.d/profiles-a-f/badblocks | 1 + apparmor.d/profiles-a-f/biosdecode | 1 + apparmor.d/profiles-a-f/birdtray | 1 + apparmor.d/profiles-a-f/blkdeactivate | 1 + apparmor.d/profiles-a-f/blkid | 1 + apparmor.d/profiles-a-f/blockdev | 1 + apparmor.d/profiles-a-f/blueman | 1 + apparmor.d/profiles-a-f/blueman-mechanism | 1 + apparmor.d/profiles-a-f/blueman-rfcomm-watcher | 1 + apparmor.d/profiles-a-f/bluemoon | 1 + apparmor.d/profiles-a-f/bluetoothctl | 1 + apparmor.d/profiles-a-f/bluetoothd | 1 + apparmor.d/profiles-a-f/bmon | 1 + apparmor.d/profiles-a-f/boltd | 1 + apparmor.d/profiles-a-f/borg | 1 + apparmor.d/profiles-a-f/browserpass | 1 + apparmor.d/profiles-a-f/btop | 1 + apparmor.d/profiles-a-f/btrfs | 1 + apparmor.d/profiles-a-f/btrfs-convert | 1 + apparmor.d/profiles-a-f/btrfs-find-root | 1 + apparmor.d/profiles-a-f/btrfs-image | 1 + apparmor.d/profiles-a-f/btrfs-map-logical | 1 + apparmor.d/profiles-a-f/btrfs-select-super | 1 + apparmor.d/profiles-a-f/btrfstune | 1 + apparmor.d/profiles-a-f/cawbird | 1 + apparmor.d/profiles-a-f/cc-remote-login-helper | 1 + apparmor.d/profiles-a-f/cctk | 1 + apparmor.d/profiles-a-f/ccze | 1 + apparmor.d/profiles-a-f/cert-sync | 1 + apparmor.d/profiles-a-f/cfdisk | 1 + apparmor.d/profiles-a-f/cgdisk | 1 + apparmor.d/profiles-a-f/cgrulesengd | 1 + apparmor.d/profiles-a-f/chage | 1 + apparmor.d/profiles-a-f/changestool | 1 + apparmor.d/profiles-a-f/check-bios-nx | 1 + apparmor.d/profiles-a-f/check-support-status | 1 + apparmor.d/profiles-a-f/check-support-status-hook | 1 + apparmor.d/profiles-a-f/chfn | 1 + apparmor.d/profiles-a-f/chpasswd | 1 + apparmor.d/profiles-a-f/chronyd | 1 + apparmor.d/profiles-a-f/chsh | 1 + apparmor.d/profiles-a-f/claws-mail | 1 + apparmor.d/profiles-a-f/code | 1 + apparmor.d/profiles-a-f/code-extension-git-askpass | 1 + apparmor.d/profiles-a-f/code-extension-git-editor | 1 + apparmor.d/profiles-a-f/code-wrapper | 1 + apparmor.d/profiles-a-f/compton | 1 + apparmor.d/profiles-a-f/conky | 1 + apparmor.d/profiles-a-f/console-setup | 1 + apparmor.d/profiles-a-f/convertall | 1 + apparmor.d/profiles-a-f/cppw-cpgr | 1 + apparmor.d/profiles-a-f/cpuid | 1 + apparmor.d/profiles-a-f/cracklib-packer | 1 + apparmor.d/profiles-a-f/crda | 1 + apparmor.d/profiles-a-f/cups-backend-beh | 1 + apparmor.d/profiles-a-f/cups-backend-bluetooth | 1 + apparmor.d/profiles-a-f/cups-backend-brf | 1 + apparmor.d/profiles-a-f/cups-backend-dnssd | 1 + apparmor.d/profiles-a-f/cups-backend-hp | 1 + apparmor.d/profiles-a-f/cups-backend-implicitclass | 1 + apparmor.d/profiles-a-f/cups-backend-ipp | 1 + apparmor.d/profiles-a-f/cups-backend-lpd | 1 + apparmor.d/profiles-a-f/cups-backend-mdns | 1 + apparmor.d/profiles-a-f/cups-backend-parallel | 1 + apparmor.d/profiles-a-f/cups-backend-pdf | 1 + apparmor.d/profiles-a-f/cups-backend-serial | 1 + apparmor.d/profiles-a-f/cups-backend-snmp | 1 + apparmor.d/profiles-a-f/cups-backend-socket | 1 + apparmor.d/profiles-a-f/cups-backend-usb | 1 + apparmor.d/profiles-a-f/cups-browsed | 1 + apparmor.d/profiles-a-f/cups-notifier-dbus | 1 + apparmor.d/profiles-a-f/cups-notifier-mailto | 1 + apparmor.d/profiles-a-f/cups-notifier-rss | 1 + apparmor.d/profiles-a-f/cups-pk-helper-mechanism | 1 + apparmor.d/profiles-a-f/cupsd | 1 + apparmor.d/profiles-a-f/czkawka-cli | 1 + apparmor.d/profiles-a-f/czkawka-gui | 1 + apparmor.d/profiles-a-f/ddclient | 1 + apparmor.d/profiles-a-f/deltachat-desktop | 1 + apparmor.d/profiles-a-f/deluser | 1 + apparmor.d/profiles-a-f/df | 1 + apparmor.d/profiles-a-f/dfc | 1 + apparmor.d/profiles-a-f/dhclient | 1 + apparmor.d/profiles-a-f/dhclient-script | 1 + apparmor.d/profiles-a-f/dig | 1 + apparmor.d/profiles-a-f/dino-im | 1 + apparmor.d/profiles-a-f/dkms | 1 + apparmor.d/profiles-a-f/dkms-autoinstaller | 1 + apparmor.d/profiles-a-f/dleyna-renderer-service | 1 + apparmor.d/profiles-a-f/dleyna-server-service | 1 + apparmor.d/profiles-a-f/dlocate | 1 + apparmor.d/profiles-a-f/dmcrypt-get-device | 1 + apparmor.d/profiles-a-f/dmesg | 1 + apparmor.d/profiles-a-f/dmeventd | 1 + apparmor.d/profiles-a-f/dmidecode | 1 + apparmor.d/profiles-a-f/dnscrypt-proxy | 1 + apparmor.d/profiles-a-f/downloadhelper | 1 + apparmor.d/profiles-a-f/dring | 1 + apparmor.d/profiles-a-f/dumpcap | 1 + apparmor.d/profiles-a-f/dumpe2fs | 1 + apparmor.d/profiles-a-f/dunst | 1 + apparmor.d/profiles-a-f/dunstctl | 1 + apparmor.d/profiles-a-f/dunstify | 1 + apparmor.d/profiles-a-f/e2fsck | 1 + apparmor.d/profiles-a-f/e2image | 1 + apparmor.d/profiles-a-f/e2scrub_all | 1 + apparmor.d/profiles-a-f/edid-decode | 1 + apparmor.d/profiles-a-f/eject | 1 + apparmor.d/profiles-a-f/element-desktop | 1 + apparmor.d/profiles-a-f/engrampa | 1 + apparmor.d/profiles-a-f/etckeeper | 1 + apparmor.d/profiles-a-f/evince | 1 + apparmor.d/profiles-a-f/evince-previewer | 1 + apparmor.d/profiles-a-f/evince-thumbnailer | 1 + apparmor.d/profiles-a-f/execute-dcut | 1 + apparmor.d/profiles-a-f/execute-dput | 1 + apparmor.d/profiles-a-f/exiftool | 1 + apparmor.d/profiles-a-f/exim4 | 1 + apparmor.d/profiles-a-f/exo-compose-mail | 1 + apparmor.d/profiles-a-f/exo-helper | 1 + apparmor.d/profiles-a-f/exo-open | 1 + apparmor.d/profiles-a-f/f3brew | 1 + apparmor.d/profiles-a-f/f3fix | 1 + apparmor.d/profiles-a-f/f3probe | 1 + apparmor.d/profiles-a-f/f3read | 1 + apparmor.d/profiles-a-f/f3write | 1 + apparmor.d/profiles-a-f/fail2ban-client | 1 + apparmor.d/profiles-a-f/fail2ban-server | 1 + apparmor.d/profiles-a-f/fatlabel | 1 + apparmor.d/profiles-a-f/fatresize | 1 + apparmor.d/profiles-a-f/fdisk | 1 + apparmor.d/profiles-a-f/ffmpeg | 1 + apparmor.d/profiles-a-f/ffplay | 1 + apparmor.d/profiles-a-f/ffprobe | 1 + apparmor.d/profiles-a-f/file-roller | 1 + apparmor.d/profiles-a-f/filecap | 1 + apparmor.d/profiles-a-f/findmnt | 1 + apparmor.d/profiles-a-f/firecfg | 1 + apparmor.d/profiles-a-f/firewalld | 1 + apparmor.d/profiles-a-f/flameshot | 1 + apparmor.d/profiles-a-f/flatpak | 1 + apparmor.d/profiles-a-f/flatpak-app | 1 + apparmor.d/profiles-a-f/flatpak-oci-authenticator | 1 + apparmor.d/profiles-a-f/flatpak-portal | 1 + apparmor.d/profiles-a-f/flatpak-session-helper | 1 + apparmor.d/profiles-a-f/flatpak-system-helper | 1 + apparmor.d/profiles-a-f/flatpak-validate-icon | 1 + apparmor.d/profiles-a-f/foliate | 1 + apparmor.d/profiles-a-f/font-manager | 1 + apparmor.d/profiles-a-f/fping | 1 + apparmor.d/profiles-a-f/fprintd | 1 + apparmor.d/profiles-a-f/fractal | 1 + apparmor.d/profiles-a-f/freefall | 1 + apparmor.d/profiles-a-f/fritzing | 1 + apparmor.d/profiles-a-f/frontend | 1 + apparmor.d/profiles-a-f/fsck | 1 + apparmor.d/profiles-a-f/fsck.btrfs | 1 + apparmor.d/profiles-a-f/fsck.fat | 1 + apparmor.d/profiles-a-f/fuse-overlayfs | 1 + apparmor.d/profiles-a-f/fuseiso | 1 + apparmor.d/profiles-a-f/fusermount | 1 + apparmor.d/profiles-a-f/fwupd | 1 + apparmor.d/profiles-a-f/fwupdmgr | 1 + 202 files changed, 202 insertions(+) diff --git a/apparmor.d/profiles-a-f/aa-enabled b/apparmor.d/profiles-a-f/aa-enabled index f85a84cd6..41b892c5f 100644 --- a/apparmor.d/profiles-a-f/aa-enabled +++ b/apparmor.d/profiles-a-f/aa-enabled @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/aa-enforce b/apparmor.d/profiles-a-f/aa-enforce index df5c7972d..359fde762 100644 --- a/apparmor.d/profiles-a-f/aa-enforce +++ b/apparmor.d/profiles-a-f/aa-enforce @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/aa-log b/apparmor.d/profiles-a-f/aa-log index c5bc84c76..5c282c905 100644 --- a/apparmor.d/profiles-a-f/aa-log +++ b/apparmor.d/profiles-a-f/aa-log @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/aa-notify b/apparmor.d/profiles-a-f/aa-notify index 7d10b57af..be2d5ebb3 100644 --- a/apparmor.d/profiles-a-f/aa-notify +++ b/apparmor.d/profiles-a-f/aa-notify @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/aa-status b/apparmor.d/profiles-a-f/aa-status index 7b94ce35f..7b405cf69 100644 --- a/apparmor.d/profiles-a-f/aa-status +++ b/apparmor.d/profiles-a-f/aa-status @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/aa-teardown b/apparmor.d/profiles-a-f/aa-teardown index c42501644..dab5be5bd 100644 --- a/apparmor.d/profiles-a-f/aa-teardown +++ b/apparmor.d/profiles-a-f/aa-teardown @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/abook b/apparmor.d/profiles-a-f/abook index 14e345864..d89d87016 100644 --- a/apparmor.d/profiles-a-f/abook +++ b/apparmor.d/profiles-a-f/abook @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Zane Zakraisek # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/acpi b/apparmor.d/profiles-a-f/acpi index ce1e57541..9f24c10a9 100644 --- a/apparmor.d/profiles-a-f/acpi +++ b/apparmor.d/profiles-a-f/acpi @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/acpi-powerbtn b/apparmor.d/profiles-a-f/acpi-powerbtn index ba559644c..3236e106f 100644 --- a/apparmor.d/profiles-a-f/acpi-powerbtn +++ b/apparmor.d/profiles-a-f/acpi-powerbtn @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/acpid b/apparmor.d/profiles-a-f/acpid index e994edb95..3f74d18b4 100644 --- a/apparmor.d/profiles-a-f/acpid +++ b/apparmor.d/profiles-a-f/acpid @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/adb b/apparmor.d/profiles-a-f/adb index bbdc782ab..d0ad36648 100644 --- a/apparmor.d/profiles-a-f/adb +++ b/apparmor.d/profiles-a-f/adb @@ -2,6 +2,7 @@ # Copyright (C) 2021-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/adduser b/apparmor.d/profiles-a-f/adduser index e816822ae..5e48e005a 100644 --- a/apparmor.d/profiles-a-f/adduser +++ b/apparmor.d/profiles-a-f/adduser @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/adequate b/apparmor.d/profiles-a-f/adequate index cbcb25574..febeb5892 100644 --- a/apparmor.d/profiles-a-f/adequate +++ b/apparmor.d/profiles-a-f/adequate @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/agetty b/apparmor.d/profiles-a-f/agetty index bf83779a5..2295b8bc2 100644 --- a/apparmor.d/profiles-a-f/agetty +++ b/apparmor.d/profiles-a-f/agetty @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/alacarte b/apparmor.d/profiles-a-f/alacarte index 8497cb986..4299d9114 100644 --- a/apparmor.d/profiles-a-f/alacarte +++ b/apparmor.d/profiles-a-f/alacarte @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/alsactl b/apparmor.d/profiles-a-f/alsactl index c0f821a10..3d91058d2 100644 --- a/apparmor.d/profiles-a-f/alsactl +++ b/apparmor.d/profiles-a-f/alsactl @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/amixer b/apparmor.d/profiles-a-f/amixer index c6c49ecca..bf6407cc1 100644 --- a/apparmor.d/profiles-a-f/amixer +++ b/apparmor.d/profiles-a-f/amixer @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/anacron b/apparmor.d/profiles-a-f/anacron index 40f14779c..1ff93e0a7 100644 --- a/apparmor.d/profiles-a-f/anacron +++ b/apparmor.d/profiles-a-f/anacron @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/anyremote b/apparmor.d/profiles-a-f/anyremote index 4fa47c613..aeb878e90 100644 --- a/apparmor.d/profiles-a-f/anyremote +++ b/apparmor.d/profiles-a-f/anyremote @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/aplay b/apparmor.d/profiles-a-f/aplay index 44bdd100d..b798e21fd 100644 --- a/apparmor.d/profiles-a-f/aplay +++ b/apparmor.d/profiles-a-f/aplay @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/apparmor.systemd b/apparmor.d/profiles-a-f/apparmor.systemd index e993b3f85..ff2a7f61d 100644 --- a/apparmor.d/profiles-a-f/apparmor.systemd +++ b/apparmor.d/profiles-a-f/apparmor.systemd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/apparmor_parser b/apparmor.d/profiles-a-f/apparmor_parser index ee442861f..898e2e003 100644 --- a/apparmor.d/profiles-a-f/apparmor_parser +++ b/apparmor.d/profiles-a-f/apparmor_parser @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/appstreamcli b/apparmor.d/profiles-a-f/appstreamcli index e280c7055..be0e4a727 100644 --- a/apparmor.d/profiles-a-f/appstreamcli +++ b/apparmor.d/profiles-a-f/appstreamcli @@ -2,6 +2,7 @@ # Copyright (C) 2019-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/arandr b/apparmor.d/profiles-a-f/arandr index cb2e5b37b..77bb711c8 100644 --- a/apparmor.d/profiles-a-f/arandr +++ b/apparmor.d/profiles-a-f/arandr @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/archivemount b/apparmor.d/profiles-a-f/archivemount index 106afa48f..a46c03578 100644 --- a/apparmor.d/profiles-a-f/archivemount +++ b/apparmor.d/profiles-a-f/archivemount @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/arduino b/apparmor.d/profiles-a-f/arduino index d92b5dce9..e2214737d 100644 --- a/apparmor.d/profiles-a-f/arduino +++ b/apparmor.d/profiles-a-f/arduino @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/arduino-builder b/apparmor.d/profiles-a-f/arduino-builder index 0eb54afe3..306aef640 100644 --- a/apparmor.d/profiles-a-f/arduino-builder +++ b/apparmor.d/profiles-a-f/arduino-builder @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/arduino-ctags b/apparmor.d/profiles-a-f/arduino-ctags index c97b00961..cc15ceef0 100644 --- a/apparmor.d/profiles-a-f/arduino-ctags +++ b/apparmor.d/profiles-a-f/arduino-ctags @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/aspell b/apparmor.d/profiles-a-f/aspell index 765234d6f..ef5cbdb2c 100644 --- a/apparmor.d/profiles-a-f/aspell +++ b/apparmor.d/profiles-a-f/aspell @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/aspell-autobuildhash b/apparmor.d/profiles-a-f/aspell-autobuildhash index f7bf193a9..76c1b9606 100644 --- a/apparmor.d/profiles-a-f/aspell-autobuildhash +++ b/apparmor.d/profiles-a-f/aspell-autobuildhash @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/at b/apparmor.d/profiles-a-f/at index 23d5d30d6..1ff9de345 100644 --- a/apparmor.d/profiles-a-f/at +++ b/apparmor.d/profiles-a-f/at @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/atd b/apparmor.d/profiles-a-f/atd index 9da2f3041..765d0d87e 100644 --- a/apparmor.d/profiles-a-f/atd +++ b/apparmor.d/profiles-a-f/atd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/atftpd b/apparmor.d/profiles-a-f/atftpd index aa90818d6..cb1c9f7fc 100644 --- a/apparmor.d/profiles-a-f/atftpd +++ b/apparmor.d/profiles-a-f/atftpd @@ -2,6 +2,7 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/atool b/apparmor.d/profiles-a-f/atool index cb5317ded..cbcb346c4 100644 --- a/apparmor.d/profiles-a-f/atool +++ b/apparmor.d/profiles-a-f/atool @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 valoq # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/atril b/apparmor.d/profiles-a-f/atril index a1caf6bc7..eb7c24748 100644 --- a/apparmor.d/profiles-a-f/atril +++ b/apparmor.d/profiles-a-f/atril @@ -2,6 +2,7 @@ # Copyright (C) 2022 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/atrild b/apparmor.d/profiles-a-f/atrild index d753d7f88..9c0092179 100644 --- a/apparmor.d/profiles-a-f/atrild +++ b/apparmor.d/profiles-a-f/atrild @@ -2,6 +2,7 @@ # Copyright (C) 2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/auditctl b/apparmor.d/profiles-a-f/auditctl index daee68977..924643592 100644 --- a/apparmor.d/profiles-a-f/auditctl +++ b/apparmor.d/profiles-a-f/auditctl @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/auditd b/apparmor.d/profiles-a-f/auditd index 0775c6183..709548dea 100644 --- a/apparmor.d/profiles-a-f/auditd +++ b/apparmor.d/profiles-a-f/auditd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/augenrules b/apparmor.d/profiles-a-f/augenrules index f5a83b69a..6c27f53b5 100644 --- a/apparmor.d/profiles-a-f/augenrules +++ b/apparmor.d/profiles-a-f/augenrules @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/badblocks b/apparmor.d/profiles-a-f/badblocks index 0c514c76d..ed870ed29 100644 --- a/apparmor.d/profiles-a-f/badblocks +++ b/apparmor.d/profiles-a-f/badblocks @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/biosdecode b/apparmor.d/profiles-a-f/biosdecode index dc9540643..67ba638ec 100644 --- a/apparmor.d/profiles-a-f/biosdecode +++ b/apparmor.d/profiles-a-f/biosdecode @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/birdtray b/apparmor.d/profiles-a-f/birdtray index 93eb3d572..7c6c21bc7 100644 --- a/apparmor.d/profiles-a-f/birdtray +++ b/apparmor.d/profiles-a-f/birdtray @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/blkdeactivate b/apparmor.d/profiles-a-f/blkdeactivate index ea688a331..d29db9be3 100644 --- a/apparmor.d/profiles-a-f/blkdeactivate +++ b/apparmor.d/profiles-a-f/blkdeactivate @@ -2,6 +2,7 @@ # Copyright (C) 2022 Jeroen Rijken # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/blkid b/apparmor.d/profiles-a-f/blkid index fef77c18a..dd825ef2a 100644 --- a/apparmor.d/profiles-a-f/blkid +++ b/apparmor.d/profiles-a-f/blkid @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/blockdev b/apparmor.d/profiles-a-f/blockdev index a69104221..03a62f5be 100644 --- a/apparmor.d/profiles-a-f/blockdev +++ b/apparmor.d/profiles-a-f/blockdev @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/blueman b/apparmor.d/profiles-a-f/blueman index 13e3fed1b..4135794d6 100644 --- a/apparmor.d/profiles-a-f/blueman +++ b/apparmor.d/profiles-a-f/blueman @@ -2,6 +2,7 @@ # Copyright (C) 2021-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/blueman-mechanism b/apparmor.d/profiles-a-f/blueman-mechanism index 968c98f3c..a56f9d88b 100644 --- a/apparmor.d/profiles-a-f/blueman-mechanism +++ b/apparmor.d/profiles-a-f/blueman-mechanism @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/blueman-rfcomm-watcher b/apparmor.d/profiles-a-f/blueman-rfcomm-watcher index 9e24bf7b7..ef666f806 100644 --- a/apparmor.d/profiles-a-f/blueman-rfcomm-watcher +++ b/apparmor.d/profiles-a-f/blueman-rfcomm-watcher @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/bluemoon b/apparmor.d/profiles-a-f/bluemoon index 5b975f1b9..018cfbbec 100644 --- a/apparmor.d/profiles-a-f/bluemoon +++ b/apparmor.d/profiles-a-f/bluemoon @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/bluetoothctl b/apparmor.d/profiles-a-f/bluetoothctl index 5af6e963e..f9111e12d 100644 --- a/apparmor.d/profiles-a-f/bluetoothctl +++ b/apparmor.d/profiles-a-f/bluetoothctl @@ -2,6 +2,7 @@ # Copyright (C) 2015-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/bluetoothd b/apparmor.d/profiles-a-f/bluetoothd index 499a7e3cb..7e69fae3f 100644 --- a/apparmor.d/profiles-a-f/bluetoothd +++ b/apparmor.d/profiles-a-f/bluetoothd @@ -2,6 +2,7 @@ # Copyright (C) 2015-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/bmon b/apparmor.d/profiles-a-f/bmon index 3ed3aae29..8ddc1513f 100644 --- a/apparmor.d/profiles-a-f/bmon +++ b/apparmor.d/profiles-a-f/bmon @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/boltd b/apparmor.d/profiles-a-f/boltd index 29fd2aac9..d6a1ce25f 100644 --- a/apparmor.d/profiles-a-f/boltd +++ b/apparmor.d/profiles-a-f/boltd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/borg b/apparmor.d/profiles-a-f/borg index dffe9087f..984886e95 100644 --- a/apparmor.d/profiles-a-f/borg +++ b/apparmor.d/profiles-a-f/borg @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/browserpass b/apparmor.d/profiles-a-f/browserpass index e616a9411..5eaa4abab 100644 --- a/apparmor.d/profiles-a-f/browserpass +++ b/apparmor.d/profiles-a-f/browserpass @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/btop b/apparmor.d/profiles-a-f/btop index 3ec7b2f3b..1fd06e899 100644 --- a/apparmor.d/profiles-a-f/btop +++ b/apparmor.d/profiles-a-f/btop @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/btrfs b/apparmor.d/profiles-a-f/btrfs index cb651e1c2..57db80da6 100644 --- a/apparmor.d/profiles-a-f/btrfs +++ b/apparmor.d/profiles-a-f/btrfs @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/btrfs-convert b/apparmor.d/profiles-a-f/btrfs-convert index 0143fd5c9..f10e53536 100644 --- a/apparmor.d/profiles-a-f/btrfs-convert +++ b/apparmor.d/profiles-a-f/btrfs-convert @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/btrfs-find-root b/apparmor.d/profiles-a-f/btrfs-find-root index d25c836bf..8d9ed4515 100644 --- a/apparmor.d/profiles-a-f/btrfs-find-root +++ b/apparmor.d/profiles-a-f/btrfs-find-root @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/btrfs-image b/apparmor.d/profiles-a-f/btrfs-image index 63a54f7d6..c3b8b66c8 100644 --- a/apparmor.d/profiles-a-f/btrfs-image +++ b/apparmor.d/profiles-a-f/btrfs-image @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/btrfs-map-logical b/apparmor.d/profiles-a-f/btrfs-map-logical index f50198a9e..b777d9f53 100644 --- a/apparmor.d/profiles-a-f/btrfs-map-logical +++ b/apparmor.d/profiles-a-f/btrfs-map-logical @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/btrfs-select-super b/apparmor.d/profiles-a-f/btrfs-select-super index 12efd68cd..1a4013a16 100644 --- a/apparmor.d/profiles-a-f/btrfs-select-super +++ b/apparmor.d/profiles-a-f/btrfs-select-super @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/btrfstune b/apparmor.d/profiles-a-f/btrfstune index 4eb522481..3459f7cbe 100644 --- a/apparmor.d/profiles-a-f/btrfstune +++ b/apparmor.d/profiles-a-f/btrfstune @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cawbird b/apparmor.d/profiles-a-f/cawbird index 6ebd21052..a3e17d034 100644 --- a/apparmor.d/profiles-a-f/cawbird +++ b/apparmor.d/profiles-a-f/cawbird @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cc-remote-login-helper b/apparmor.d/profiles-a-f/cc-remote-login-helper index 5bb52d718..1ee41d92e 100644 --- a/apparmor.d/profiles-a-f/cc-remote-login-helper +++ b/apparmor.d/profiles-a-f/cc-remote-login-helper @@ -1,5 +1,6 @@ # apparmor.d - Full set of apparmor profiles # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cctk b/apparmor.d/profiles-a-f/cctk index f73936734..c8bde01d7 100644 --- a/apparmor.d/profiles-a-f/cctk +++ b/apparmor.d/profiles-a-f/cctk @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/ccze b/apparmor.d/profiles-a-f/ccze index 6ef28e832..86c540b9a 100644 --- a/apparmor.d/profiles-a-f/ccze +++ b/apparmor.d/profiles-a-f/ccze @@ -2,6 +2,7 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cert-sync b/apparmor.d/profiles-a-f/cert-sync index b3abfcbb8..ab1442298 100644 --- a/apparmor.d/profiles-a-f/cert-sync +++ b/apparmor.d/profiles-a-f/cert-sync @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cfdisk b/apparmor.d/profiles-a-f/cfdisk index 48d129e3f..1b2f27663 100644 --- a/apparmor.d/profiles-a-f/cfdisk +++ b/apparmor.d/profiles-a-f/cfdisk @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cgdisk b/apparmor.d/profiles-a-f/cgdisk index ee305de16..db45c05f0 100644 --- a/apparmor.d/profiles-a-f/cgdisk +++ b/apparmor.d/profiles-a-f/cgdisk @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cgrulesengd b/apparmor.d/profiles-a-f/cgrulesengd index 1a9b6d81d..1e46f9c59 100644 --- a/apparmor.d/profiles-a-f/cgrulesengd +++ b/apparmor.d/profiles-a-f/cgrulesengd @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/chage b/apparmor.d/profiles-a-f/chage index 21d41f149..caa2d69f8 100644 --- a/apparmor.d/profiles-a-f/chage +++ b/apparmor.d/profiles-a-f/chage @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/changestool b/apparmor.d/profiles-a-f/changestool index 577e08395..63c867eb3 100644 --- a/apparmor.d/profiles-a-f/changestool +++ b/apparmor.d/profiles-a-f/changestool @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/check-bios-nx b/apparmor.d/profiles-a-f/check-bios-nx index a2021522d..11eb0c82a 100644 --- a/apparmor.d/profiles-a-f/check-bios-nx +++ b/apparmor.d/profiles-a-f/check-bios-nx @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/check-support-status b/apparmor.d/profiles-a-f/check-support-status index e6c6a2e0a..513fb86f6 100644 --- a/apparmor.d/profiles-a-f/check-support-status +++ b/apparmor.d/profiles-a-f/check-support-status @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/check-support-status-hook b/apparmor.d/profiles-a-f/check-support-status-hook index d10245d4c..9bdb5c145 100644 --- a/apparmor.d/profiles-a-f/check-support-status-hook +++ b/apparmor.d/profiles-a-f/check-support-status-hook @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/chfn b/apparmor.d/profiles-a-f/chfn index 1d6a56c5e..1030627e4 100644 --- a/apparmor.d/profiles-a-f/chfn +++ b/apparmor.d/profiles-a-f/chfn @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/chpasswd b/apparmor.d/profiles-a-f/chpasswd index b0414fad0..b66f33550 100644 --- a/apparmor.d/profiles-a-f/chpasswd +++ b/apparmor.d/profiles-a-f/chpasswd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include diff --git a/apparmor.d/profiles-a-f/chronyd b/apparmor.d/profiles-a-f/chronyd index ca1896015..82c42cdf4 100644 --- a/apparmor.d/profiles-a-f/chronyd +++ b/apparmor.d/profiles-a-f/chronyd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Based on https://salsa.debian.org/debian/chrony/-/blob/debian/latest/debian/usr.sbin.chronyd diff --git a/apparmor.d/profiles-a-f/chsh b/apparmor.d/profiles-a-f/chsh index 75f98c7c0..50ce2a84a 100644 --- a/apparmor.d/profiles-a-f/chsh +++ b/apparmor.d/profiles-a-f/chsh @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/claws-mail b/apparmor.d/profiles-a-f/claws-mail index 885d16027..85094bf54 100644 --- a/apparmor.d/profiles-a-f/claws-mail +++ b/apparmor.d/profiles-a-f/claws-mail @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/code b/apparmor.d/profiles-a-f/code index 8dcd847df..6577100fa 100644 --- a/apparmor.d/profiles-a-f/code +++ b/apparmor.d/profiles-a-f/code @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/code-extension-git-askpass b/apparmor.d/profiles-a-f/code-extension-git-askpass index 8b4196580..10f03f0b9 100644 --- a/apparmor.d/profiles-a-f/code-extension-git-askpass +++ b/apparmor.d/profiles-a-f/code-extension-git-askpass @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/code-extension-git-editor b/apparmor.d/profiles-a-f/code-extension-git-editor index 1708393d1..ccea64355 100644 --- a/apparmor.d/profiles-a-f/code-extension-git-editor +++ b/apparmor.d/profiles-a-f/code-extension-git-editor @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/code-wrapper b/apparmor.d/profiles-a-f/code-wrapper index e867892ab..af5a2ea7f 100644 --- a/apparmor.d/profiles-a-f/code-wrapper +++ b/apparmor.d/profiles-a-f/code-wrapper @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/compton b/apparmor.d/profiles-a-f/compton index 360957a7c..71f21ad02 100644 --- a/apparmor.d/profiles-a-f/compton +++ b/apparmor.d/profiles-a-f/compton @@ -2,6 +2,7 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/conky b/apparmor.d/profiles-a-f/conky index fa71598fc..a63710c55 100644 --- a/apparmor.d/profiles-a-f/conky +++ b/apparmor.d/profiles-a-f/conky @@ -2,6 +2,7 @@ # Copyright (C) 2015-2020 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/console-setup b/apparmor.d/profiles-a-f/console-setup index a8bac3a11..18a99fb98 100644 --- a/apparmor.d/profiles-a-f/console-setup +++ b/apparmor.d/profiles-a-f/console-setup @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/convertall b/apparmor.d/profiles-a-f/convertall index a1453d122..e63ce3698 100644 --- a/apparmor.d/profiles-a-f/convertall +++ b/apparmor.d/profiles-a-f/convertall @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cppw-cpgr b/apparmor.d/profiles-a-f/cppw-cpgr index 1795b49d5..5666b7de8 100644 --- a/apparmor.d/profiles-a-f/cppw-cpgr +++ b/apparmor.d/profiles-a-f/cppw-cpgr @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cpuid b/apparmor.d/profiles-a-f/cpuid index 3c4f797e0..9fd267bc2 100644 --- a/apparmor.d/profiles-a-f/cpuid +++ b/apparmor.d/profiles-a-f/cpuid @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cracklib-packer b/apparmor.d/profiles-a-f/cracklib-packer index 8cd26fff2..904e746fd 100644 --- a/apparmor.d/profiles-a-f/cracklib-packer +++ b/apparmor.d/profiles-a-f/cracklib-packer @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/crda b/apparmor.d/profiles-a-f/crda index 41e816370..5e5c0e3a7 100644 --- a/apparmor.d/profiles-a-f/crda +++ b/apparmor.d/profiles-a-f/crda @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cups-backend-beh b/apparmor.d/profiles-a-f/cups-backend-beh index d3e7a4a7c..84addbf75 100644 --- a/apparmor.d/profiles-a-f/cups-backend-beh +++ b/apparmor.d/profiles-a-f/cups-backend-beh @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cups-backend-bluetooth b/apparmor.d/profiles-a-f/cups-backend-bluetooth index 402c97f74..d73290210 100644 --- a/apparmor.d/profiles-a-f/cups-backend-bluetooth +++ b/apparmor.d/profiles-a-f/cups-backend-bluetooth @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cups-backend-brf b/apparmor.d/profiles-a-f/cups-backend-brf index a0e46cf07..3840f47c0 100644 --- a/apparmor.d/profiles-a-f/cups-backend-brf +++ b/apparmor.d/profiles-a-f/cups-backend-brf @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cups-backend-dnssd b/apparmor.d/profiles-a-f/cups-backend-dnssd index e047682f0..f1e052df6 100644 --- a/apparmor.d/profiles-a-f/cups-backend-dnssd +++ b/apparmor.d/profiles-a-f/cups-backend-dnssd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cups-backend-hp b/apparmor.d/profiles-a-f/cups-backend-hp index 268ef4e96..7547b4e06 100644 --- a/apparmor.d/profiles-a-f/cups-backend-hp +++ b/apparmor.d/profiles-a-f/cups-backend-hp @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cups-backend-implicitclass b/apparmor.d/profiles-a-f/cups-backend-implicitclass index 53dd31cea..c5effeceb 100644 --- a/apparmor.d/profiles-a-f/cups-backend-implicitclass +++ b/apparmor.d/profiles-a-f/cups-backend-implicitclass @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cups-backend-ipp b/apparmor.d/profiles-a-f/cups-backend-ipp index e20771d28..4cfba737b 100644 --- a/apparmor.d/profiles-a-f/cups-backend-ipp +++ b/apparmor.d/profiles-a-f/cups-backend-ipp @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cups-backend-lpd b/apparmor.d/profiles-a-f/cups-backend-lpd index 198d8a561..0392d29cd 100644 --- a/apparmor.d/profiles-a-f/cups-backend-lpd +++ b/apparmor.d/profiles-a-f/cups-backend-lpd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cups-backend-mdns b/apparmor.d/profiles-a-f/cups-backend-mdns index 7945a8b5f..603d5c69d 100644 --- a/apparmor.d/profiles-a-f/cups-backend-mdns +++ b/apparmor.d/profiles-a-f/cups-backend-mdns @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cups-backend-parallel b/apparmor.d/profiles-a-f/cups-backend-parallel index 54eb3f307..a93805ff6 100644 --- a/apparmor.d/profiles-a-f/cups-backend-parallel +++ b/apparmor.d/profiles-a-f/cups-backend-parallel @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cups-backend-pdf b/apparmor.d/profiles-a-f/cups-backend-pdf index 650b5f879..7b5794cb5 100644 --- a/apparmor.d/profiles-a-f/cups-backend-pdf +++ b/apparmor.d/profiles-a-f/cups-backend-pdf @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cups-backend-serial b/apparmor.d/profiles-a-f/cups-backend-serial index 1788cce1a..695143a4b 100644 --- a/apparmor.d/profiles-a-f/cups-backend-serial +++ b/apparmor.d/profiles-a-f/cups-backend-serial @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cups-backend-snmp b/apparmor.d/profiles-a-f/cups-backend-snmp index a11035efd..fdd53fec8 100644 --- a/apparmor.d/profiles-a-f/cups-backend-snmp +++ b/apparmor.d/profiles-a-f/cups-backend-snmp @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cups-backend-socket b/apparmor.d/profiles-a-f/cups-backend-socket index f65196454..52843ba90 100644 --- a/apparmor.d/profiles-a-f/cups-backend-socket +++ b/apparmor.d/profiles-a-f/cups-backend-socket @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cups-backend-usb b/apparmor.d/profiles-a-f/cups-backend-usb index ec059f654..3067ecbbd 100644 --- a/apparmor.d/profiles-a-f/cups-backend-usb +++ b/apparmor.d/profiles-a-f/cups-backend-usb @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cups-browsed b/apparmor.d/profiles-a-f/cups-browsed index 9a10d3de9..47bf19aa4 100644 --- a/apparmor.d/profiles-a-f/cups-browsed +++ b/apparmor.d/profiles-a-f/cups-browsed @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cups-notifier-dbus b/apparmor.d/profiles-a-f/cups-notifier-dbus index dddfea78a..6510b26a3 100644 --- a/apparmor.d/profiles-a-f/cups-notifier-dbus +++ b/apparmor.d/profiles-a-f/cups-notifier-dbus @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cups-notifier-mailto b/apparmor.d/profiles-a-f/cups-notifier-mailto index 7c7e79972..235fb1694 100644 --- a/apparmor.d/profiles-a-f/cups-notifier-mailto +++ b/apparmor.d/profiles-a-f/cups-notifier-mailto @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cups-notifier-rss b/apparmor.d/profiles-a-f/cups-notifier-rss index d00b3dd34..5e0cced1e 100644 --- a/apparmor.d/profiles-a-f/cups-notifier-rss +++ b/apparmor.d/profiles-a-f/cups-notifier-rss @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cups-pk-helper-mechanism b/apparmor.d/profiles-a-f/cups-pk-helper-mechanism index e71c37fe1..61544810d 100644 --- a/apparmor.d/profiles-a-f/cups-pk-helper-mechanism +++ b/apparmor.d/profiles-a-f/cups-pk-helper-mechanism @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/cupsd b/apparmor.d/profiles-a-f/cupsd index 13bcc3b8c..07bf3b282 100644 --- a/apparmor.d/profiles-a-f/cupsd +++ b/apparmor.d/profiles-a-f/cupsd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include diff --git a/apparmor.d/profiles-a-f/czkawka-cli b/apparmor.d/profiles-a-f/czkawka-cli index cae6daa46..473d83f36 100644 --- a/apparmor.d/profiles-a-f/czkawka-cli +++ b/apparmor.d/profiles-a-f/czkawka-cli @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/czkawka-gui b/apparmor.d/profiles-a-f/czkawka-gui index fb4fb601d..5e3aed6e0 100644 --- a/apparmor.d/profiles-a-f/czkawka-gui +++ b/apparmor.d/profiles-a-f/czkawka-gui @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/ddclient b/apparmor.d/profiles-a-f/ddclient index 96e02b281..4cf11e151 100644 --- a/apparmor.d/profiles-a-f/ddclient +++ b/apparmor.d/profiles-a-f/ddclient @@ -2,6 +2,7 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/deltachat-desktop b/apparmor.d/profiles-a-f/deltachat-desktop index 1f554c4c4..e32faffa3 100644 --- a/apparmor.d/profiles-a-f/deltachat-desktop +++ b/apparmor.d/profiles-a-f/deltachat-desktop @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/deluser b/apparmor.d/profiles-a-f/deluser index 322df24e0..66767f468 100644 --- a/apparmor.d/profiles-a-f/deluser +++ b/apparmor.d/profiles-a-f/deluser @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/df b/apparmor.d/profiles-a-f/df index 67cba3931..8e330d1f4 100644 --- a/apparmor.d/profiles-a-f/df +++ b/apparmor.d/profiles-a-f/df @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dfc b/apparmor.d/profiles-a-f/dfc index d8451a4d9..5304458d3 100644 --- a/apparmor.d/profiles-a-f/dfc +++ b/apparmor.d/profiles-a-f/dfc @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dhclient b/apparmor.d/profiles-a-f/dhclient index 5925c6381..4ffe0285e 100644 --- a/apparmor.d/profiles-a-f/dhclient +++ b/apparmor.d/profiles-a-f/dhclient @@ -2,6 +2,7 @@ # Copyright (C) 2018-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dhclient-script b/apparmor.d/profiles-a-f/dhclient-script index 45faf18a7..59492147d 100644 --- a/apparmor.d/profiles-a-f/dhclient-script +++ b/apparmor.d/profiles-a-f/dhclient-script @@ -2,6 +2,7 @@ # Copyright (C) 2018-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dig b/apparmor.d/profiles-a-f/dig index 8d3d1e7dc..ae9b641c1 100644 --- a/apparmor.d/profiles-a-f/dig +++ b/apparmor.d/profiles-a-f/dig @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dino-im b/apparmor.d/profiles-a-f/dino-im index 4fce76bcf..11b2b9358 100644 --- a/apparmor.d/profiles-a-f/dino-im +++ b/apparmor.d/profiles-a-f/dino-im @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dkms b/apparmor.d/profiles-a-f/dkms index d551bbfc7..9dc74d072 100644 --- a/apparmor.d/profiles-a-f/dkms +++ b/apparmor.d/profiles-a-f/dkms @@ -3,6 +3,7 @@ # Copyright (C) 2021-2024 Alexandre Pujol # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dkms-autoinstaller b/apparmor.d/profiles-a-f/dkms-autoinstaller index bf81fe314..86f0b1c87 100644 --- a/apparmor.d/profiles-a-f/dkms-autoinstaller +++ b/apparmor.d/profiles-a-f/dkms-autoinstaller @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dleyna-renderer-service b/apparmor.d/profiles-a-f/dleyna-renderer-service index 3fb0d800e..f0e5cef84 100644 --- a/apparmor.d/profiles-a-f/dleyna-renderer-service +++ b/apparmor.d/profiles-a-f/dleyna-renderer-service @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dleyna-server-service b/apparmor.d/profiles-a-f/dleyna-server-service index bd74802f7..510104e61 100644 --- a/apparmor.d/profiles-a-f/dleyna-server-service +++ b/apparmor.d/profiles-a-f/dleyna-server-service @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dlocate b/apparmor.d/profiles-a-f/dlocate index 95ed3f08b..5ae0a787e 100644 --- a/apparmor.d/profiles-a-f/dlocate +++ b/apparmor.d/profiles-a-f/dlocate @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dmcrypt-get-device b/apparmor.d/profiles-a-f/dmcrypt-get-device index 11364c40c..e4171388f 100644 --- a/apparmor.d/profiles-a-f/dmcrypt-get-device +++ b/apparmor.d/profiles-a-f/dmcrypt-get-device @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dmesg b/apparmor.d/profiles-a-f/dmesg index 346a91c8c..5c1d38d1a 100644 --- a/apparmor.d/profiles-a-f/dmesg +++ b/apparmor.d/profiles-a-f/dmesg @@ -2,6 +2,7 @@ # Copyright (C) 2019-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dmeventd b/apparmor.d/profiles-a-f/dmeventd index 952379e64..ab7bfaa54 100644 --- a/apparmor.d/profiles-a-f/dmeventd +++ b/apparmor.d/profiles-a-f/dmeventd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dmidecode b/apparmor.d/profiles-a-f/dmidecode index d2200c256..2797dfe9f 100644 --- a/apparmor.d/profiles-a-f/dmidecode +++ b/apparmor.d/profiles-a-f/dmidecode @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dnscrypt-proxy b/apparmor.d/profiles-a-f/dnscrypt-proxy index de1597160..e7b4a09c0 100644 --- a/apparmor.d/profiles-a-f/dnscrypt-proxy +++ b/apparmor.d/profiles-a-f/dnscrypt-proxy @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/downloadhelper b/apparmor.d/profiles-a-f/downloadhelper index af3bc6f99..5556fb236 100644 --- a/apparmor.d/profiles-a-f/downloadhelper +++ b/apparmor.d/profiles-a-f/downloadhelper @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dring b/apparmor.d/profiles-a-f/dring index c5b6742f4..7c7ae44d8 100644 --- a/apparmor.d/profiles-a-f/dring +++ b/apparmor.d/profiles-a-f/dring @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dumpcap b/apparmor.d/profiles-a-f/dumpcap index 7013ff532..e3c3e800f 100644 --- a/apparmor.d/profiles-a-f/dumpcap +++ b/apparmor.d/profiles-a-f/dumpcap @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dumpe2fs b/apparmor.d/profiles-a-f/dumpe2fs index 1595d0f7d..188a4b279 100644 --- a/apparmor.d/profiles-a-f/dumpe2fs +++ b/apparmor.d/profiles-a-f/dumpe2fs @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dunst b/apparmor.d/profiles-a-f/dunst index debb3bbe6..69bf8d066 100644 --- a/apparmor.d/profiles-a-f/dunst +++ b/apparmor.d/profiles-a-f/dunst @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dunstctl b/apparmor.d/profiles-a-f/dunstctl index 052647fde..18c5ea562 100644 --- a/apparmor.d/profiles-a-f/dunstctl +++ b/apparmor.d/profiles-a-f/dunstctl @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/dunstify b/apparmor.d/profiles-a-f/dunstify index 22b36527d..94458981e 100644 --- a/apparmor.d/profiles-a-f/dunstify +++ b/apparmor.d/profiles-a-f/dunstify @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/e2fsck b/apparmor.d/profiles-a-f/e2fsck index 7e5c95c2f..ed1c574bb 100644 --- a/apparmor.d/profiles-a-f/e2fsck +++ b/apparmor.d/profiles-a-f/e2fsck @@ -2,6 +2,7 @@ # Copyright (C) 2019-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/e2image b/apparmor.d/profiles-a-f/e2image index 5948a831f..82f061f78 100644 --- a/apparmor.d/profiles-a-f/e2image +++ b/apparmor.d/profiles-a-f/e2image @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/e2scrub_all b/apparmor.d/profiles-a-f/e2scrub_all index be21cded0..2537b9402 100644 --- a/apparmor.d/profiles-a-f/e2scrub_all +++ b/apparmor.d/profiles-a-f/e2scrub_all @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/edid-decode b/apparmor.d/profiles-a-f/edid-decode index 8543b6412..f4a8921e9 100644 --- a/apparmor.d/profiles-a-f/edid-decode +++ b/apparmor.d/profiles-a-f/edid-decode @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/eject b/apparmor.d/profiles-a-f/eject index 83942708a..b2300da36 100644 --- a/apparmor.d/profiles-a-f/eject +++ b/apparmor.d/profiles-a-f/eject @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/element-desktop b/apparmor.d/profiles-a-f/element-desktop index a2eff5a44..f1bc8d5a2 100644 --- a/apparmor.d/profiles-a-f/element-desktop +++ b/apparmor.d/profiles-a-f/element-desktop @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/engrampa b/apparmor.d/profiles-a-f/engrampa index d76f5c1de..33608786e 100644 --- a/apparmor.d/profiles-a-f/engrampa +++ b/apparmor.d/profiles-a-f/engrampa @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/etckeeper b/apparmor.d/profiles-a-f/etckeeper index f96fe8f34..ac24e53cb 100644 --- a/apparmor.d/profiles-a-f/etckeeper +++ b/apparmor.d/profiles-a-f/etckeeper @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/evince b/apparmor.d/profiles-a-f/evince index 266a7566d..510652be7 100644 --- a/apparmor.d/profiles-a-f/evince +++ b/apparmor.d/profiles-a-f/evince @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/evince-previewer b/apparmor.d/profiles-a-f/evince-previewer index 3a792e662..c83e429b8 100644 --- a/apparmor.d/profiles-a-f/evince-previewer +++ b/apparmor.d/profiles-a-f/evince-previewer @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/evince-thumbnailer b/apparmor.d/profiles-a-f/evince-thumbnailer index 6faf30098..a3eaf10a3 100644 --- a/apparmor.d/profiles-a-f/evince-thumbnailer +++ b/apparmor.d/profiles-a-f/evince-thumbnailer @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/execute-dcut b/apparmor.d/profiles-a-f/execute-dcut index b8c4f43b9..53a534de2 100644 --- a/apparmor.d/profiles-a-f/execute-dcut +++ b/apparmor.d/profiles-a-f/execute-dcut @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/execute-dput b/apparmor.d/profiles-a-f/execute-dput index 9700aae9e..1047f2087 100644 --- a/apparmor.d/profiles-a-f/execute-dput +++ b/apparmor.d/profiles-a-f/execute-dput @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/exiftool b/apparmor.d/profiles-a-f/exiftool index c21f991c8..f4b8864ff 100644 --- a/apparmor.d/profiles-a-f/exiftool +++ b/apparmor.d/profiles-a-f/exiftool @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 valoq # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/exim4 b/apparmor.d/profiles-a-f/exim4 index 5a8badc50..f17dfd2d9 100644 --- a/apparmor.d/profiles-a-f/exim4 +++ b/apparmor.d/profiles-a-f/exim4 @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/exo-compose-mail b/apparmor.d/profiles-a-f/exo-compose-mail index edc88b0dd..0f733f953 100644 --- a/apparmor.d/profiles-a-f/exo-compose-mail +++ b/apparmor.d/profiles-a-f/exo-compose-mail @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/exo-helper b/apparmor.d/profiles-a-f/exo-helper index 378ac1ae8..3edd4b319 100644 --- a/apparmor.d/profiles-a-f/exo-helper +++ b/apparmor.d/profiles-a-f/exo-helper @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/exo-open b/apparmor.d/profiles-a-f/exo-open index ebdf097a2..70bad7706 100644 --- a/apparmor.d/profiles-a-f/exo-open +++ b/apparmor.d/profiles-a-f/exo-open @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/f3brew b/apparmor.d/profiles-a-f/f3brew index b1ad450af..a0dcd513b 100644 --- a/apparmor.d/profiles-a-f/f3brew +++ b/apparmor.d/profiles-a-f/f3brew @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/f3fix b/apparmor.d/profiles-a-f/f3fix index 75d11148d..f2f695b92 100644 --- a/apparmor.d/profiles-a-f/f3fix +++ b/apparmor.d/profiles-a-f/f3fix @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/f3probe b/apparmor.d/profiles-a-f/f3probe index 684901944..f3cfb4c2c 100644 --- a/apparmor.d/profiles-a-f/f3probe +++ b/apparmor.d/profiles-a-f/f3probe @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/f3read b/apparmor.d/profiles-a-f/f3read index 03b9e1a13..535016764 100644 --- a/apparmor.d/profiles-a-f/f3read +++ b/apparmor.d/profiles-a-f/f3read @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/f3write b/apparmor.d/profiles-a-f/f3write index 4c3a67047..19c432377 100644 --- a/apparmor.d/profiles-a-f/f3write +++ b/apparmor.d/profiles-a-f/f3write @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/fail2ban-client b/apparmor.d/profiles-a-f/fail2ban-client index 11d38537d..8e99384cb 100644 --- a/apparmor.d/profiles-a-f/fail2ban-client +++ b/apparmor.d/profiles-a-f/fail2ban-client @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/fail2ban-server b/apparmor.d/profiles-a-f/fail2ban-server index f023a04b3..7bc7ef21c 100644 --- a/apparmor.d/profiles-a-f/fail2ban-server +++ b/apparmor.d/profiles-a-f/fail2ban-server @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/fatlabel b/apparmor.d/profiles-a-f/fatlabel index fb65aa386..52e7a7e7f 100644 --- a/apparmor.d/profiles-a-f/fatlabel +++ b/apparmor.d/profiles-a-f/fatlabel @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/fatresize b/apparmor.d/profiles-a-f/fatresize index 71fc917fb..348794884 100644 --- a/apparmor.d/profiles-a-f/fatresize +++ b/apparmor.d/profiles-a-f/fatresize @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/fdisk b/apparmor.d/profiles-a-f/fdisk index cfc99a31a..880d4d7d7 100644 --- a/apparmor.d/profiles-a-f/fdisk +++ b/apparmor.d/profiles-a-f/fdisk @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/ffmpeg b/apparmor.d/profiles-a-f/ffmpeg index 3bc1fecfb..8c386abb1 100644 --- a/apparmor.d/profiles-a-f/ffmpeg +++ b/apparmor.d/profiles-a-f/ffmpeg @@ -2,6 +2,7 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/ffplay b/apparmor.d/profiles-a-f/ffplay index 528ebb6f2..3149ae191 100644 --- a/apparmor.d/profiles-a-f/ffplay +++ b/apparmor.d/profiles-a-f/ffplay @@ -2,6 +2,7 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/ffprobe b/apparmor.d/profiles-a-f/ffprobe index 97400e7b2..e917d1363 100644 --- a/apparmor.d/profiles-a-f/ffprobe +++ b/apparmor.d/profiles-a-f/ffprobe @@ -2,6 +2,7 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/file-roller b/apparmor.d/profiles-a-f/file-roller index de0479a3b..c2f540880 100644 --- a/apparmor.d/profiles-a-f/file-roller +++ b/apparmor.d/profiles-a-f/file-roller @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/filecap b/apparmor.d/profiles-a-f/filecap index 65c83bf90..71d461654 100644 --- a/apparmor.d/profiles-a-f/filecap +++ b/apparmor.d/profiles-a-f/filecap @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/findmnt b/apparmor.d/profiles-a-f/findmnt index 4aef829c7..c62b1a0a1 100644 --- a/apparmor.d/profiles-a-f/findmnt +++ b/apparmor.d/profiles-a-f/findmnt @@ -2,6 +2,7 @@ # Copyright (C) 2022 Jeroen Rijken # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/firecfg b/apparmor.d/profiles-a-f/firecfg index deacc3e77..9775c26bb 100644 --- a/apparmor.d/profiles-a-f/firecfg +++ b/apparmor.d/profiles-a-f/firecfg @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/firewalld b/apparmor.d/profiles-a-f/firewalld index 4e40ab10b..03d410a58 100644 --- a/apparmor.d/profiles-a-f/firewalld +++ b/apparmor.d/profiles-a-f/firewalld @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/flameshot b/apparmor.d/profiles-a-f/flameshot index 4d5c83fa9..88d5bb7d2 100644 --- a/apparmor.d/profiles-a-f/flameshot +++ b/apparmor.d/profiles-a-f/flameshot @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/flatpak b/apparmor.d/profiles-a-f/flatpak index 81b60a200..583993021 100644 --- a/apparmor.d/profiles-a-f/flatpak +++ b/apparmor.d/profiles-a-f/flatpak @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/flatpak-app b/apparmor.d/profiles-a-f/flatpak-app index a4f994d04..dc2eb24db 100644 --- a/apparmor.d/profiles-a-f/flatpak-app +++ b/apparmor.d/profiles-a-f/flatpak-app @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Default profile for all flatpak applications. Ideally, this profile should be # generated by flatpak itself with settings from the flatpak manifest and diff --git a/apparmor.d/profiles-a-f/flatpak-oci-authenticator b/apparmor.d/profiles-a-f/flatpak-oci-authenticator index e01ee3c4f..8d2cfb60c 100644 --- a/apparmor.d/profiles-a-f/flatpak-oci-authenticator +++ b/apparmor.d/profiles-a-f/flatpak-oci-authenticator @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/flatpak-portal b/apparmor.d/profiles-a-f/flatpak-portal index a41bf3e77..144aa5a43 100644 --- a/apparmor.d/profiles-a-f/flatpak-portal +++ b/apparmor.d/profiles-a-f/flatpak-portal @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/flatpak-session-helper b/apparmor.d/profiles-a-f/flatpak-session-helper index 967787b3d..266ca0e96 100644 --- a/apparmor.d/profiles-a-f/flatpak-session-helper +++ b/apparmor.d/profiles-a-f/flatpak-session-helper @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/flatpak-system-helper b/apparmor.d/profiles-a-f/flatpak-system-helper index cb49cd9d7..fbbfd50ce 100644 --- a/apparmor.d/profiles-a-f/flatpak-system-helper +++ b/apparmor.d/profiles-a-f/flatpak-system-helper @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/flatpak-validate-icon b/apparmor.d/profiles-a-f/flatpak-validate-icon index c5ca0488f..1c245d91a 100644 --- a/apparmor.d/profiles-a-f/flatpak-validate-icon +++ b/apparmor.d/profiles-a-f/flatpak-validate-icon @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/foliate b/apparmor.d/profiles-a-f/foliate index dedf342e4..8e56018c7 100644 --- a/apparmor.d/profiles-a-f/foliate +++ b/apparmor.d/profiles-a-f/foliate @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/font-manager b/apparmor.d/profiles-a-f/font-manager index 2082dcfaa..3481dc109 100644 --- a/apparmor.d/profiles-a-f/font-manager +++ b/apparmor.d/profiles-a-f/font-manager @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/fping b/apparmor.d/profiles-a-f/fping index 5b9efa624..ddc45ddff 100644 --- a/apparmor.d/profiles-a-f/fping +++ b/apparmor.d/profiles-a-f/fping @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/fprintd b/apparmor.d/profiles-a-f/fprintd index 2fc866c6b..0dd8c2867 100644 --- a/apparmor.d/profiles-a-f/fprintd +++ b/apparmor.d/profiles-a-f/fprintd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/fractal b/apparmor.d/profiles-a-f/fractal index 5e7d3d3b4..db8cbdb5f 100644 --- a/apparmor.d/profiles-a-f/fractal +++ b/apparmor.d/profiles-a-f/fractal @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/freefall b/apparmor.d/profiles-a-f/freefall index 638baa825..d47ff03f3 100644 --- a/apparmor.d/profiles-a-f/freefall +++ b/apparmor.d/profiles-a-f/freefall @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/fritzing b/apparmor.d/profiles-a-f/fritzing index e1ddc2f2b..b6153edfe 100644 --- a/apparmor.d/profiles-a-f/fritzing +++ b/apparmor.d/profiles-a-f/fritzing @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/frontend b/apparmor.d/profiles-a-f/frontend index 664b43b40..68954d111 100644 --- a/apparmor.d/profiles-a-f/frontend +++ b/apparmor.d/profiles-a-f/frontend @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/fsck b/apparmor.d/profiles-a-f/fsck index 6341954ae..be1ed77e9 100644 --- a/apparmor.d/profiles-a-f/fsck +++ b/apparmor.d/profiles-a-f/fsck @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/fsck.btrfs b/apparmor.d/profiles-a-f/fsck.btrfs index 7142f9cf1..85db8768c 100644 --- a/apparmor.d/profiles-a-f/fsck.btrfs +++ b/apparmor.d/profiles-a-f/fsck.btrfs @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/fsck.fat b/apparmor.d/profiles-a-f/fsck.fat index 6b5567d7d..38c372d2f 100644 --- a/apparmor.d/profiles-a-f/fsck.fat +++ b/apparmor.d/profiles-a-f/fsck.fat @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/fuse-overlayfs b/apparmor.d/profiles-a-f/fuse-overlayfs index fb957c462..327b9acce 100644 --- a/apparmor.d/profiles-a-f/fuse-overlayfs +++ b/apparmor.d/profiles-a-f/fuse-overlayfs @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/fuseiso b/apparmor.d/profiles-a-f/fuseiso index 01893d9c0..ca926a807 100644 --- a/apparmor.d/profiles-a-f/fuseiso +++ b/apparmor.d/profiles-a-f/fuseiso @@ -2,6 +2,7 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/fusermount b/apparmor.d/profiles-a-f/fusermount index 83d8e8092..59233a71d 100644 --- a/apparmor.d/profiles-a-f/fusermount +++ b/apparmor.d/profiles-a-f/fusermount @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/fwupd b/apparmor.d/profiles-a-f/fwupd index b9f095daa..cfccf778e 100644 --- a/apparmor.d/profiles-a-f/fwupd +++ b/apparmor.d/profiles-a-f/fwupd @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-a-f/fwupdmgr b/apparmor.d/profiles-a-f/fwupdmgr index 7315c550f..f8ef48a32 100644 --- a/apparmor.d/profiles-a-f/fwupdmgr +++ b/apparmor.d/profiles-a-f/fwupdmgr @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , From 293217aee25f44db00fd4de06ef654ef8cde9e22 Mon Sep 17 00:00:00 2001 From: REmerald <55359236+REmerald@users.noreply.github.com> Date: Sat, 15 Jun 2024 17:13:21 +0300 Subject: [PATCH 64/70] fix(profiles-a-f): move vim modeline Move vim syntax comment to the end of the file, separated by newline, as requested in #380. --- apparmor.d/profiles-a-f/aa-enabled | 5 +++-- apparmor.d/profiles-a-f/aa-enforce | 5 +++-- apparmor.d/profiles-a-f/aa-log | 3 ++- apparmor.d/profiles-a-f/aa-notify | 3 ++- apparmor.d/profiles-a-f/aa-status | 3 ++- apparmor.d/profiles-a-f/aa-teardown | 5 +++-- apparmor.d/profiles-a-f/abook | 3 ++- apparmor.d/profiles-a-f/acpi | 3 ++- apparmor.d/profiles-a-f/acpi-powerbtn | 3 ++- apparmor.d/profiles-a-f/acpid | 3 ++- apparmor.d/profiles-a-f/adb | 3 ++- apparmor.d/profiles-a-f/adduser | 3 ++- apparmor.d/profiles-a-f/adequate | 3 ++- apparmor.d/profiles-a-f/agetty | 3 ++- apparmor.d/profiles-a-f/alacarte | 5 +++-- apparmor.d/profiles-a-f/alsactl | 5 +++-- apparmor.d/profiles-a-f/amixer | 3 ++- apparmor.d/profiles-a-f/anacron | 3 ++- apparmor.d/profiles-a-f/anyremote | 3 ++- apparmor.d/profiles-a-f/aplay | 3 ++- apparmor.d/profiles-a-f/apparmor.systemd | 5 +++-- apparmor.d/profiles-a-f/apparmor_parser | 5 +++-- apparmor.d/profiles-a-f/appstreamcli | 3 ++- apparmor.d/profiles-a-f/arandr | 3 ++- apparmor.d/profiles-a-f/archivemount | 3 ++- apparmor.d/profiles-a-f/arduino | 3 ++- apparmor.d/profiles-a-f/arduino-builder | 3 ++- apparmor.d/profiles-a-f/arduino-ctags | 3 ++- apparmor.d/profiles-a-f/aspell | 3 ++- apparmor.d/profiles-a-f/aspell-autobuildhash | 3 ++- apparmor.d/profiles-a-f/at | 5 +++-- apparmor.d/profiles-a-f/atd | 5 +++-- apparmor.d/profiles-a-f/atftpd | 3 ++- apparmor.d/profiles-a-f/atool | 3 ++- apparmor.d/profiles-a-f/atril | 3 ++- apparmor.d/profiles-a-f/atrild | 3 ++- apparmor.d/profiles-a-f/auditctl | 5 +++-- apparmor.d/profiles-a-f/auditd | 3 ++- apparmor.d/profiles-a-f/augenrules | 3 ++- apparmor.d/profiles-a-f/badblocks | 3 ++- apparmor.d/profiles-a-f/biosdecode | 3 ++- apparmor.d/profiles-a-f/birdtray | 3 ++- apparmor.d/profiles-a-f/blkdeactivate | 3 ++- apparmor.d/profiles-a-f/blkid | 3 ++- apparmor.d/profiles-a-f/blockdev | 3 ++- apparmor.d/profiles-a-f/blueman | 3 ++- apparmor.d/profiles-a-f/blueman-mechanism | 3 ++- apparmor.d/profiles-a-f/blueman-rfcomm-watcher | 3 ++- apparmor.d/profiles-a-f/bluemoon | 3 ++- apparmor.d/profiles-a-f/bluetoothctl | 3 ++- apparmor.d/profiles-a-f/bluetoothd | 3 ++- apparmor.d/profiles-a-f/bmon | 3 ++- apparmor.d/profiles-a-f/boltd | 3 ++- apparmor.d/profiles-a-f/borg | 3 ++- apparmor.d/profiles-a-f/browserpass | 3 ++- apparmor.d/profiles-a-f/btop | 3 ++- apparmor.d/profiles-a-f/btrfs | 3 ++- apparmor.d/profiles-a-f/btrfs-convert | 3 ++- apparmor.d/profiles-a-f/btrfs-find-root | 3 ++- apparmor.d/profiles-a-f/btrfs-image | 3 ++- apparmor.d/profiles-a-f/btrfs-map-logical | 3 ++- apparmor.d/profiles-a-f/btrfs-select-super | 3 ++- apparmor.d/profiles-a-f/btrfstune | 3 ++- apparmor.d/profiles-a-f/cawbird | 3 ++- apparmor.d/profiles-a-f/cc-remote-login-helper | 3 ++- apparmor.d/profiles-a-f/cctk | 5 +++-- apparmor.d/profiles-a-f/ccze | 3 ++- apparmor.d/profiles-a-f/cert-sync | 5 +++-- apparmor.d/profiles-a-f/cfdisk | 3 ++- apparmor.d/profiles-a-f/cgdisk | 3 ++- apparmor.d/profiles-a-f/cgrulesengd | 3 ++- apparmor.d/profiles-a-f/chage | 3 ++- apparmor.d/profiles-a-f/changestool | 3 ++- apparmor.d/profiles-a-f/check-bios-nx | 3 ++- apparmor.d/profiles-a-f/check-support-status | 3 ++- apparmor.d/profiles-a-f/check-support-status-hook | 3 ++- apparmor.d/profiles-a-f/chfn | 3 ++- apparmor.d/profiles-a-f/chpasswd | 3 ++- apparmor.d/profiles-a-f/chronyd | 5 +++-- apparmor.d/profiles-a-f/chsh | 3 ++- apparmor.d/profiles-a-f/claws-mail | 3 ++- apparmor.d/profiles-a-f/code | 3 ++- apparmor.d/profiles-a-f/code-extension-git-askpass | 3 ++- apparmor.d/profiles-a-f/code-extension-git-editor | 5 +++-- apparmor.d/profiles-a-f/code-wrapper | 3 ++- apparmor.d/profiles-a-f/compton | 3 ++- apparmor.d/profiles-a-f/conky | 3 ++- apparmor.d/profiles-a-f/console-setup | 5 +++-- apparmor.d/profiles-a-f/convertall | 3 ++- apparmor.d/profiles-a-f/cppw-cpgr | 3 ++- apparmor.d/profiles-a-f/cpuid | 3 ++- apparmor.d/profiles-a-f/cracklib-packer | 5 +++-- apparmor.d/profiles-a-f/crda | 3 ++- apparmor.d/profiles-a-f/cups-backend-beh | 5 +++-- apparmor.d/profiles-a-f/cups-backend-bluetooth | 5 +++-- apparmor.d/profiles-a-f/cups-backend-brf | 5 +++-- apparmor.d/profiles-a-f/cups-backend-dnssd | 5 +++-- apparmor.d/profiles-a-f/cups-backend-hp | 5 +++-- apparmor.d/profiles-a-f/cups-backend-implicitclass | 5 +++-- apparmor.d/profiles-a-f/cups-backend-ipp | 5 +++-- apparmor.d/profiles-a-f/cups-backend-lpd | 5 +++-- apparmor.d/profiles-a-f/cups-backend-mdns | 5 +++-- apparmor.d/profiles-a-f/cups-backend-parallel | 5 +++-- apparmor.d/profiles-a-f/cups-backend-pdf | 5 +++-- apparmor.d/profiles-a-f/cups-backend-serial | 5 +++-- apparmor.d/profiles-a-f/cups-backend-snmp | 5 +++-- apparmor.d/profiles-a-f/cups-backend-socket | 5 +++-- apparmor.d/profiles-a-f/cups-backend-usb | 5 +++-- apparmor.d/profiles-a-f/cups-browsed | 3 ++- apparmor.d/profiles-a-f/cups-notifier-dbus | 5 +++-- apparmor.d/profiles-a-f/cups-notifier-mailto | 5 +++-- apparmor.d/profiles-a-f/cups-notifier-rss | 5 +++-- apparmor.d/profiles-a-f/cups-pk-helper-mechanism | 5 +++-- apparmor.d/profiles-a-f/cupsd | 3 ++- apparmor.d/profiles-a-f/czkawka-cli | 3 ++- apparmor.d/profiles-a-f/czkawka-gui | 3 ++- apparmor.d/profiles-a-f/ddclient | 3 ++- apparmor.d/profiles-a-f/deltachat-desktop | 3 ++- apparmor.d/profiles-a-f/deluser | 3 ++- apparmor.d/profiles-a-f/df | 3 ++- apparmor.d/profiles-a-f/dfc | 3 ++- apparmor.d/profiles-a-f/dhclient | 3 ++- apparmor.d/profiles-a-f/dhclient-script | 3 ++- apparmor.d/profiles-a-f/dig | 3 ++- apparmor.d/profiles-a-f/dino-im | 3 ++- apparmor.d/profiles-a-f/dkms | 3 ++- apparmor.d/profiles-a-f/dkms-autoinstaller | 3 ++- apparmor.d/profiles-a-f/dleyna-renderer-service | 5 +++-- apparmor.d/profiles-a-f/dleyna-server-service | 5 +++-- apparmor.d/profiles-a-f/dlocate | 3 ++- apparmor.d/profiles-a-f/dmcrypt-get-device | 3 ++- apparmor.d/profiles-a-f/dmesg | 3 ++- apparmor.d/profiles-a-f/dmeventd | 3 ++- apparmor.d/profiles-a-f/dmidecode | 3 ++- apparmor.d/profiles-a-f/dnscrypt-proxy | 3 ++- apparmor.d/profiles-a-f/downloadhelper | 5 +++-- apparmor.d/profiles-a-f/dring | 3 ++- apparmor.d/profiles-a-f/dumpcap | 3 ++- apparmor.d/profiles-a-f/dumpe2fs | 3 ++- apparmor.d/profiles-a-f/dunst | 3 ++- apparmor.d/profiles-a-f/dunstctl | 3 ++- apparmor.d/profiles-a-f/dunstify | 3 ++- apparmor.d/profiles-a-f/e2fsck | 3 ++- apparmor.d/profiles-a-f/e2image | 3 ++- apparmor.d/profiles-a-f/e2scrub_all | 5 +++-- apparmor.d/profiles-a-f/edid-decode | 3 ++- apparmor.d/profiles-a-f/eject | 3 ++- apparmor.d/profiles-a-f/element-desktop | 5 +++-- apparmor.d/profiles-a-f/engrampa | 3 ++- apparmor.d/profiles-a-f/etckeeper | 5 +++-- apparmor.d/profiles-a-f/evince | 3 ++- apparmor.d/profiles-a-f/evince-previewer | 5 +++-- apparmor.d/profiles-a-f/evince-thumbnailer | 5 +++-- apparmor.d/profiles-a-f/execute-dcut | 3 ++- apparmor.d/profiles-a-f/execute-dput | 3 ++- apparmor.d/profiles-a-f/exiftool | 3 ++- apparmor.d/profiles-a-f/exim4 | 3 ++- apparmor.d/profiles-a-f/exo-compose-mail | 3 ++- apparmor.d/profiles-a-f/exo-helper | 3 ++- apparmor.d/profiles-a-f/exo-open | 3 ++- apparmor.d/profiles-a-f/f3brew | 3 ++- apparmor.d/profiles-a-f/f3fix | 3 ++- apparmor.d/profiles-a-f/f3probe | 3 ++- apparmor.d/profiles-a-f/f3read | 3 ++- apparmor.d/profiles-a-f/f3write | 3 ++- apparmor.d/profiles-a-f/fail2ban-client | 5 +++-- apparmor.d/profiles-a-f/fail2ban-server | 5 +++-- apparmor.d/profiles-a-f/fatlabel | 3 ++- apparmor.d/profiles-a-f/fatresize | 3 ++- apparmor.d/profiles-a-f/fdisk | 3 ++- apparmor.d/profiles-a-f/ffmpeg | 3 ++- apparmor.d/profiles-a-f/ffplay | 3 ++- apparmor.d/profiles-a-f/ffprobe | 3 ++- apparmor.d/profiles-a-f/file-roller | 5 +++-- apparmor.d/profiles-a-f/filecap | 3 ++- apparmor.d/profiles-a-f/findmnt | 5 +++-- apparmor.d/profiles-a-f/firecfg | 3 ++- apparmor.d/profiles-a-f/firewalld | 5 +++-- apparmor.d/profiles-a-f/flameshot | 3 ++- apparmor.d/profiles-a-f/flatpak | 3 ++- apparmor.d/profiles-a-f/flatpak-app | 3 ++- apparmor.d/profiles-a-f/flatpak-oci-authenticator | 5 +++-- apparmor.d/profiles-a-f/flatpak-portal | 5 +++-- apparmor.d/profiles-a-f/flatpak-session-helper | 5 +++-- apparmor.d/profiles-a-f/flatpak-system-helper | 3 ++- apparmor.d/profiles-a-f/flatpak-validate-icon | 5 +++-- apparmor.d/profiles-a-f/foliate | 5 +++-- apparmor.d/profiles-a-f/font-manager | 3 ++- apparmor.d/profiles-a-f/fping | 3 ++- apparmor.d/profiles-a-f/fprintd | 3 ++- apparmor.d/profiles-a-f/fractal | 5 +++-- apparmor.d/profiles-a-f/freefall | 3 ++- apparmor.d/profiles-a-f/fritzing | 3 ++- apparmor.d/profiles-a-f/frontend | 3 ++- apparmor.d/profiles-a-f/fsck | 3 ++- apparmor.d/profiles-a-f/fsck.btrfs | 3 ++- apparmor.d/profiles-a-f/fsck.fat | 3 ++- apparmor.d/profiles-a-f/fuse-overlayfs | 5 +++-- apparmor.d/profiles-a-f/fuseiso | 3 ++- apparmor.d/profiles-a-f/fusermount | 3 ++- apparmor.d/profiles-a-f/fwupd | 3 ++- apparmor.d/profiles-a-f/fwupdmgr | 3 ++- 202 files changed, 459 insertions(+), 257 deletions(-) diff --git a/apparmor.d/profiles-a-f/aa-enabled b/apparmor.d/profiles-a-f/aa-enabled index 41b892c5f..d5ebe0c10 100644 --- a/apparmor.d/profiles-a-f/aa-enabled +++ b/apparmor.d/profiles-a-f/aa-enabled @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -19,4 +18,6 @@ profile aa-enabled @{exec_path} { owner @{PROC}/@{pid}/mounts r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/aa-enforce b/apparmor.d/profiles-a-f/aa-enforce index 359fde762..a6f3d2b9e 100644 --- a/apparmor.d/profiles-a-f/aa-enforce +++ b/apparmor.d/profiles-a-f/aa-enforce @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -33,4 +32,6 @@ profile aa-enforce @{exec_path} { owner @{PROC}/@{pid}/fd r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/aa-log b/apparmor.d/profiles-a-f/aa-log index 5c282c905..6d1f690f6 100644 --- a/apparmor.d/profiles-a-f/aa-log +++ b/apparmor.d/profiles-a-f/aa-log @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -36,3 +35,5 @@ profile aa-log @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/aa-notify b/apparmor.d/profiles-a-f/aa-notify index be2d5ebb3..7c65b9be2 100644 --- a/apparmor.d/profiles-a-f/aa-notify +++ b/apparmor.d/profiles-a-f/aa-notify @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -44,3 +43,5 @@ profile aa-notify @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/aa-status b/apparmor.d/profiles-a-f/aa-status index 7b405cf69..5d5840f6f 100644 --- a/apparmor.d/profiles-a-f/aa-status +++ b/apparmor.d/profiles-a-f/aa-status @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -31,3 +30,5 @@ profile aa-status @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/aa-teardown b/apparmor.d/profiles-a-f/aa-teardown index dab5be5bd..263c7b9af 100644 --- a/apparmor.d/profiles-a-f/aa-teardown +++ b/apparmor.d/profiles-a-f/aa-teardown @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -24,4 +23,6 @@ profile aa-teardown @{exec_path} { /dev/tty rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/abook b/apparmor.d/profiles-a-f/abook index d89d87016..f4252aeee 100644 --- a/apparmor.d/profiles-a-f/abook +++ b/apparmor.d/profiles-a-f/abook @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Zane Zakraisek # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -32,3 +31,5 @@ profile abook @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/acpi b/apparmor.d/profiles-a-f/acpi index 9f24c10a9..4f6132c25 100644 --- a/apparmor.d/profiles-a-f/acpi +++ b/apparmor.d/profiles-a-f/acpi @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,3 +22,5 @@ profile acpi @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/acpi-powerbtn b/apparmor.d/profiles-a-f/acpi-powerbtn index 3236e106f..9372f46b4 100644 --- a/apparmor.d/profiles-a-f/acpi-powerbtn +++ b/apparmor.d/profiles-a-f/acpi-powerbtn @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -56,3 +55,5 @@ profile acpi-powerbtn flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/acpid b/apparmor.d/profiles-a-f/acpid index 3f74d18b4..10600e3d7 100644 --- a/apparmor.d/profiles-a-f/acpid +++ b/apparmor.d/profiles-a-f/acpid @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -38,3 +37,5 @@ profile acpid @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/adb b/apparmor.d/profiles-a-f/adb index d0ad36648..13863c03a 100644 --- a/apparmor.d/profiles-a-f/adb +++ b/apparmor.d/profiles-a-f/adb @@ -2,7 +2,6 @@ # Copyright (C) 2021-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -33,3 +32,5 @@ profile adb @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/adduser b/apparmor.d/profiles-a-f/adduser index 5e48e005a..350f070b0 100644 --- a/apparmor.d/profiles-a-f/adduser +++ b/apparmor.d/profiles-a-f/adduser @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -55,3 +54,5 @@ profile adduser @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/adequate b/apparmor.d/profiles-a-f/adequate index febeb5892..fe3e7565f 100644 --- a/apparmor.d/profiles-a-f/adequate +++ b/apparmor.d/profiles-a-f/adequate @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -110,3 +109,5 @@ profile adequate @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/agetty b/apparmor.d/profiles-a-f/agetty index 2295b8bc2..c15748c6a 100644 --- a/apparmor.d/profiles-a-f/agetty +++ b/apparmor.d/profiles-a-f/agetty @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -43,3 +42,5 @@ profile agetty @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/alacarte b/apparmor.d/profiles-a-f/alacarte index 4299d9114..80e64558a 100644 --- a/apparmor.d/profiles-a-f/alacarte +++ b/apparmor.d/profiles-a-f/alacarte @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -34,4 +33,6 @@ profile alacarte @{exec_path} { owner @{PROC}/@{pid}/mounts r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/alsactl b/apparmor.d/profiles-a-f/alsactl index 3d91058d2..bde626660 100644 --- a/apparmor.d/profiles-a-f/alsactl +++ b/apparmor.d/profiles-a-f/alsactl @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -24,4 +23,6 @@ profile alsactl @{exec_path} { owner @{run}/alsa/{,**} rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/amixer b/apparmor.d/profiles-a-f/amixer index bf6407cc1..ea2842a74 100644 --- a/apparmor.d/profiles-a-f/amixer +++ b/apparmor.d/profiles-a-f/amixer @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -27,3 +26,5 @@ profile amixer @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/anacron b/apparmor.d/profiles-a-f/anacron index 1ff93e0a7..8893f1d70 100644 --- a/apparmor.d/profiles-a-f/anacron +++ b/apparmor.d/profiles-a-f/anacron @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -45,3 +44,5 @@ profile anacron @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/anyremote b/apparmor.d/profiles-a-f/anyremote index aeb878e90..b9031360f 100644 --- a/apparmor.d/profiles-a-f/anyremote +++ b/apparmor.d/profiles-a-f/anyremote @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -139,3 +138,5 @@ profile anyremote @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/aplay b/apparmor.d/profiles-a-f/aplay index b798e21fd..0bb417ae2 100644 --- a/apparmor.d/profiles-a-f/aplay +++ b/apparmor.d/profiles-a-f/aplay @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -22,3 +21,5 @@ profile aplay @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/apparmor.systemd b/apparmor.d/profiles-a-f/apparmor.systemd index ff2a7f61d..a6d517b2a 100644 --- a/apparmor.d/profiles-a-f/apparmor.systemd +++ b/apparmor.d/profiles-a-f/apparmor.systemd @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -49,4 +48,6 @@ profile apparmor.systemd @{exec_path} flags=(complain) { /dev/tty rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/apparmor_parser b/apparmor.d/profiles-a-f/apparmor_parser index 898e2e003..82acd0d0f 100644 --- a/apparmor.d/profiles-a-f/apparmor_parser +++ b/apparmor.d/profiles-a-f/apparmor_parser @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -46,4 +45,6 @@ profile apparmor_parser @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/mounts r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/appstreamcli b/apparmor.d/profiles-a-f/appstreamcli index be0e4a727..6b6bad8d8 100644 --- a/apparmor.d/profiles-a-f/appstreamcli +++ b/apparmor.d/profiles-a-f/appstreamcli @@ -2,7 +2,6 @@ # Copyright (C) 2019-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -75,3 +74,5 @@ profile appstreamcli @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/arandr b/apparmor.d/profiles-a-f/arandr index 77bb711c8..6baddcf18 100644 --- a/apparmor.d/profiles-a-f/arandr +++ b/apparmor.d/profiles-a-f/arandr @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -38,3 +37,5 @@ profile arandr @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/archivemount b/apparmor.d/profiles-a-f/archivemount index a46c03578..03836a9dc 100644 --- a/apparmor.d/profiles-a-f/archivemount +++ b/apparmor.d/profiles-a-f/archivemount @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -57,3 +56,5 @@ profile archivemount @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/arduino b/apparmor.d/profiles-a-f/arduino index e2214737d..47d784212 100644 --- a/apparmor.d/profiles-a-f/arduino +++ b/apparmor.d/profiles-a-f/arduino @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -137,3 +136,5 @@ profile arduino @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/arduino-builder b/apparmor.d/profiles-a-f/arduino-builder index 306aef640..23f8628e5 100644 --- a/apparmor.d/profiles-a-f/arduino-builder +++ b/apparmor.d/profiles-a-f/arduino-builder @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -50,3 +49,5 @@ profile arduino-builder @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/arduino-ctags b/apparmor.d/profiles-a-f/arduino-ctags index cc15ceef0..0c3849643 100644 --- a/apparmor.d/profiles-a-f/arduino-ctags +++ b/apparmor.d/profiles-a-f/arduino-ctags @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -20,3 +19,5 @@ profile arduino-ctags @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/aspell b/apparmor.d/profiles-a-f/aspell index ef5cbdb2c..c5bd8d4f4 100644 --- a/apparmor.d/profiles-a-f/aspell +++ b/apparmor.d/profiles-a-f/aspell @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -24,3 +23,5 @@ profile aspell @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/aspell-autobuildhash b/apparmor.d/profiles-a-f/aspell-autobuildhash index 76c1b9606..078fa0139 100644 --- a/apparmor.d/profiles-a-f/aspell-autobuildhash +++ b/apparmor.d/profiles-a-f/aspell-autobuildhash @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -74,3 +73,5 @@ profile aspell-autobuildhash @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/at b/apparmor.d/profiles-a-f/at index 1ff9de345..2da487b9c 100644 --- a/apparmor.d/profiles-a-f/at +++ b/apparmor.d/profiles-a-f/at @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -30,4 +29,6 @@ profile at @{exec_path} { @{PROC}/@{pid}/loginuid r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/atd b/apparmor.d/profiles-a-f/atd index 765d0d87e..b1b54f0fa 100644 --- a/apparmor.d/profiles-a-f/atd +++ b/apparmor.d/profiles-a-f/atd @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -45,4 +44,6 @@ profile atd @{exec_path} { @{PROC}/loadavg r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/atftpd b/apparmor.d/profiles-a-f/atftpd index cb1c9f7fc..02a0a018b 100644 --- a/apparmor.d/profiles-a-f/atftpd +++ b/apparmor.d/profiles-a-f/atftpd @@ -2,7 +2,6 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -27,3 +26,5 @@ profile atftpd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/atool b/apparmor.d/profiles-a-f/atool index cbcb346c4..947245d2a 100644 --- a/apparmor.d/profiles-a-f/atool +++ b/apparmor.d/profiles-a-f/atool @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 valoq # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -50,3 +49,5 @@ profile atool @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/atril b/apparmor.d/profiles-a-f/atril index eb7c24748..2163346cc 100644 --- a/apparmor.d/profiles-a-f/atril +++ b/apparmor.d/profiles-a-f/atril @@ -2,7 +2,6 @@ # Copyright (C) 2022 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -88,3 +87,5 @@ profile @{bin}/atril-previewer { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/atrild b/apparmor.d/profiles-a-f/atrild index 9c0092179..c44686d5a 100644 --- a/apparmor.d/profiles-a-f/atrild +++ b/apparmor.d/profiles-a-f/atrild @@ -2,7 +2,6 @@ # Copyright (C) 2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -19,3 +18,5 @@ profile atrild @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/auditctl b/apparmor.d/profiles-a-f/auditctl index 924643592..daaee243f 100644 --- a/apparmor.d/profiles-a-f/auditctl +++ b/apparmor.d/profiles-a-f/auditctl @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -20,4 +19,6 @@ profile auditctl @{exec_path} flags=(attach_disconnected) { /etc/audit/audit.rules r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/auditd b/apparmor.d/profiles-a-f/auditd index 709548dea..4e93a5d22 100644 --- a/apparmor.d/profiles-a-f/auditd +++ b/apparmor.d/profiles-a-f/auditd @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -39,3 +38,5 @@ profile auditd @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/augenrules b/apparmor.d/profiles-a-f/augenrules index 6c27f53b5..5f192e8cc 100644 --- a/apparmor.d/profiles-a-f/augenrules +++ b/apparmor.d/profiles-a-f/augenrules @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -35,3 +34,5 @@ profile augenrules @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/badblocks b/apparmor.d/profiles-a-f/badblocks index ed870ed29..48b4cc8af 100644 --- a/apparmor.d/profiles-a-f/badblocks +++ b/apparmor.d/profiles-a-f/badblocks @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -25,3 +24,5 @@ profile badblocks @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/biosdecode b/apparmor.d/profiles-a-f/biosdecode index 67ba638ec..caf8a50d2 100644 --- a/apparmor.d/profiles-a-f/biosdecode +++ b/apparmor.d/profiles-a-f/biosdecode @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile biosdecode @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/birdtray b/apparmor.d/profiles-a-f/birdtray index 7c6c21bc7..b6314e942 100644 --- a/apparmor.d/profiles-a-f/birdtray +++ b/apparmor.d/profiles-a-f/birdtray @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -58,3 +57,5 @@ profile birdtray @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/blkdeactivate b/apparmor.d/profiles-a-f/blkdeactivate index d29db9be3..f9db3e96f 100644 --- a/apparmor.d/profiles-a-f/blkdeactivate +++ b/apparmor.d/profiles-a-f/blkdeactivate @@ -2,7 +2,6 @@ # Copyright (C) 2022 Jeroen Rijken # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -30,3 +29,5 @@ profile blkdeactivate @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/blkid b/apparmor.d/profiles-a-f/blkid index dd825ef2a..ad8134064 100644 --- a/apparmor.d/profiles-a-f/blkid +++ b/apparmor.d/profiles-a-f/blkid @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -42,3 +41,5 @@ profile blkid @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/blockdev b/apparmor.d/profiles-a-f/blockdev index 03a62f5be..1b6cc77cb 100644 --- a/apparmor.d/profiles-a-f/blockdev +++ b/apparmor.d/profiles-a-f/blockdev @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile blockdev @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/blueman b/apparmor.d/profiles-a-f/blueman index 4135794d6..9ac1c2c2b 100644 --- a/apparmor.d/profiles-a-f/blueman +++ b/apparmor.d/profiles-a-f/blueman @@ -2,7 +2,6 @@ # Copyright (C) 2021-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -66,3 +65,5 @@ profile blueman @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/blueman-mechanism b/apparmor.d/profiles-a-f/blueman-mechanism index a56f9d88b..152520fad 100644 --- a/apparmor.d/profiles-a-f/blueman-mechanism +++ b/apparmor.d/profiles-a-f/blueman-mechanism @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -48,3 +47,5 @@ profile blueman-mechanism @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/blueman-rfcomm-watcher b/apparmor.d/profiles-a-f/blueman-rfcomm-watcher index ef666f806..a8753ac8f 100644 --- a/apparmor.d/profiles-a-f/blueman-rfcomm-watcher +++ b/apparmor.d/profiles-a-f/blueman-rfcomm-watcher @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,3 +22,5 @@ profile blueman-rfcomm-watcher @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/bluemoon b/apparmor.d/profiles-a-f/bluemoon index 018cfbbec..06f4040f8 100644 --- a/apparmor.d/profiles-a-f/bluemoon +++ b/apparmor.d/profiles-a-f/bluemoon @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,3 +15,5 @@ profile bluemoon @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/bluetoothctl b/apparmor.d/profiles-a-f/bluetoothctl index f9111e12d..603998f2c 100644 --- a/apparmor.d/profiles-a-f/bluetoothctl +++ b/apparmor.d/profiles-a-f/bluetoothctl @@ -2,7 +2,6 @@ # Copyright (C) 2015-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -22,3 +21,5 @@ profile bluetoothctl @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/bluetoothd b/apparmor.d/profiles-a-f/bluetoothd index 7e69fae3f..75934102b 100644 --- a/apparmor.d/profiles-a-f/bluetoothd +++ b/apparmor.d/profiles-a-f/bluetoothd @@ -2,7 +2,6 @@ # Copyright (C) 2015-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -78,3 +77,5 @@ profile bluetoothd @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/bmon b/apparmor.d/profiles-a-f/bmon index 8ddc1513f..77feb3210 100644 --- a/apparmor.d/profiles-a-f/bmon +++ b/apparmor.d/profiles-a-f/bmon @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -20,3 +19,5 @@ profile bmon @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/boltd b/apparmor.d/profiles-a-f/boltd index d6a1ce25f..47c16d1cd 100644 --- a/apparmor.d/profiles-a-f/boltd +++ b/apparmor.d/profiles-a-f/boltd @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -51,3 +50,5 @@ profile boltd @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/borg b/apparmor.d/profiles-a-f/borg index 984886e95..107330419 100644 --- a/apparmor.d/profiles-a-f/borg +++ b/apparmor.d/profiles-a-f/borg @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -118,3 +117,5 @@ profile borg @{exec_path} { include if exists include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/browserpass b/apparmor.d/profiles-a-f/browserpass index 5eaa4abab..cfc5d3b0b 100644 --- a/apparmor.d/profiles-a-f/browserpass +++ b/apparmor.d/profiles-a-f/browserpass @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -63,3 +62,5 @@ profile browserpass @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/btop b/apparmor.d/profiles-a-f/btop index 1fd06e899..b6c3556ec 100644 --- a/apparmor.d/profiles-a-f/btop +++ b/apparmor.d/profiles-a-f/btop @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -61,3 +60,5 @@ profile btop @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/btrfs b/apparmor.d/profiles-a-f/btrfs index 57db80da6..f056d12ca 100644 --- a/apparmor.d/profiles-a-f/btrfs +++ b/apparmor.d/profiles-a-f/btrfs @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -59,3 +58,5 @@ profile btrfs @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/btrfs-convert b/apparmor.d/profiles-a-f/btrfs-convert index f10e53536..8b443cf6e 100644 --- a/apparmor.d/profiles-a-f/btrfs-convert +++ b/apparmor.d/profiles-a-f/btrfs-convert @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -19,3 +18,5 @@ profile btrfs-convert @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/btrfs-find-root b/apparmor.d/profiles-a-f/btrfs-find-root index 8d9ed4515..03c2d47bd 100644 --- a/apparmor.d/profiles-a-f/btrfs-find-root +++ b/apparmor.d/profiles-a-f/btrfs-find-root @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -20,3 +19,5 @@ profile btrfs-find-root @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/btrfs-image b/apparmor.d/profiles-a-f/btrfs-image index c3b8b66c8..c1508bb09 100644 --- a/apparmor.d/profiles-a-f/btrfs-image +++ b/apparmor.d/profiles-a-f/btrfs-image @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -22,3 +21,5 @@ profile btrfs-image @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/btrfs-map-logical b/apparmor.d/profiles-a-f/btrfs-map-logical index b777d9f53..12d2b09d6 100644 --- a/apparmor.d/profiles-a-f/btrfs-map-logical +++ b/apparmor.d/profiles-a-f/btrfs-map-logical @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -20,3 +19,5 @@ profile btrfs-map-logical @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/btrfs-select-super b/apparmor.d/profiles-a-f/btrfs-select-super index 1a4013a16..f083363cf 100644 --- a/apparmor.d/profiles-a-f/btrfs-select-super +++ b/apparmor.d/profiles-a-f/btrfs-select-super @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -19,3 +18,5 @@ profile btrfs-select-super @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/btrfstune b/apparmor.d/profiles-a-f/btrfstune index 3459f7cbe..cd8f7adfe 100644 --- a/apparmor.d/profiles-a-f/btrfstune +++ b/apparmor.d/profiles-a-f/btrfstune @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,3 +22,5 @@ profile btrfstune @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cawbird b/apparmor.d/profiles-a-f/cawbird index a3e17d034..ee3bab550 100644 --- a/apparmor.d/profiles-a-f/cawbird +++ b/apparmor.d/profiles-a-f/cawbird @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -73,3 +72,5 @@ profile cawbird @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cc-remote-login-helper b/apparmor.d/profiles-a-f/cc-remote-login-helper index 1ee41d92e..bc12ec50b 100644 --- a/apparmor.d/profiles-a-f/cc-remote-login-helper +++ b/apparmor.d/profiles-a-f/cc-remote-login-helper @@ -1,6 +1,5 @@ # apparmor.d - Full set of apparmor profiles # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,3 +15,5 @@ profile cc-remote-login-helper @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cctk b/apparmor.d/profiles-a-f/cctk index c8bde01d7..3795d9836 100644 --- a/apparmor.d/profiles-a-f/cctk +++ b/apparmor.d/profiles-a-f/cctk @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -33,4 +32,6 @@ profile cctk @{exec_path} { /dev/wmi/dell-smbios r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/ccze b/apparmor.d/profiles-a-f/ccze index 86c540b9a..e51310b63 100644 --- a/apparmor.d/profiles-a-f/ccze +++ b/apparmor.d/profiles-a-f/ccze @@ -2,7 +2,6 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -22,3 +21,5 @@ profile ccze @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cert-sync b/apparmor.d/profiles-a-f/cert-sync index ab1442298..e2770bda1 100644 --- a/apparmor.d/profiles-a-f/cert-sync +++ b/apparmor.d/profiles-a-f/cert-sync @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,4 +15,6 @@ profile cert-sync @{exec_path} { @{bin}/mono-sgen rPx, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cfdisk b/apparmor.d/profiles-a-f/cfdisk index 1b2f27663..7559b5c84 100644 --- a/apparmor.d/profiles-a-f/cfdisk +++ b/apparmor.d/profiles-a-f/cfdisk @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -34,3 +33,5 @@ profile cfdisk @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cgdisk b/apparmor.d/profiles-a-f/cgdisk index db45c05f0..f19e70c26 100644 --- a/apparmor.d/profiles-a-f/cgdisk +++ b/apparmor.d/profiles-a-f/cgdisk @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -26,3 +25,5 @@ profile cgdisk @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cgrulesengd b/apparmor.d/profiles-a-f/cgrulesengd index 1e46f9c59..6c51eead1 100644 --- a/apparmor.d/profiles-a-f/cgrulesengd +++ b/apparmor.d/profiles-a-f/cgrulesengd @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -52,3 +51,5 @@ profile cgrulesengd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/chage b/apparmor.d/profiles-a-f/chage index caa2d69f8..3eaa0efb9 100644 --- a/apparmor.d/profiles-a-f/chage +++ b/apparmor.d/profiles-a-f/chage @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -37,3 +36,5 @@ profile chage @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/changestool b/apparmor.d/profiles-a-f/changestool index 63c867eb3..9dd650d51 100644 --- a/apparmor.d/profiles-a-f/changestool +++ b/apparmor.d/profiles-a-f/changestool @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -38,3 +37,5 @@ profile changestool @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/check-bios-nx b/apparmor.d/profiles-a-f/check-bios-nx index 11eb0c82a..4873d3e06 100644 --- a/apparmor.d/profiles-a-f/check-bios-nx +++ b/apparmor.d/profiles-a-f/check-bios-nx @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -48,3 +47,5 @@ profile check-bios-nx @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/check-support-status b/apparmor.d/profiles-a-f/check-support-status index 513fb86f6..bdd9719d3 100644 --- a/apparmor.d/profiles-a-f/check-support-status +++ b/apparmor.d/profiles-a-f/check-support-status @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -80,3 +79,5 @@ profile check-support-status @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/check-support-status-hook b/apparmor.d/profiles-a-f/check-support-status-hook index 9bdb5c145..e0c312423 100644 --- a/apparmor.d/profiles-a-f/check-support-status-hook +++ b/apparmor.d/profiles-a-f/check-support-status-hook @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -129,3 +128,5 @@ profile check-support-status-hook @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/chfn b/apparmor.d/profiles-a-f/chfn index 1030627e4..162a08b84 100644 --- a/apparmor.d/profiles-a-f/chfn +++ b/apparmor.d/profiles-a-f/chfn @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -46,3 +45,5 @@ profile chfn @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/chpasswd b/apparmor.d/profiles-a-f/chpasswd index b66f33550..1fd84f53c 100644 --- a/apparmor.d/profiles-a-f/chpasswd +++ b/apparmor.d/profiles-a-f/chpasswd @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include @@ -32,3 +31,5 @@ profile chpasswd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/chronyd b/apparmor.d/profiles-a-f/chronyd index 82c42cdf4..5aa5c5ed2 100644 --- a/apparmor.d/profiles-a-f/chronyd +++ b/apparmor.d/profiles-a-f/chronyd @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Based on https://salsa.debian.org/debian/chrony/-/blob/debian/latest/debian/usr.sbin.chronyd @@ -61,4 +60,6 @@ profile chronyd @{exec_path} flags=(attach_disconnected) { /dev/rtc{,@{int}} rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/chsh b/apparmor.d/profiles-a-f/chsh index 50ce2a84a..ffcdb5bdf 100644 --- a/apparmor.d/profiles-a-f/chsh +++ b/apparmor.d/profiles-a-f/chsh @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -47,3 +46,5 @@ profile chsh @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/claws-mail b/apparmor.d/profiles-a-f/claws-mail index 85094bf54..4de4543a4 100644 --- a/apparmor.d/profiles-a-f/claws-mail +++ b/apparmor.d/profiles-a-f/claws-mail @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -71,3 +70,5 @@ profile claws-mail @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/code b/apparmor.d/profiles-a-f/code index 6577100fa..393598746 100644 --- a/apparmor.d/profiles-a-f/code +++ b/apparmor.d/profiles-a-f/code @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -102,3 +101,5 @@ profile code flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/code-extension-git-askpass b/apparmor.d/profiles-a-f/code-extension-git-askpass index 10f03f0b9..6954ca966 100644 --- a/apparmor.d/profiles-a-f/code-extension-git-askpass +++ b/apparmor.d/profiles-a-f/code-extension-git-askpass @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -30,3 +29,5 @@ profile code-extension-git-askpass @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/code-extension-git-editor b/apparmor.d/profiles-a-f/code-extension-git-editor index ccea64355..104e01281 100644 --- a/apparmor.d/profiles-a-f/code-extension-git-editor +++ b/apparmor.d/profiles-a-f/code-extension-git-editor @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,4 +20,6 @@ profile code-extension-git-editor @{exec_path} { /dev/tty rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/code-wrapper b/apparmor.d/profiles-a-f/code-wrapper index af5a2ea7f..707164b09 100644 --- a/apparmor.d/profiles-a-f/code-wrapper +++ b/apparmor.d/profiles-a-f/code-wrapper @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -24,3 +23,5 @@ profile code-wrapper @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/compton b/apparmor.d/profiles-a-f/compton index 71f21ad02..b27228807 100644 --- a/apparmor.d/profiles-a-f/compton +++ b/apparmor.d/profiles-a-f/compton @@ -2,7 +2,6 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -26,3 +25,5 @@ profile compton @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/conky b/apparmor.d/profiles-a-f/conky index a63710c55..1e1b10abc 100644 --- a/apparmor.d/profiles-a-f/conky +++ b/apparmor.d/profiles-a-f/conky @@ -2,7 +2,6 @@ # Copyright (C) 2015-2020 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -205,3 +204,5 @@ profile conky @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/console-setup b/apparmor.d/profiles-a-f/console-setup index 18a99fb98..d7b41ff20 100644 --- a/apparmor.d/profiles-a-f/console-setup +++ b/apparmor.d/profiles-a-f/console-setup @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -19,4 +18,6 @@ profile console-setup @{exec_path} { @{run}/console-setup/boot_completed w, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/convertall b/apparmor.d/profiles-a-f/convertall index e63ce3698..28a393470 100644 --- a/apparmor.d/profiles-a-f/convertall +++ b/apparmor.d/profiles-a-f/convertall @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -42,3 +41,5 @@ profile convertall @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cppw-cpgr b/apparmor.d/profiles-a-f/cppw-cpgr index 5666b7de8..9e0aa0ad1 100644 --- a/apparmor.d/profiles-a-f/cppw-cpgr +++ b/apparmor.d/profiles-a-f/cppw-cpgr @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -35,3 +34,5 @@ profile cppw-cpgr @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cpuid b/apparmor.d/profiles-a-f/cpuid index 9fd267bc2..8df6f750e 100644 --- a/apparmor.d/profiles-a-f/cpuid +++ b/apparmor.d/profiles-a-f/cpuid @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -22,3 +21,5 @@ profile cpuid @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cracklib-packer b/apparmor.d/profiles-a-f/cracklib-packer index 904e746fd..d29bfbbee 100644 --- a/apparmor.d/profiles-a-f/cracklib-packer +++ b/apparmor.d/profiles-a-f/cracklib-packer @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,4 +15,6 @@ profile cracklib-packer @{exec_path} { owner /var/cache/cracklib/{,**} rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/crda b/apparmor.d/profiles-a-f/crda index 5e5c0e3a7..96fb4c706 100644 --- a/apparmor.d/profiles-a-f/crda +++ b/apparmor.d/profiles-a-f/crda @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -19,3 +18,5 @@ profile crda @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cups-backend-beh b/apparmor.d/profiles-a-f/cups-backend-beh index 84addbf75..5945ac6ea 100644 --- a/apparmor.d/profiles-a-f/cups-backend-beh +++ b/apparmor.d/profiles-a-f/cups-backend-beh @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,4 +15,6 @@ profile cups-backend-beh @{exec_path} { /etc/papersize r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cups-backend-bluetooth b/apparmor.d/profiles-a-f/cups-backend-bluetooth index d73290210..ba606c7ef 100644 --- a/apparmor.d/profiles-a-f/cups-backend-bluetooth +++ b/apparmor.d/profiles-a-f/cups-backend-bluetooth @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,4 +15,6 @@ profile cups-backend-bluetooth @{exec_path} { /etc/papersize r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cups-backend-brf b/apparmor.d/profiles-a-f/cups-backend-brf index 3840f47c0..2ea66ba05 100644 --- a/apparmor.d/profiles-a-f/cups-backend-brf +++ b/apparmor.d/profiles-a-f/cups-backend-brf @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -18,4 +17,6 @@ profile cups-backend-brf @{exec_path} { /etc/papersize r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cups-backend-dnssd b/apparmor.d/profiles-a-f/cups-backend-dnssd index f1e052df6..0bb1a34d1 100644 --- a/apparmor.d/profiles-a-f/cups-backend-dnssd +++ b/apparmor.d/profiles-a-f/cups-backend-dnssd @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -17,4 +16,6 @@ profile cups-backend-dnssd @{exec_path} { /etc/papersize r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cups-backend-hp b/apparmor.d/profiles-a-f/cups-backend-hp index 7547b4e06..f82ce7e0a 100644 --- a/apparmor.d/profiles-a-f/cups-backend-hp +++ b/apparmor.d/profiles-a-f/cups-backend-hp @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,4 +15,6 @@ profile cups-backend-hp @{exec_path} { /etc/papersize r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cups-backend-implicitclass b/apparmor.d/profiles-a-f/cups-backend-implicitclass index c5effeceb..6a50ec237 100644 --- a/apparmor.d/profiles-a-f/cups-backend-implicitclass +++ b/apparmor.d/profiles-a-f/cups-backend-implicitclass @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,4 +15,6 @@ profile cups-backend-implicitclass @{exec_path} { /etc/papersize r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cups-backend-ipp b/apparmor.d/profiles-a-f/cups-backend-ipp index 4cfba737b..706e1a5ae 100644 --- a/apparmor.d/profiles-a-f/cups-backend-ipp +++ b/apparmor.d/profiles-a-f/cups-backend-ipp @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,4 +15,6 @@ profile cups-backend-ipp @{exec_path} { /etc/papersize r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cups-backend-lpd b/apparmor.d/profiles-a-f/cups-backend-lpd index 0392d29cd..077a913a0 100644 --- a/apparmor.d/profiles-a-f/cups-backend-lpd +++ b/apparmor.d/profiles-a-f/cups-backend-lpd @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,4 +15,6 @@ profile cups-backend-lpd @{exec_path} { /etc/papersize r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cups-backend-mdns b/apparmor.d/profiles-a-f/cups-backend-mdns index 603d5c69d..a520e9a19 100644 --- a/apparmor.d/profiles-a-f/cups-backend-mdns +++ b/apparmor.d/profiles-a-f/cups-backend-mdns @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,4 +15,6 @@ profile cups-backend-mdns @{exec_path} { /etc/papersize r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cups-backend-parallel b/apparmor.d/profiles-a-f/cups-backend-parallel index a93805ff6..fe2e752ef 100644 --- a/apparmor.d/profiles-a-f/cups-backend-parallel +++ b/apparmor.d/profiles-a-f/cups-backend-parallel @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,4 +15,6 @@ profile cups-backend-parallel @{exec_path} { /etc/papersize r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cups-backend-pdf b/apparmor.d/profiles-a-f/cups-backend-pdf index 7b5794cb5..efbb2a85d 100644 --- a/apparmor.d/profiles-a-f/cups-backend-pdf +++ b/apparmor.d/profiles-a-f/cups-backend-pdf @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -44,4 +43,6 @@ profile cups-backend-pdf @{exec_path} { /dev/tty rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cups-backend-serial b/apparmor.d/profiles-a-f/cups-backend-serial index 695143a4b..e2ec19bce 100644 --- a/apparmor.d/profiles-a-f/cups-backend-serial +++ b/apparmor.d/profiles-a-f/cups-backend-serial @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -18,4 +17,6 @@ profile cups-backend-serial @{exec_path} { /dev/ttyS@{int} w, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cups-backend-snmp b/apparmor.d/profiles-a-f/cups-backend-snmp index fdd53fec8..1532db04b 100644 --- a/apparmor.d/profiles-a-f/cups-backend-snmp +++ b/apparmor.d/profiles-a-f/cups-backend-snmp @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -22,4 +21,6 @@ profile cups-backend-snmp @{exec_path} { /etc/papersize r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cups-backend-socket b/apparmor.d/profiles-a-f/cups-backend-socket index 52843ba90..338d2e2e6 100644 --- a/apparmor.d/profiles-a-f/cups-backend-socket +++ b/apparmor.d/profiles-a-f/cups-backend-socket @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,4 +15,6 @@ profile cups-backend-socket @{exec_path} { /etc/papersize r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cups-backend-usb b/apparmor.d/profiles-a-f/cups-backend-usb index 3067ecbbd..e647939f4 100644 --- a/apparmor.d/profiles-a-f/cups-backend-usb +++ b/apparmor.d/profiles-a-f/cups-backend-usb @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -24,4 +23,6 @@ profile cups-backend-usb @{exec_path} { /etc/papersize r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cups-browsed b/apparmor.d/profiles-a-f/cups-browsed index 47bf19aa4..2abffbe16 100644 --- a/apparmor.d/profiles-a-f/cups-browsed +++ b/apparmor.d/profiles-a-f/cups-browsed @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -53,3 +52,5 @@ profile cups-browsed @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cups-notifier-dbus b/apparmor.d/profiles-a-f/cups-notifier-dbus index 6510b26a3..9632ca91d 100644 --- a/apparmor.d/profiles-a-f/cups-notifier-dbus +++ b/apparmor.d/profiles-a-f/cups-notifier-dbus @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -24,4 +23,6 @@ profile cups-notifier-dbus @{exec_path} { owner @{tmp}/cups-dbus-notifier-lockfile rwk, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cups-notifier-mailto b/apparmor.d/profiles-a-f/cups-notifier-mailto index 235fb1694..aad9f73c3 100644 --- a/apparmor.d/profiles-a-f/cups-notifier-mailto +++ b/apparmor.d/profiles-a-f/cups-notifier-mailto @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -14,4 +13,6 @@ profile cups-notifier-mailto @{exec_path} { @{exec_path} mr, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cups-notifier-rss b/apparmor.d/profiles-a-f/cups-notifier-rss index 5e0cced1e..86dfecc9e 100644 --- a/apparmor.d/profiles-a-f/cups-notifier-rss +++ b/apparmor.d/profiles-a-f/cups-notifier-rss @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -14,4 +13,6 @@ profile cups-notifier-rss @{exec_path} { @{exec_path} mr, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cups-pk-helper-mechanism b/apparmor.d/profiles-a-f/cups-pk-helper-mechanism index 61544810d..7c67e3e6a 100644 --- a/apparmor.d/profiles-a-f/cups-pk-helper-mechanism +++ b/apparmor.d/profiles-a-f/cups-pk-helper-mechanism @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -32,4 +31,6 @@ profile cups-pk-helper-mechanism @{exec_path} { @{run}/cups/cups.sock rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/cupsd b/apparmor.d/profiles-a-f/cupsd index 07bf3b282..9511c7495 100644 --- a/apparmor.d/profiles-a-f/cupsd +++ b/apparmor.d/profiles-a-f/cupsd @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include @@ -101,3 +100,5 @@ profile cupsd @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/czkawka-cli b/apparmor.d/profiles-a-f/czkawka-cli index 473d83f36..6ad4c553b 100644 --- a/apparmor.d/profiles-a-f/czkawka-cli +++ b/apparmor.d/profiles-a-f/czkawka-cli @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -33,3 +32,5 @@ profile czkawka-cli @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/czkawka-gui b/apparmor.d/profiles-a-f/czkawka-gui index 5e3aed6e0..68a30c769 100644 --- a/apparmor.d/profiles-a-f/czkawka-gui +++ b/apparmor.d/profiles-a-f/czkawka-gui @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -67,3 +66,5 @@ profile czkawka-gui @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/ddclient b/apparmor.d/profiles-a-f/ddclient index 4cf11e151..000e61013 100644 --- a/apparmor.d/profiles-a-f/ddclient +++ b/apparmor.d/profiles-a-f/ddclient @@ -2,7 +2,6 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -31,3 +30,5 @@ profile ddclient @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/deltachat-desktop b/apparmor.d/profiles-a-f/deltachat-desktop index e32faffa3..eaf12a933 100644 --- a/apparmor.d/profiles-a-f/deltachat-desktop +++ b/apparmor.d/profiles-a-f/deltachat-desktop @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -108,3 +107,5 @@ profile deltachat-desktop @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/deluser b/apparmor.d/profiles-a-f/deluser index 66767f468..67e52b376 100644 --- a/apparmor.d/profiles-a-f/deluser +++ b/apparmor.d/profiles-a-f/deluser @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -60,3 +59,5 @@ profile deluser @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/df b/apparmor.d/profiles-a-f/df index 8e330d1f4..18b3687e1 100644 --- a/apparmor.d/profiles-a-f/df +++ b/apparmor.d/profiles-a-f/df @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -27,3 +26,5 @@ profile df @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dfc b/apparmor.d/profiles-a-f/dfc index 5304458d3..b4ccf6743 100644 --- a/apparmor.d/profiles-a-f/dfc +++ b/apparmor.d/profiles-a-f/dfc @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -26,3 +25,5 @@ profile dfc @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dhclient b/apparmor.d/profiles-a-f/dhclient index 4ffe0285e..20e45b87f 100644 --- a/apparmor.d/profiles-a-f/dhclient +++ b/apparmor.d/profiles-a-f/dhclient @@ -2,7 +2,6 @@ # Copyright (C) 2018-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -40,3 +39,5 @@ profile dhclient @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dhclient-script b/apparmor.d/profiles-a-f/dhclient-script index 59492147d..4261a8be7 100644 --- a/apparmor.d/profiles-a-f/dhclient-script +++ b/apparmor.d/profiles-a-f/dhclient-script @@ -2,7 +2,6 @@ # Copyright (C) 2018-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -82,3 +81,5 @@ profile dhclient-script @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dig b/apparmor.d/profiles-a-f/dig index ae9b641c1..87b80e3da 100644 --- a/apparmor.d/profiles-a-f/dig +++ b/apparmor.d/profiles-a-f/dig @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -35,3 +34,5 @@ profile dig @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dino-im b/apparmor.d/profiles-a-f/dino-im index 11b2b9358..f06989836 100644 --- a/apparmor.d/profiles-a-f/dino-im +++ b/apparmor.d/profiles-a-f/dino-im @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -51,3 +50,5 @@ profile dino-im @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dkms b/apparmor.d/profiles-a-f/dkms index 9dc74d072..90206b44c 100644 --- a/apparmor.d/profiles-a-f/dkms +++ b/apparmor.d/profiles-a-f/dkms @@ -3,7 +3,6 @@ # Copyright (C) 2021-2024 Alexandre Pujol # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -120,3 +119,5 @@ profile dkms @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dkms-autoinstaller b/apparmor.d/profiles-a-f/dkms-autoinstaller index 86f0b1c87..f266791a1 100644 --- a/apparmor.d/profiles-a-f/dkms-autoinstaller +++ b/apparmor.d/profiles-a-f/dkms-autoinstaller @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -47,3 +46,5 @@ profile dkms-autoinstaller @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dleyna-renderer-service b/apparmor.d/profiles-a-f/dleyna-renderer-service index f0e5cef84..d56098048 100644 --- a/apparmor.d/profiles-a-f/dleyna-renderer-service +++ b/apparmor.d/profiles-a-f/dleyna-renderer-service @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -24,4 +23,6 @@ profile dleyna-renderer-service @{exec_path} { owner @{user_config_dirs}/dleyna-renderer-service.conf rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dleyna-server-service b/apparmor.d/profiles-a-f/dleyna-server-service index 510104e61..f41d250f6 100644 --- a/apparmor.d/profiles-a-f/dleyna-server-service +++ b/apparmor.d/profiles-a-f/dleyna-server-service @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -26,4 +25,6 @@ profile dleyna-server-service @{exec_path} { owner @{user_config_dirs}/dleyna-server-service.conf w, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dlocate b/apparmor.d/profiles-a-f/dlocate index 5ae0a787e..e17a72c84 100644 --- a/apparmor.d/profiles-a-f/dlocate +++ b/apparmor.d/profiles-a-f/dlocate @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -64,3 +63,5 @@ profile dlocate @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dmcrypt-get-device b/apparmor.d/profiles-a-f/dmcrypt-get-device index e4171388f..2fa3fc6a9 100644 --- a/apparmor.d/profiles-a-f/dmcrypt-get-device +++ b/apparmor.d/profiles-a-f/dmcrypt-get-device @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -25,3 +24,5 @@ profile dmcrypt-get-device @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dmesg b/apparmor.d/profiles-a-f/dmesg index 5c1d38d1a..6dcd5cbb8 100644 --- a/apparmor.d/profiles-a-f/dmesg +++ b/apparmor.d/profiles-a-f/dmesg @@ -2,7 +2,6 @@ # Copyright (C) 2019-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -37,3 +36,5 @@ profile dmesg @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dmeventd b/apparmor.d/profiles-a-f/dmeventd index ab7bfaa54..2d904eec0 100644 --- a/apparmor.d/profiles-a-f/dmeventd +++ b/apparmor.d/profiles-a-f/dmeventd @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -15,3 +14,5 @@ profile dmeventd @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dmidecode b/apparmor.d/profiles-a-f/dmidecode index 2797dfe9f..061bc40ac 100644 --- a/apparmor.d/profiles-a-f/dmidecode +++ b/apparmor.d/profiles-a-f/dmidecode @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,3 +22,5 @@ profile dmidecode @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dnscrypt-proxy b/apparmor.d/profiles-a-f/dnscrypt-proxy index e7b4a09c0..03d47e395 100644 --- a/apparmor.d/profiles-a-f/dnscrypt-proxy +++ b/apparmor.d/profiles-a-f/dnscrypt-proxy @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -57,3 +56,5 @@ profile dnscrypt-proxy @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/downloadhelper b/apparmor.d/profiles-a-f/downloadhelper index 5556fb236..05b4085b3 100644 --- a/apparmor.d/profiles-a-f/downloadhelper +++ b/apparmor.d/profiles-a-f/downloadhelper @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -43,4 +42,6 @@ profile downloadhelper @{exec_path} { deny @{user_share_dirs}/gvfs-metadata/* r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dring b/apparmor.d/profiles-a-f/dring index 7c7ae44d8..8d0045030 100644 --- a/apparmor.d/profiles-a-f/dring +++ b/apparmor.d/profiles-a-f/dring @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -37,3 +36,5 @@ profile dring @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dumpcap b/apparmor.d/profiles-a-f/dumpcap index e3c3e800f..e03ad1742 100644 --- a/apparmor.d/profiles-a-f/dumpcap +++ b/apparmor.d/profiles-a-f/dumpcap @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -55,3 +54,5 @@ profile dumpcap @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dumpe2fs b/apparmor.d/profiles-a-f/dumpe2fs index 188a4b279..725f725c5 100644 --- a/apparmor.d/profiles-a-f/dumpe2fs +++ b/apparmor.d/profiles-a-f/dumpe2fs @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -26,3 +25,5 @@ profile dumpe2fs @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dunst b/apparmor.d/profiles-a-f/dunst index 69bf8d066..8fb895029 100644 --- a/apparmor.d/profiles-a-f/dunst +++ b/apparmor.d/profiles-a-f/dunst @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -24,3 +23,5 @@ profile dunst @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dunstctl b/apparmor.d/profiles-a-f/dunstctl index 18c5ea562..42276c6c6 100644 --- a/apparmor.d/profiles-a-f/dunstctl +++ b/apparmor.d/profiles-a-f/dunstctl @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -24,3 +23,5 @@ profile dunstctl @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/dunstify b/apparmor.d/profiles-a-f/dunstify index 94458981e..3a8f16c2f 100644 --- a/apparmor.d/profiles-a-f/dunstify +++ b/apparmor.d/profiles-a-f/dunstify @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -19,3 +18,5 @@ profile dunstify @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/e2fsck b/apparmor.d/profiles-a-f/e2fsck index ed1c574bb..8ce1ed3c7 100644 --- a/apparmor.d/profiles-a-f/e2fsck +++ b/apparmor.d/profiles-a-f/e2fsck @@ -2,7 +2,6 @@ # Copyright (C) 2019-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -40,3 +39,5 @@ profile e2fsck @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/e2image b/apparmor.d/profiles-a-f/e2image index 82f061f78..ccb4cc5a4 100644 --- a/apparmor.d/profiles-a-f/e2image +++ b/apparmor.d/profiles-a-f/e2image @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -24,3 +23,5 @@ profile e2image @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/e2scrub_all b/apparmor.d/profiles-a-f/e2scrub_all index 2537b9402..de648cac2 100644 --- a/apparmor.d/profiles-a-f/e2scrub_all +++ b/apparmor.d/profiles-a-f/e2scrub_all @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -26,4 +25,6 @@ profile e2scrub_all @{exec_path} flags=(attach_disconnected) { /dev/tty rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/edid-decode b/apparmor.d/profiles-a-f/edid-decode index f4a8921e9..8925e5e2d 100644 --- a/apparmor.d/profiles-a-f/edid-decode +++ b/apparmor.d/profiles-a-f/edid-decode @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -18,3 +17,5 @@ profile edid-decode @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/eject b/apparmor.d/profiles-a-f/eject index b2300da36..bd467c2be 100644 --- a/apparmor.d/profiles-a-f/eject +++ b/apparmor.d/profiles-a-f/eject @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -31,3 +30,5 @@ profile eject @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/element-desktop b/apparmor.d/profiles-a-f/element-desktop index f1bc8d5a2..1dd15b4b9 100644 --- a/apparmor.d/profiles-a-f/element-desktop +++ b/apparmor.d/profiles-a-f/element-desktop @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -47,4 +46,6 @@ profile element-desktop @{exec_path} { deny /var/lib/dbus/machine-id r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/engrampa b/apparmor.d/profiles-a-f/engrampa index 33608786e..78fa87937 100644 --- a/apparmor.d/profiles-a-f/engrampa +++ b/apparmor.d/profiles-a-f/engrampa @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -93,3 +92,5 @@ profile engrampa @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/etckeeper b/apparmor.d/profiles-a-f/etckeeper index ac24e53cb..6f10293c7 100644 --- a/apparmor.d/profiles-a-f/etckeeper +++ b/apparmor.d/profiles-a-f/etckeeper @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -77,4 +76,6 @@ profile etckeeper @{exec_path} { } include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/evince b/apparmor.d/profiles-a-f/evince index 510652be7..73d73eb02 100644 --- a/apparmor.d/profiles-a-f/evince +++ b/apparmor.d/profiles-a-f/evince @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -66,3 +65,5 @@ profile evince @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/evince-previewer b/apparmor.d/profiles-a-f/evince-previewer index c83e429b8..7a2b939a6 100644 --- a/apparmor.d/profiles-a-f/evince-previewer +++ b/apparmor.d/profiles-a-f/evince-previewer @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -19,4 +18,6 @@ profile evince-previewer @{exec_path} { @{exec_path} mr, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/evince-thumbnailer b/apparmor.d/profiles-a-f/evince-thumbnailer index a3eaf10a3..d4e63c924 100644 --- a/apparmor.d/profiles-a-f/evince-thumbnailer +++ b/apparmor.d/profiles-a-f/evince-thumbnailer @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -20,4 +19,6 @@ profile evince-thumbnailer @{exec_path} flags=(attach_disconnected) { owner @{tmp}/gnome-desktop-thumbnailer.png w, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/execute-dcut b/apparmor.d/profiles-a-f/execute-dcut index 53a534de2..9f03de7fc 100644 --- a/apparmor.d/profiles-a-f/execute-dcut +++ b/apparmor.d/profiles-a-f/execute-dcut @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -18,3 +17,5 @@ profile execute-dcut @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/execute-dput b/apparmor.d/profiles-a-f/execute-dput index 1047f2087..10edc6164 100644 --- a/apparmor.d/profiles-a-f/execute-dput +++ b/apparmor.d/profiles-a-f/execute-dput @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -51,3 +50,5 @@ profile execute-dput @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/exiftool b/apparmor.d/profiles-a-f/exiftool index f4b8864ff..23aac34d4 100644 --- a/apparmor.d/profiles-a-f/exiftool +++ b/apparmor.d/profiles-a-f/exiftool @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 valoq # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -17,3 +16,5 @@ profile exiftool @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/exim4 b/apparmor.d/profiles-a-f/exim4 index f17dfd2d9..3dae4cae6 100644 --- a/apparmor.d/profiles-a-f/exim4 +++ b/apparmor.d/profiles-a-f/exim4 @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -60,3 +59,5 @@ profile exim4 @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/exo-compose-mail b/apparmor.d/profiles-a-f/exo-compose-mail index 0f733f953..990c67b85 100644 --- a/apparmor.d/profiles-a-f/exo-compose-mail +++ b/apparmor.d/profiles-a-f/exo-compose-mail @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,3 +22,5 @@ profile exo-compose-mail @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/exo-helper b/apparmor.d/profiles-a-f/exo-helper index 3edd4b319..af38a5fa3 100644 --- a/apparmor.d/profiles-a-f/exo-helper +++ b/apparmor.d/profiles-a-f/exo-helper @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -54,3 +53,5 @@ profile exo-helper @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/exo-open b/apparmor.d/profiles-a-f/exo-open index 70bad7706..7d265e566 100644 --- a/apparmor.d/profiles-a-f/exo-open +++ b/apparmor.d/profiles-a-f/exo-open @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -32,3 +31,5 @@ profile exo-open @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/f3brew b/apparmor.d/profiles-a-f/f3brew index a0dcd513b..8572f369c 100644 --- a/apparmor.d/profiles-a-f/f3brew +++ b/apparmor.d/profiles-a-f/f3brew @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -17,3 +16,5 @@ profile f3brew @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/f3fix b/apparmor.d/profiles-a-f/f3fix index f2f695b92..a5d327e72 100644 --- a/apparmor.d/profiles-a-f/f3fix +++ b/apparmor.d/profiles-a-f/f3fix @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -41,3 +40,5 @@ profile f3fix @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/f3probe b/apparmor.d/profiles-a-f/f3probe index f3cfb4c2c..c7843c91f 100644 --- a/apparmor.d/profiles-a-f/f3probe +++ b/apparmor.d/profiles-a-f/f3probe @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -18,3 +17,5 @@ profile f3probe @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/f3read b/apparmor.d/profiles-a-f/f3read index 535016764..a25e7e0cc 100644 --- a/apparmor.d/profiles-a-f/f3read +++ b/apparmor.d/profiles-a-f/f3read @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -27,3 +26,5 @@ profile f3read @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/f3write b/apparmor.d/profiles-a-f/f3write index 19c432377..25282dff8 100644 --- a/apparmor.d/profiles-a-f/f3write +++ b/apparmor.d/profiles-a-f/f3write @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -31,3 +30,5 @@ profile f3write @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/fail2ban-client b/apparmor.d/profiles-a-f/fail2ban-client index 8e99384cb..23fd61125 100644 --- a/apparmor.d/profiles-a-f/fail2ban-client +++ b/apparmor.d/profiles-a-f/fail2ban-client @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,4 +20,6 @@ profile fail2ban-client @{exec_path} flags=(attach_disconnected) { /etc/fail2ban/{,**} r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/fail2ban-server b/apparmor.d/profiles-a-f/fail2ban-server index 7bc7ef21c..2706c8e43 100644 --- a/apparmor.d/profiles-a-f/fail2ban-server +++ b/apparmor.d/profiles-a-f/fail2ban-server @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -40,4 +39,6 @@ profile fail2ban-server @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/fd/ r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/fatlabel b/apparmor.d/profiles-a-f/fatlabel index 52e7a7e7f..df95d83c0 100644 --- a/apparmor.d/profiles-a-f/fatlabel +++ b/apparmor.d/profiles-a-f/fatlabel @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -17,3 +16,5 @@ profile fatlabel @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/fatresize b/apparmor.d/profiles-a-f/fatresize index 348794884..b94e0e49c 100644 --- a/apparmor.d/profiles-a-f/fatresize +++ b/apparmor.d/profiles-a-f/fatresize @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -38,3 +37,5 @@ profile fatresize @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/fdisk b/apparmor.d/profiles-a-f/fdisk index 880d4d7d7..815e3bc76 100644 --- a/apparmor.d/profiles-a-f/fdisk +++ b/apparmor.d/profiles-a-f/fdisk @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -36,3 +35,5 @@ profile fdisk @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/ffmpeg b/apparmor.d/profiles-a-f/ffmpeg index 8c386abb1..864becf32 100644 --- a/apparmor.d/profiles-a-f/ffmpeg +++ b/apparmor.d/profiles-a-f/ffmpeg @@ -2,7 +2,6 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -41,3 +40,5 @@ profile ffmpeg @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/ffplay b/apparmor.d/profiles-a-f/ffplay index 3149ae191..0615d1042 100644 --- a/apparmor.d/profiles-a-f/ffplay +++ b/apparmor.d/profiles-a-f/ffplay @@ -2,7 +2,6 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -35,3 +34,5 @@ profile ffplay @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/ffprobe b/apparmor.d/profiles-a-f/ffprobe index e917d1363..f5448d7ef 100644 --- a/apparmor.d/profiles-a-f/ffprobe +++ b/apparmor.d/profiles-a-f/ffprobe @@ -2,7 +2,6 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -25,3 +24,5 @@ profile ffprobe @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/file-roller b/apparmor.d/profiles-a-f/file-roller index c2f540880..4e432e2f1 100644 --- a/apparmor.d/profiles-a-f/file-roller +++ b/apparmor.d/profiles-a-f/file-roller @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -43,4 +42,6 @@ profile file-roller @{exec_path} { owner @{PROC}/@{pid}/mountinfo r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/filecap b/apparmor.d/profiles-a-f/filecap index 71d461654..afad4070c 100644 --- a/apparmor.d/profiles-a-f/filecap +++ b/apparmor.d/profiles-a-f/filecap @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -30,3 +29,5 @@ profile filecap @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/findmnt b/apparmor.d/profiles-a-f/findmnt index c62b1a0a1..7fb7c9e1b 100644 --- a/apparmor.d/profiles-a-f/findmnt +++ b/apparmor.d/profiles-a-f/findmnt @@ -2,7 +2,6 @@ # Copyright (C) 2022 Jeroen Rijken # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -28,4 +27,6 @@ profile findmnt @{exec_path} flags=(attach_disconnected,complain) { deny unix (receive) type=stream, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/firecfg b/apparmor.d/profiles-a-f/firecfg index 9775c26bb..c470d068a 100644 --- a/apparmor.d/profiles-a-f/firecfg +++ b/apparmor.d/profiles-a-f/firecfg @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -40,3 +39,5 @@ profile firecfg @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/firewalld b/apparmor.d/profiles-a-f/firewalld index 03d410a58..143719f0d 100644 --- a/apparmor.d/profiles-a-f/firewalld +++ b/apparmor.d/profiles-a-f/firewalld @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -78,4 +77,6 @@ profile firewalld @{exec_path} { owner @{PROC}/@{pids}/net/ip_tables_names r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/flameshot b/apparmor.d/profiles-a-f/flameshot index 88d5bb7d2..877e42912 100644 --- a/apparmor.d/profiles-a-f/flameshot +++ b/apparmor.d/profiles-a-f/flameshot @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -59,3 +58,5 @@ profile flameshot @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/flatpak b/apparmor.d/profiles-a-f/flatpak index 583993021..4d3220a08 100644 --- a/apparmor.d/profiles-a-f/flatpak +++ b/apparmor.d/profiles-a-f/flatpak @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -137,3 +136,5 @@ profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/flatpak-app b/apparmor.d/profiles-a-f/flatpak-app index dc2eb24db..41d72d143 100644 --- a/apparmor.d/profiles-a-f/flatpak-app +++ b/apparmor.d/profiles-a-f/flatpak-app @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Default profile for all flatpak applications. Ideally, this profile should be # generated by flatpak itself with settings from the flatpak manifest and @@ -95,3 +94,5 @@ profile flatpak-app flags=(attach_disconnected,mediate_deleted) { include if exists include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/flatpak-oci-authenticator b/apparmor.d/profiles-a-f/flatpak-oci-authenticator index 8d2cfb60c..9b379b55d 100644 --- a/apparmor.d/profiles-a-f/flatpak-oci-authenticator +++ b/apparmor.d/profiles-a-f/flatpak-oci-authenticator @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -17,4 +16,6 @@ profile flatpak-oci-authenticator @{exec_path} { @{exec_path} mr, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/flatpak-portal b/apparmor.d/profiles-a-f/flatpak-portal index 144aa5a43..570a3ea8c 100644 --- a/apparmor.d/profiles-a-f/flatpak-portal +++ b/apparmor.d/profiles-a-f/flatpak-portal @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -45,4 +44,6 @@ profile flatpak-portal @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/.flatpak/@{int}-private/* r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/flatpak-session-helper b/apparmor.d/profiles-a-f/flatpak-session-helper index 266ca0e96..d27d0c24a 100644 --- a/apparmor.d/profiles-a-f/flatpak-session-helper +++ b/apparmor.d/profiles-a-f/flatpak-session-helper @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -46,4 +45,6 @@ profile flatpak-session-helper @{exec_path} flags=(attach_disconnected) { /dev/ptmx rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/flatpak-system-helper b/apparmor.d/profiles-a-f/flatpak-system-helper index fbbfd50ce..81a1231cb 100644 --- a/apparmor.d/profiles-a-f/flatpak-system-helper +++ b/apparmor.d/profiles-a-f/flatpak-system-helper @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -74,3 +73,5 @@ profile flatpak-system-helper @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/flatpak-validate-icon b/apparmor.d/profiles-a-f/flatpak-validate-icon index 1c245d91a..7669bb1e6 100644 --- a/apparmor.d/profiles-a-f/flatpak-validate-icon +++ b/apparmor.d/profiles-a-f/flatpak-validate-icon @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -14,4 +13,6 @@ profile flatpak-validate-icon @{exec_path} { @{exec_path} mr, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/foliate b/apparmor.d/profiles-a-f/foliate index 8e56018c7..8498285d1 100644 --- a/apparmor.d/profiles-a-f/foliate +++ b/apparmor.d/profiles-a-f/foliate @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -69,4 +68,6 @@ profile foliate @{exec_path} flags=(attach_disconnected) { deny @{user_share_dirs}/gvfs-metadata/* r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/font-manager b/apparmor.d/profiles-a-f/font-manager index 3481dc109..6d7096ad7 100644 --- a/apparmor.d/profiles-a-f/font-manager +++ b/apparmor.d/profiles-a-f/font-manager @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -63,3 +62,5 @@ profile font-manager @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/fping b/apparmor.d/profiles-a-f/fping index ddc45ddff..5d30e4522 100644 --- a/apparmor.d/profiles-a-f/fping +++ b/apparmor.d/profiles-a-f/fping @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -27,3 +26,5 @@ profile fping @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/fprintd b/apparmor.d/profiles-a-f/fprintd index 0dd8c2867..d856867a3 100644 --- a/apparmor.d/profiles-a-f/fprintd +++ b/apparmor.d/profiles-a-f/fprintd @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -38,3 +37,5 @@ profile fprintd @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/fractal b/apparmor.d/profiles-a-f/fractal index db8cbdb5f..c6355c2ff 100644 --- a/apparmor.d/profiles-a-f/fractal +++ b/apparmor.d/profiles-a-f/fractal @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -41,4 +40,6 @@ profile fractal @{exec_path} flags=(attach_disconnected) { /dev/ r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/freefall b/apparmor.d/profiles-a-f/freefall index d47ff03f3..0499beb0a 100644 --- a/apparmor.d/profiles-a-f/freefall +++ b/apparmor.d/profiles-a-f/freefall @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -26,3 +25,5 @@ profile freefall @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/fritzing b/apparmor.d/profiles-a-f/fritzing index b6153edfe..3e3dde2e9 100644 --- a/apparmor.d/profiles-a-f/fritzing +++ b/apparmor.d/profiles-a-f/fritzing @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -69,3 +68,5 @@ profile fritzing @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/frontend b/apparmor.d/profiles-a-f/frontend index 68954d111..eb90c18d6 100644 --- a/apparmor.d/profiles-a-f/frontend +++ b/apparmor.d/profiles-a-f/frontend @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -126,3 +125,5 @@ profile frontend @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/fsck b/apparmor.d/profiles-a-f/fsck index be1ed77e9..d04b32e96 100644 --- a/apparmor.d/profiles-a-f/fsck +++ b/apparmor.d/profiles-a-f/fsck @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -41,3 +40,5 @@ profile fsck @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/fsck.btrfs b/apparmor.d/profiles-a-f/fsck.btrfs index 85db8768c..470b5a3d3 100644 --- a/apparmor.d/profiles-a-f/fsck.btrfs +++ b/apparmor.d/profiles-a-f/fsck.btrfs @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -20,3 +19,5 @@ profile fsck.btrfs @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/fsck.fat b/apparmor.d/profiles-a-f/fsck.fat index 38c372d2f..c188574ee 100644 --- a/apparmor.d/profiles-a-f/fsck.fat +++ b/apparmor.d/profiles-a-f/fsck.fat @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,3 +22,5 @@ profile fsck.fat @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/fuse-overlayfs b/apparmor.d/profiles-a-f/fuse-overlayfs index 327b9acce..643371c60 100644 --- a/apparmor.d/profiles-a-f/fuse-overlayfs +++ b/apparmor.d/profiles-a-f/fuse-overlayfs @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -29,4 +28,6 @@ profile fuse-overlayfs @{exec_path} { /dev/fuse rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/fuseiso b/apparmor.d/profiles-a-f/fuseiso index ca926a807..e4d6cfd99 100644 --- a/apparmor.d/profiles-a-f/fuseiso +++ b/apparmor.d/profiles-a-f/fuseiso @@ -2,7 +2,6 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -63,3 +62,5 @@ profile fuseiso @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/fusermount b/apparmor.d/profiles-a-f/fusermount index 59233a71d..6774ffa96 100644 --- a/apparmor.d/profiles-a-f/fusermount +++ b/apparmor.d/profiles-a-f/fusermount @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -56,3 +55,5 @@ profile fusermount @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/fwupd b/apparmor.d/profiles-a-f/fwupd index cfccf778e..316f6ebdd 100644 --- a/apparmor.d/profiles-a-f/fwupd +++ b/apparmor.d/profiles-a-f/fwupd @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -149,3 +148,5 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-a-f/fwupdmgr b/apparmor.d/profiles-a-f/fwupdmgr index f8ef48a32..6064c0ff1 100644 --- a/apparmor.d/profiles-a-f/fwupdmgr +++ b/apparmor.d/profiles-a-f/fwupdmgr @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -67,3 +66,5 @@ profile fwupdmgr @{exec_path} flags=(attach_disconnected,complain) { include if exists } + +# vim:syntax=apparmor From e2c868bd804490068983e6310ae9f7e3d1fdf9a9 Mon Sep 17 00:00:00 2001 From: REmerald <55359236+REmerald@users.noreply.github.com> Date: Sun, 9 Jun 2024 19:38:05 +0300 Subject: [PATCH 65/70] feat(profiles-g-l): vim syntax support Add vim modeline instructing the editor to use syntax plugin provided by apparmor. --- apparmor.d/profiles-g-l/gajim | 1 + apparmor.d/profiles-g-l/ganyremote | 1 + apparmor.d/profiles-g-l/gconfd | 1 + apparmor.d/profiles-g-l/gdisk | 1 + apparmor.d/profiles-g-l/gdk-pixbuf-query-loaders | 1 + apparmor.d/profiles-g-l/ghc-pkg | 1 + apparmor.d/profiles-g-l/gio-querymodules | 1 + apparmor.d/profiles-g-l/git | 1 + apparmor.d/profiles-g-l/gitstatusd | 1 + apparmor.d/profiles-g-l/glib-compile-resources | 1 + apparmor.d/profiles-g-l/glib-compile-schemas | 1 + apparmor.d/profiles-g-l/glib-pacrunner | 1 + apparmor.d/profiles-g-l/globaltime | 1 + apparmor.d/profiles-g-l/glxgears | 1 + apparmor.d/profiles-g-l/glxinfo | 1 + apparmor.d/profiles-g-l/gpa | 1 + apparmor.d/profiles-g-l/gparted | 1 + apparmor.d/profiles-g-l/gpartedbin | 1 + apparmor.d/profiles-g-l/gpasswd | 1 + apparmor.d/profiles-g-l/gping | 1 + apparmor.d/profiles-g-l/gpo | 1 + apparmor.d/profiles-g-l/gpodder | 1 + apparmor.d/profiles-g-l/gpodder-migrate2tres | 1 + apparmor.d/profiles-g-l/gpu-manager | 1 + apparmor.d/profiles-g-l/groupadd | 1 + apparmor.d/profiles-g-l/groupdel | 1 + apparmor.d/profiles-g-l/groupmod | 1 + apparmor.d/profiles-g-l/groups | 1 + apparmor.d/profiles-g-l/grpck | 1 + apparmor.d/profiles-g-l/gsettings | 1 + apparmor.d/profiles-g-l/gsimplecal | 1 + apparmor.d/profiles-g-l/gsmartcontrol | 1 + apparmor.d/profiles-g-l/gsmartcontrol-root | 1 + apparmor.d/profiles-g-l/gssproxy | 1 + apparmor.d/profiles-g-l/gtk-query-immodules | 1 + apparmor.d/profiles-g-l/gtk-update-icon-cache | 1 + apparmor.d/profiles-g-l/gtk-youtube-viewer | 1 + apparmor.d/profiles-g-l/hardinfo | 1 + apparmor.d/profiles-g-l/hbbr | 1 + apparmor.d/profiles-g-l/hbbs | 1 + apparmor.d/profiles-g-l/hciconfig | 1 + apparmor.d/profiles-g-l/hddtemp | 1 + apparmor.d/profiles-g-l/hdparm | 1 + apparmor.d/profiles-g-l/hexchat | 1 + apparmor.d/profiles-g-l/highlight | 1 + apparmor.d/profiles-g-l/host | 1 + apparmor.d/profiles-g-l/hostname | 1 + apparmor.d/profiles-g-l/htop | 1 + apparmor.d/profiles-g-l/hugeadm | 1 + apparmor.d/profiles-g-l/hugo | 1 + apparmor.d/profiles-g-l/hw-probe | 1 + apparmor.d/profiles-g-l/hwinfo | 1 + apparmor.d/profiles-g-l/hypnotix | 1 + apparmor.d/profiles-g-l/i2cdetect | 1 + apparmor.d/profiles-g-l/i3lock | 1 + apparmor.d/profiles-g-l/i3lock-fancy | 1 + apparmor.d/profiles-g-l/iceauth | 1 + apparmor.d/profiles-g-l/id | 1 + apparmor.d/profiles-g-l/ifconfig | 1 + apparmor.d/profiles-g-l/ifup | 1 + apparmor.d/profiles-g-l/im-launch | 1 + apparmor.d/profiles-g-l/imv-wayland | 1 + apparmor.d/profiles-g-l/initd-kexec | 1 + apparmor.d/profiles-g-l/initd-kexec-load | 1 + apparmor.d/profiles-g-l/initd-kmod | 1 + apparmor.d/profiles-g-l/install-catalog | 1 + apparmor.d/profiles-g-l/install-info | 1 + apparmor.d/profiles-g-l/install-printerdriver | 1 + apparmor.d/profiles-g-l/inxi | 1 + apparmor.d/profiles-g-l/ioping | 1 + apparmor.d/profiles-g-l/iotop | 1 + apparmor.d/profiles-g-l/ip | 1 + apparmor.d/profiles-g-l/ipcalc | 1 + apparmor.d/profiles-g-l/irqbalance | 1 + apparmor.d/profiles-g-l/issue-generator | 1 + apparmor.d/profiles-g-l/iw | 1 + apparmor.d/profiles-g-l/iwconfig | 1 + apparmor.d/profiles-g-l/iwlist | 1 + apparmor.d/profiles-g-l/jackdbus | 1 + apparmor.d/profiles-g-l/jami-gnome | 1 + apparmor.d/profiles-g-l/jdownloader | 1 + apparmor.d/profiles-g-l/jekyll | 1 + apparmor.d/profiles-g-l/jgmenu | 1 + apparmor.d/profiles-g-l/jitterentropy-rngd | 1 + apparmor.d/profiles-g-l/jmtpfs | 1 + apparmor.d/profiles-g-l/kanyremote | 1 + apparmor.d/profiles-g-l/kcheckpass | 1 + apparmor.d/profiles-g-l/kconfig-hardened-check | 1 + apparmor.d/profiles-g-l/keepassxc | 1 + apparmor.d/profiles-g-l/keepassxc-cli | 1 + apparmor.d/profiles-g-l/keepassxc-proxy | 1 + apparmor.d/profiles-g-l/kernel-install | 1 + apparmor.d/profiles-g-l/kerneloops | 1 + apparmor.d/profiles-g-l/kerneloops-applet | 1 + apparmor.d/profiles-g-l/kexec | 1 + apparmor.d/profiles-g-l/kmod | 1 + apparmor.d/profiles-g-l/kodi | 1 + apparmor.d/profiles-g-l/kodi-xrandr | 1 + apparmor.d/profiles-g-l/kvm-ok | 1 + apparmor.d/profiles-g-l/labwc | 1 + apparmor.d/profiles-g-l/landscape-sysinfo | 1 + apparmor.d/profiles-g-l/landscape-sysinfo.wrapper | 1 + apparmor.d/profiles-g-l/language-validate | 1 + apparmor.d/profiles-g-l/last | 1 + apparmor.d/profiles-g-l/lastlog | 1 + apparmor.d/profiles-g-l/libreoffice | 1 + apparmor.d/profiles-g-l/light | 1 + apparmor.d/profiles-g-l/light-locker | 1 + apparmor.d/profiles-g-l/light-locker-command | 1 + apparmor.d/profiles-g-l/lightworks | 1 + apparmor.d/profiles-g-l/lightworks-ntcardvt | 1 + apparmor.d/profiles-g-l/linssid | 1 + apparmor.d/profiles-g-l/linux-check-removal | 1 + apparmor.d/profiles-g-l/linux-version | 1 + apparmor.d/profiles-g-l/locale-gen | 1 + apparmor.d/profiles-g-l/localepurge | 1 + apparmor.d/profiles-g-l/login | 1 + apparmor.d/profiles-g-l/logrotate | 1 + apparmor.d/profiles-g-l/losetup | 1 + apparmor.d/profiles-g-l/low-memory-monitor | 1 + apparmor.d/profiles-g-l/lsblk | 1 + apparmor.d/profiles-g-l/lscpu | 1 + apparmor.d/profiles-g-l/lsinitramfs | 1 + apparmor.d/profiles-g-l/lspci | 1 + apparmor.d/profiles-g-l/lsusb | 1 + apparmor.d/profiles-g-l/lvm | 1 + apparmor.d/profiles-g-l/lvmconfig | 1 + apparmor.d/profiles-g-l/lvmdump | 1 + apparmor.d/profiles-g-l/lvmpolld | 1 + apparmor.d/profiles-g-l/lxappearance | 1 + apparmor.d/profiles-g-l/lynx | 1 + 131 files changed, 131 insertions(+) diff --git a/apparmor.d/profiles-g-l/gajim b/apparmor.d/profiles-g-l/gajim index 361f6c7c0..0f19c7614 100644 --- a/apparmor.d/profiles-g-l/gajim +++ b/apparmor.d/profiles-g-l/gajim @@ -2,6 +2,7 @@ # Copyright (C) 2015-2020 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/ganyremote b/apparmor.d/profiles-g-l/ganyremote index 36cb8f90b..f169bfd3e 100644 --- a/apparmor.d/profiles-g-l/ganyremote +++ b/apparmor.d/profiles-g-l/ganyremote @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gconfd b/apparmor.d/profiles-g-l/gconfd index 03544d354..c1d8cdde9 100644 --- a/apparmor.d/profiles-g-l/gconfd +++ b/apparmor.d/profiles-g-l/gconfd @@ -2,6 +2,7 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gdisk b/apparmor.d/profiles-g-l/gdisk index 13cf3e41e..6bff416b8 100644 --- a/apparmor.d/profiles-g-l/gdisk +++ b/apparmor.d/profiles-g-l/gdisk @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gdk-pixbuf-query-loaders b/apparmor.d/profiles-g-l/gdk-pixbuf-query-loaders index cce69937f..48744f4cc 100644 --- a/apparmor.d/profiles-g-l/gdk-pixbuf-query-loaders +++ b/apparmor.d/profiles-g-l/gdk-pixbuf-query-loaders @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/ghc-pkg b/apparmor.d/profiles-g-l/ghc-pkg index f4518370e..bafe2bb34 100644 --- a/apparmor.d/profiles-g-l/ghc-pkg +++ b/apparmor.d/profiles-g-l/ghc-pkg @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gio-querymodules b/apparmor.d/profiles-g-l/gio-querymodules index a8ba53f4f..34ff9eb23 100644 --- a/apparmor.d/profiles-g-l/gio-querymodules +++ b/apparmor.d/profiles-g-l/gio-querymodules @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/git b/apparmor.d/profiles-g-l/git index 0944759cf..c53acc398 100644 --- a/apparmor.d/profiles-g-l/git +++ b/apparmor.d/profiles-g-l/git @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gitstatusd b/apparmor.d/profiles-g-l/gitstatusd index f0b837c6a..ea351293c 100644 --- a/apparmor.d/profiles-g-l/gitstatusd +++ b/apparmor.d/profiles-g-l/gitstatusd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/glib-compile-resources b/apparmor.d/profiles-g-l/glib-compile-resources index 6062bbff2..cf8466186 100644 --- a/apparmor.d/profiles-g-l/glib-compile-resources +++ b/apparmor.d/profiles-g-l/glib-compile-resources @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/glib-compile-schemas b/apparmor.d/profiles-g-l/glib-compile-schemas index 476b4ebfc..cff914ee3 100644 --- a/apparmor.d/profiles-g-l/glib-compile-schemas +++ b/apparmor.d/profiles-g-l/glib-compile-schemas @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/glib-pacrunner b/apparmor.d/profiles-g-l/glib-pacrunner index 13ae9222f..856775c05 100644 --- a/apparmor.d/profiles-g-l/glib-pacrunner +++ b/apparmor.d/profiles-g-l/glib-pacrunner @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/globaltime b/apparmor.d/profiles-g-l/globaltime index 4d3027ac0..484b15a60 100644 --- a/apparmor.d/profiles-g-l/globaltime +++ b/apparmor.d/profiles-g-l/globaltime @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/glxgears b/apparmor.d/profiles-g-l/glxgears index 321aaa702..04b9f0714 100644 --- a/apparmor.d/profiles-g-l/glxgears +++ b/apparmor.d/profiles-g-l/glxgears @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/glxinfo b/apparmor.d/profiles-g-l/glxinfo index a13a22e7eb..28744a364 100644 --- a/apparmor.d/profiles-g-l/glxinfo +++ b/apparmor.d/profiles-g-l/glxinfo @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gpa b/apparmor.d/profiles-g-l/gpa index 566bd7815..e6b494503 100644 --- a/apparmor.d/profiles-g-l/gpa +++ b/apparmor.d/profiles-g-l/gpa @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gparted b/apparmor.d/profiles-g-l/gparted index ca42f4669..d0eaf0f71 100644 --- a/apparmor.d/profiles-g-l/gparted +++ b/apparmor.d/profiles-g-l/gparted @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gpartedbin b/apparmor.d/profiles-g-l/gpartedbin index 65f6bbc12..18d4054d2 100644 --- a/apparmor.d/profiles-g-l/gpartedbin +++ b/apparmor.d/profiles-g-l/gpartedbin @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gpasswd b/apparmor.d/profiles-g-l/gpasswd index 150b7b499..2c5e3f659 100644 --- a/apparmor.d/profiles-g-l/gpasswd +++ b/apparmor.d/profiles-g-l/gpasswd @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gping b/apparmor.d/profiles-g-l/gping index e629ab584..63262a109 100644 --- a/apparmor.d/profiles-g-l/gping +++ b/apparmor.d/profiles-g-l/gping @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gpo b/apparmor.d/profiles-g-l/gpo index 208036d8e..3573a3d80 100644 --- a/apparmor.d/profiles-g-l/gpo +++ b/apparmor.d/profiles-g-l/gpo @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gpodder b/apparmor.d/profiles-g-l/gpodder index c945d59cb..5bc8685c3 100644 --- a/apparmor.d/profiles-g-l/gpodder +++ b/apparmor.d/profiles-g-l/gpodder @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gpodder-migrate2tres b/apparmor.d/profiles-g-l/gpodder-migrate2tres index 0c048b19e..bbe9b33d9 100644 --- a/apparmor.d/profiles-g-l/gpodder-migrate2tres +++ b/apparmor.d/profiles-g-l/gpodder-migrate2tres @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gpu-manager b/apparmor.d/profiles-g-l/gpu-manager index 9177b7b3c..11c3ac1fc 100644 --- a/apparmor.d/profiles-g-l/gpu-manager +++ b/apparmor.d/profiles-g-l/gpu-manager @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/groupadd b/apparmor.d/profiles-g-l/groupadd index b0fd33c5c..4ca7adeb6 100644 --- a/apparmor.d/profiles-g-l/groupadd +++ b/apparmor.d/profiles-g-l/groupadd @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/groupdel b/apparmor.d/profiles-g-l/groupdel index 1d7ecb4bc..c4c4d1e79 100644 --- a/apparmor.d/profiles-g-l/groupdel +++ b/apparmor.d/profiles-g-l/groupdel @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/groupmod b/apparmor.d/profiles-g-l/groupmod index acb53e6ff..0e0b4a6fd 100644 --- a/apparmor.d/profiles-g-l/groupmod +++ b/apparmor.d/profiles-g-l/groupmod @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/groups b/apparmor.d/profiles-g-l/groups index 2affa7562..3897ee0f6 100644 --- a/apparmor.d/profiles-g-l/groups +++ b/apparmor.d/profiles-g-l/groups @@ -2,6 +2,7 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/grpck b/apparmor.d/profiles-g-l/grpck index 190322e3f..a9a4c69ff 100644 --- a/apparmor.d/profiles-g-l/grpck +++ b/apparmor.d/profiles-g-l/grpck @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gsettings b/apparmor.d/profiles-g-l/gsettings index 17671f735..a3a2e2b86 100644 --- a/apparmor.d/profiles-g-l/gsettings +++ b/apparmor.d/profiles-g-l/gsettings @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gsimplecal b/apparmor.d/profiles-g-l/gsimplecal index d1b6994e4..d05e262d8 100644 --- a/apparmor.d/profiles-g-l/gsimplecal +++ b/apparmor.d/profiles-g-l/gsimplecal @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gsmartcontrol b/apparmor.d/profiles-g-l/gsmartcontrol index 6c4038e4a..8b1079d49 100644 --- a/apparmor.d/profiles-g-l/gsmartcontrol +++ b/apparmor.d/profiles-g-l/gsmartcontrol @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gsmartcontrol-root b/apparmor.d/profiles-g-l/gsmartcontrol-root index f5a817f6b..fc943e26b 100644 --- a/apparmor.d/profiles-g-l/gsmartcontrol-root +++ b/apparmor.d/profiles-g-l/gsmartcontrol-root @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gssproxy b/apparmor.d/profiles-g-l/gssproxy index ca6b34ccf..c179d7a29 100644 --- a/apparmor.d/profiles-g-l/gssproxy +++ b/apparmor.d/profiles-g-l/gssproxy @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gtk-query-immodules b/apparmor.d/profiles-g-l/gtk-query-immodules index eee4f7e51..1ff4a10ba 100644 --- a/apparmor.d/profiles-g-l/gtk-query-immodules +++ b/apparmor.d/profiles-g-l/gtk-query-immodules @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gtk-update-icon-cache b/apparmor.d/profiles-g-l/gtk-update-icon-cache index 917332e3d..5ba0ba7a0 100644 --- a/apparmor.d/profiles-g-l/gtk-update-icon-cache +++ b/apparmor.d/profiles-g-l/gtk-update-icon-cache @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/gtk-youtube-viewer b/apparmor.d/profiles-g-l/gtk-youtube-viewer index 9f3e50df2..86180f31b 100644 --- a/apparmor.d/profiles-g-l/gtk-youtube-viewer +++ b/apparmor.d/profiles-g-l/gtk-youtube-viewer @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/hardinfo b/apparmor.d/profiles-g-l/hardinfo index 02dd62dcd..9e8ba4cd3 100644 --- a/apparmor.d/profiles-g-l/hardinfo +++ b/apparmor.d/profiles-g-l/hardinfo @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/hbbr b/apparmor.d/profiles-g-l/hbbr index f2150ba95..a48386f67 100644 --- a/apparmor.d/profiles-g-l/hbbr +++ b/apparmor.d/profiles-g-l/hbbr @@ -1,5 +1,6 @@ # apparmor.d - Full set of apparmor profiles # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/hbbs b/apparmor.d/profiles-g-l/hbbs index 783ee97a2..6c7242f3e 100644 --- a/apparmor.d/profiles-g-l/hbbs +++ b/apparmor.d/profiles-g-l/hbbs @@ -1,5 +1,6 @@ # apparmor.d - Full set of apparmor profiles # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/hciconfig b/apparmor.d/profiles-g-l/hciconfig index a1bd70d14..b83867b9a 100644 --- a/apparmor.d/profiles-g-l/hciconfig +++ b/apparmor.d/profiles-g-l/hciconfig @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/hddtemp b/apparmor.d/profiles-g-l/hddtemp index efc3bbcb6..56b57d224 100644 --- a/apparmor.d/profiles-g-l/hddtemp +++ b/apparmor.d/profiles-g-l/hddtemp @@ -2,6 +2,7 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/hdparm b/apparmor.d/profiles-g-l/hdparm index 4abb330e9..f236b9bf1 100644 --- a/apparmor.d/profiles-g-l/hdparm +++ b/apparmor.d/profiles-g-l/hdparm @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/hexchat b/apparmor.d/profiles-g-l/hexchat index a802ea639..471440ca7 100644 --- a/apparmor.d/profiles-g-l/hexchat +++ b/apparmor.d/profiles-g-l/hexchat @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/highlight b/apparmor.d/profiles-g-l/highlight index 4a5ef1402..b7100b309 100644 --- a/apparmor.d/profiles-g-l/highlight +++ b/apparmor.d/profiles-g-l/highlight @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 valoq # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/host b/apparmor.d/profiles-g-l/host index d063bf167..5fc23e6fa 100644 --- a/apparmor.d/profiles-g-l/host +++ b/apparmor.d/profiles-g-l/host @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/hostname b/apparmor.d/profiles-g-l/hostname index d0c1cc18c..345d6062c 100644 --- a/apparmor.d/profiles-g-l/hostname +++ b/apparmor.d/profiles-g-l/hostname @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/htop b/apparmor.d/profiles-g-l/htop index 9c56a9986..cc0b566ed 100644 --- a/apparmor.d/profiles-g-l/htop +++ b/apparmor.d/profiles-g-l/htop @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/hugeadm b/apparmor.d/profiles-g-l/hugeadm index 858f2740a..a4f478b95 100644 --- a/apparmor.d/profiles-g-l/hugeadm +++ b/apparmor.d/profiles-g-l/hugeadm @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/hugo b/apparmor.d/profiles-g-l/hugo index b3222265d..04d81eea6 100644 --- a/apparmor.d/profiles-g-l/hugo +++ b/apparmor.d/profiles-g-l/hugo @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/hw-probe b/apparmor.d/profiles-g-l/hw-probe index c9aa1469c..4c79eb330 100644 --- a/apparmor.d/profiles-g-l/hw-probe +++ b/apparmor.d/profiles-g-l/hw-probe @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/hwinfo b/apparmor.d/profiles-g-l/hwinfo index b8c46b96c..a2155b11c 100644 --- a/apparmor.d/profiles-g-l/hwinfo +++ b/apparmor.d/profiles-g-l/hwinfo @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/hypnotix b/apparmor.d/profiles-g-l/hypnotix index 4a0679f52..96d06ad76 100644 --- a/apparmor.d/profiles-g-l/hypnotix +++ b/apparmor.d/profiles-g-l/hypnotix @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/i2cdetect b/apparmor.d/profiles-g-l/i2cdetect index baad4b969..141a7567b 100644 --- a/apparmor.d/profiles-g-l/i2cdetect +++ b/apparmor.d/profiles-g-l/i2cdetect @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/i3lock b/apparmor.d/profiles-g-l/i3lock index 4d3600a75..8e9c1154e 100644 --- a/apparmor.d/profiles-g-l/i3lock +++ b/apparmor.d/profiles-g-l/i3lock @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/i3lock-fancy b/apparmor.d/profiles-g-l/i3lock-fancy index f0e0f35ff..43004cdb3 100644 --- a/apparmor.d/profiles-g-l/i3lock-fancy +++ b/apparmor.d/profiles-g-l/i3lock-fancy @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/iceauth b/apparmor.d/profiles-g-l/iceauth index bd8df0f2e..adb3109c6 100644 --- a/apparmor.d/profiles-g-l/iceauth +++ b/apparmor.d/profiles-g-l/iceauth @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/id b/apparmor.d/profiles-g-l/id index 7c92f2b9a..2ce341558 100644 --- a/apparmor.d/profiles-g-l/id +++ b/apparmor.d/profiles-g-l/id @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/ifconfig b/apparmor.d/profiles-g-l/ifconfig index 74fe432ad..cad08d09f 100644 --- a/apparmor.d/profiles-g-l/ifconfig +++ b/apparmor.d/profiles-g-l/ifconfig @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/ifup b/apparmor.d/profiles-g-l/ifup index 6ee7d10d2..d0b1abfeb 100644 --- a/apparmor.d/profiles-g-l/ifup +++ b/apparmor.d/profiles-g-l/ifup @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/im-launch b/apparmor.d/profiles-g-l/im-launch index faf618d36..6f6af77b0 100644 --- a/apparmor.d/profiles-g-l/im-launch +++ b/apparmor.d/profiles-g-l/im-launch @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/imv-wayland b/apparmor.d/profiles-g-l/imv-wayland index 6bac7898b..daee53654 100644 --- a/apparmor.d/profiles-g-l/imv-wayland +++ b/apparmor.d/profiles-g-l/imv-wayland @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 valoq # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/initd-kexec b/apparmor.d/profiles-g-l/initd-kexec index fcda63e83..f9802d32d 100644 --- a/apparmor.d/profiles-g-l/initd-kexec +++ b/apparmor.d/profiles-g-l/initd-kexec @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/initd-kexec-load b/apparmor.d/profiles-g-l/initd-kexec-load index ab1d54536..4fb1daedd 100644 --- a/apparmor.d/profiles-g-l/initd-kexec-load +++ b/apparmor.d/profiles-g-l/initd-kexec-load @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/initd-kmod b/apparmor.d/profiles-g-l/initd-kmod index 53c39142b..fa7f06f4e 100644 --- a/apparmor.d/profiles-g-l/initd-kmod +++ b/apparmor.d/profiles-g-l/initd-kmod @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/install-catalog b/apparmor.d/profiles-g-l/install-catalog index 714d10a66..70552208b 100644 --- a/apparmor.d/profiles-g-l/install-catalog +++ b/apparmor.d/profiles-g-l/install-catalog @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/install-info b/apparmor.d/profiles-g-l/install-info index 4060e715e..df2017210 100644 --- a/apparmor.d/profiles-g-l/install-info +++ b/apparmor.d/profiles-g-l/install-info @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/install-printerdriver b/apparmor.d/profiles-g-l/install-printerdriver index e8d110a99..67c09ecea 100644 --- a/apparmor.d/profiles-g-l/install-printerdriver +++ b/apparmor.d/profiles-g-l/install-printerdriver @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/inxi b/apparmor.d/profiles-g-l/inxi index bc59dedb2..d79de8f00 100644 --- a/apparmor.d/profiles-g-l/inxi +++ b/apparmor.d/profiles-g-l/inxi @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/ioping b/apparmor.d/profiles-g-l/ioping index 5eb45817e..cedc79135 100644 --- a/apparmor.d/profiles-g-l/ioping +++ b/apparmor.d/profiles-g-l/ioping @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/iotop b/apparmor.d/profiles-g-l/iotop index 7cf6e55e6..fa7ad1e5a 100644 --- a/apparmor.d/profiles-g-l/iotop +++ b/apparmor.d/profiles-g-l/iotop @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/ip b/apparmor.d/profiles-g-l/ip index 33f0c57d7..fad0a172d 100644 --- a/apparmor.d/profiles-g-l/ip +++ b/apparmor.d/profiles-g-l/ip @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/ipcalc b/apparmor.d/profiles-g-l/ipcalc index bc28ac5f0..5a526121f 100644 --- a/apparmor.d/profiles-g-l/ipcalc +++ b/apparmor.d/profiles-g-l/ipcalc @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/irqbalance b/apparmor.d/profiles-g-l/irqbalance index 49f0dd90f..6fe5c9221 100644 --- a/apparmor.d/profiles-g-l/irqbalance +++ b/apparmor.d/profiles-g-l/irqbalance @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/issue-generator b/apparmor.d/profiles-g-l/issue-generator index f7b9fa5fe..60c82f4f3 100644 --- a/apparmor.d/profiles-g-l/issue-generator +++ b/apparmor.d/profiles-g-l/issue-generator @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/iw b/apparmor.d/profiles-g-l/iw index 3282afe9c..29fbca99b 100644 --- a/apparmor.d/profiles-g-l/iw +++ b/apparmor.d/profiles-g-l/iw @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/iwconfig b/apparmor.d/profiles-g-l/iwconfig index 4246f81e6..eaaeb7e22 100644 --- a/apparmor.d/profiles-g-l/iwconfig +++ b/apparmor.d/profiles-g-l/iwconfig @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/iwlist b/apparmor.d/profiles-g-l/iwlist index cfa7f1b53..b2051443e 100644 --- a/apparmor.d/profiles-g-l/iwlist +++ b/apparmor.d/profiles-g-l/iwlist @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/jackdbus b/apparmor.d/profiles-g-l/jackdbus index 9cf1be3b8..e317761e0 100644 --- a/apparmor.d/profiles-g-l/jackdbus +++ b/apparmor.d/profiles-g-l/jackdbus @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/jami-gnome b/apparmor.d/profiles-g-l/jami-gnome index a2798cbc9..60d6c492e 100644 --- a/apparmor.d/profiles-g-l/jami-gnome +++ b/apparmor.d/profiles-g-l/jami-gnome @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/jdownloader b/apparmor.d/profiles-g-l/jdownloader index 27981fe73..2bae0b723 100644 --- a/apparmor.d/profiles-g-l/jdownloader +++ b/apparmor.d/profiles-g-l/jdownloader @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/jekyll b/apparmor.d/profiles-g-l/jekyll index 3142c44d6..f39226ffc 100644 --- a/apparmor.d/profiles-g-l/jekyll +++ b/apparmor.d/profiles-g-l/jekyll @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/jgmenu b/apparmor.d/profiles-g-l/jgmenu index a9eda288e..dd5697b14 100644 --- a/apparmor.d/profiles-g-l/jgmenu +++ b/apparmor.d/profiles-g-l/jgmenu @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/jitterentropy-rngd b/apparmor.d/profiles-g-l/jitterentropy-rngd index 1434e560f..4967c9e64 100644 --- a/apparmor.d/profiles-g-l/jitterentropy-rngd +++ b/apparmor.d/profiles-g-l/jitterentropy-rngd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/jmtpfs b/apparmor.d/profiles-g-l/jmtpfs index a90c7de8f..9a2be96b8 100644 --- a/apparmor.d/profiles-g-l/jmtpfs +++ b/apparmor.d/profiles-g-l/jmtpfs @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/kanyremote b/apparmor.d/profiles-g-l/kanyremote index 8f0ba584b..32a6a8e45 100644 --- a/apparmor.d/profiles-g-l/kanyremote +++ b/apparmor.d/profiles-g-l/kanyremote @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/kcheckpass b/apparmor.d/profiles-g-l/kcheckpass index dd4343a32..f2ebf0010 100644 --- a/apparmor.d/profiles-g-l/kcheckpass +++ b/apparmor.d/profiles-g-l/kcheckpass @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/kconfig-hardened-check b/apparmor.d/profiles-g-l/kconfig-hardened-check index 5674abb4c..d58e2c9c0 100644 --- a/apparmor.d/profiles-g-l/kconfig-hardened-check +++ b/apparmor.d/profiles-g-l/kconfig-hardened-check @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/keepassxc b/apparmor.d/profiles-g-l/keepassxc index aeb155df1..c972f902c 100644 --- a/apparmor.d/profiles-g-l/keepassxc +++ b/apparmor.d/profiles-g-l/keepassxc @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/keepassxc-cli b/apparmor.d/profiles-g-l/keepassxc-cli index cdc3e94e2..858178aeb 100644 --- a/apparmor.d/profiles-g-l/keepassxc-cli +++ b/apparmor.d/profiles-g-l/keepassxc-cli @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/keepassxc-proxy b/apparmor.d/profiles-g-l/keepassxc-proxy index f913de295..fba81df19 100644 --- a/apparmor.d/profiles-g-l/keepassxc-proxy +++ b/apparmor.d/profiles-g-l/keepassxc-proxy @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/kernel-install b/apparmor.d/profiles-g-l/kernel-install index af6578713..df12c8313 100644 --- a/apparmor.d/profiles-g-l/kernel-install +++ b/apparmor.d/profiles-g-l/kernel-install @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/kerneloops b/apparmor.d/profiles-g-l/kerneloops index 5b778b1fa..01d1386a4 100644 --- a/apparmor.d/profiles-g-l/kerneloops +++ b/apparmor.d/profiles-g-l/kerneloops @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/kerneloops-applet b/apparmor.d/profiles-g-l/kerneloops-applet index 01f6aac19..1bda5cd90 100644 --- a/apparmor.d/profiles-g-l/kerneloops-applet +++ b/apparmor.d/profiles-g-l/kerneloops-applet @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/kexec b/apparmor.d/profiles-g-l/kexec index 960af35a1..370aef005 100644 --- a/apparmor.d/profiles-g-l/kexec +++ b/apparmor.d/profiles-g-l/kexec @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/kmod b/apparmor.d/profiles-g-l/kmod index 4dbb2de6b..91b7d3427 100644 --- a/apparmor.d/profiles-g-l/kmod +++ b/apparmor.d/profiles-g-l/kmod @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/kodi b/apparmor.d/profiles-g-l/kodi index 87624f946..db5712a3f 100644 --- a/apparmor.d/profiles-g-l/kodi +++ b/apparmor.d/profiles-g-l/kodi @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/kodi-xrandr b/apparmor.d/profiles-g-l/kodi-xrandr index 843375246..eaa2bacb5 100644 --- a/apparmor.d/profiles-g-l/kodi-xrandr +++ b/apparmor.d/profiles-g-l/kodi-xrandr @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/kvm-ok b/apparmor.d/profiles-g-l/kvm-ok index 85849c429..9d7b8f23b 100644 --- a/apparmor.d/profiles-g-l/kvm-ok +++ b/apparmor.d/profiles-g-l/kvm-ok @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/labwc b/apparmor.d/profiles-g-l/labwc index 42548b880..1453eccb8 100644 --- a/apparmor.d/profiles-g-l/labwc +++ b/apparmor.d/profiles-g-l/labwc @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/landscape-sysinfo b/apparmor.d/profiles-g-l/landscape-sysinfo index 853416c3f..109034b2b 100644 --- a/apparmor.d/profiles-g-l/landscape-sysinfo +++ b/apparmor.d/profiles-g-l/landscape-sysinfo @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/landscape-sysinfo.wrapper b/apparmor.d/profiles-g-l/landscape-sysinfo.wrapper index 697328310..36262e5c5 100644 --- a/apparmor.d/profiles-g-l/landscape-sysinfo.wrapper +++ b/apparmor.d/profiles-g-l/landscape-sysinfo.wrapper @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/language-validate b/apparmor.d/profiles-g-l/language-validate index 782b413e9..bd168e9b6 100644 --- a/apparmor.d/profiles-g-l/language-validate +++ b/apparmor.d/profiles-g-l/language-validate @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/last b/apparmor.d/profiles-g-l/last index 91a78e0e5..fd218d5ad 100644 --- a/apparmor.d/profiles-g-l/last +++ b/apparmor.d/profiles-g-l/last @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/lastlog b/apparmor.d/profiles-g-l/lastlog index f665d06b2..5d41f9874 100644 --- a/apparmor.d/profiles-g-l/lastlog +++ b/apparmor.d/profiles-g-l/lastlog @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/libreoffice b/apparmor.d/profiles-g-l/libreoffice index c035517cc..9ce3b0817 100644 --- a/apparmor.d/profiles-g-l/libreoffice +++ b/apparmor.d/profiles-g-l/libreoffice @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/light b/apparmor.d/profiles-g-l/light index 845cf92cf..8b3a961c9 100644 --- a/apparmor.d/profiles-g-l/light +++ b/apparmor.d/profiles-g-l/light @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/light-locker b/apparmor.d/profiles-g-l/light-locker index 6bd62f77f..b259caae6 100644 --- a/apparmor.d/profiles-g-l/light-locker +++ b/apparmor.d/profiles-g-l/light-locker @@ -2,6 +2,7 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/light-locker-command b/apparmor.d/profiles-g-l/light-locker-command index c77b1d07b..3975437fe 100644 --- a/apparmor.d/profiles-g-l/light-locker-command +++ b/apparmor.d/profiles-g-l/light-locker-command @@ -2,6 +2,7 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/lightworks b/apparmor.d/profiles-g-l/lightworks index accbe2085..133ff52db 100644 --- a/apparmor.d/profiles-g-l/lightworks +++ b/apparmor.d/profiles-g-l/lightworks @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/lightworks-ntcardvt b/apparmor.d/profiles-g-l/lightworks-ntcardvt index ee5f0c71e..639a296b8 100644 --- a/apparmor.d/profiles-g-l/lightworks-ntcardvt +++ b/apparmor.d/profiles-g-l/lightworks-ntcardvt @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/linssid b/apparmor.d/profiles-g-l/linssid index 384fda9ea..57bd63eb6 100644 --- a/apparmor.d/profiles-g-l/linssid +++ b/apparmor.d/profiles-g-l/linssid @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/linux-check-removal b/apparmor.d/profiles-g-l/linux-check-removal index a6fd4d8ed..62917a8ee 100644 --- a/apparmor.d/profiles-g-l/linux-check-removal +++ b/apparmor.d/profiles-g-l/linux-check-removal @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/linux-version b/apparmor.d/profiles-g-l/linux-version index 3f866072e..8e5bf39d4 100644 --- a/apparmor.d/profiles-g-l/linux-version +++ b/apparmor.d/profiles-g-l/linux-version @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/locale-gen b/apparmor.d/profiles-g-l/locale-gen index 722349ea1..5128d96e4 100644 --- a/apparmor.d/profiles-g-l/locale-gen +++ b/apparmor.d/profiles-g-l/locale-gen @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/localepurge b/apparmor.d/profiles-g-l/localepurge index 53e3fd930..c8a2f0fe9 100644 --- a/apparmor.d/profiles-g-l/localepurge +++ b/apparmor.d/profiles-g-l/localepurge @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/login b/apparmor.d/profiles-g-l/login index ba8c2c254..05932c282 100644 --- a/apparmor.d/profiles-g-l/login +++ b/apparmor.d/profiles-g-l/login @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/logrotate b/apparmor.d/profiles-g-l/logrotate index ffc4099d3..aa3b8af94 100644 --- a/apparmor.d/profiles-g-l/logrotate +++ b/apparmor.d/profiles-g-l/logrotate @@ -2,6 +2,7 @@ # Copyright (C) 2019-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/losetup b/apparmor.d/profiles-g-l/losetup index 8c62398ec..63ecb00be 100644 --- a/apparmor.d/profiles-g-l/losetup +++ b/apparmor.d/profiles-g-l/losetup @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/low-memory-monitor b/apparmor.d/profiles-g-l/low-memory-monitor index 625d147ac..80907e166 100644 --- a/apparmor.d/profiles-g-l/low-memory-monitor +++ b/apparmor.d/profiles-g-l/low-memory-monitor @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/lsblk b/apparmor.d/profiles-g-l/lsblk index e2a3207b5..f4642a4cc 100644 --- a/apparmor.d/profiles-g-l/lsblk +++ b/apparmor.d/profiles-g-l/lsblk @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/lscpu b/apparmor.d/profiles-g-l/lscpu index f59ee0e1e..4f5f93167 100644 --- a/apparmor.d/profiles-g-l/lscpu +++ b/apparmor.d/profiles-g-l/lscpu @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/lsinitramfs b/apparmor.d/profiles-g-l/lsinitramfs index ff3f52865..eba80fe94 100644 --- a/apparmor.d/profiles-g-l/lsinitramfs +++ b/apparmor.d/profiles-g-l/lsinitramfs @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/lspci b/apparmor.d/profiles-g-l/lspci index d8aa90103..d0628ec11 100644 --- a/apparmor.d/profiles-g-l/lspci +++ b/apparmor.d/profiles-g-l/lspci @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/lsusb b/apparmor.d/profiles-g-l/lsusb index 872ac8369..9ee06eb3a 100644 --- a/apparmor.d/profiles-g-l/lsusb +++ b/apparmor.d/profiles-g-l/lsusb @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/lvm b/apparmor.d/profiles-g-l/lvm index 7256c4b76..68630402a 100644 --- a/apparmor.d/profiles-g-l/lvm +++ b/apparmor.d/profiles-g-l/lvm @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/lvmconfig b/apparmor.d/profiles-g-l/lvmconfig index 2423886e8..23f1be740 100644 --- a/apparmor.d/profiles-g-l/lvmconfig +++ b/apparmor.d/profiles-g-l/lvmconfig @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/lvmdump b/apparmor.d/profiles-g-l/lvmdump index 1d97ecf73..8bdfe7e78 100644 --- a/apparmor.d/profiles-g-l/lvmdump +++ b/apparmor.d/profiles-g-l/lvmdump @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/lvmpolld b/apparmor.d/profiles-g-l/lvmpolld index 7c5852d67..22708b596 100644 --- a/apparmor.d/profiles-g-l/lvmpolld +++ b/apparmor.d/profiles-g-l/lvmpolld @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/lxappearance b/apparmor.d/profiles-g-l/lxappearance index 5bb7dc92f..619c180d8 100644 --- a/apparmor.d/profiles-g-l/lxappearance +++ b/apparmor.d/profiles-g-l/lxappearance @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , diff --git a/apparmor.d/profiles-g-l/lynx b/apparmor.d/profiles-g-l/lynx index 2c205f73c..6c5432da2 100644 --- a/apparmor.d/profiles-g-l/lynx +++ b/apparmor.d/profiles-g-l/lynx @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor abi , From 07f3ea979a109d2d92cff85cd2273911e001fe9c Mon Sep 17 00:00:00 2001 From: REmerald <55359236+REmerald@users.noreply.github.com> Date: Sat, 15 Jun 2024 17:18:03 +0300 Subject: [PATCH 66/70] fix(profiles-g-l): move vim modeline Move vim syntax comment to the end of the file, separated by newline, as requested in #380. --- apparmor.d/profiles-g-l/gajim | 3 ++- apparmor.d/profiles-g-l/ganyremote | 3 ++- apparmor.d/profiles-g-l/gconfd | 3 ++- apparmor.d/profiles-g-l/gdisk | 3 ++- apparmor.d/profiles-g-l/gdk-pixbuf-query-loaders | 5 +++-- apparmor.d/profiles-g-l/ghc-pkg | 5 +++-- apparmor.d/profiles-g-l/gio-querymodules | 5 +++-- apparmor.d/profiles-g-l/git | 3 ++- apparmor.d/profiles-g-l/gitstatusd | 3 ++- apparmor.d/profiles-g-l/glib-compile-resources | 3 ++- apparmor.d/profiles-g-l/glib-compile-schemas | 3 ++- apparmor.d/profiles-g-l/glib-pacrunner | 3 ++- apparmor.d/profiles-g-l/globaltime | 3 ++- apparmor.d/profiles-g-l/glxgears | 3 ++- apparmor.d/profiles-g-l/glxinfo | 3 ++- apparmor.d/profiles-g-l/gpa | 3 ++- apparmor.d/profiles-g-l/gparted | 3 ++- apparmor.d/profiles-g-l/gpartedbin | 3 ++- apparmor.d/profiles-g-l/gpasswd | 3 ++- apparmor.d/profiles-g-l/gping | 5 +++-- apparmor.d/profiles-g-l/gpo | 3 ++- apparmor.d/profiles-g-l/gpodder | 3 ++- apparmor.d/profiles-g-l/gpodder-migrate2tres | 3 ++- apparmor.d/profiles-g-l/gpu-manager | 5 +++-- apparmor.d/profiles-g-l/groupadd | 3 ++- apparmor.d/profiles-g-l/groupdel | 3 ++- apparmor.d/profiles-g-l/groupmod | 3 ++- apparmor.d/profiles-g-l/groups | 3 ++- apparmor.d/profiles-g-l/grpck | 3 ++- apparmor.d/profiles-g-l/gsettings | 3 ++- apparmor.d/profiles-g-l/gsimplecal | 3 ++- apparmor.d/profiles-g-l/gsmartcontrol | 3 ++- apparmor.d/profiles-g-l/gsmartcontrol-root | 3 ++- apparmor.d/profiles-g-l/gssproxy | 5 +++-- apparmor.d/profiles-g-l/gtk-query-immodules | 5 +++-- apparmor.d/profiles-g-l/gtk-update-icon-cache | 3 ++- apparmor.d/profiles-g-l/gtk-youtube-viewer | 3 ++- apparmor.d/profiles-g-l/hardinfo | 3 ++- apparmor.d/profiles-g-l/haveged | 2 ++ apparmor.d/profiles-g-l/hbbr | 3 ++- apparmor.d/profiles-g-l/hbbs | 3 ++- apparmor.d/profiles-g-l/hciconfig | 3 ++- apparmor.d/profiles-g-l/hddtemp | 3 ++- apparmor.d/profiles-g-l/hdparm | 3 ++- apparmor.d/profiles-g-l/hexchat | 3 ++- apparmor.d/profiles-g-l/highlight | 3 ++- apparmor.d/profiles-g-l/host | 3 ++- apparmor.d/profiles-g-l/hostname | 3 ++- apparmor.d/profiles-g-l/htop | 3 ++- apparmor.d/profiles-g-l/hugeadm | 3 ++- apparmor.d/profiles-g-l/hugo | 5 +++-- apparmor.d/profiles-g-l/hw-probe | 3 ++- apparmor.d/profiles-g-l/hwinfo | 3 ++- apparmor.d/profiles-g-l/hypnotix | 3 ++- apparmor.d/profiles-g-l/i2cdetect | 3 ++- apparmor.d/profiles-g-l/i3lock | 3 ++- apparmor.d/profiles-g-l/i3lock-fancy | 3 ++- apparmor.d/profiles-g-l/iceauth | 5 +++-- apparmor.d/profiles-g-l/id | 3 ++- apparmor.d/profiles-g-l/ifconfig | 3 ++- apparmor.d/profiles-g-l/ifup | 3 ++- apparmor.d/profiles-g-l/im-launch | 3 ++- apparmor.d/profiles-g-l/imv-wayland | 3 ++- apparmor.d/profiles-g-l/initd-kexec | 3 ++- apparmor.d/profiles-g-l/initd-kexec-load | 3 ++- apparmor.d/profiles-g-l/initd-kmod | 3 ++- apparmor.d/profiles-g-l/install-catalog | 5 +++-- apparmor.d/profiles-g-l/install-info | 5 +++-- apparmor.d/profiles-g-l/install-printerdriver | 3 ++- apparmor.d/profiles-g-l/inxi | 3 ++- apparmor.d/profiles-g-l/ioping | 3 ++- apparmor.d/profiles-g-l/iotop | 3 ++- apparmor.d/profiles-g-l/ip | 3 ++- apparmor.d/profiles-g-l/ipcalc | 3 ++- apparmor.d/profiles-g-l/irqbalance | 5 +++-- apparmor.d/profiles-g-l/issue-generator | 5 +++-- apparmor.d/profiles-g-l/iw | 3 ++- apparmor.d/profiles-g-l/iwconfig | 3 ++- apparmor.d/profiles-g-l/iwlist | 3 ++- apparmor.d/profiles-g-l/jackdbus | 5 +++-- apparmor.d/profiles-g-l/jami-gnome | 3 ++- apparmor.d/profiles-g-l/jdownloader | 3 ++- apparmor.d/profiles-g-l/jekyll | 3 ++- apparmor.d/profiles-g-l/jgmenu | 3 ++- apparmor.d/profiles-g-l/jitterentropy-rngd | 5 +++-- apparmor.d/profiles-g-l/jmtpfs | 3 ++- apparmor.d/profiles-g-l/kanyremote | 3 ++- apparmor.d/profiles-g-l/kcheckpass | 3 ++- apparmor.d/profiles-g-l/kconfig-hardened-check | 3 ++- apparmor.d/profiles-g-l/keepassxc | 3 ++- apparmor.d/profiles-g-l/keepassxc-cli | 3 ++- apparmor.d/profiles-g-l/keepassxc-proxy | 3 ++- apparmor.d/profiles-g-l/kernel-install | 3 ++- apparmor.d/profiles-g-l/kerneloops | 3 ++- apparmor.d/profiles-g-l/kerneloops-applet | 3 ++- apparmor.d/profiles-g-l/kexec | 3 ++- apparmor.d/profiles-g-l/kmod | 3 ++- apparmor.d/profiles-g-l/kodi | 3 ++- apparmor.d/profiles-g-l/kodi-xrandr | 3 ++- apparmor.d/profiles-g-l/kvm-ok | 3 ++- apparmor.d/profiles-g-l/labwc | 3 ++- apparmor.d/profiles-g-l/landscape-sysinfo | 5 +++-- apparmor.d/profiles-g-l/landscape-sysinfo.wrapper | 5 +++-- apparmor.d/profiles-g-l/language-validate | 5 +++-- apparmor.d/profiles-g-l/last | 3 ++- apparmor.d/profiles-g-l/lastlog | 3 ++- apparmor.d/profiles-g-l/libreoffice | 3 ++- apparmor.d/profiles-g-l/light | 3 ++- apparmor.d/profiles-g-l/light-locker | 3 ++- apparmor.d/profiles-g-l/light-locker-command | 3 ++- apparmor.d/profiles-g-l/lightworks | 3 ++- apparmor.d/profiles-g-l/lightworks-ntcardvt | 3 ++- apparmor.d/profiles-g-l/linssid | 3 ++- apparmor.d/profiles-g-l/linux-check-removal | 3 ++- apparmor.d/profiles-g-l/linux-version | 3 ++- apparmor.d/profiles-g-l/locale-gen | 5 +++-- apparmor.d/profiles-g-l/localepurge | 3 ++- apparmor.d/profiles-g-l/login | 3 ++- apparmor.d/profiles-g-l/logrotate | 3 ++- apparmor.d/profiles-g-l/losetup | 5 +++-- apparmor.d/profiles-g-l/low-memory-monitor | 5 +++-- apparmor.d/profiles-g-l/lsblk | 3 ++- apparmor.d/profiles-g-l/lscpu | 3 ++- apparmor.d/profiles-g-l/lsinitramfs | 3 ++- apparmor.d/profiles-g-l/lspci | 3 ++- apparmor.d/profiles-g-l/lsusb | 3 ++- apparmor.d/profiles-g-l/lvm | 3 ++- apparmor.d/profiles-g-l/lvmconfig | 3 ++- apparmor.d/profiles-g-l/lvmdump | 3 ++- apparmor.d/profiles-g-l/lvmpolld | 3 ++- apparmor.d/profiles-g-l/lxappearance | 3 ++- apparmor.d/profiles-g-l/lynx | 3 ++- 132 files changed, 285 insertions(+), 152 deletions(-) diff --git a/apparmor.d/profiles-g-l/gajim b/apparmor.d/profiles-g-l/gajim index 0f19c7614..5888743ef 100644 --- a/apparmor.d/profiles-g-l/gajim +++ b/apparmor.d/profiles-g-l/gajim @@ -2,7 +2,6 @@ # Copyright (C) 2015-2020 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -139,3 +138,5 @@ profile gajim @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/ganyremote b/apparmor.d/profiles-g-l/ganyremote index f169bfd3e..7db7a5cb8 100644 --- a/apparmor.d/profiles-g-l/ganyremote +++ b/apparmor.d/profiles-g-l/ganyremote @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -95,3 +94,5 @@ profile ganyremote @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gconfd b/apparmor.d/profiles-g-l/gconfd index c1d8cdde9..5dffe8a0c 100644 --- a/apparmor.d/profiles-g-l/gconfd +++ b/apparmor.d/profiles-g-l/gconfd @@ -2,7 +2,6 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,3 +22,5 @@ profile gconfd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gdisk b/apparmor.d/profiles-g-l/gdisk index 6bff416b8..8c3662ba1 100644 --- a/apparmor.d/profiles-g-l/gdisk +++ b/apparmor.d/profiles-g-l/gdisk @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -33,3 +32,5 @@ profile gdisk @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gdk-pixbuf-query-loaders b/apparmor.d/profiles-g-l/gdk-pixbuf-query-loaders index 48744f4cc..a01425bb9 100644 --- a/apparmor.d/profiles-g-l/gdk-pixbuf-query-loaders +++ b/apparmor.d/profiles-g-l/gdk-pixbuf-query-loaders @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -25,4 +24,6 @@ profile gdk-pixbuf-query-loaders @{exec_path} { /usr/share/gvfs/remote-volume-monitors/{,**} r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/ghc-pkg b/apparmor.d/profiles-g-l/ghc-pkg index bafe2bb34..8fdffbf87 100644 --- a/apparmor.d/profiles-g-l/ghc-pkg +++ b/apparmor.d/profiles-g-l/ghc-pkg @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -28,4 +27,6 @@ profile ghc-pkg @{exec_path} { @{sys}/devices/system/node/ r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gio-querymodules b/apparmor.d/profiles-g-l/gio-querymodules index 34ff9eb23..3520ec06e 100644 --- a/apparmor.d/profiles-g-l/gio-querymodules +++ b/apparmor.d/profiles-g-l/gio-querymodules @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,4 +22,6 @@ profile gio-querymodules @{exec_path} flags=(attach_disconnected) { deny network inet6 stream, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/git b/apparmor.d/profiles-g-l/git index c53acc398..c92f18656 100644 --- a/apparmor.d/profiles-g-l/git +++ b/apparmor.d/profiles-g-l/git @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -181,3 +180,5 @@ profile git @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gitstatusd b/apparmor.d/profiles-g-l/gitstatusd index ea351293c..da5566f9f 100644 --- a/apparmor.d/profiles-g-l/gitstatusd +++ b/apparmor.d/profiles-g-l/gitstatusd @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -26,3 +25,5 @@ profile gitstatusd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/glib-compile-resources b/apparmor.d/profiles-g-l/glib-compile-resources index cf8466186..45e787840 100644 --- a/apparmor.d/profiles-g-l/glib-compile-resources +++ b/apparmor.d/profiles-g-l/glib-compile-resources @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile glib-compile-resources @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/glib-compile-schemas b/apparmor.d/profiles-g-l/glib-compile-schemas index cff914ee3..a9004c22f 100644 --- a/apparmor.d/profiles-g-l/glib-compile-schemas +++ b/apparmor.d/profiles-g-l/glib-compile-schemas @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -30,3 +29,5 @@ profile glib-compile-schemas @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/glib-pacrunner b/apparmor.d/profiles-g-l/glib-pacrunner index 856775c05..e3dfec88c 100644 --- a/apparmor.d/profiles-g-l/glib-pacrunner +++ b/apparmor.d/profiles-g-l/glib-pacrunner @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -29,3 +28,5 @@ profile glib-pacrunner @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/globaltime b/apparmor.d/profiles-g-l/globaltime index 484b15a60..566f58ee3 100644 --- a/apparmor.d/profiles-g-l/globaltime +++ b/apparmor.d/profiles-g-l/globaltime @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -26,3 +25,5 @@ profile globaltime @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/glxgears b/apparmor.d/profiles-g-l/glxgears index 04b9f0714..9ad458720 100644 --- a/apparmor.d/profiles-g-l/glxgears +++ b/apparmor.d/profiles-g-l/glxgears @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -29,3 +28,5 @@ profile glxgears @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/glxinfo b/apparmor.d/profiles-g-l/glxinfo index 28744a364..7defbaf80 100644 --- a/apparmor.d/profiles-g-l/glxinfo +++ b/apparmor.d/profiles-g-l/glxinfo @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -22,3 +21,5 @@ profile glxinfo @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gpa b/apparmor.d/profiles-g-l/gpa index e6b494503..9ed18534e 100644 --- a/apparmor.d/profiles-g-l/gpa +++ b/apparmor.d/profiles-g-l/gpa @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -54,3 +53,5 @@ profile gpa @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gparted b/apparmor.d/profiles-g-l/gparted index d0eaf0f71..f225b5c06 100644 --- a/apparmor.d/profiles-g-l/gparted +++ b/apparmor.d/profiles-g-l/gparted @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -99,3 +98,5 @@ profile gparted @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gpartedbin b/apparmor.d/profiles-g-l/gpartedbin index 18d4054d2..b60e386bb 100644 --- a/apparmor.d/profiles-g-l/gpartedbin +++ b/apparmor.d/profiles-g-l/gpartedbin @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -130,3 +129,5 @@ profile gpartedbin @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gpasswd b/apparmor.d/profiles-g-l/gpasswd index 2c5e3f659..11c1e9767 100644 --- a/apparmor.d/profiles-g-l/gpasswd +++ b/apparmor.d/profiles-g-l/gpasswd @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -45,3 +44,5 @@ profile gpasswd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gping b/apparmor.d/profiles-g-l/gping index 63262a109..956a1781f 100644 --- a/apparmor.d/profiles-g-l/gping +++ b/apparmor.d/profiles-g-l/gping @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -17,4 +16,6 @@ profile gping @{exec_path} { @{bin}/ping rPx, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gpo b/apparmor.d/profiles-g-l/gpo index 3573a3d80..97c89a433 100644 --- a/apparmor.d/profiles-g-l/gpo +++ b/apparmor.d/profiles-g-l/gpo @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -45,3 +44,5 @@ profile gpo @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gpodder b/apparmor.d/profiles-g-l/gpodder index 5bc8685c3..10b8492e9 100644 --- a/apparmor.d/profiles-g-l/gpodder +++ b/apparmor.d/profiles-g-l/gpodder @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -58,3 +57,5 @@ profile gpodder @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gpodder-migrate2tres b/apparmor.d/profiles-g-l/gpodder-migrate2tres index bbe9b33d9..f8e2c73f4 100644 --- a/apparmor.d/profiles-g-l/gpodder-migrate2tres +++ b/apparmor.d/profiles-g-l/gpodder-migrate2tres @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -27,3 +26,5 @@ profile gpodder-migrate2tres @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gpu-manager b/apparmor.d/profiles-g-l/gpu-manager index 11c3ac1fc..4444662fc 100644 --- a/apparmor.d/profiles-g-l/gpu-manager +++ b/apparmor.d/profiles-g-l/gpu-manager @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -34,4 +33,6 @@ profile gpu-manager @{exec_path} { @{PROC}/cmdline r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/groupadd b/apparmor.d/profiles-g-l/groupadd index 4ca7adeb6..4c6e80c59 100644 --- a/apparmor.d/profiles-g-l/groupadd +++ b/apparmor.d/profiles-g-l/groupadd @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -38,3 +37,5 @@ profile groupadd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/groupdel b/apparmor.d/profiles-g-l/groupdel index c4c4d1e79..a28fb72f7 100644 --- a/apparmor.d/profiles-g-l/groupdel +++ b/apparmor.d/profiles-g-l/groupdel @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -41,3 +40,5 @@ profile groupdel @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/groupmod b/apparmor.d/profiles-g-l/groupmod index 0e0b4a6fd..a37273af6 100644 --- a/apparmor.d/profiles-g-l/groupmod +++ b/apparmor.d/profiles-g-l/groupmod @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -42,3 +41,5 @@ profile groupmod @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/groups b/apparmor.d/profiles-g-l/groups index 3897ee0f6..4c0f07d87 100644 --- a/apparmor.d/profiles-g-l/groups +++ b/apparmor.d/profiles-g-l/groups @@ -2,7 +2,6 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -20,3 +19,5 @@ profile groups @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/grpck b/apparmor.d/profiles-g-l/grpck index a9a4c69ff..3e42f90c7 100644 --- a/apparmor.d/profiles-g-l/grpck +++ b/apparmor.d/profiles-g-l/grpck @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -35,3 +34,5 @@ profile grpck @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gsettings b/apparmor.d/profiles-g-l/gsettings index a3a2e2b86..cd7ce37ce 100644 --- a/apparmor.d/profiles-g-l/gsettings +++ b/apparmor.d/profiles-g-l/gsettings @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -27,3 +26,5 @@ profile gsettings @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gsimplecal b/apparmor.d/profiles-g-l/gsimplecal index d05e262d8..ba7ba4da4 100644 --- a/apparmor.d/profiles-g-l/gsimplecal +++ b/apparmor.d/profiles-g-l/gsimplecal @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -19,3 +18,5 @@ profile gsimplecal @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gsmartcontrol b/apparmor.d/profiles-g-l/gsmartcontrol index 8b1079d49..f6f6b300f 100644 --- a/apparmor.d/profiles-g-l/gsmartcontrol +++ b/apparmor.d/profiles-g-l/gsmartcontrol @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -111,3 +110,5 @@ profile gsmartcontrol @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gsmartcontrol-root b/apparmor.d/profiles-g-l/gsmartcontrol-root index fc943e26b..01b7d22e1 100644 --- a/apparmor.d/profiles-g-l/gsmartcontrol-root +++ b/apparmor.d/profiles-g-l/gsmartcontrol-root @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -22,3 +21,5 @@ profile gsmartcontrol-root @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gssproxy b/apparmor.d/profiles-g-l/gssproxy index c179d7a29..6a16d1dc7 100644 --- a/apparmor.d/profiles-g-l/gssproxy +++ b/apparmor.d/profiles-g-l/gssproxy @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -26,4 +25,6 @@ profile gssproxy @{exec_path} { owner @{PROC}/@{pids}/net/rpc/use-gss-proxy rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gtk-query-immodules b/apparmor.d/profiles-g-l/gtk-query-immodules index 1ff4a10ba..e67def6d2 100644 --- a/apparmor.d/profiles-g-l/gtk-query-immodules +++ b/apparmor.d/profiles-g-l/gtk-query-immodules @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -24,4 +23,6 @@ profile gtk-query-immodules @{exec_path} { deny network inet stream, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gtk-update-icon-cache b/apparmor.d/profiles-g-l/gtk-update-icon-cache index 5ba0ba7a0..a91dc3069 100644 --- a/apparmor.d/profiles-g-l/gtk-update-icon-cache +++ b/apparmor.d/profiles-g-l/gtk-update-icon-cache @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -25,3 +24,5 @@ profile gtk-update-icon-cache @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/gtk-youtube-viewer b/apparmor.d/profiles-g-l/gtk-youtube-viewer index 86180f31b..96b114461 100644 --- a/apparmor.d/profiles-g-l/gtk-youtube-viewer +++ b/apparmor.d/profiles-g-l/gtk-youtube-viewer @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -120,3 +119,5 @@ profile gtk-youtube-viewer @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/hardinfo b/apparmor.d/profiles-g-l/hardinfo index 9e8ba4cd3..02ac63e6f 100644 --- a/apparmor.d/profiles-g-l/hardinfo +++ b/apparmor.d/profiles-g-l/hardinfo @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -198,3 +197,5 @@ profile hardinfo @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/haveged b/apparmor.d/profiles-g-l/haveged index 2e5471085..ff3870880 100644 --- a/apparmor.d/profiles-g-l/haveged +++ b/apparmor.d/profiles-g-l/haveged @@ -29,3 +29,5 @@ profile haveged @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/hbbr b/apparmor.d/profiles-g-l/hbbr index a48386f67..78c15672b 100644 --- a/apparmor.d/profiles-g-l/hbbr +++ b/apparmor.d/profiles-g-l/hbbr @@ -1,6 +1,5 @@ # apparmor.d - Full set of apparmor profiles # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -24,3 +23,5 @@ profile hbbr @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/hbbs b/apparmor.d/profiles-g-l/hbbs index 6c7242f3e..69ac0cc8c 100644 --- a/apparmor.d/profiles-g-l/hbbs +++ b/apparmor.d/profiles-g-l/hbbs @@ -1,6 +1,5 @@ # apparmor.d - Full set of apparmor profiles # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -29,3 +28,5 @@ profile hbbs @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/hciconfig b/apparmor.d/profiles-g-l/hciconfig index b83867b9a..eb0319c5f 100644 --- a/apparmor.d/profiles-g-l/hciconfig +++ b/apparmor.d/profiles-g-l/hciconfig @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile hciconfig @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/hddtemp b/apparmor.d/profiles-g-l/hddtemp index 56b57d224..e0be907a6 100644 --- a/apparmor.d/profiles-g-l/hddtemp +++ b/apparmor.d/profiles-g-l/hddtemp @@ -2,7 +2,6 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -39,3 +38,5 @@ profile hddtemp @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/hdparm b/apparmor.d/profiles-g-l/hdparm index f236b9bf1..f29bc1c20 100644 --- a/apparmor.d/profiles-g-l/hdparm +++ b/apparmor.d/profiles-g-l/hdparm @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -35,3 +34,5 @@ profile hdparm @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/hexchat b/apparmor.d/profiles-g-l/hexchat index 471440ca7..aaa550dfc 100644 --- a/apparmor.d/profiles-g-l/hexchat +++ b/apparmor.d/profiles-g-l/hexchat @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -53,3 +52,5 @@ profile hexchat @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/highlight b/apparmor.d/profiles-g-l/highlight index b7100b309..fb90c4475 100644 --- a/apparmor.d/profiles-g-l/highlight +++ b/apparmor.d/profiles-g-l/highlight @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 valoq # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile highlight @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/host b/apparmor.d/profiles-g-l/host index 5fc23e6fa..5894c85a0 100644 --- a/apparmor.d/profiles-g-l/host +++ b/apparmor.d/profiles-g-l/host @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -28,3 +27,5 @@ profile host @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/hostname b/apparmor.d/profiles-g-l/hostname index 345d6062c..efda5b4a8 100644 --- a/apparmor.d/profiles-g-l/hostname +++ b/apparmor.d/profiles-g-l/hostname @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -26,3 +25,5 @@ profile hostname @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/htop b/apparmor.d/profiles-g-l/htop index cc0b566ed..d06991025 100644 --- a/apparmor.d/profiles-g-l/htop +++ b/apparmor.d/profiles-g-l/htop @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -137,3 +136,5 @@ profile htop @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/hugeadm b/apparmor.d/profiles-g-l/hugeadm index a4f478b95..731483cf6 100644 --- a/apparmor.d/profiles-g-l/hugeadm +++ b/apparmor.d/profiles-g-l/hugeadm @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -60,3 +59,5 @@ profile hugeadm @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/hugo b/apparmor.d/profiles-g-l/hugo index 04d81eea6..fcb585020 100644 --- a/apparmor.d/profiles-g-l/hugo +++ b/apparmor.d/profiles-g-l/hugo @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -46,4 +45,6 @@ profile hugo @{exec_path} { @{PROC}/sys/net/core/somaxconn r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/hw-probe b/apparmor.d/profiles-g-l/hw-probe index 4c79eb330..7c6b87b6c 100644 --- a/apparmor.d/profiles-g-l/hw-probe +++ b/apparmor.d/profiles-g-l/hw-probe @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -227,3 +226,5 @@ profile hw-probe @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/hwinfo b/apparmor.d/profiles-g-l/hwinfo index a2155b11c..f56dd2b14 100644 --- a/apparmor.d/profiles-g-l/hwinfo +++ b/apparmor.d/profiles-g-l/hwinfo @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -96,3 +95,5 @@ profile hwinfo @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/hypnotix b/apparmor.d/profiles-g-l/hypnotix index 96d06ad76..3a9a6131d 100644 --- a/apparmor.d/profiles-g-l/hypnotix +++ b/apparmor.d/profiles-g-l/hypnotix @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -89,3 +88,5 @@ profile hypnotix @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/i2cdetect b/apparmor.d/profiles-g-l/i2cdetect index 141a7567b..f045b489d 100644 --- a/apparmor.d/profiles-g-l/i2cdetect +++ b/apparmor.d/profiles-g-l/i2cdetect @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -18,3 +17,5 @@ profile i2cdetect @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/i3lock b/apparmor.d/profiles-g-l/i3lock index 8e9c1154e..d2fbdff2c 100644 --- a/apparmor.d/profiles-g-l/i3lock +++ b/apparmor.d/profiles-g-l/i3lock @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -37,3 +36,5 @@ profile i3lock @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/i3lock-fancy b/apparmor.d/profiles-g-l/i3lock-fancy index 43004cdb3..fce4ff7d4 100644 --- a/apparmor.d/profiles-g-l/i3lock-fancy +++ b/apparmor.d/profiles-g-l/i3lock-fancy @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -72,3 +71,5 @@ profile i3lock-fancy @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/iceauth b/apparmor.d/profiles-g-l/iceauth index adb3109c6..66111ff55 100644 --- a/apparmor.d/profiles-g-l/iceauth +++ b/apparmor.d/profiles-g-l/iceauth @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,4 +22,6 @@ profile iceauth @{exec_path} { owner @{run}/user/@{uid}/ICEauthority-n rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/id b/apparmor.d/profiles-g-l/id index 2ce341558..061313d42 100644 --- a/apparmor.d/profiles-g-l/id +++ b/apparmor.d/profiles-g-l/id @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -22,3 +21,5 @@ profile id @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/ifconfig b/apparmor.d/profiles-g-l/ifconfig index cad08d09f..8dd7eaac0 100644 --- a/apparmor.d/profiles-g-l/ifconfig +++ b/apparmor.d/profiles-g-l/ifconfig @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -31,3 +30,5 @@ profile ifconfig @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/ifup b/apparmor.d/profiles-g-l/ifup index d0b1abfeb..74cf07da8 100644 --- a/apparmor.d/profiles-g-l/ifup +++ b/apparmor.d/profiles-g-l/ifup @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -130,3 +129,5 @@ profile ifup @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/im-launch b/apparmor.d/profiles-g-l/im-launch index 6f6af77b0..5520e990c 100644 --- a/apparmor.d/profiles-g-l/im-launch +++ b/apparmor.d/profiles-g-l/im-launch @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -41,3 +40,5 @@ profile im-launch @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/imv-wayland b/apparmor.d/profiles-g-l/imv-wayland index daee53654..72eaecc9c 100644 --- a/apparmor.d/profiles-g-l/imv-wayland +++ b/apparmor.d/profiles-g-l/imv-wayland @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 valoq # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -28,3 +27,5 @@ profile imv @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/initd-kexec b/apparmor.d/profiles-g-l/initd-kexec index f9802d32d..f17356fcc 100644 --- a/apparmor.d/profiles-g-l/initd-kexec +++ b/apparmor.d/profiles-g-l/initd-kexec @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -55,3 +54,5 @@ profile initd-kexec @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/initd-kexec-load b/apparmor.d/profiles-g-l/initd-kexec-load index 4fb1daedd..d36584ec9 100644 --- a/apparmor.d/profiles-g-l/initd-kexec-load +++ b/apparmor.d/profiles-g-l/initd-kexec-load @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -79,3 +78,5 @@ profile initd-kexec-load @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/initd-kmod b/apparmor.d/profiles-g-l/initd-kmod index fa7f06f4e..f8f975211 100644 --- a/apparmor.d/profiles-g-l/initd-kmod +++ b/apparmor.d/profiles-g-l/initd-kmod @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -61,3 +60,5 @@ profile initd-kmod @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/install-catalog b/apparmor.d/profiles-g-l/install-catalog index 70552208b..370cbf154 100644 --- a/apparmor.d/profiles-g-l/install-catalog +++ b/apparmor.d/profiles-g-l/install-catalog @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -27,4 +26,6 @@ profile install-catalog @{exec_path} { /etc/sgml/sgml-ent.cat{,.new} rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/install-info b/apparmor.d/profiles-g-l/install-info index df2017210..54e40386f 100644 --- a/apparmor.d/profiles-g-l/install-info +++ b/apparmor.d/profiles-g-l/install-info @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -30,4 +29,6 @@ profile install-info @{exec_path} { deny network inet stream, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/install-printerdriver b/apparmor.d/profiles-g-l/install-printerdriver index 67c09ecea..ddbf2e31c 100644 --- a/apparmor.d/profiles-g-l/install-printerdriver +++ b/apparmor.d/profiles-g-l/install-printerdriver @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,3 +22,5 @@ profile install-printerdriver @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/inxi b/apparmor.d/profiles-g-l/inxi index d79de8f00..aba281c31 100644 --- a/apparmor.d/profiles-g-l/inxi +++ b/apparmor.d/profiles-g-l/inxi @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -164,3 +163,5 @@ profile inxi @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/ioping b/apparmor.d/profiles-g-l/ioping index cedc79135..497e5cb1c 100644 --- a/apparmor.d/profiles-g-l/ioping +++ b/apparmor.d/profiles-g-l/ioping @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -48,3 +47,5 @@ profile ioping @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/iotop b/apparmor.d/profiles-g-l/iotop index fa7ad1e5a..be2738443 100644 --- a/apparmor.d/profiles-g-l/iotop +++ b/apparmor.d/profiles-g-l/iotop @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -40,3 +39,5 @@ profile iotop @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/ip b/apparmor.d/profiles-g-l/ip index fad0a172d..7fee79abc 100644 --- a/apparmor.d/profiles-g-l/ip +++ b/apparmor.d/profiles-g-l/ip @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -52,3 +51,5 @@ profile ip @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/ipcalc b/apparmor.d/profiles-g-l/ipcalc index 5a526121f..dd750b8c9 100644 --- a/apparmor.d/profiles-g-l/ipcalc +++ b/apparmor.d/profiles-g-l/ipcalc @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -18,3 +17,5 @@ profile ipcalc @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/irqbalance b/apparmor.d/profiles-g-l/irqbalance index 6fe5c9221..2226e6dd2 100644 --- a/apparmor.d/profiles-g-l/irqbalance +++ b/apparmor.d/profiles-g-l/irqbalance @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -42,4 +41,6 @@ profile irqbalance @{exec_path} flags=(attach_disconnected) { @{PROC}/irq/@{int}/smp_affinity rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/issue-generator b/apparmor.d/profiles-g-l/issue-generator index 60c82f4f3..a54b024ad 100644 --- a/apparmor.d/profiles-g-l/issue-generator +++ b/apparmor.d/profiles-g-l/issue-generator @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -28,4 +27,6 @@ profile issue-generator @{exec_path} { @{run}/issue.d/{,**} r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/iw b/apparmor.d/profiles-g-l/iw index 29fbca99b..3b62c32ba 100644 --- a/apparmor.d/profiles-g-l/iw +++ b/apparmor.d/profiles-g-l/iw @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -29,3 +28,5 @@ profile iw @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/iwconfig b/apparmor.d/profiles-g-l/iwconfig index eaaeb7e22..62bc16041 100644 --- a/apparmor.d/profiles-g-l/iwconfig +++ b/apparmor.d/profiles-g-l/iwconfig @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -29,3 +28,5 @@ profile iwconfig @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/iwlist b/apparmor.d/profiles-g-l/iwlist index b2051443e..ef2a280e0 100644 --- a/apparmor.d/profiles-g-l/iwlist +++ b/apparmor.d/profiles-g-l/iwlist @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -22,3 +21,5 @@ profile iwlist @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/jackdbus b/apparmor.d/profiles-g-l/jackdbus index e317761e0..ed1094a17 100644 --- a/apparmor.d/profiles-g-l/jackdbus +++ b/apparmor.d/profiles-g-l/jackdbus @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -27,4 +26,6 @@ profile jackdbus @{exec_path} flags=(attach_disconnected) { owner @{user_config_dirs}/jack/{,**} rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/jami-gnome b/apparmor.d/profiles-g-l/jami-gnome index 60d6c492e..9d22933fc 100644 --- a/apparmor.d/profiles-g-l/jami-gnome +++ b/apparmor.d/profiles-g-l/jami-gnome @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -58,3 +57,5 @@ profile jami-gnome @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/jdownloader b/apparmor.d/profiles-g-l/jdownloader index 2bae0b723..424074da4 100644 --- a/apparmor.d/profiles-g-l/jdownloader +++ b/apparmor.d/profiles-g-l/jdownloader @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -125,3 +124,5 @@ profile jdownloader @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/jekyll b/apparmor.d/profiles-g-l/jekyll index f39226ffc..667b9304f 100644 --- a/apparmor.d/profiles-g-l/jekyll +++ b/apparmor.d/profiles-g-l/jekyll @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -34,3 +33,5 @@ profile jekyll @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/jgmenu b/apparmor.d/profiles-g-l/jgmenu index dd5697b14..6c7f3c1ff 100644 --- a/apparmor.d/profiles-g-l/jgmenu +++ b/apparmor.d/profiles-g-l/jgmenu @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -58,3 +57,5 @@ profile jgmenu @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/jitterentropy-rngd b/apparmor.d/profiles-g-l/jitterentropy-rngd index 4967c9e64..5b96e0c58 100644 --- a/apparmor.d/profiles-g-l/jitterentropy-rngd +++ b/apparmor.d/profiles-g-l/jitterentropy-rngd @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -22,4 +21,6 @@ profile jitterentropy-rngd @{exec_path} { /dev/random w, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/jmtpfs b/apparmor.d/profiles-g-l/jmtpfs index 9a2be96b8..77127171c 100644 --- a/apparmor.d/profiles-g-l/jmtpfs +++ b/apparmor.d/profiles-g-l/jmtpfs @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -63,3 +62,5 @@ profile jmtpfs @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/kanyremote b/apparmor.d/profiles-g-l/kanyremote index 32a6a8e45..fef624841 100644 --- a/apparmor.d/profiles-g-l/kanyremote +++ b/apparmor.d/profiles-g-l/kanyremote @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -99,3 +98,5 @@ profile kanyremote @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/kcheckpass b/apparmor.d/profiles-g-l/kcheckpass index f2ebf0010..9dddbe470 100644 --- a/apparmor.d/profiles-g-l/kcheckpass +++ b/apparmor.d/profiles-g-l/kcheckpass @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -24,3 +23,5 @@ profile kcheckpass @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/kconfig-hardened-check b/apparmor.d/profiles-g-l/kconfig-hardened-check index d58e2c9c0..6858f1b45 100644 --- a/apparmor.d/profiles-g-l/kconfig-hardened-check +++ b/apparmor.d/profiles-g-l/kconfig-hardened-check @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -28,3 +27,5 @@ profile kconfig-hardened-check @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/keepassxc b/apparmor.d/profiles-g-l/keepassxc index c972f902c..20be091cc 100644 --- a/apparmor.d/profiles-g-l/keepassxc +++ b/apparmor.d/profiles-g-l/keepassxc @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -100,3 +99,5 @@ profile keepassxc @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/keepassxc-cli b/apparmor.d/profiles-g-l/keepassxc-cli index 858178aeb..b1d6e0e86 100644 --- a/apparmor.d/profiles-g-l/keepassxc-cli +++ b/apparmor.d/profiles-g-l/keepassxc-cli @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,3 +15,5 @@ profile keepassxc-cli @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/keepassxc-proxy b/apparmor.d/profiles-g-l/keepassxc-proxy index fba81df19..5e9736108 100644 --- a/apparmor.d/profiles-g-l/keepassxc-proxy +++ b/apparmor.d/profiles-g-l/keepassxc-proxy @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -48,3 +47,5 @@ profile keepassxc-proxy @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/kernel-install b/apparmor.d/profiles-g-l/kernel-install index df12c8313..93cb01b19 100644 --- a/apparmor.d/profiles-g-l/kernel-install +++ b/apparmor.d/profiles-g-l/kernel-install @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -66,3 +65,5 @@ profile kernel-install @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/kerneloops b/apparmor.d/profiles-g-l/kerneloops index 01d1386a4..f3c7e3b37 100644 --- a/apparmor.d/profiles-g-l/kerneloops +++ b/apparmor.d/profiles-g-l/kerneloops @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -29,3 +28,5 @@ profile kerneloops @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/kerneloops-applet b/apparmor.d/profiles-g-l/kerneloops-applet index 1bda5cd90..e6860c5b9 100644 --- a/apparmor.d/profiles-g-l/kerneloops-applet +++ b/apparmor.d/profiles-g-l/kerneloops-applet @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -25,3 +24,5 @@ profile kerneloops-applet @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/kexec b/apparmor.d/profiles-g-l/kexec index 370aef005..dc027eae6 100644 --- a/apparmor.d/profiles-g-l/kexec +++ b/apparmor.d/profiles-g-l/kexec @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -29,3 +28,5 @@ profile kexec @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/kmod b/apparmor.d/profiles-g-l/kmod index 91b7d3427..ac03c2501 100644 --- a/apparmor.d/profiles-g-l/kmod +++ b/apparmor.d/profiles-g-l/kmod @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -77,3 +76,5 @@ profile kmod @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/kodi b/apparmor.d/profiles-g-l/kodi index db5712a3f..3d8800cc7 100644 --- a/apparmor.d/profiles-g-l/kodi +++ b/apparmor.d/profiles-g-l/kodi @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -67,3 +66,5 @@ profile kodi @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/kodi-xrandr b/apparmor.d/profiles-g-l/kodi-xrandr index eaa2bacb5..932b869b8 100644 --- a/apparmor.d/profiles-g-l/kodi-xrandr +++ b/apparmor.d/profiles-g-l/kodi-xrandr @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,3 +22,5 @@ profile kodi-xrandr @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/kvm-ok b/apparmor.d/profiles-g-l/kvm-ok index 9d7b8f23b..a023293fa 100644 --- a/apparmor.d/profiles-g-l/kvm-ok +++ b/apparmor.d/profiles-g-l/kvm-ok @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -47,3 +46,5 @@ profile kvm-ok @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/labwc b/apparmor.d/profiles-g-l/labwc index 1453eccb8..8fa7552af 100644 --- a/apparmor.d/profiles-g-l/labwc +++ b/apparmor.d/profiles-g-l/labwc @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -57,3 +56,5 @@ profile labwc @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/landscape-sysinfo b/apparmor.d/profiles-g-l/landscape-sysinfo index 109034b2b..a9df8a2b3 100644 --- a/apparmor.d/profiles-g-l/landscape-sysinfo +++ b/apparmor.d/profiles-g-l/landscape-sysinfo @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -46,4 +45,6 @@ profile landscape-sysinfo @{exec_path} { /dev/tty@{int} rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/landscape-sysinfo.wrapper b/apparmor.d/profiles-g-l/landscape-sysinfo.wrapper index 36262e5c5..e33195eb1 100644 --- a/apparmor.d/profiles-g-l/landscape-sysinfo.wrapper +++ b/apparmor.d/profiles-g-l/landscape-sysinfo.wrapper @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -33,4 +32,6 @@ profile landscape-sysinfo.wrapper @{exec_path} { /dev/tty@{int} rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/language-validate b/apparmor.d/profiles-g-l/language-validate index bd168e9b6..e77d997c5 100644 --- a/apparmor.d/profiles-g-l/language-validate +++ b/apparmor.d/profiles-g-l/language-validate @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,4 +22,6 @@ profile language-validate @{exec_path} flags=(attach_disconnected) { /usr/share/language-tools/{,*} r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/last b/apparmor.d/profiles-g-l/last index fd218d5ad..fd0c403a4 100644 --- a/apparmor.d/profiles-g-l/last +++ b/apparmor.d/profiles-g-l/last @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -29,3 +28,5 @@ profile last @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/lastlog b/apparmor.d/profiles-g-l/lastlog index 5d41f9874..3df955097 100644 --- a/apparmor.d/profiles-g-l/lastlog +++ b/apparmor.d/profiles-g-l/lastlog @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -23,3 +22,5 @@ profile lastlog @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/libreoffice b/apparmor.d/profiles-g-l/libreoffice index 9ce3b0817..313b34a23 100644 --- a/apparmor.d/profiles-g-l/libreoffice +++ b/apparmor.d/profiles-g-l/libreoffice @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -96,3 +95,5 @@ profile libreoffice @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/light b/apparmor.d/profiles-g-l/light index 8b3a961c9..d4ff8a7d7 100644 --- a/apparmor.d/profiles-g-l/light +++ b/apparmor.d/profiles-g-l/light @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -37,3 +36,5 @@ profile light @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/light-locker b/apparmor.d/profiles-g-l/light-locker index b259caae6..8e8732c19 100644 --- a/apparmor.d/profiles-g-l/light-locker +++ b/apparmor.d/profiles-g-l/light-locker @@ -2,7 +2,6 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -39,3 +38,5 @@ profile light-locker @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/light-locker-command b/apparmor.d/profiles-g-l/light-locker-command index 3975437fe..21daa1853 100644 --- a/apparmor.d/profiles-g-l/light-locker-command +++ b/apparmor.d/profiles-g-l/light-locker-command @@ -2,7 +2,6 @@ # Copyright (C) 2017-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,3 +15,5 @@ profile light-locker-command @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/lightworks b/apparmor.d/profiles-g-l/lightworks index 133ff52db..f2e6c74cf 100644 --- a/apparmor.d/profiles-g-l/lightworks +++ b/apparmor.d/profiles-g-l/lightworks @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -27,3 +26,5 @@ profile lightworks @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/lightworks-ntcardvt b/apparmor.d/profiles-g-l/lightworks-ntcardvt index 639a296b8..b4dc21398 100644 --- a/apparmor.d/profiles-g-l/lightworks-ntcardvt +++ b/apparmor.d/profiles-g-l/lightworks-ntcardvt @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -16,3 +15,5 @@ profile lightworks-ntcardvt @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/linssid b/apparmor.d/profiles-g-l/linssid index 57bd63eb6..615f51b62 100644 --- a/apparmor.d/profiles-g-l/linssid +++ b/apparmor.d/profiles-g-l/linssid @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -110,3 +109,5 @@ profile linssid @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/linux-check-removal b/apparmor.d/profiles-g-l/linux-check-removal index 62917a8ee..41813c1a1 100644 --- a/apparmor.d/profiles-g-l/linux-check-removal +++ b/apparmor.d/profiles-g-l/linux-check-removal @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -51,3 +50,5 @@ profile linux-check-removal @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/linux-version b/apparmor.d/profiles-g-l/linux-version index 8e5bf39d4..998c48780 100644 --- a/apparmor.d/profiles-g-l/linux-version +++ b/apparmor.d/profiles-g-l/linux-version @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile linux-version @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/locale-gen b/apparmor.d/profiles-g-l/locale-gen index 5128d96e4..093074d1b 100644 --- a/apparmor.d/profiles-g-l/locale-gen +++ b/apparmor.d/profiles-g-l/locale-gen @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -40,4 +39,6 @@ profile locale-gen @{exec_path} { deny network inet stream, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/localepurge b/apparmor.d/profiles-g-l/localepurge index c8a2f0fe9..30018bf00 100644 --- a/apparmor.d/profiles-g-l/localepurge +++ b/apparmor.d/profiles-g-l/localepurge @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -58,3 +57,5 @@ profile localepurge @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/login b/apparmor.d/profiles-g-l/login index 05932c282..c93553030 100644 --- a/apparmor.d/profiles-g-l/login +++ b/apparmor.d/profiles-g-l/login @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -74,3 +73,5 @@ profile login @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/logrotate b/apparmor.d/profiles-g-l/logrotate index aa3b8af94..6004b8a35 100644 --- a/apparmor.d/profiles-g-l/logrotate +++ b/apparmor.d/profiles-g-l/logrotate @@ -2,7 +2,6 @@ # Copyright (C) 2019-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -105,3 +104,5 @@ profile logrotate @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/losetup b/apparmor.d/profiles-g-l/losetup index 63ecb00be..fb8b448d1 100644 --- a/apparmor.d/profiles-g-l/losetup +++ b/apparmor.d/profiles-g-l/losetup @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -25,4 +24,6 @@ profile losetup @{exec_path} { /dev/loop[0-9]* rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/low-memory-monitor b/apparmor.d/profiles-g-l/low-memory-monitor index 80907e166..4471dbd2e 100644 --- a/apparmor.d/profiles-g-l/low-memory-monitor +++ b/apparmor.d/profiles-g-l/low-memory-monitor @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -18,4 +17,6 @@ profile low-memory-monitor @{exec_path} flags=(attach_disconnected) { owner @{PROC}/pressure/memory rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/lsblk b/apparmor.d/profiles-g-l/lsblk index f4642a4cc..56aad52b8 100644 --- a/apparmor.d/profiles-g-l/lsblk +++ b/apparmor.d/profiles-g-l/lsblk @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -31,3 +30,5 @@ profile lsblk @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/lscpu b/apparmor.d/profiles-g-l/lscpu index 4f5f93167..804e67632 100644 --- a/apparmor.d/profiles-g-l/lscpu +++ b/apparmor.d/profiles-g-l/lscpu @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -31,3 +30,5 @@ profile lscpu @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/lsinitramfs b/apparmor.d/profiles-g-l/lsinitramfs index eba80fe94..e5b6ff750 100644 --- a/apparmor.d/profiles-g-l/lsinitramfs +++ b/apparmor.d/profiles-g-l/lsinitramfs @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -22,3 +21,5 @@ profile lsinitramfs @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/lspci b/apparmor.d/profiles-g-l/lspci index d0628ec11..0d6936d22 100644 --- a/apparmor.d/profiles-g-l/lspci +++ b/apparmor.d/profiles-g-l/lspci @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -45,3 +44,5 @@ profile lspci @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/lsusb b/apparmor.d/profiles-g-l/lsusb index 9ee06eb3a..eadda4785 100644 --- a/apparmor.d/profiles-g-l/lsusb +++ b/apparmor.d/profiles-g-l/lsusb @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -22,3 +21,5 @@ profile lsusb @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/lvm b/apparmor.d/profiles-g-l/lvm index 68630402a..0bd6ef2e8 100644 --- a/apparmor.d/profiles-g-l/lvm +++ b/apparmor.d/profiles-g-l/lvm @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -51,3 +50,5 @@ profile lvm @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/lvmconfig b/apparmor.d/profiles-g-l/lvmconfig index 23f1be740..f38bd6780 100644 --- a/apparmor.d/profiles-g-l/lvmconfig +++ b/apparmor.d/profiles-g-l/lvmconfig @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -18,3 +17,5 @@ profile lvmconfig @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/lvmdump b/apparmor.d/profiles-g-l/lvmdump index 8bdfe7e78..9dbe000f7 100644 --- a/apparmor.d/profiles-g-l/lvmdump +++ b/apparmor.d/profiles-g-l/lvmdump @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -18,3 +17,5 @@ profile lvmdump @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/lvmpolld b/apparmor.d/profiles-g-l/lvmpolld index 22708b596..7a4bc90b3 100644 --- a/apparmor.d/profiles-g-l/lvmpolld +++ b/apparmor.d/profiles-g-l/lvmpolld @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -21,3 +20,5 @@ profile lvmpolld @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/lxappearance b/apparmor.d/profiles-g-l/lxappearance index 619c180d8..a400ef80c 100644 --- a/apparmor.d/profiles-g-l/lxappearance +++ b/apparmor.d/profiles-g-l/lxappearance @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -68,3 +67,5 @@ profile lxappearance @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-g-l/lynx b/apparmor.d/profiles-g-l/lynx index 6c5432da2..143472569 100644 --- a/apparmor.d/profiles-g-l/lynx +++ b/apparmor.d/profiles-g-l/lynx @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor abi , @@ -39,3 +38,5 @@ profile lynx @{exec_path} { include if exists } + +# vim:syntax=apparmor From 1206692e517acb04d468761142fb25d6655ed95e Mon Sep 17 00:00:00 2001 From: REmerald <55359236+REmerald@users.noreply.github.com> Date: Sun, 9 Jun 2024 16:17:55 +0300 Subject: [PATCH 67/70] feat(abstractions): vim syntax highlighting Add vim syntax support. See man apparmor.vim(5) --- apparmor.d/abstractions/X-strict | 1 + apparmor.d/abstractions/X.d/complete | 1 + apparmor.d/abstractions/app-launcher-root | 1 + apparmor.d/abstractions/app-launcher-user | 1 + apparmor.d/abstractions/app-open | 1 + apparmor.d/abstractions/app/chromium | 1 + apparmor.d/abstractions/app/editor | 1 + apparmor.d/abstractions/app/firefox | 1 + apparmor.d/abstractions/app/open | 1 + apparmor.d/abstractions/app/pgrep | 1 + apparmor.d/abstractions/app/sudo | 1 + apparmor.d/abstractions/app/systemctl | 1 + apparmor.d/abstractions/audio-client | 1 + apparmor.d/abstractions/audio-server | 1 + apparmor.d/abstractions/audio.d/complete | 1 + apparmor.d/abstractions/authentication.d/complete | 1 + apparmor.d/abstractions/base.d/complete | 1 + apparmor.d/abstractions/bash-strict | 1 + apparmor.d/abstractions/bash.d/complete | 1 + apparmor.d/abstractions/bus-accessibility | 1 + apparmor.d/abstractions/bus-session | 1 + apparmor.d/abstractions/bus-system | 1 + apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry | 1 + apparmor.d/abstractions/bus/com.canonical.dbusmenu | 1 + apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 | 1 + apparmor.d/abstractions/bus/net.hadess.PowerProfiles | 1 + apparmor.d/abstractions/bus/net.hadess.SwitcherooControl | 1 + apparmor.d/abstractions/bus/net.reactivated.Fprint | 1 + apparmor.d/abstractions/bus/org.a11y | 1 + apparmor.d/abstractions/bus/org.bluez | 1 + apparmor.d/abstractions/bus/org.freedesktop.Accounts | 1 + apparmor.d/abstractions/bus/org.freedesktop.Avahi | 1 + apparmor.d/abstractions/bus/org.freedesktop.ColorManager | 1 + apparmor.d/abstractions/bus/org.freedesktop.FileManager1 | 1 + apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 | 1 + apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 | 1 + apparmor.d/abstractions/bus/org.freedesktop.NetworkManager | 1 + apparmor.d/abstractions/bus/org.freedesktop.Notifications | 1 + apparmor.d/abstractions/bus/org.freedesktop.PackageKit | 1 + apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 | 1 + apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 | 1 + apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver | 1 + apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files | 1 + apparmor.d/abstractions/bus/org.freedesktop.UDisks2 | 1 + apparmor.d/abstractions/bus/org.freedesktop.UPower | 1 + apparmor.d/abstractions/bus/org.freedesktop.background.Monitor | 1 + apparmor.d/abstractions/bus/org.freedesktop.hostname1 | 1 + .../abstractions/bus/org.freedesktop.impl.portal.PermissionStore | 1 + apparmor.d/abstractions/bus/org.freedesktop.locale1 | 1 + apparmor.d/abstractions/bus/org.freedesktop.login1 | 1 + apparmor.d/abstractions/bus/org.freedesktop.login1.Session | 1 + apparmor.d/abstractions/bus/org.freedesktop.network1 | 1 + apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop | 1 + apparmor.d/abstractions/bus/org.freedesktop.resolve1 | 1 + apparmor.d/abstractions/bus/org.freedesktop.secrets | 1 + apparmor.d/abstractions/bus/org.freedesktop.systemd1 | 1 + apparmor.d/abstractions/bus/org.freedesktop.systemd1-session | 1 + apparmor.d/abstractions/bus/org.freedesktop.timedate1 | 1 + apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 | 1 + apparmor.d/abstractions/bus/org.gnome.DisplayManager | 1 + apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig | 1 + apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor | 1 + apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 | 1 + apparmor.d/abstractions/bus/org.gnome.ScreenSaver | 1 + apparmor.d/abstractions/bus/org.gnome.SessionManager | 1 + apparmor.d/abstractions/bus/org.gnome.Shell.Introspect | 1 + apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor | 1 + apparmor.d/abstractions/bus/org.gtk.vfs.Daemon | 1 + apparmor.d/abstractions/bus/org.gtk.vfs.Metadata | 1 + apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker | 1 + apparmor.d/abstractions/bus/org.kde.StatusNotifierItem | 1 + apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher | 1 + apparmor.d/abstractions/bus/org.kde.kwalletd | 1 + apparmor.d/abstractions/common/app | 1 + apparmor.d/abstractions/common/apt | 1 + apparmor.d/abstractions/common/bwrap | 1 + apparmor.d/abstractions/common/chromium | 1 + apparmor.d/abstractions/common/electron | 1 + apparmor.d/abstractions/common/gnome | 1 + apparmor.d/abstractions/common/systemd | 1 + apparmor.d/abstractions/crypto.d/complete | 1 + apparmor.d/abstractions/dconf-write | 1 + apparmor.d/abstractions/deny-sensitive-home | 1 + apparmor.d/abstractions/desktop | 1 + apparmor.d/abstractions/devices-usb | 1 + apparmor.d/abstractions/disks-read | 1 + apparmor.d/abstractions/disks-write | 1 + apparmor.d/abstractions/dri | 1 + apparmor.d/abstractions/fish | 1 + apparmor.d/abstractions/fontconfig-cache-read | 1 + apparmor.d/abstractions/fontconfig-cache-write | 1 + apparmor.d/abstractions/freedesktop.org.d/complete | 1 + apparmor.d/abstractions/gnome-strict | 1 + apparmor.d/abstractions/gnome.d/complete | 1 + apparmor.d/abstractions/graphics | 1 + apparmor.d/abstractions/graphics-full | 1 + apparmor.d/abstractions/gstreamer | 1 + apparmor.d/abstractions/gtk.d/complete | 1 + apparmor.d/abstractions/ibus.d/complete | 1 + apparmor.d/abstractions/kde-open5.d/complete | 1 + apparmor.d/abstractions/kde-strict | 1 + apparmor.d/abstractions/mesa.d/complete | 1 + apparmor.d/abstractions/nameservice-strict | 1 + apparmor.d/abstractions/nvidia-strict | 1 + apparmor.d/abstractions/nvidia.d/complete | 1 + apparmor.d/abstractions/opencl-intel.d/complete | 1 + apparmor.d/abstractions/python.d/complete | 1 + apparmor.d/abstractions/qt5-shader-cache | 1 + apparmor.d/abstractions/qt5.d/complete | 1 + apparmor.d/abstractions/shells | 1 + apparmor.d/abstractions/thumbnails-cache-read | 1 + apparmor.d/abstractions/thumbnails-cache-write | 1 + apparmor.d/abstractions/trash-strict | 1 + apparmor.d/abstractions/trash.d/complete | 1 + apparmor.d/abstractions/uim | 1 + apparmor.d/abstractions/user-download-strict | 1 + apparmor.d/abstractions/user-read | 1 + apparmor.d/abstractions/user-read-strict | 1 + apparmor.d/abstractions/user-write-strict | 1 + apparmor.d/abstractions/user-write.d/complete | 1 + apparmor.d/abstractions/video.d/complete | 1 + apparmor.d/abstractions/vulkan-strict | 1 + apparmor.d/abstractions/vulkan.d/complete | 1 + apparmor.d/abstractions/wayland.d/complete | 1 + apparmor.d/abstractions/xfce | 1 + apparmor.d/abstractions/zsh | 1 + 126 files changed, 126 insertions(+) diff --git a/apparmor.d/abstractions/X-strict b/apparmor.d/abstractions/X-strict index 0998bbb44..01d538509 100644 --- a/apparmor.d/abstractions/X-strict +++ b/apparmor.d/abstractions/X-strict @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # The unix socket to use to connect to the display unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"), diff --git a/apparmor.d/abstractions/X.d/complete b/apparmor.d/abstractions/X.d/complete index 8a6636664..b3acf4c06 100644 --- a/apparmor.d/abstractions/X.d/complete +++ b/apparmor.d/abstractions/X.d/complete @@ -2,6 +2,7 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Available Xsessions /usr/share/xsessions/{,*.desktop} r, diff --git a/apparmor.d/abstractions/app-launcher-root b/apparmor.d/abstractions/app-launcher-root index c31d328fb..adf37c2eb 100644 --- a/apparmor.d/abstractions/app-launcher-root +++ b/apparmor.d/abstractions/app-launcher-root @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor @{bin}/* PUx, /usr/local/{s,}bin/* PUx, diff --git a/apparmor.d/abstractions/app-launcher-user b/apparmor.d/abstractions/app-launcher-user index 5e7c50824..892e44f47 100644 --- a/apparmor.d/abstractions/app-launcher-user +++ b/apparmor.d/abstractions/app-launcher-user @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor @{bin}/* PUx, /opt/*/** PUx, diff --git a/apparmor.d/abstractions/app-open b/apparmor.d/abstractions/app-open index 513924de6..2db071a91 100644 --- a/apparmor.d/abstractions/app-open +++ b/apparmor.d/abstractions/app-open @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Instead of allowing the run of all software in @{bin}/, @{lib} the purpose of # this abstraction is to list all GUI program that can open resources. diff --git a/apparmor.d/abstractions/app/chromium b/apparmor.d/abstractions/app/chromium index 41bbab892..3321d273b 100644 --- a/apparmor.d/abstractions/app/chromium +++ b/apparmor.d/abstractions/app/chromium @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Full set of rules for all chromium based browsers. It works as a *function* # and requires some variables to be provided as *arguments* and set in the diff --git a/apparmor.d/abstractions/app/editor b/apparmor.d/abstractions/app/editor index f0972f3e7..3bfce1cdb 100644 --- a/apparmor.d/abstractions/app/editor +++ b/apparmor.d/abstractions/app/editor @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Zane Zakraisek # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include diff --git a/apparmor.d/abstractions/app/firefox b/apparmor.d/abstractions/app/firefox index bf86f419c..7984fd671 100644 --- a/apparmor.d/abstractions/app/firefox +++ b/apparmor.d/abstractions/app/firefox @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Full set of rules for all firefox based browsers. It works as a *function* # and requires some variables to be provided as *arguments* and set in the diff --git a/apparmor.d/abstractions/app/open b/apparmor.d/abstractions/app/open index f93a1c444..a936f70fe 100644 --- a/apparmor.d/abstractions/app/open +++ b/apparmor.d/abstractions/app/open @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Full set of rules for child-open-* profiles. diff --git a/apparmor.d/abstractions/app/pgrep b/apparmor.d/abstractions/app/pgrep index 4bab75387..2b6d3a22d 100644 --- a/apparmor.d/abstractions/app/pgrep +++ b/apparmor.d/abstractions/app/pgrep @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Minimal set of rules for pgrep. diff --git a/apparmor.d/abstractions/app/sudo b/apparmor.d/abstractions/app/sudo index 6fba1adfd..5a1145e73 100644 --- a/apparmor.d/abstractions/app/sudo +++ b/apparmor.d/abstractions/app/sudo @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Minimal set of rules for sudo. Interactive sudo need more rules. diff --git a/apparmor.d/abstractions/app/systemctl b/apparmor.d/abstractions/app/systemctl index 62b4aafdf..4f33ae743 100644 --- a/apparmor.d/abstractions/app/systemctl +++ b/apparmor.d/abstractions/app/systemctl @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include include diff --git a/apparmor.d/abstractions/audio-client b/apparmor.d/abstractions/audio-client index ca4a8e16c..980b90172 100644 --- a/apparmor.d/abstractions/audio-client +++ b/apparmor.d/abstractions/audio-client @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Most programs do not need access to audio devices, audio-client only includes # configuration files to be used by client applications. diff --git a/apparmor.d/abstractions/audio-server b/apparmor.d/abstractions/audio-server index 619ba1111..57eaa3c65 100644 --- a/apparmor.d/abstractions/audio-server +++ b/apparmor.d/abstractions/audio-server @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Provide access to audio devices. It should only be used by audio servers that # need direct access to them. diff --git a/apparmor.d/abstractions/audio.d/complete b/apparmor.d/abstractions/audio.d/complete index 01d94e067..51ad53006 100644 --- a/apparmor.d/abstractions/audio.d/complete +++ b/apparmor.d/abstractions/audio.d/complete @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # PulseAudio module-ladspa-sink (plugin sc4m_1916) @{lib}/ladspa/ r, diff --git a/apparmor.d/abstractions/authentication.d/complete b/apparmor.d/abstractions/authentication.d/complete index 63819cc1b..15ea6c9e9 100644 --- a/apparmor.d/abstractions/authentication.d/complete +++ b/apparmor.d/abstractions/authentication.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor @{bin}/pam-tmpdir-helper rPx, diff --git a/apparmor.d/abstractions/base.d/complete b/apparmor.d/abstractions/base.d/complete index e9761b843..0a5cbff70 100644 --- a/apparmor.d/abstractions/base.d/complete +++ b/apparmor.d/abstractions/base.d/complete @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Allow to receive some signals from new well-known profiles signal (receive) peer=btop, diff --git a/apparmor.d/abstractions/bash-strict b/apparmor.d/abstractions/bash-strict index eb4f65230..d885d7ddd 100644 --- a/apparmor.d/abstractions/bash-strict +++ b/apparmor.d/abstractions/bash-strict @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # This abstraction is only required when an interactive shell is started. # Classic shell scripts do not need it. diff --git a/apparmor.d/abstractions/bash.d/complete b/apparmor.d/abstractions/bash.d/complete index 6d16109de..54d859963 100644 --- a/apparmor.d/abstractions/bash.d/complete +++ b/apparmor.d/abstractions/bash.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor /usr/share/bash-completion/{,**} r, diff --git a/apparmor.d/abstractions/bus-accessibility b/apparmor.d/abstractions/bus-accessibility index f032f842b..5bf684136 100644 --- a/apparmor.d/abstractions/bus-accessibility +++ b/apparmor.d/abstractions/bus-accessibility @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=accessibility path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/abstractions/bus-session b/apparmor.d/abstractions/bus-session index d5ca957e8..522457cf2 100644 --- a/apparmor.d/abstractions/bus-session +++ b/apparmor.d/abstractions/bus-session @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor unix (bind, listen) type=stream addr="@/tmp/dbus-*", unix (connect, send, receive, accept) type=stream addr="@/tmp/dbus-*", diff --git a/apparmor.d/abstractions/bus-system b/apparmor.d/abstractions/bus-system index 0148d0711..84a44c966 100644 --- a/apparmor.d/abstractions/bus-system +++ b/apparmor.d/abstractions/bus-system @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry b/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry index 3eceb53ab..4225e07c0 100644 --- a/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry +++ b/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Access required for connecting to/communicating with the Unity Launcher diff --git a/apparmor.d/abstractions/bus/com.canonical.dbusmenu b/apparmor.d/abstractions/bus/com.canonical.dbusmenu index 290a86de8..fb4964479 100644 --- a/apparmor.d/abstractions/bus/com.canonical.dbusmenu +++ b/apparmor.d/abstractions/bus/com.canonical.dbusmenu @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include if exists diff --git a/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 b/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 index a8e3d52a5..8de9de893 100644 --- a/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 +++ b/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/fi/w1/wpa_supplicant1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/net.hadess.PowerProfiles b/apparmor.d/abstractions/bus/net.hadess.PowerProfiles index b4032e033..e5d90ebce 100644 --- a/apparmor.d/abstractions/bus/net.hadess.PowerProfiles +++ b/apparmor.d/abstractions/bus/net.hadess.PowerProfiles @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/net/hadess/PowerProfiles interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl b/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl index 55e4f414d..2fb9bdf50 100644 --- a/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl +++ b/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/net/hadess/SwitcherooControl interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/net.reactivated.Fprint b/apparmor.d/abstractions/bus/net.reactivated.Fprint index 7e7b21565..27c7b07dd 100644 --- a/apparmor.d/abstractions/bus/net.reactivated.Fprint +++ b/apparmor.d/abstractions/bus/net.reactivated.Fprint @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/net/reactivated/Fprint/Manager interface=net.reactivated.Fprint.Manager diff --git a/apparmor.d/abstractions/bus/org.a11y b/apparmor.d/abstractions/bus/org.a11y index 5103361c9..ff9c9619a 100644 --- a/apparmor.d/abstractions/bus/org.a11y +++ b/apparmor.d/abstractions/bus/org.a11y @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Accessibility bus diff --git a/apparmor.d/abstractions/bus/org.bluez b/apparmor.d/abstractions/bus/org.bluez index 7c86817f5..046f3470e 100644 --- a/apparmor.d/abstractions/bus/org.bluez +++ b/apparmor.d/abstractions/bus/org.bluez @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus receive bus=system path=/ interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Accounts b/apparmor.d/abstractions/bus/org.freedesktop.Accounts index 10a9e8fc0..842616bdc 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Accounts +++ b/apparmor.d/abstractions/bus/org.freedesktop.Accounts @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/Accounts interface=org.freedesktop.Accounts diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Avahi b/apparmor.d/abstractions/bus/org.freedesktop.Avahi index 8b24700db..ea79a33be 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Avahi +++ b/apparmor.d/abstractions/bus/org.freedesktop.Avahi @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/ interface=org.freedesktop.DBus.Peer diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ColorManager b/apparmor.d/abstractions/bus/org.freedesktop.ColorManager index 3950b77aa..5d97a6b04 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.ColorManager +++ b/apparmor.d/abstractions/bus/org.freedesktop.ColorManager @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/ColorManager interface=org.freedesktop.ColorManager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 b/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 index b4e985b9e..d43fdec81 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/FileManager1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 b/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 index 836e99d94..357601386 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 +++ b/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/GeoClue2/Manager interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 b/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 index 217b588a4..ce6505c9d 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/ModemManager1 interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager b/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager index 0fa92d3cc..f42ddd43e 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager +++ b/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Notifications b/apparmor.d/abstractions/bus/org.freedesktop.Notifications index 90ee1aefc..a45c59c48 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Notifications +++ b/apparmor.d/abstractions/bus/org.freedesktop.Notifications @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/Notifications interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.PackageKit b/apparmor.d/abstractions/bus/org.freedesktop.PackageKit index 7cdd9a3ce..be5d97328 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.PackageKit +++ b/apparmor.d/abstractions/bus/org.freedesktop.PackageKit @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/PackageKit interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 b/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 index 3201e48ce..38d4147de 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus receive bus=system path=/org/freedesktop/PolicyKit1/Authority interface=org.freedesktop.PolicyKit1.Authority diff --git a/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 b/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 index 474c4c625..83166574b 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/RealtimeKit1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver b/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver index 842057a1d..2f2303b07 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver +++ b/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/ScreenSaver interface=org.freedesktop.ScreenSaver diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files b/apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files index 567740a35..535f4dfc3 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files +++ b/apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/Tracker3/Endpoint interface=org.freedesktop.DBus.Peer diff --git a/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 b/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 index 79b882e51..6d8bd828e 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 +++ b/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/UDisks2 interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.UPower b/apparmor.d/abstractions/bus/org.freedesktop.UPower index d8341d33c..3e327db47 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.UPower +++ b/apparmor.d/abstractions/bus/org.freedesktop.UPower @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/UPower interface=org.freedesktop.UPower diff --git a/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor b/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor index 5f951381b..8a51c3d54 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor +++ b/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/background/monitor interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.hostname1 b/apparmor.d/abstractions/bus/org.freedesktop.hostname1 index 54196d16b..5dc2a135f 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.hostname1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.hostname1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/hostname1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore b/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore index 6b965a2f5..9cf91d9ec 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore +++ b/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/impl/portal/PermissionStore interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.locale1 b/apparmor.d/abstractions/bus/org.freedesktop.locale1 index a2865c7c9..121124e8c 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.locale1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.locale1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/locale1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.login1 b/apparmor.d/abstractions/bus/org.freedesktop.login1 index fdceceea4..25114d3d6 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.login1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.login1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.login1.Session b/apparmor.d/abstractions/bus/org.freedesktop.login1.Session index 24d5c1452..d0fe0f87d 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.login1.Session +++ b/apparmor.d/abstractions/bus/org.freedesktop.login1.Session @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.network1 b/apparmor.d/abstractions/bus/org.freedesktop.network1 index 268a21dea..4378d4a22 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.network1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.network1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/network1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop b/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop index a2a1a94a0..314e140d5 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop +++ b/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/portal/desktop interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.resolve1 b/apparmor.d/abstractions/bus/org.freedesktop.resolve1 index 3057282c9..c84377bdf 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.resolve1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.resolve1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/resolve1 interface=org.freedesktop.resolve1.Manager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.secrets b/apparmor.d/abstractions/bus/org.freedesktop.secrets index 01ecf0786..de20b8e79 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.secrets +++ b/apparmor.d/abstractions/bus/org.freedesktop.secrets @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/secrets{,/**} interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.systemd1 b/apparmor.d/abstractions/bus/org.freedesktop.systemd1 index 49e4b014d..d72645d72 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.systemd1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.systemd1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/systemd1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session b/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session index c0e852662..763a1c832 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session +++ b/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/systemd1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.timedate1 b/apparmor.d/abstractions/bus/org.freedesktop.timedate1 index 883c5c165..297343fa5 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.timedate1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.timedate1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/timedate1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 b/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 index 9953ee8bf..d960c1494 100644 --- a/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 +++ b/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/gnome/ArchiveManager1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.gnome.DisplayManager b/apparmor.d/abstractions/bus/org.gnome.DisplayManager index 05945a253..a41a6b21e 100644 --- a/apparmor.d/abstractions/bus/org.gnome.DisplayManager +++ b/apparmor.d/abstractions/bus/org.gnome.DisplayManager @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=system path=/org/gnome/DisplayManager/Manager interface=org.gnome.DisplayManager.Manager diff --git a/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig b/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig index d701792a6..f4a93f889 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig +++ b/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/gnome/Mutter/DisplayConfig interface=org.gnome.Mutter.DisplayConfig diff --git a/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor b/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor index 7ada64f05..3fba15ea2 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor +++ b/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/gnome/Mutter/IdleMonitor interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 b/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 index e547ab2c5..baeff9230 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 +++ b/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/gnome/Nautilus/FileOperations2 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.gnome.ScreenSaver b/apparmor.d/abstractions/bus/org.gnome.ScreenSaver index 3e228ad1f..d85fae4ba 100644 --- a/apparmor.d/abstractions/bus/org.gnome.ScreenSaver +++ b/apparmor.d/abstractions/bus/org.gnome.ScreenSaver @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/gnome/ScreenSaver interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.gnome.SessionManager b/apparmor.d/abstractions/bus/org.gnome.SessionManager index 4197fb4cf..b19e171d4 100644 --- a/apparmor.d/abstractions/bus/org.gnome.SessionManager +++ b/apparmor.d/abstractions/bus/org.gnome.SessionManager @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # FIXME: Too large, restrict it. diff --git a/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect b/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect index 72e4525bc..618cc9ea5 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect +++ b/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/gnome/Shell/Introspect interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor b/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor index 73d958513..9ff04f175 100644 --- a/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor +++ b/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/gtk/Private/RemoteVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor diff --git a/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon b/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon index 35cd640d6..73a409d3d 100644 --- a/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon +++ b/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/gtk/vfs/Daemon interface=org.gtk.vfs.Daemon diff --git a/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata b/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata index 33d3c1c36..0f646e7f0 100644 --- a/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata +++ b/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/gtk/vfs/metadata interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker b/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker index 4d59f0afc..626498c39 100644 --- a/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker +++ b/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/org/gtk/vfs/mounttracker interface=org.gtk.vfs.MountTracker diff --git a/apparmor.d/abstractions/bus/org.kde.StatusNotifierItem b/apparmor.d/abstractions/bus/org.kde.StatusNotifierItem index 4fca40e84..fb7a0efff 100644 --- a/apparmor.d/abstractions/bus/org.kde.StatusNotifierItem +++ b/apparmor.d/abstractions/bus/org.kde.StatusNotifierItem @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include if exists diff --git a/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher b/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher index 67ac1fb6d..7df6188d2 100644 --- a/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher +++ b/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session path=/StatusNotifierWatcher interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.kde.kwalletd b/apparmor.d/abstractions/bus/org.kde.kwalletd index c0d2ecba2..d992a1dcb 100644 --- a/apparmor.d/abstractions/bus/org.kde.kwalletd +++ b/apparmor.d/abstractions/bus/org.kde.kwalletd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include if exists diff --git a/apparmor.d/abstractions/common/app b/apparmor.d/abstractions/common/app index e44d8509c..25a06aee7 100644 --- a/apparmor.d/abstractions/common/app +++ b/apparmor.d/abstractions/common/app @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # LOGPROF-SUGGEST: no # Common rules for applications sandboxed using bwrap. diff --git a/apparmor.d/abstractions/common/apt b/apparmor.d/abstractions/common/apt index 77c5a0b7e..f50bdcf56 100644 --- a/apparmor.d/abstractions/common/apt +++ b/apparmor.d/abstractions/common/apt @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor /usr/share/dpkg/cputable r, /usr/share/dpkg/tupletable r, diff --git a/apparmor.d/abstractions/common/bwrap b/apparmor.d/abstractions/common/bwrap index a73626bb1..624e80719 100644 --- a/apparmor.d/abstractions/common/bwrap +++ b/apparmor.d/abstractions/common/bwrap @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # A minimal set of rules for sandboxed programs using bwrap. # A profile using this abstraction still needs to set: diff --git a/apparmor.d/abstractions/common/chromium b/apparmor.d/abstractions/common/chromium index 2e98c515a..386eb3af3 100644 --- a/apparmor.d/abstractions/common/chromium +++ b/apparmor.d/abstractions/common/chromium @@ -2,6 +2,7 @@ # Copyright (C) 2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # This abstraction is for chromium based application. Chromium based browsers # need to use abstractions/chromium instead. diff --git a/apparmor.d/abstractions/common/electron b/apparmor.d/abstractions/common/electron index 732129c26..3ae7268cc 100644 --- a/apparmor.d/abstractions/common/electron +++ b/apparmor.d/abstractions/common/electron @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Minimal set of rules for all electron based UI application. It works as a # *function* and requires some variables to be provided as *arguments* and set diff --git a/apparmor.d/abstractions/common/gnome b/apparmor.d/abstractions/common/gnome index c93f9bc05..239a79d81 100644 --- a/apparmor.d/abstractions/common/gnome +++ b/apparmor.d/abstractions/common/gnome @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Minimal set of rules for all gnome based UI application. diff --git a/apparmor.d/abstractions/common/systemd b/apparmor.d/abstractions/common/systemd index 0ed3a824b..ccc35d6e1 100644 --- a/apparmor.d/abstractions/common/systemd +++ b/apparmor.d/abstractions/common/systemd @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor ptrace (read) peer=@{p_systemd}, diff --git a/apparmor.d/abstractions/crypto.d/complete b/apparmor.d/abstractions/crypto.d/complete index a163af66d..1c97e2512 100644 --- a/apparmor.d/abstractions/crypto.d/complete +++ b/apparmor.d/abstractions/crypto.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include diff --git a/apparmor.d/abstractions/dconf-write b/apparmor.d/abstractions/dconf-write index f25e1c3e6..e0397cce2 100644 --- a/apparmor.d/abstractions/dconf-write +++ b/apparmor.d/abstractions/dconf-write @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Permissions for querying dconf settings with write access; use the dconf # abstraction first, and dconf-write only for specific application's profile. diff --git a/apparmor.d/abstractions/deny-sensitive-home b/apparmor.d/abstractions/deny-sensitive-home index d8e1fdfb8..f21859241 100644 --- a/apparmor.d/abstractions/deny-sensitive-home +++ b/apparmor.d/abstractions/deny-sensitive-home @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # DO NOT USE IT WITHOUT EXPLICIT AUTHORISATION FROM THE PROJECT MAINTAINER diff --git a/apparmor.d/abstractions/desktop b/apparmor.d/abstractions/desktop index befea8bcb..736f6b16e 100644 --- a/apparmor.d/abstractions/desktop +++ b/apparmor.d/abstractions/desktop @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Unified minimal abstraction for all UI application regardless of the desktop environment. diff --git a/apparmor.d/abstractions/devices-usb b/apparmor.d/abstractions/devices-usb index 5a2a8b742..7d9fc3737 100644 --- a/apparmor.d/abstractions/devices-usb +++ b/apparmor.d/abstractions/devices-usb @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor /dev/ r, /dev/bus/usb/ r, diff --git a/apparmor.d/abstractions/disks-read b/apparmor.d/abstractions/disks-read index 10beb258d..b80175fe5 100644 --- a/apparmor.d/abstractions/disks-read +++ b/apparmor.d/abstractions/disks-read @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # The /sys/ entries probably should be tightened diff --git a/apparmor.d/abstractions/disks-write b/apparmor.d/abstractions/disks-write index 361b60d82..80299f1f4 100644 --- a/apparmor.d/abstractions/disks-write +++ b/apparmor.d/abstractions/disks-write @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # The /sys/ entries probably should be tightened diff --git a/apparmor.d/abstractions/dri b/apparmor.d/abstractions/dri index a1eb1cd41..8b2d9a64c 100644 --- a/apparmor.d/abstractions/dri +++ b/apparmor.d/abstractions/dri @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # The Direct Rendering Infrastructure (DRI) is the framework comprising the modern # Linux graphics stack which allows unprivileged user-space programs to issue diff --git a/apparmor.d/abstractions/fish b/apparmor.d/abstractions/fish index fe3cab891..450e12050 100644 --- a/apparmor.d/abstractions/fish +++ b/apparmor.d/abstractions/fish @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # This abstraction is only required when an interactive shell is started. # Classic shell scripts do not need it. diff --git a/apparmor.d/abstractions/fontconfig-cache-read b/apparmor.d/abstractions/fontconfig-cache-read index 216075648..2c6e04aca 100644 --- a/apparmor.d/abstractions/fontconfig-cache-read +++ b/apparmor.d/abstractions/fontconfig-cache-read @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # The fontconfig cache can be generated via the following command: # $ fc-cache -f -v diff --git a/apparmor.d/abstractions/fontconfig-cache-write b/apparmor.d/abstractions/fontconfig-cache-write index 19fa7c53a..d642a93a2 100644 --- a/apparmor.d/abstractions/fontconfig-cache-write +++ b/apparmor.d/abstractions/fontconfig-cache-write @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor owner @{user_cache_dirs}/fontconfig/ rw, owner @{user_cache_dirs}/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw, diff --git a/apparmor.d/abstractions/freedesktop.org.d/complete b/apparmor.d/abstractions/freedesktop.org.d/complete index 3e669f4dc..71dc290c6 100644 --- a/apparmor.d/abstractions/freedesktop.org.d/complete +++ b/apparmor.d/abstractions/freedesktop.org.d/complete @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor @{system_share_dirs}/*ubuntu/applications/{,**} r, @{system_share_dirs}/gnome/applications/{,**} r, diff --git a/apparmor.d/abstractions/gnome-strict b/apparmor.d/abstractions/gnome-strict index 891e5a573..ea191ab35 100644 --- a/apparmor.d/abstractions/gnome-strict +++ b/apparmor.d/abstractions/gnome-strict @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include include diff --git a/apparmor.d/abstractions/gnome.d/complete b/apparmor.d/abstractions/gnome.d/complete index 90f705ac7..ba38eaa12 100644 --- a/apparmor.d/abstractions/gnome.d/complete +++ b/apparmor.d/abstractions/gnome.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include diff --git a/apparmor.d/abstractions/graphics b/apparmor.d/abstractions/graphics index 9b7954f0d..ca2f72622 100644 --- a/apparmor.d/abstractions/graphics +++ b/apparmor.d/abstractions/graphics @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include include diff --git a/apparmor.d/abstractions/graphics-full b/apparmor.d/abstractions/graphics-full index fe2d2001c..1e14bd63f 100644 --- a/apparmor.d/abstractions/graphics-full +++ b/apparmor.d/abstractions/graphics-full @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include diff --git a/apparmor.d/abstractions/gstreamer b/apparmor.d/abstractions/gstreamer index 60bac614e..403ee6419 100644 --- a/apparmor.d/abstractions/gstreamer +++ b/apparmor.d/abstractions/gstreamer @@ -2,6 +2,7 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor @{lib}/@{multiarch}/libproxy/*/modules/*.so mr, @{lib}/@{multiarch}/libvisual-[0-9].[0-9]/*/*.so mr, diff --git a/apparmor.d/abstractions/gtk.d/complete b/apparmor.d/abstractions/gtk.d/complete index ac702a70f..db3abf7d6 100644 --- a/apparmor.d/abstractions/gtk.d/complete +++ b/apparmor.d/abstractions/gtk.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor dbus send bus=session interface=org.gtk.Actions diff --git a/apparmor.d/abstractions/ibus.d/complete b/apparmor.d/abstractions/ibus.d/complete index 33d034b5a..52740ddf0 100644 --- a/apparmor.d/abstractions/ibus.d/complete +++ b/apparmor.d/abstractions/ibus.d/complete @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # abstract path in ibus < 1.5.22 uses /tmp unix (connect, receive, send) diff --git a/apparmor.d/abstractions/kde-open5.d/complete b/apparmor.d/abstractions/kde-open5.d/complete index 37038b129..9b8df3d82 100644 --- a/apparmor.d/abstractions/kde-open5.d/complete +++ b/apparmor.d/abstractions/kde-open5.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor @{bin}/kde-open rix, diff --git a/apparmor.d/abstractions/kde-strict b/apparmor.d/abstractions/kde-strict index c164bd434..49697ec70 100644 --- a/apparmor.d/abstractions/kde-strict +++ b/apparmor.d/abstractions/kde-strict @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include include diff --git a/apparmor.d/abstractions/mesa.d/complete b/apparmor.d/abstractions/mesa.d/complete index ed3306e42..63b8fda26 100644 --- a/apparmor.d/abstractions/mesa.d/complete +++ b/apparmor.d/abstractions/mesa.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Extra Mesa rules for desktop environments owner @{desktop_cache_dirs}/ w, diff --git a/apparmor.d/abstractions/nameservice-strict b/apparmor.d/abstractions/nameservice-strict index b1d474717..50786f6b4 100644 --- a/apparmor.d/abstractions/nameservice-strict +++ b/apparmor.d/abstractions/nameservice-strict @@ -2,6 +2,7 @@ # Copyright (C) 2019-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Many programs wish to perform nameservice-like operations, such as looking up # users by name or id, groups by name or id, hosts by name or IP, etc. diff --git a/apparmor.d/abstractions/nvidia-strict b/apparmor.d/abstractions/nvidia-strict index 6521c9840..0a66b8e92 100644 --- a/apparmor.d/abstractions/nvidia-strict +++ b/apparmor.d/abstractions/nvidia-strict @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor @{bin}/nvidia-modprobe Px -> child-modprobe-nvidia, diff --git a/apparmor.d/abstractions/nvidia.d/complete b/apparmor.d/abstractions/nvidia.d/complete index ef9d0c40d..e4fff6739 100644 --- a/apparmor.d/abstractions/nvidia.d/complete +++ b/apparmor.d/abstractions/nvidia.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor unix (send, receive) type=dgram peer=(addr="@var/run/nvidia-xdriver-*"), diff --git a/apparmor.d/abstractions/opencl-intel.d/complete b/apparmor.d/abstractions/opencl-intel.d/complete index 1845cd61d..ecc116a2e 100644 --- a/apparmor.d/abstractions/opencl-intel.d/complete +++ b/apparmor.d/abstractions/opencl-intel.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor /opt/intel/oneapi/{compiler,lib,mkl}/**/ r, /opt/intel/oneapi/{compiler,lib,mkl}/**.so* mr, diff --git a/apparmor.d/abstractions/python.d/complete b/apparmor.d/abstractions/python.d/complete index e6eea6744..b334b2e4c 100644 --- a/apparmor.d/abstractions/python.d/complete +++ b/apparmor.d/abstractions/python.d/complete @@ -2,6 +2,7 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor @{bin}/ r, @{bin}/python{2.[4-7],3,3.[0-9],3.1[0-9]} r, diff --git a/apparmor.d/abstractions/qt5-shader-cache b/apparmor.d/abstractions/qt5-shader-cache index 4ac0f7f1d..660e4a39d 100644 --- a/apparmor.d/abstractions/qt5-shader-cache +++ b/apparmor.d/abstractions/qt5-shader-cache @@ -2,6 +2,7 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor owner @{user_cache_dirs}/ w, owner @{user_cache_dirs}/qtshadercache/ rw, diff --git a/apparmor.d/abstractions/qt5.d/complete b/apparmor.d/abstractions/qt5.d/complete index 6063b47e2..71305d3cf 100644 --- a/apparmor.d/abstractions/qt5.d/complete +++ b/apparmor.d/abstractions/qt5.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor /usr/share/qt{,5,6}/qtlogging.ini r, /usr/share/qt{,5,6}/resources/*.pak r, diff --git a/apparmor.d/abstractions/shells b/apparmor.d/abstractions/shells index b269f2335..84dbb7c72 100644 --- a/apparmor.d/abstractions/shells +++ b/apparmor.d/abstractions/shells @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # This abstraction is only required when an interactive shell is started. # Classic shell scripts do not need it. diff --git a/apparmor.d/abstractions/thumbnails-cache-read b/apparmor.d/abstractions/thumbnails-cache-read index dc164c6ba..5bf6153c3 100644 --- a/apparmor.d/abstractions/thumbnails-cache-read +++ b/apparmor.d/abstractions/thumbnails-cache-read @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor owner @{user_cache_dirs}/thumbnails/ r, owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/ r, diff --git a/apparmor.d/abstractions/thumbnails-cache-write b/apparmor.d/abstractions/thumbnails-cache-write index 01de0407e..a9bf4cf14 100644 --- a/apparmor.d/abstractions/thumbnails-cache-write +++ b/apparmor.d/abstractions/thumbnails-cache-write @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor owner @{user_cache_dirs}/thumbnails/ rw, owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/ rw, diff --git a/apparmor.d/abstractions/trash-strict b/apparmor.d/abstractions/trash-strict index 1f4202818..fb4f9b306 100644 --- a/apparmor.d/abstractions/trash-strict +++ b/apparmor.d/abstractions/trash-strict @@ -2,6 +2,7 @@ # Copyright (C) 2018-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Already upstreamed. Different because recent change does not play well # with upstream's version. diff --git a/apparmor.d/abstractions/trash.d/complete b/apparmor.d/abstractions/trash.d/complete index a80a1e5a6..10149ee1b 100644 --- a/apparmor.d/abstractions/trash.d/complete +++ b/apparmor.d/abstractions/trash.d/complete @@ -2,6 +2,7 @@ # Copyright (C) 2018-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor owner @{user_config_dirs}/trashrc rw, owner @{user_config_dirs}/trashrc.lock rwk, diff --git a/apparmor.d/abstractions/uim b/apparmor.d/abstractions/uim index 03ae9e3e8..81abacb6b 100644 --- a/apparmor.d/abstractions/uim +++ b/apparmor.d/abstractions/uim @@ -2,6 +2,7 @@ # Copyright (C) 2024 Alexandre Pujol # Copyright (C) 2024 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor /usr/share/uim/* r, diff --git a/apparmor.d/abstractions/user-download-strict b/apparmor.d/abstractions/user-download-strict index 3feed5cd8..01465ddf7 100644 --- a/apparmor.d/abstractions/user-download-strict +++ b/apparmor.d/abstractions/user-download-strict @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor owner @{HOME}/@{XDG_DESKTOP_DIR}/ w, owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ w, diff --git a/apparmor.d/abstractions/user-read b/apparmor.d/abstractions/user-read index 4187ab9e2..c49e1fea2 100644 --- a/apparmor.d/abstractions/user-read +++ b/apparmor.d/abstractions/user-read @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Warning: This abstraction gives unrestricted read access on all non hidden user directories. diff --git a/apparmor.d/abstractions/user-read-strict b/apparmor.d/abstractions/user-read-strict index 5211b0345..88b998401 100644 --- a/apparmor.d/abstractions/user-read-strict +++ b/apparmor.d/abstractions/user-read-strict @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # This abstraction gives read access on all defined user directories. It should # only be used if access to **ALL** folders is required. diff --git a/apparmor.d/abstractions/user-write-strict b/apparmor.d/abstractions/user-write-strict index 223fc660a..a478581d5 100644 --- a/apparmor.d/abstractions/user-write-strict +++ b/apparmor.d/abstractions/user-write-strict @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # This abstraction gives write only access on all defined user directories. It should # only be used if access to **ALL** folders is required. diff --git a/apparmor.d/abstractions/user-write.d/complete b/apparmor.d/abstractions/user-write.d/complete index a529324f5..7d8023309 100644 --- a/apparmor.d/abstractions/user-write.d/complete +++ b/apparmor.d/abstractions/user-write.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # Warning: This abstraction gives unrestricted write access on all non hidden user directories. diff --git a/apparmor.d/abstractions/video.d/complete b/apparmor.d/abstractions/video.d/complete index 97b7f1a2a..4222fec54 100644 --- a/apparmor.d/abstractions/video.d/complete +++ b/apparmor.d/abstractions/video.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor @{run}/udev/data/c81:@{int} r, # For video4linux diff --git a/apparmor.d/abstractions/vulkan-strict b/apparmor.d/abstractions/vulkan-strict index fd86f1e81..533fe4ecf 100644 --- a/apparmor.d/abstractions/vulkan-strict +++ b/apparmor.d/abstractions/vulkan-strict @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor /usr/share/egl/egl_external_platform.d/{,*.json} r, /usr/share/glvnd/egl_vendor.d/{,*.json} r, diff --git a/apparmor.d/abstractions/vulkan.d/complete b/apparmor.d/abstractions/vulkan.d/complete index 8e5b68c08..64c12b2bf 100644 --- a/apparmor.d/abstractions/vulkan.d/complete +++ b/apparmor.d/abstractions/vulkan.d/complete @@ -1,5 +1,6 @@ # apparmor.d - Full set of apparmor profiles # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor /etc/glvnd/egl_vendor.d/{,*.json} r, /usr/share/glvnd/egl_vendor.d/{,*.json} r, diff --git a/apparmor.d/abstractions/wayland.d/complete b/apparmor.d/abstractions/wayland.d/complete index 245b9238d..42066e814 100644 --- a/apparmor.d/abstractions/wayland.d/complete +++ b/apparmor.d/abstractions/wayland.d/complete @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor owner @{user_config_dirs}/ibus/bus/@{hex32}-unix-wayland-@{int} r, diff --git a/apparmor.d/abstractions/xfce b/apparmor.d/abstractions/xfce index 067de9148..26d93714b 100644 --- a/apparmor.d/abstractions/xfce +++ b/apparmor.d/abstractions/xfce @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor include include diff --git a/apparmor.d/abstractions/zsh b/apparmor.d/abstractions/zsh index 15711713c..01d69bc05 100644 --- a/apparmor.d/abstractions/zsh +++ b/apparmor.d/abstractions/zsh @@ -2,6 +2,7 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only +# vim:syntax=apparmor # This abstraction is only required when an interactive shell is started. # Classic shell scripts do not need it. From c1d531525aa92d1d2cb9ce7cb4cb8ec67c59a04c Mon Sep 17 00:00:00 2001 From: REmerald <55359236+REmerald@users.noreply.github.com> Date: Sat, 15 Jun 2024 16:52:31 +0300 Subject: [PATCH 68/70] fix(abstractions, tunables): move vim modeline Move vim syntax comment to the end of the file, separated by newline, as requested in #380. --- apparmor.d/abstractions/X-strict | 1 - apparmor.d/abstractions/X.d/complete | 1 - apparmor.d/abstractions/app-launcher-root | 1 - apparmor.d/abstractions/app-launcher-user | 1 - apparmor.d/abstractions/app-open | 1 - apparmor.d/abstractions/app/chromium | 1 - apparmor.d/abstractions/app/editor | 1 - apparmor.d/abstractions/app/firefox | 1 - apparmor.d/abstractions/app/open | 1 - apparmor.d/abstractions/app/pgrep | 1 - apparmor.d/abstractions/app/sudo | 1 - apparmor.d/abstractions/app/systemctl | 1 - apparmor.d/abstractions/audio-client | 1 - apparmor.d/abstractions/audio-server | 1 - apparmor.d/abstractions/audio.d/complete | 1 - apparmor.d/abstractions/authentication.d/complete | 1 - apparmor.d/abstractions/base.d/complete | 1 - apparmor.d/abstractions/bash-strict | 1 - apparmor.d/abstractions/bash.d/complete | 1 - apparmor.d/abstractions/bus-accessibility | 1 - apparmor.d/abstractions/bus-session | 1 - apparmor.d/abstractions/bus-system | 1 - apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry | 1 - apparmor.d/abstractions/bus/com.canonical.dbusmenu | 1 - apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 | 1 - apparmor.d/abstractions/bus/net.hadess.PowerProfiles | 1 - apparmor.d/abstractions/bus/net.hadess.SwitcherooControl | 1 - apparmor.d/abstractions/bus/net.reactivated.Fprint | 1 - apparmor.d/abstractions/bus/org.a11y | 1 - apparmor.d/abstractions/bus/org.bluez | 1 - apparmor.d/abstractions/bus/org.freedesktop.Accounts | 1 - apparmor.d/abstractions/bus/org.freedesktop.Avahi | 1 - apparmor.d/abstractions/bus/org.freedesktop.ColorManager | 1 - apparmor.d/abstractions/bus/org.freedesktop.FileManager1 | 1 - apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 | 1 - apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 | 1 - apparmor.d/abstractions/bus/org.freedesktop.NetworkManager | 1 - apparmor.d/abstractions/bus/org.freedesktop.Notifications | 1 - apparmor.d/abstractions/bus/org.freedesktop.PackageKit | 1 - apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 | 1 - apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 | 1 - apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver | 1 - apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files | 1 - apparmor.d/abstractions/bus/org.freedesktop.UDisks2 | 1 - apparmor.d/abstractions/bus/org.freedesktop.UPower | 1 - apparmor.d/abstractions/bus/org.freedesktop.background.Monitor | 1 - apparmor.d/abstractions/bus/org.freedesktop.hostname1 | 1 - .../abstractions/bus/org.freedesktop.impl.portal.PermissionStore | 1 - apparmor.d/abstractions/bus/org.freedesktop.locale1 | 1 - apparmor.d/abstractions/bus/org.freedesktop.login1 | 1 - apparmor.d/abstractions/bus/org.freedesktop.login1.Session | 1 - apparmor.d/abstractions/bus/org.freedesktop.network1 | 1 - apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop | 1 - apparmor.d/abstractions/bus/org.freedesktop.resolve1 | 1 - apparmor.d/abstractions/bus/org.freedesktop.secrets | 1 - apparmor.d/abstractions/bus/org.freedesktop.systemd1 | 1 - apparmor.d/abstractions/bus/org.freedesktop.systemd1-session | 1 - apparmor.d/abstractions/bus/org.freedesktop.timedate1 | 1 - apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 | 1 - apparmor.d/abstractions/bus/org.gnome.DisplayManager | 1 - apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig | 1 - apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor | 1 - apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 | 1 - apparmor.d/abstractions/bus/org.gnome.ScreenSaver | 1 - apparmor.d/abstractions/bus/org.gnome.SessionManager | 1 - apparmor.d/abstractions/bus/org.gnome.Shell.Introspect | 1 - apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor | 1 - apparmor.d/abstractions/bus/org.gtk.vfs.Daemon | 1 - apparmor.d/abstractions/bus/org.gtk.vfs.Metadata | 1 - apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker | 1 - apparmor.d/abstractions/bus/org.kde.StatusNotifierItem | 1 - apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher | 1 - apparmor.d/abstractions/bus/org.kde.kwalletd | 1 - apparmor.d/abstractions/common/app | 1 - apparmor.d/abstractions/common/apt | 1 - apparmor.d/abstractions/common/bwrap | 1 - apparmor.d/abstractions/common/chromium | 1 - apparmor.d/abstractions/common/electron | 1 - apparmor.d/abstractions/common/gnome | 1 - apparmor.d/abstractions/common/systemd | 1 - apparmor.d/abstractions/crypto.d/complete | 1 - apparmor.d/abstractions/dconf-write | 1 - apparmor.d/abstractions/deny-sensitive-home | 1 - apparmor.d/abstractions/desktop | 1 - apparmor.d/abstractions/devices-usb | 1 - apparmor.d/abstractions/disks-read | 1 - apparmor.d/abstractions/disks-write | 1 - apparmor.d/abstractions/dri | 1 - apparmor.d/abstractions/fish | 1 - apparmor.d/abstractions/fontconfig-cache-read | 1 - apparmor.d/abstractions/fontconfig-cache-write | 1 - apparmor.d/abstractions/freedesktop.org.d/complete | 1 - apparmor.d/abstractions/gnome-strict | 1 - apparmor.d/abstractions/gnome.d/complete | 1 - apparmor.d/abstractions/graphics | 1 - apparmor.d/abstractions/graphics-full | 1 - apparmor.d/abstractions/gstreamer | 1 - apparmor.d/abstractions/gtk.d/complete | 1 - apparmor.d/abstractions/ibus.d/complete | 1 - apparmor.d/abstractions/kde-open5.d/complete | 1 - apparmor.d/abstractions/kde-strict | 1 - apparmor.d/abstractions/mesa.d/complete | 1 - apparmor.d/abstractions/nameservice-strict | 1 - apparmor.d/abstractions/nvidia-strict | 1 - apparmor.d/abstractions/nvidia.d/complete | 1 - apparmor.d/abstractions/opencl-intel.d/complete | 1 - apparmor.d/abstractions/python.d/complete | 1 - apparmor.d/abstractions/qt5-shader-cache | 1 - apparmor.d/abstractions/qt5.d/complete | 1 - apparmor.d/abstractions/shells | 1 - apparmor.d/abstractions/thumbnails-cache-read | 1 - apparmor.d/abstractions/thumbnails-cache-write | 1 - apparmor.d/abstractions/trash-strict | 1 - apparmor.d/abstractions/trash.d/complete | 1 - apparmor.d/abstractions/uim | 1 - apparmor.d/abstractions/user-download-strict | 1 - apparmor.d/abstractions/user-read | 1 - apparmor.d/abstractions/user-read-strict | 1 - apparmor.d/abstractions/user-write-strict | 1 - apparmor.d/abstractions/user-write.d/complete | 1 - apparmor.d/abstractions/video.d/complete | 1 - apparmor.d/abstractions/vulkan-strict | 1 - apparmor.d/abstractions/vulkan.d/complete | 1 - apparmor.d/abstractions/wayland.d/complete | 1 - apparmor.d/abstractions/xfce | 1 - apparmor.d/abstractions/zsh | 1 - 126 files changed, 126 deletions(-) diff --git a/apparmor.d/abstractions/X-strict b/apparmor.d/abstractions/X-strict index 01d538509..0998bbb44 100644 --- a/apparmor.d/abstractions/X-strict +++ b/apparmor.d/abstractions/X-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # The unix socket to use to connect to the display unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"), diff --git a/apparmor.d/abstractions/X.d/complete b/apparmor.d/abstractions/X.d/complete index b3acf4c06..8a6636664 100644 --- a/apparmor.d/abstractions/X.d/complete +++ b/apparmor.d/abstractions/X.d/complete @@ -2,7 +2,6 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Available Xsessions /usr/share/xsessions/{,*.desktop} r, diff --git a/apparmor.d/abstractions/app-launcher-root b/apparmor.d/abstractions/app-launcher-root index adf37c2eb..c31d328fb 100644 --- a/apparmor.d/abstractions/app-launcher-root +++ b/apparmor.d/abstractions/app-launcher-root @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{bin}/* PUx, /usr/local/{s,}bin/* PUx, diff --git a/apparmor.d/abstractions/app-launcher-user b/apparmor.d/abstractions/app-launcher-user index 892e44f47..5e7c50824 100644 --- a/apparmor.d/abstractions/app-launcher-user +++ b/apparmor.d/abstractions/app-launcher-user @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{bin}/* PUx, /opt/*/** PUx, diff --git a/apparmor.d/abstractions/app-open b/apparmor.d/abstractions/app-open index 2db071a91..513924de6 100644 --- a/apparmor.d/abstractions/app-open +++ b/apparmor.d/abstractions/app-open @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Instead of allowing the run of all software in @{bin}/, @{lib} the purpose of # this abstraction is to list all GUI program that can open resources. diff --git a/apparmor.d/abstractions/app/chromium b/apparmor.d/abstractions/app/chromium index 3321d273b..41bbab892 100644 --- a/apparmor.d/abstractions/app/chromium +++ b/apparmor.d/abstractions/app/chromium @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Full set of rules for all chromium based browsers. It works as a *function* # and requires some variables to be provided as *arguments* and set in the diff --git a/apparmor.d/abstractions/app/editor b/apparmor.d/abstractions/app/editor index 3bfce1cdb..f0972f3e7 100644 --- a/apparmor.d/abstractions/app/editor +++ b/apparmor.d/abstractions/app/editor @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Zane Zakraisek # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include diff --git a/apparmor.d/abstractions/app/firefox b/apparmor.d/abstractions/app/firefox index 7984fd671..bf86f419c 100644 --- a/apparmor.d/abstractions/app/firefox +++ b/apparmor.d/abstractions/app/firefox @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Full set of rules for all firefox based browsers. It works as a *function* # and requires some variables to be provided as *arguments* and set in the diff --git a/apparmor.d/abstractions/app/open b/apparmor.d/abstractions/app/open index a936f70fe..f93a1c444 100644 --- a/apparmor.d/abstractions/app/open +++ b/apparmor.d/abstractions/app/open @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Full set of rules for child-open-* profiles. diff --git a/apparmor.d/abstractions/app/pgrep b/apparmor.d/abstractions/app/pgrep index 2b6d3a22d..4bab75387 100644 --- a/apparmor.d/abstractions/app/pgrep +++ b/apparmor.d/abstractions/app/pgrep @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Minimal set of rules for pgrep. diff --git a/apparmor.d/abstractions/app/sudo b/apparmor.d/abstractions/app/sudo index 5a1145e73..6fba1adfd 100644 --- a/apparmor.d/abstractions/app/sudo +++ b/apparmor.d/abstractions/app/sudo @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Minimal set of rules for sudo. Interactive sudo need more rules. diff --git a/apparmor.d/abstractions/app/systemctl b/apparmor.d/abstractions/app/systemctl index 4f33ae743..62b4aafdf 100644 --- a/apparmor.d/abstractions/app/systemctl +++ b/apparmor.d/abstractions/app/systemctl @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include include diff --git a/apparmor.d/abstractions/audio-client b/apparmor.d/abstractions/audio-client index 980b90172..ca4a8e16c 100644 --- a/apparmor.d/abstractions/audio-client +++ b/apparmor.d/abstractions/audio-client @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Most programs do not need access to audio devices, audio-client only includes # configuration files to be used by client applications. diff --git a/apparmor.d/abstractions/audio-server b/apparmor.d/abstractions/audio-server index 57eaa3c65..619ba1111 100644 --- a/apparmor.d/abstractions/audio-server +++ b/apparmor.d/abstractions/audio-server @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Provide access to audio devices. It should only be used by audio servers that # need direct access to them. diff --git a/apparmor.d/abstractions/audio.d/complete b/apparmor.d/abstractions/audio.d/complete index 51ad53006..01d94e067 100644 --- a/apparmor.d/abstractions/audio.d/complete +++ b/apparmor.d/abstractions/audio.d/complete @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # PulseAudio module-ladspa-sink (plugin sc4m_1916) @{lib}/ladspa/ r, diff --git a/apparmor.d/abstractions/authentication.d/complete b/apparmor.d/abstractions/authentication.d/complete index 15ea6c9e9..63819cc1b 100644 --- a/apparmor.d/abstractions/authentication.d/complete +++ b/apparmor.d/abstractions/authentication.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{bin}/pam-tmpdir-helper rPx, diff --git a/apparmor.d/abstractions/base.d/complete b/apparmor.d/abstractions/base.d/complete index 0a5cbff70..e9761b843 100644 --- a/apparmor.d/abstractions/base.d/complete +++ b/apparmor.d/abstractions/base.d/complete @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Allow to receive some signals from new well-known profiles signal (receive) peer=btop, diff --git a/apparmor.d/abstractions/bash-strict b/apparmor.d/abstractions/bash-strict index d885d7ddd..eb4f65230 100644 --- a/apparmor.d/abstractions/bash-strict +++ b/apparmor.d/abstractions/bash-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction is only required when an interactive shell is started. # Classic shell scripts do not need it. diff --git a/apparmor.d/abstractions/bash.d/complete b/apparmor.d/abstractions/bash.d/complete index 54d859963..6d16109de 100644 --- a/apparmor.d/abstractions/bash.d/complete +++ b/apparmor.d/abstractions/bash.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /usr/share/bash-completion/{,**} r, diff --git a/apparmor.d/abstractions/bus-accessibility b/apparmor.d/abstractions/bus-accessibility index 5bf684136..f032f842b 100644 --- a/apparmor.d/abstractions/bus-accessibility +++ b/apparmor.d/abstractions/bus-accessibility @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=accessibility path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/abstractions/bus-session b/apparmor.d/abstractions/bus-session index 522457cf2..d5ca957e8 100644 --- a/apparmor.d/abstractions/bus-session +++ b/apparmor.d/abstractions/bus-session @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor unix (bind, listen) type=stream addr="@/tmp/dbus-*", unix (connect, send, receive, accept) type=stream addr="@/tmp/dbus-*", diff --git a/apparmor.d/abstractions/bus-system b/apparmor.d/abstractions/bus-system index 84a44c966..0148d0711 100644 --- a/apparmor.d/abstractions/bus-system +++ b/apparmor.d/abstractions/bus-system @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry b/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry index 4225e07c0..3eceb53ab 100644 --- a/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry +++ b/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Access required for connecting to/communicating with the Unity Launcher diff --git a/apparmor.d/abstractions/bus/com.canonical.dbusmenu b/apparmor.d/abstractions/bus/com.canonical.dbusmenu index fb4964479..290a86de8 100644 --- a/apparmor.d/abstractions/bus/com.canonical.dbusmenu +++ b/apparmor.d/abstractions/bus/com.canonical.dbusmenu @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include if exists diff --git a/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 b/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 index 8de9de893..a8e3d52a5 100644 --- a/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 +++ b/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/fi/w1/wpa_supplicant1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/net.hadess.PowerProfiles b/apparmor.d/abstractions/bus/net.hadess.PowerProfiles index e5d90ebce..b4032e033 100644 --- a/apparmor.d/abstractions/bus/net.hadess.PowerProfiles +++ b/apparmor.d/abstractions/bus/net.hadess.PowerProfiles @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/net/hadess/PowerProfiles interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl b/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl index 2fb9bdf50..55e4f414d 100644 --- a/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl +++ b/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/net/hadess/SwitcherooControl interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/net.reactivated.Fprint b/apparmor.d/abstractions/bus/net.reactivated.Fprint index 27c7b07dd..7e7b21565 100644 --- a/apparmor.d/abstractions/bus/net.reactivated.Fprint +++ b/apparmor.d/abstractions/bus/net.reactivated.Fprint @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/net/reactivated/Fprint/Manager interface=net.reactivated.Fprint.Manager diff --git a/apparmor.d/abstractions/bus/org.a11y b/apparmor.d/abstractions/bus/org.a11y index ff9c9619a..5103361c9 100644 --- a/apparmor.d/abstractions/bus/org.a11y +++ b/apparmor.d/abstractions/bus/org.a11y @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Accessibility bus diff --git a/apparmor.d/abstractions/bus/org.bluez b/apparmor.d/abstractions/bus/org.bluez index 046f3470e..7c86817f5 100644 --- a/apparmor.d/abstractions/bus/org.bluez +++ b/apparmor.d/abstractions/bus/org.bluez @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus receive bus=system path=/ interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Accounts b/apparmor.d/abstractions/bus/org.freedesktop.Accounts index 842616bdc..10a9e8fc0 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Accounts +++ b/apparmor.d/abstractions/bus/org.freedesktop.Accounts @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/Accounts interface=org.freedesktop.Accounts diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Avahi b/apparmor.d/abstractions/bus/org.freedesktop.Avahi index ea79a33be..8b24700db 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Avahi +++ b/apparmor.d/abstractions/bus/org.freedesktop.Avahi @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/ interface=org.freedesktop.DBus.Peer diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ColorManager b/apparmor.d/abstractions/bus/org.freedesktop.ColorManager index 5d97a6b04..3950b77aa 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.ColorManager +++ b/apparmor.d/abstractions/bus/org.freedesktop.ColorManager @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/ColorManager interface=org.freedesktop.ColorManager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 b/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 index d43fdec81..b4e985b9e 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/FileManager1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 b/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 index 357601386..836e99d94 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 +++ b/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/GeoClue2/Manager interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 b/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 index ce6505c9d..217b588a4 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/ModemManager1 interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager b/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager index f42ddd43e..0fa92d3cc 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager +++ b/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Notifications b/apparmor.d/abstractions/bus/org.freedesktop.Notifications index a45c59c48..90ee1aefc 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Notifications +++ b/apparmor.d/abstractions/bus/org.freedesktop.Notifications @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/Notifications interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.PackageKit b/apparmor.d/abstractions/bus/org.freedesktop.PackageKit index be5d97328..7cdd9a3ce 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.PackageKit +++ b/apparmor.d/abstractions/bus/org.freedesktop.PackageKit @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/PackageKit interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 b/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 index 38d4147de..3201e48ce 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus receive bus=system path=/org/freedesktop/PolicyKit1/Authority interface=org.freedesktop.PolicyKit1.Authority diff --git a/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 b/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 index 83166574b..474c4c625 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/RealtimeKit1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver b/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver index 2f2303b07..842057a1d 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver +++ b/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/ScreenSaver interface=org.freedesktop.ScreenSaver diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files b/apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files index 535f4dfc3..567740a35 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files +++ b/apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/Tracker3/Endpoint interface=org.freedesktop.DBus.Peer diff --git a/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 b/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 index 6d8bd828e..79b882e51 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 +++ b/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/UDisks2 interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.UPower b/apparmor.d/abstractions/bus/org.freedesktop.UPower index 3e327db47..d8341d33c 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.UPower +++ b/apparmor.d/abstractions/bus/org.freedesktop.UPower @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/UPower interface=org.freedesktop.UPower diff --git a/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor b/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor index 8a51c3d54..5f951381b 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor +++ b/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/background/monitor interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.hostname1 b/apparmor.d/abstractions/bus/org.freedesktop.hostname1 index 5dc2a135f..54196d16b 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.hostname1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.hostname1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/hostname1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore b/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore index 9cf91d9ec..6b965a2f5 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore +++ b/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/impl/portal/PermissionStore interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.locale1 b/apparmor.d/abstractions/bus/org.freedesktop.locale1 index 121124e8c..a2865c7c9 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.locale1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.locale1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/locale1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.login1 b/apparmor.d/abstractions/bus/org.freedesktop.login1 index 25114d3d6..fdceceea4 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.login1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.login1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.login1.Session b/apparmor.d/abstractions/bus/org.freedesktop.login1.Session index d0fe0f87d..24d5c1452 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.login1.Session +++ b/apparmor.d/abstractions/bus/org.freedesktop.login1.Session @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.network1 b/apparmor.d/abstractions/bus/org.freedesktop.network1 index 4378d4a22..268a21dea 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.network1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.network1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/network1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop b/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop index 314e140d5..a2a1a94a0 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop +++ b/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/portal/desktop interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.resolve1 b/apparmor.d/abstractions/bus/org.freedesktop.resolve1 index c84377bdf..3057282c9 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.resolve1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.resolve1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/resolve1 interface=org.freedesktop.resolve1.Manager diff --git a/apparmor.d/abstractions/bus/org.freedesktop.secrets b/apparmor.d/abstractions/bus/org.freedesktop.secrets index de20b8e79..01ecf0786 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.secrets +++ b/apparmor.d/abstractions/bus/org.freedesktop.secrets @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/secrets{,/**} interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.systemd1 b/apparmor.d/abstractions/bus/org.freedesktop.systemd1 index d72645d72..49e4b014d 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.systemd1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.systemd1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/systemd1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session b/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session index 763a1c832..c0e852662 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session +++ b/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/systemd1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.freedesktop.timedate1 b/apparmor.d/abstractions/bus/org.freedesktop.timedate1 index 297343fa5..883c5c165 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.timedate1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.timedate1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/timedate1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 b/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 index d960c1494..9953ee8bf 100644 --- a/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 +++ b/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gnome/ArchiveManager1 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.gnome.DisplayManager b/apparmor.d/abstractions/bus/org.gnome.DisplayManager index a41a6b21e..05945a253 100644 --- a/apparmor.d/abstractions/bus/org.gnome.DisplayManager +++ b/apparmor.d/abstractions/bus/org.gnome.DisplayManager @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/gnome/DisplayManager/Manager interface=org.gnome.DisplayManager.Manager diff --git a/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig b/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig index f4a93f889..d701792a6 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig +++ b/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gnome/Mutter/DisplayConfig interface=org.gnome.Mutter.DisplayConfig diff --git a/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor b/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor index 3fba15ea2..7ada64f05 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor +++ b/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gnome/Mutter/IdleMonitor interface=org.freedesktop.DBus.ObjectManager diff --git a/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 b/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 index baeff9230..e547ab2c5 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 +++ b/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gnome/Nautilus/FileOperations2 interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.gnome.ScreenSaver b/apparmor.d/abstractions/bus/org.gnome.ScreenSaver index d85fae4ba..3e228ad1f 100644 --- a/apparmor.d/abstractions/bus/org.gnome.ScreenSaver +++ b/apparmor.d/abstractions/bus/org.gnome.ScreenSaver @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gnome/ScreenSaver interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.gnome.SessionManager b/apparmor.d/abstractions/bus/org.gnome.SessionManager index b19e171d4..4197fb4cf 100644 --- a/apparmor.d/abstractions/bus/org.gnome.SessionManager +++ b/apparmor.d/abstractions/bus/org.gnome.SessionManager @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # FIXME: Too large, restrict it. diff --git a/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect b/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect index 618cc9ea5..72e4525bc 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect +++ b/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gnome/Shell/Introspect interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor b/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor index 9ff04f175..73d958513 100644 --- a/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor +++ b/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gtk/Private/RemoteVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor diff --git a/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon b/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon index 73a409d3d..35cd640d6 100644 --- a/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon +++ b/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gtk/vfs/Daemon interface=org.gtk.vfs.Daemon diff --git a/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata b/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata index 0f646e7f0..33d3c1c36 100644 --- a/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata +++ b/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gtk/vfs/metadata interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker b/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker index 626498c39..4d59f0afc 100644 --- a/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker +++ b/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gtk/vfs/mounttracker interface=org.gtk.vfs.MountTracker diff --git a/apparmor.d/abstractions/bus/org.kde.StatusNotifierItem b/apparmor.d/abstractions/bus/org.kde.StatusNotifierItem index fb7a0efff..4fca40e84 100644 --- a/apparmor.d/abstractions/bus/org.kde.StatusNotifierItem +++ b/apparmor.d/abstractions/bus/org.kde.StatusNotifierItem @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include if exists diff --git a/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher b/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher index 7df6188d2..67ac1fb6d 100644 --- a/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher +++ b/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/StatusNotifierWatcher interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/abstractions/bus/org.kde.kwalletd b/apparmor.d/abstractions/bus/org.kde.kwalletd index d992a1dcb..c0d2ecba2 100644 --- a/apparmor.d/abstractions/bus/org.kde.kwalletd +++ b/apparmor.d/abstractions/bus/org.kde.kwalletd @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include if exists diff --git a/apparmor.d/abstractions/common/app b/apparmor.d/abstractions/common/app index 25a06aee7..e44d8509c 100644 --- a/apparmor.d/abstractions/common/app +++ b/apparmor.d/abstractions/common/app @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # LOGPROF-SUGGEST: no # Common rules for applications sandboxed using bwrap. diff --git a/apparmor.d/abstractions/common/apt b/apparmor.d/abstractions/common/apt index f50bdcf56..77c5a0b7e 100644 --- a/apparmor.d/abstractions/common/apt +++ b/apparmor.d/abstractions/common/apt @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /usr/share/dpkg/cputable r, /usr/share/dpkg/tupletable r, diff --git a/apparmor.d/abstractions/common/bwrap b/apparmor.d/abstractions/common/bwrap index 624e80719..a73626bb1 100644 --- a/apparmor.d/abstractions/common/bwrap +++ b/apparmor.d/abstractions/common/bwrap @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # A minimal set of rules for sandboxed programs using bwrap. # A profile using this abstraction still needs to set: diff --git a/apparmor.d/abstractions/common/chromium b/apparmor.d/abstractions/common/chromium index 386eb3af3..2e98c515a 100644 --- a/apparmor.d/abstractions/common/chromium +++ b/apparmor.d/abstractions/common/chromium @@ -2,7 +2,6 @@ # Copyright (C) 2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction is for chromium based application. Chromium based browsers # need to use abstractions/chromium instead. diff --git a/apparmor.d/abstractions/common/electron b/apparmor.d/abstractions/common/electron index 3ae7268cc..732129c26 100644 --- a/apparmor.d/abstractions/common/electron +++ b/apparmor.d/abstractions/common/electron @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Minimal set of rules for all electron based UI application. It works as a # *function* and requires some variables to be provided as *arguments* and set diff --git a/apparmor.d/abstractions/common/gnome b/apparmor.d/abstractions/common/gnome index 239a79d81..c93f9bc05 100644 --- a/apparmor.d/abstractions/common/gnome +++ b/apparmor.d/abstractions/common/gnome @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Minimal set of rules for all gnome based UI application. diff --git a/apparmor.d/abstractions/common/systemd b/apparmor.d/abstractions/common/systemd index ccc35d6e1..0ed3a824b 100644 --- a/apparmor.d/abstractions/common/systemd +++ b/apparmor.d/abstractions/common/systemd @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor ptrace (read) peer=@{p_systemd}, diff --git a/apparmor.d/abstractions/crypto.d/complete b/apparmor.d/abstractions/crypto.d/complete index 1c97e2512..a163af66d 100644 --- a/apparmor.d/abstractions/crypto.d/complete +++ b/apparmor.d/abstractions/crypto.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include diff --git a/apparmor.d/abstractions/dconf-write b/apparmor.d/abstractions/dconf-write index e0397cce2..f25e1c3e6 100644 --- a/apparmor.d/abstractions/dconf-write +++ b/apparmor.d/abstractions/dconf-write @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Permissions for querying dconf settings with write access; use the dconf # abstraction first, and dconf-write only for specific application's profile. diff --git a/apparmor.d/abstractions/deny-sensitive-home b/apparmor.d/abstractions/deny-sensitive-home index f21859241..d8e1fdfb8 100644 --- a/apparmor.d/abstractions/deny-sensitive-home +++ b/apparmor.d/abstractions/deny-sensitive-home @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # DO NOT USE IT WITHOUT EXPLICIT AUTHORISATION FROM THE PROJECT MAINTAINER diff --git a/apparmor.d/abstractions/desktop b/apparmor.d/abstractions/desktop index 736f6b16e..befea8bcb 100644 --- a/apparmor.d/abstractions/desktop +++ b/apparmor.d/abstractions/desktop @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Unified minimal abstraction for all UI application regardless of the desktop environment. diff --git a/apparmor.d/abstractions/devices-usb b/apparmor.d/abstractions/devices-usb index 7d9fc3737..5a2a8b742 100644 --- a/apparmor.d/abstractions/devices-usb +++ b/apparmor.d/abstractions/devices-usb @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /dev/ r, /dev/bus/usb/ r, diff --git a/apparmor.d/abstractions/disks-read b/apparmor.d/abstractions/disks-read index b80175fe5..10beb258d 100644 --- a/apparmor.d/abstractions/disks-read +++ b/apparmor.d/abstractions/disks-read @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # The /sys/ entries probably should be tightened diff --git a/apparmor.d/abstractions/disks-write b/apparmor.d/abstractions/disks-write index 80299f1f4..361b60d82 100644 --- a/apparmor.d/abstractions/disks-write +++ b/apparmor.d/abstractions/disks-write @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # The /sys/ entries probably should be tightened diff --git a/apparmor.d/abstractions/dri b/apparmor.d/abstractions/dri index 8b2d9a64c..a1eb1cd41 100644 --- a/apparmor.d/abstractions/dri +++ b/apparmor.d/abstractions/dri @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # The Direct Rendering Infrastructure (DRI) is the framework comprising the modern # Linux graphics stack which allows unprivileged user-space programs to issue diff --git a/apparmor.d/abstractions/fish b/apparmor.d/abstractions/fish index 450e12050..fe3cab891 100644 --- a/apparmor.d/abstractions/fish +++ b/apparmor.d/abstractions/fish @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction is only required when an interactive shell is started. # Classic shell scripts do not need it. diff --git a/apparmor.d/abstractions/fontconfig-cache-read b/apparmor.d/abstractions/fontconfig-cache-read index 2c6e04aca..216075648 100644 --- a/apparmor.d/abstractions/fontconfig-cache-read +++ b/apparmor.d/abstractions/fontconfig-cache-read @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # The fontconfig cache can be generated via the following command: # $ fc-cache -f -v diff --git a/apparmor.d/abstractions/fontconfig-cache-write b/apparmor.d/abstractions/fontconfig-cache-write index d642a93a2..19fa7c53a 100644 --- a/apparmor.d/abstractions/fontconfig-cache-write +++ b/apparmor.d/abstractions/fontconfig-cache-write @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{user_cache_dirs}/fontconfig/ rw, owner @{user_cache_dirs}/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw, diff --git a/apparmor.d/abstractions/freedesktop.org.d/complete b/apparmor.d/abstractions/freedesktop.org.d/complete index 71dc290c6..3e669f4dc 100644 --- a/apparmor.d/abstractions/freedesktop.org.d/complete +++ b/apparmor.d/abstractions/freedesktop.org.d/complete @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{system_share_dirs}/*ubuntu/applications/{,**} r, @{system_share_dirs}/gnome/applications/{,**} r, diff --git a/apparmor.d/abstractions/gnome-strict b/apparmor.d/abstractions/gnome-strict index ea191ab35..891e5a573 100644 --- a/apparmor.d/abstractions/gnome-strict +++ b/apparmor.d/abstractions/gnome-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include include diff --git a/apparmor.d/abstractions/gnome.d/complete b/apparmor.d/abstractions/gnome.d/complete index ba38eaa12..90f705ac7 100644 --- a/apparmor.d/abstractions/gnome.d/complete +++ b/apparmor.d/abstractions/gnome.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include diff --git a/apparmor.d/abstractions/graphics b/apparmor.d/abstractions/graphics index ca2f72622..9b7954f0d 100644 --- a/apparmor.d/abstractions/graphics +++ b/apparmor.d/abstractions/graphics @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include include diff --git a/apparmor.d/abstractions/graphics-full b/apparmor.d/abstractions/graphics-full index 1e14bd63f..fe2d2001c 100644 --- a/apparmor.d/abstractions/graphics-full +++ b/apparmor.d/abstractions/graphics-full @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include diff --git a/apparmor.d/abstractions/gstreamer b/apparmor.d/abstractions/gstreamer index 403ee6419..60bac614e 100644 --- a/apparmor.d/abstractions/gstreamer +++ b/apparmor.d/abstractions/gstreamer @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{lib}/@{multiarch}/libproxy/*/modules/*.so mr, @{lib}/@{multiarch}/libvisual-[0-9].[0-9]/*/*.so mr, diff --git a/apparmor.d/abstractions/gtk.d/complete b/apparmor.d/abstractions/gtk.d/complete index db3abf7d6..ac702a70f 100644 --- a/apparmor.d/abstractions/gtk.d/complete +++ b/apparmor.d/abstractions/gtk.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session interface=org.gtk.Actions diff --git a/apparmor.d/abstractions/ibus.d/complete b/apparmor.d/abstractions/ibus.d/complete index 52740ddf0..33d034b5a 100644 --- a/apparmor.d/abstractions/ibus.d/complete +++ b/apparmor.d/abstractions/ibus.d/complete @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # abstract path in ibus < 1.5.22 uses /tmp unix (connect, receive, send) diff --git a/apparmor.d/abstractions/kde-open5.d/complete b/apparmor.d/abstractions/kde-open5.d/complete index 9b8df3d82..37038b129 100644 --- a/apparmor.d/abstractions/kde-open5.d/complete +++ b/apparmor.d/abstractions/kde-open5.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{bin}/kde-open rix, diff --git a/apparmor.d/abstractions/kde-strict b/apparmor.d/abstractions/kde-strict index 49697ec70..c164bd434 100644 --- a/apparmor.d/abstractions/kde-strict +++ b/apparmor.d/abstractions/kde-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include include diff --git a/apparmor.d/abstractions/mesa.d/complete b/apparmor.d/abstractions/mesa.d/complete index 63b8fda26..ed3306e42 100644 --- a/apparmor.d/abstractions/mesa.d/complete +++ b/apparmor.d/abstractions/mesa.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Extra Mesa rules for desktop environments owner @{desktop_cache_dirs}/ w, diff --git a/apparmor.d/abstractions/nameservice-strict b/apparmor.d/abstractions/nameservice-strict index 50786f6b4..b1d474717 100644 --- a/apparmor.d/abstractions/nameservice-strict +++ b/apparmor.d/abstractions/nameservice-strict @@ -2,7 +2,6 @@ # Copyright (C) 2019-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Many programs wish to perform nameservice-like operations, such as looking up # users by name or id, groups by name or id, hosts by name or IP, etc. diff --git a/apparmor.d/abstractions/nvidia-strict b/apparmor.d/abstractions/nvidia-strict index 0a66b8e92..6521c9840 100644 --- a/apparmor.d/abstractions/nvidia-strict +++ b/apparmor.d/abstractions/nvidia-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{bin}/nvidia-modprobe Px -> child-modprobe-nvidia, diff --git a/apparmor.d/abstractions/nvidia.d/complete b/apparmor.d/abstractions/nvidia.d/complete index e4fff6739..ef9d0c40d 100644 --- a/apparmor.d/abstractions/nvidia.d/complete +++ b/apparmor.d/abstractions/nvidia.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor unix (send, receive) type=dgram peer=(addr="@var/run/nvidia-xdriver-*"), diff --git a/apparmor.d/abstractions/opencl-intel.d/complete b/apparmor.d/abstractions/opencl-intel.d/complete index ecc116a2e..1845cd61d 100644 --- a/apparmor.d/abstractions/opencl-intel.d/complete +++ b/apparmor.d/abstractions/opencl-intel.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /opt/intel/oneapi/{compiler,lib,mkl}/**/ r, /opt/intel/oneapi/{compiler,lib,mkl}/**.so* mr, diff --git a/apparmor.d/abstractions/python.d/complete b/apparmor.d/abstractions/python.d/complete index b334b2e4c..e6eea6744 100644 --- a/apparmor.d/abstractions/python.d/complete +++ b/apparmor.d/abstractions/python.d/complete @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{bin}/ r, @{bin}/python{2.[4-7],3,3.[0-9],3.1[0-9]} r, diff --git a/apparmor.d/abstractions/qt5-shader-cache b/apparmor.d/abstractions/qt5-shader-cache index 660e4a39d..4ac0f7f1d 100644 --- a/apparmor.d/abstractions/qt5-shader-cache +++ b/apparmor.d/abstractions/qt5-shader-cache @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{user_cache_dirs}/ w, owner @{user_cache_dirs}/qtshadercache/ rw, diff --git a/apparmor.d/abstractions/qt5.d/complete b/apparmor.d/abstractions/qt5.d/complete index 71305d3cf..6063b47e2 100644 --- a/apparmor.d/abstractions/qt5.d/complete +++ b/apparmor.d/abstractions/qt5.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /usr/share/qt{,5,6}/qtlogging.ini r, /usr/share/qt{,5,6}/resources/*.pak r, diff --git a/apparmor.d/abstractions/shells b/apparmor.d/abstractions/shells index 84dbb7c72..b269f2335 100644 --- a/apparmor.d/abstractions/shells +++ b/apparmor.d/abstractions/shells @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction is only required when an interactive shell is started. # Classic shell scripts do not need it. diff --git a/apparmor.d/abstractions/thumbnails-cache-read b/apparmor.d/abstractions/thumbnails-cache-read index 5bf6153c3..dc164c6ba 100644 --- a/apparmor.d/abstractions/thumbnails-cache-read +++ b/apparmor.d/abstractions/thumbnails-cache-read @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{user_cache_dirs}/thumbnails/ r, owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/ r, diff --git a/apparmor.d/abstractions/thumbnails-cache-write b/apparmor.d/abstractions/thumbnails-cache-write index a9bf4cf14..01de0407e 100644 --- a/apparmor.d/abstractions/thumbnails-cache-write +++ b/apparmor.d/abstractions/thumbnails-cache-write @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{user_cache_dirs}/thumbnails/ rw, owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/ rw, diff --git a/apparmor.d/abstractions/trash-strict b/apparmor.d/abstractions/trash-strict index fb4f9b306..1f4202818 100644 --- a/apparmor.d/abstractions/trash-strict +++ b/apparmor.d/abstractions/trash-strict @@ -2,7 +2,6 @@ # Copyright (C) 2018-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Already upstreamed. Different because recent change does not play well # with upstream's version. diff --git a/apparmor.d/abstractions/trash.d/complete b/apparmor.d/abstractions/trash.d/complete index 10149ee1b..a80a1e5a6 100644 --- a/apparmor.d/abstractions/trash.d/complete +++ b/apparmor.d/abstractions/trash.d/complete @@ -2,7 +2,6 @@ # Copyright (C) 2018-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{user_config_dirs}/trashrc rw, owner @{user_config_dirs}/trashrc.lock rwk, diff --git a/apparmor.d/abstractions/uim b/apparmor.d/abstractions/uim index 81abacb6b..03ae9e3e8 100644 --- a/apparmor.d/abstractions/uim +++ b/apparmor.d/abstractions/uim @@ -2,7 +2,6 @@ # Copyright (C) 2024 Alexandre Pujol # Copyright (C) 2024 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /usr/share/uim/* r, diff --git a/apparmor.d/abstractions/user-download-strict b/apparmor.d/abstractions/user-download-strict index 01465ddf7..3feed5cd8 100644 --- a/apparmor.d/abstractions/user-download-strict +++ b/apparmor.d/abstractions/user-download-strict @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{HOME}/@{XDG_DESKTOP_DIR}/ w, owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ w, diff --git a/apparmor.d/abstractions/user-read b/apparmor.d/abstractions/user-read index c49e1fea2..4187ab9e2 100644 --- a/apparmor.d/abstractions/user-read +++ b/apparmor.d/abstractions/user-read @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Warning: This abstraction gives unrestricted read access on all non hidden user directories. diff --git a/apparmor.d/abstractions/user-read-strict b/apparmor.d/abstractions/user-read-strict index 88b998401..5211b0345 100644 --- a/apparmor.d/abstractions/user-read-strict +++ b/apparmor.d/abstractions/user-read-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction gives read access on all defined user directories. It should # only be used if access to **ALL** folders is required. diff --git a/apparmor.d/abstractions/user-write-strict b/apparmor.d/abstractions/user-write-strict index a478581d5..223fc660a 100644 --- a/apparmor.d/abstractions/user-write-strict +++ b/apparmor.d/abstractions/user-write-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction gives write only access on all defined user directories. It should # only be used if access to **ALL** folders is required. diff --git a/apparmor.d/abstractions/user-write.d/complete b/apparmor.d/abstractions/user-write.d/complete index 7d8023309..a529324f5 100644 --- a/apparmor.d/abstractions/user-write.d/complete +++ b/apparmor.d/abstractions/user-write.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Warning: This abstraction gives unrestricted write access on all non hidden user directories. diff --git a/apparmor.d/abstractions/video.d/complete b/apparmor.d/abstractions/video.d/complete index 4222fec54..97b7f1a2a 100644 --- a/apparmor.d/abstractions/video.d/complete +++ b/apparmor.d/abstractions/video.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{run}/udev/data/c81:@{int} r, # For video4linux diff --git a/apparmor.d/abstractions/vulkan-strict b/apparmor.d/abstractions/vulkan-strict index 533fe4ecf..fd86f1e81 100644 --- a/apparmor.d/abstractions/vulkan-strict +++ b/apparmor.d/abstractions/vulkan-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /usr/share/egl/egl_external_platform.d/{,*.json} r, /usr/share/glvnd/egl_vendor.d/{,*.json} r, diff --git a/apparmor.d/abstractions/vulkan.d/complete b/apparmor.d/abstractions/vulkan.d/complete index 64c12b2bf..8e5b68c08 100644 --- a/apparmor.d/abstractions/vulkan.d/complete +++ b/apparmor.d/abstractions/vulkan.d/complete @@ -1,6 +1,5 @@ # apparmor.d - Full set of apparmor profiles # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /etc/glvnd/egl_vendor.d/{,*.json} r, /usr/share/glvnd/egl_vendor.d/{,*.json} r, diff --git a/apparmor.d/abstractions/wayland.d/complete b/apparmor.d/abstractions/wayland.d/complete index 42066e814..245b9238d 100644 --- a/apparmor.d/abstractions/wayland.d/complete +++ b/apparmor.d/abstractions/wayland.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{user_config_dirs}/ibus/bus/@{hex32}-unix-wayland-@{int} r, diff --git a/apparmor.d/abstractions/xfce b/apparmor.d/abstractions/xfce index 26d93714b..067de9148 100644 --- a/apparmor.d/abstractions/xfce +++ b/apparmor.d/abstractions/xfce @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include include diff --git a/apparmor.d/abstractions/zsh b/apparmor.d/abstractions/zsh index 01d69bc05..15711713c 100644 --- a/apparmor.d/abstractions/zsh +++ b/apparmor.d/abstractions/zsh @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction is only required when an interactive shell is started. # Classic shell scripts do not need it. From da3717991e2726e000574382fa8872aa109d8743 Mon Sep 17 00:00:00 2001 From: REmerald <55359236+REmerald@users.noreply.github.com> Date: Sat, 15 Jun 2024 17:36:23 +0300 Subject: [PATCH 69/70] feat(profiles-s-z): vim syntax support Add vim modeline instructing the editor to use the syntax plugin provided by apparmor. Continuation of #379, #380, #381, #390 to keep the diff list relatively short. --- apparmor.d/profiles-s-z/YACReader | 4 +++- apparmor.d/profiles-s-z/YACReaderLibrary | 4 +++- apparmor.d/profiles-s-z/s3fs | 4 +++- apparmor.d/profiles-s-z/sanoid | 2 ++ apparmor.d/profiles-s-z/sbctl | 4 +++- apparmor.d/profiles-s-z/scrcpy | 2 ++ apparmor.d/profiles-s-z/scrot | 2 ++ apparmor.d/profiles-s-z/sdcv | 4 +++- apparmor.d/profiles-s-z/secure-time-sync | 2 ++ apparmor.d/profiles-s-z/sensors | 2 ++ apparmor.d/profiles-s-z/sensors-detect | 2 ++ apparmor.d/profiles-s-z/setpci | 2 ++ apparmor.d/profiles-s-z/setvtrgb | 4 +++- apparmor.d/profiles-s-z/sfdisk | 2 ++ apparmor.d/profiles-s-z/sgdisk | 2 ++ apparmor.d/profiles-s-z/sing-box | 2 ++ apparmor.d/profiles-s-z/slirp4netns | 4 +++- apparmor.d/profiles-s-z/smartctl | 2 ++ apparmor.d/profiles-s-z/smartd | 2 ++ apparmor.d/profiles-s-z/smbspool | 4 +++- apparmor.d/profiles-s-z/smplayer | 2 ++ apparmor.d/profiles-s-z/smtube | 2 ++ apparmor.d/profiles-s-z/snap | 2 ++ apparmor.d/profiles-s-z/snap-bootstrap | 4 +++- apparmor.d/profiles-s-z/snap-device-helper | 4 +++- apparmor.d/profiles-s-z/snap-discard-ns | 4 +++- apparmor.d/profiles-s-z/snap-failure | 4 +++- apparmor.d/profiles-s-z/snap-repair | 4 +++- apparmor.d/profiles-s-z/snap-seccomp | 4 +++- apparmor.d/profiles-s-z/snap-update-ns | 4 +++- apparmor.d/profiles-s-z/snapd | 4 +++- apparmor.d/profiles-s-z/snapd-aa-prompt-listener | 4 +++- apparmor.d/profiles-s-z/snapd-aa-prompt-ui | 4 +++- apparmor.d/profiles-s-z/snapd-apparmor | 4 +++- apparmor.d/profiles-s-z/snapd-core-fixup | 4 +++- apparmor.d/profiles-s-z/spacefm-auth | 2 ++ apparmor.d/profiles-s-z/spectre-meltdown-checker | 2 ++ apparmor.d/profiles-s-z/speedtest | 2 ++ apparmor.d/profiles-s-z/spice-client-glib-usb-acl-helper | 4 +++- apparmor.d/profiles-s-z/spice-vdagent | 2 ++ apparmor.d/profiles-s-z/spice-vdagentd | 2 ++ apparmor.d/profiles-s-z/spotify | 2 ++ apparmor.d/profiles-s-z/ss | 2 ++ apparmor.d/profiles-s-z/sslocal | 2 ++ apparmor.d/profiles-s-z/ssmanager | 2 ++ apparmor.d/profiles-s-z/ssserver | 2 ++ apparmor.d/profiles-s-z/ssservice | 2 ++ apparmor.d/profiles-s-z/ssurl | 2 ++ apparmor.d/profiles-s-z/start-pulseaudio-x11 | 4 +++- apparmor.d/profiles-s-z/startx | 2 ++ apparmor.d/profiles-s-z/steam | 2 ++ apparmor.d/profiles-s-z/steam-fossilize | 2 ++ apparmor.d/profiles-s-z/steam-game-native | 4 +++- apparmor.d/profiles-s-z/steam-game-proton | 4 +++- apparmor.d/profiles-s-z/steam-gameoverlayui | 2 ++ apparmor.d/profiles-s-z/steam-launch | 4 +++- apparmor.d/profiles-s-z/steam-launcher | 4 +++- apparmor.d/profiles-s-z/steam-runtime | 4 +++- apparmor.d/profiles-s-z/steamerrorreporter | 4 +++- apparmor.d/profiles-s-z/strawberry | 2 ++ apparmor.d/profiles-s-z/strawberry-tagreader | 2 ++ apparmor.d/profiles-s-z/su | 2 ++ apparmor.d/profiles-s-z/sudo | 2 ++ apparmor.d/profiles-s-z/sulogin | 4 +++- apparmor.d/profiles-s-z/swaplabel | 2 ++ apparmor.d/profiles-s-z/swapon | 2 ++ apparmor.d/profiles-s-z/switcheroo-control | 2 ++ apparmor.d/profiles-s-z/switcherooctl | 4 +++- apparmor.d/profiles-s-z/swtpm | 4 +++- apparmor.d/profiles-s-z/swtpm_ioctl | 4 +++- apparmor.d/profiles-s-z/swtpm_localca | 4 +++- apparmor.d/profiles-s-z/swtpm_setup | 4 +++- apparmor.d/profiles-s-z/sync | 4 +++- apparmor.d/profiles-s-z/syncoid | 2 ++ apparmor.d/profiles-s-z/syncthing | 2 ++ apparmor.d/profiles-s-z/sysctl | 4 +++- apparmor.d/profiles-s-z/system-config-printer | 2 ++ apparmor.d/profiles-s-z/system-config-printer-applet | 2 ++ apparmor.d/profiles-s-z/task | 2 ++ apparmor.d/profiles-s-z/tasksel | 2 ++ apparmor.d/profiles-s-z/taskwarrior-tui | 2 ++ apparmor.d/profiles-s-z/terminator | 4 +++- apparmor.d/profiles-s-z/tftp | 2 ++ apparmor.d/profiles-s-z/thermald | 2 ++ apparmor.d/profiles-s-z/thinkfan | 2 ++ apparmor.d/profiles-s-z/thunderbird | 2 ++ apparmor.d/profiles-s-z/thunderbird-glxtest | 4 +++- apparmor.d/profiles-s-z/thunderbird-vaapitest | 2 ++ apparmor.d/profiles-s-z/tint2 | 2 ++ apparmor.d/profiles-s-z/tint2conf | 2 ++ apparmor.d/profiles-s-z/top | 2 ++ apparmor.d/profiles-s-z/torify | 2 ++ apparmor.d/profiles-s-z/torsocks | 2 ++ apparmor.d/profiles-s-z/tpacpi-bat | 2 ++ apparmor.d/profiles-s-z/transmission-gtk | 2 ++ apparmor.d/profiles-s-z/transmission-qt | 2 ++ apparmor.d/profiles-s-z/tune2fs | 2 ++ apparmor.d/profiles-s-z/udev-dmi-memory-id | 4 +++- apparmor.d/profiles-s-z/udiskie | 2 ++ apparmor.d/profiles-s-z/udiskie-info | 2 ++ apparmor.d/profiles-s-z/udiskie-mount | 2 ++ apparmor.d/profiles-s-z/udiskie-umount | 2 ++ apparmor.d/profiles-s-z/udisksctl | 2 ++ apparmor.d/profiles-s-z/udisksd | 2 ++ apparmor.d/profiles-s-z/umount | 2 ++ apparmor.d/profiles-s-z/umount.udisks2 | 2 ++ apparmor.d/profiles-s-z/uname | 2 ++ apparmor.d/profiles-s-z/unhide-linux | 2 ++ apparmor.d/profiles-s-z/unhide-posix | 2 ++ apparmor.d/profiles-s-z/unhide-rb | 2 ++ apparmor.d/profiles-s-z/unhide-tcp | 2 ++ apparmor.d/profiles-s-z/unix-chkpwd | 2 ++ apparmor.d/profiles-s-z/unmkinitramfs | 2 ++ apparmor.d/profiles-s-z/update-alternatives | 2 ++ apparmor.d/profiles-s-z/update-ca-certificates | 2 ++ apparmor.d/profiles-s-z/update-ca-trust | 4 +++- apparmor.d/profiles-s-z/update-command-not-found | 2 ++ apparmor.d/profiles-s-z/update-cracklib | 4 +++- apparmor.d/profiles-s-z/update-dlocatedb | 2 ++ apparmor.d/profiles-s-z/update-initramfs | 2 ++ apparmor.d/profiles-s-z/update-pciids | 2 ++ apparmor.d/profiles-s-z/update-secureboot-policy | 2 ++ apparmor.d/profiles-s-z/update-smart-drivedb | 2 ++ apparmor.d/profiles-s-z/updatedb-mlocate | 2 ++ apparmor.d/profiles-s-z/updatedb.plocate | 2 ++ apparmor.d/profiles-s-z/uptime | 2 ++ apparmor.d/profiles-s-z/uptimed | 4 +++- apparmor.d/profiles-s-z/usb-devices | 2 ++ apparmor.d/profiles-s-z/usbguard | 2 ++ apparmor.d/profiles-s-z/usbguard-applet-qt | 2 ++ apparmor.d/profiles-s-z/usbguard-daemon | 2 ++ apparmor.d/profiles-s-z/usbguard-dbus | 2 ++ apparmor.d/profiles-s-z/usbguard-notifier | 2 ++ apparmor.d/profiles-s-z/useradd | 2 ++ apparmor.d/profiles-s-z/userdel | 2 ++ apparmor.d/profiles-s-z/usermod | 2 ++ apparmor.d/profiles-s-z/users | 2 ++ apparmor.d/profiles-s-z/utmpdump | 2 ++ apparmor.d/profiles-s-z/utox | 2 ++ apparmor.d/profiles-s-z/uuidd | 4 +++- apparmor.d/profiles-s-z/uuidgen | 4 +++- apparmor.d/profiles-s-z/uupdate | 2 ++ apparmor.d/profiles-s-z/vcsi | 2 ++ apparmor.d/profiles-s-z/vidcutter | 2 ++ apparmor.d/profiles-s-z/vipw-vigr | 2 ++ apparmor.d/profiles-s-z/virt-manager | 2 ++ apparmor.d/profiles-s-z/vlc | 2 ++ apparmor.d/profiles-s-z/vlc-cache-gen | 4 +++- apparmor.d/profiles-s-z/vnstat | 2 ++ apparmor.d/profiles-s-z/vnstatd | 2 ++ apparmor.d/profiles-s-z/volumeicon | 2 ++ apparmor.d/profiles-s-z/vsftpd | 2 ++ apparmor.d/profiles-s-z/w | 2 ++ apparmor.d/profiles-s-z/w3m | 2 ++ apparmor.d/profiles-s-z/wavemon | 2 ++ apparmor.d/profiles-s-z/whatis | 2 ++ apparmor.d/profiles-s-z/whdd | 2 ++ apparmor.d/profiles-s-z/whereis | 2 ++ apparmor.d/profiles-s-z/which | 2 ++ apparmor.d/profiles-s-z/whiptail | 2 ++ apparmor.d/profiles-s-z/who | 2 ++ apparmor.d/profiles-s-z/whoami | 2 ++ apparmor.d/profiles-s-z/wireplumber | 2 ++ apparmor.d/profiles-s-z/wireshark | 2 ++ apparmor.d/profiles-s-z/wl-copy | 4 +++- apparmor.d/profiles-s-z/wmctrl | 2 ++ apparmor.d/profiles-s-z/wpa-action | 2 ++ apparmor.d/profiles-s-z/wpa-cli | 2 ++ apparmor.d/profiles-s-z/wpa-gui | 2 ++ apparmor.d/profiles-s-z/wpa-supplicant | 2 ++ apparmor.d/profiles-s-z/wrmsr | 2 ++ apparmor.d/profiles-s-z/wsdd | 4 +++- apparmor.d/profiles-s-z/xarchiver | 2 ++ apparmor.d/profiles-s-z/xauth | 2 ++ apparmor.d/profiles-s-z/xautolock | 2 ++ apparmor.d/profiles-s-z/xbacklight | 2 ++ apparmor.d/profiles-s-z/xbrlapi | 2 ++ apparmor.d/profiles-s-z/xclip | 2 ++ apparmor.d/profiles-s-z/xdpyinfo | 2 ++ apparmor.d/profiles-s-z/xinit | 2 ++ apparmor.d/profiles-s-z/xinput | 2 ++ apparmor.d/profiles-s-z/xsel | 2 ++ apparmor.d/profiles-s-z/yadifad | 2 ++ apparmor.d/profiles-s-z/youtube-dl | 2 ++ apparmor.d/profiles-s-z/youtube-viewer | 2 ++ apparmor.d/profiles-s-z/yt-dlp | 2 ++ apparmor.d/profiles-s-z/ytdl | 2 ++ apparmor.d/profiles-s-z/zathura | 2 ++ apparmor.d/profiles-s-z/zed | 2 ++ apparmor.d/profiles-s-z/zenmap | 2 ++ apparmor.d/profiles-s-z/zfs | 2 ++ apparmor.d/profiles-s-z/zpool | 2 ++ apparmor.d/profiles-s-z/zsys-system-autosnapshot | 2 ++ apparmor.d/profiles-s-z/zsysd | 2 ++ 194 files changed, 435 insertions(+), 47 deletions(-) diff --git a/apparmor.d/profiles-s-z/YACReader b/apparmor.d/profiles-s-z/YACReader index dee5b3522..ccbbb2494 100644 --- a/apparmor.d/profiles-s-z/YACReader +++ b/apparmor.d/profiles-s-z/YACReader @@ -43,4 +43,6 @@ profile YACReader @{exec_path} flags=(attach_disconnected,mediate_deleted) { owner @{PROC}/@{pid}/mountinfo r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/YACReaderLibrary b/apparmor.d/profiles-s-z/YACReaderLibrary index 50e5ae8c8..418167345 100644 --- a/apparmor.d/profiles-s-z/YACReaderLibrary +++ b/apparmor.d/profiles-s-z/YACReaderLibrary @@ -46,4 +46,6 @@ profile YACReaderLibrary @{exec_path} flags=(attach_disconnected,mediate_deleted owner @{PROC}/@{pid}/cmdline r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/s3fs b/apparmor.d/profiles-s-z/s3fs index 1bc9288da..d614330d2 100644 --- a/apparmor.d/profiles-s-z/s3fs +++ b/apparmor.d/profiles-s-z/s3fs @@ -69,4 +69,6 @@ profile s3fs @{exec_path} { } include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/sanoid b/apparmor.d/profiles-s-z/sanoid index f0b8426c6..aadad6860 100644 --- a/apparmor.d/profiles-s-z/sanoid +++ b/apparmor.d/profiles-s-z/sanoid @@ -31,3 +31,5 @@ profile sanoid @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/sbctl b/apparmor.d/profiles-s-z/sbctl index 388145d76..938ecb638 100644 --- a/apparmor.d/profiles-s-z/sbctl +++ b/apparmor.d/profiles-s-z/sbctl @@ -39,4 +39,6 @@ profile sbctl @{exec_path} { deny network inet6 stream, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/scrcpy b/apparmor.d/profiles-s-z/scrcpy index 711cd73ad..8903fe287 100644 --- a/apparmor.d/profiles-s-z/scrcpy +++ b/apparmor.d/profiles-s-z/scrcpy @@ -38,3 +38,5 @@ profile scrcpy @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/scrot b/apparmor.d/profiles-s-z/scrot index f423775f6..377bb7962 100644 --- a/apparmor.d/profiles-s-z/scrot +++ b/apparmor.d/profiles-s-z/scrot @@ -29,3 +29,5 @@ profile scrot @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/sdcv b/apparmor.d/profiles-s-z/sdcv index 7ad78e8a4..cfc6c1b3c 100644 --- a/apparmor.d/profiles-s-z/sdcv +++ b/apparmor.d/profiles-s-z/sdcv @@ -21,4 +21,6 @@ profile sdcv @{exec_path} { owner @{user_cache_dirs}/sdcv/{,**} rwk, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/secure-time-sync b/apparmor.d/profiles-s-z/secure-time-sync index bf11debcd..3ded8b7ae 100644 --- a/apparmor.d/profiles-s-z/secure-time-sync +++ b/apparmor.d/profiles-s-z/secure-time-sync @@ -31,3 +31,5 @@ profile secure-time-sync @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/sensors b/apparmor.d/profiles-s-z/sensors index b64790203..618332bce 100644 --- a/apparmor.d/profiles-s-z/sensors +++ b/apparmor.d/profiles-s-z/sensors @@ -45,3 +45,5 @@ profile sensors @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/sensors-detect b/apparmor.d/profiles-s-z/sensors-detect index 6fcc6cac1..577041922 100644 --- a/apparmor.d/profiles-s-z/sensors-detect +++ b/apparmor.d/profiles-s-z/sensors-detect @@ -68,3 +68,5 @@ profile sensors-detect @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/setpci b/apparmor.d/profiles-s-z/setpci index 9bfc43d0f..25fe43065 100644 --- a/apparmor.d/profiles-s-z/setpci +++ b/apparmor.d/profiles-s-z/setpci @@ -19,3 +19,5 @@ profile setpci @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/setvtrgb b/apparmor.d/profiles-s-z/setvtrgb index 7080cd909..79398e82d 100644 --- a/apparmor.d/profiles-s-z/setvtrgb +++ b/apparmor.d/profiles-s-z/setvtrgb @@ -18,4 +18,6 @@ profile setvtrgb @{exec_path} { /dev/tty@{int} rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/sfdisk b/apparmor.d/profiles-s-z/sfdisk index 4afa8e575..5b75a27ef 100644 --- a/apparmor.d/profiles-s-z/sfdisk +++ b/apparmor.d/profiles-s-z/sfdisk @@ -34,3 +34,5 @@ profile sfdisk @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/sgdisk b/apparmor.d/profiles-s-z/sgdisk index 778548d75..00a8c7a56 100644 --- a/apparmor.d/profiles-s-z/sgdisk +++ b/apparmor.d/profiles-s-z/sgdisk @@ -25,3 +25,5 @@ profile sgdisk @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/sing-box b/apparmor.d/profiles-s-z/sing-box index 07c557d7c..eb9866b53 100644 --- a/apparmor.d/profiles-s-z/sing-box +++ b/apparmor.d/profiles-s-z/sing-box @@ -35,3 +35,5 @@ profile sing-box @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/slirp4netns b/apparmor.d/profiles-s-z/slirp4netns index efd6756b7..0ec43cc9b 100644 --- a/apparmor.d/profiles-s-z/slirp4netns +++ b/apparmor.d/profiles-s-z/slirp4netns @@ -41,4 +41,6 @@ profile slirp4netns @{exec_path} flags=(attach_disconnected) { /dev/net/tun rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/smartctl b/apparmor.d/profiles-s-z/smartctl index 442f4fd9b..6487e82e3 100644 --- a/apparmor.d/profiles-s-z/smartctl +++ b/apparmor.d/profiles-s-z/smartctl @@ -27,3 +27,5 @@ profile smartctl @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/smartd b/apparmor.d/profiles-s-z/smartd index 3e710291b..4548813bf 100644 --- a/apparmor.d/profiles-s-z/smartd +++ b/apparmor.d/profiles-s-z/smartd @@ -53,3 +53,5 @@ profile smartd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/smbspool b/apparmor.d/profiles-s-z/smbspool index 4ae50fbb4..010226342 100644 --- a/apparmor.d/profiles-s-z/smbspool +++ b/apparmor.d/profiles-s-z/smbspool @@ -15,4 +15,6 @@ profile smbspool @{exec_path} { /etc/papersize r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/smplayer b/apparmor.d/profiles-s-z/smplayer index 3751c4ab0..d8de18f20 100644 --- a/apparmor.d/profiles-s-z/smplayer +++ b/apparmor.d/profiles-s-z/smplayer @@ -87,3 +87,5 @@ profile smplayer @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/smtube b/apparmor.d/profiles-s-z/smtube index c8cb926e3..af761d43c 100644 --- a/apparmor.d/profiles-s-z/smtube +++ b/apparmor.d/profiles-s-z/smtube @@ -102,3 +102,5 @@ profile smtube @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/snap b/apparmor.d/profiles-s-z/snap index 3d71ce766..f59fd9226 100644 --- a/apparmor.d/profiles-s-z/snap +++ b/apparmor.d/profiles-s-z/snap @@ -111,3 +111,5 @@ profile snap @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/snap-bootstrap b/apparmor.d/profiles-s-z/snap-bootstrap index de4635dd1..71a4ad8f2 100644 --- a/apparmor.d/profiles-s-z/snap-bootstrap +++ b/apparmor.d/profiles-s-z/snap-bootstrap @@ -13,4 +13,6 @@ profile snap-bootstrap @{exec_path} { @{exec_path} mr, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/snap-device-helper b/apparmor.d/profiles-s-z/snap-device-helper index 836071c08..ec342d4e2 100644 --- a/apparmor.d/profiles-s-z/snap-device-helper +++ b/apparmor.d/profiles-s-z/snap-device-helper @@ -20,4 +20,6 @@ profile snap-device-helper @{exec_path} { @{sys}/fs/bpf/snap/ w, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/snap-discard-ns b/apparmor.d/profiles-s-z/snap-discard-ns index 2ba6f81ad..ab90529b7 100644 --- a/apparmor.d/profiles-s-z/snap-discard-ns +++ b/apparmor.d/profiles-s-z/snap-discard-ns @@ -30,4 +30,6 @@ profile snap-discard-ns @{exec_path} { @{run}/snapd/ns/* rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/snap-failure b/apparmor.d/profiles-s-z/snap-failure index 9f6399064..df8fe47fb 100644 --- a/apparmor.d/profiles-s-z/snap-failure +++ b/apparmor.d/profiles-s-z/snap-failure @@ -31,4 +31,6 @@ profile snap-failure @{exec_path} { } include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/snap-repair b/apparmor.d/profiles-s-z/snap-repair index 1527a465c..d5f282ffa 100644 --- a/apparmor.d/profiles-s-z/snap-repair +++ b/apparmor.d/profiles-s-z/snap-repair @@ -13,4 +13,6 @@ profile snap-repair @{exec_path} { @{exec_path} mr, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/snap-seccomp b/apparmor.d/profiles-s-z/snap-seccomp index f62f3a3f3..0da410bca 100644 --- a/apparmor.d/profiles-s-z/snap-seccomp +++ b/apparmor.d/profiles-s-z/snap-seccomp @@ -27,4 +27,6 @@ profile snap-seccomp @{exec_path} { deny @{user_share_dirs}/gvfs-metadata/* r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/snap-update-ns b/apparmor.d/profiles-s-z/snap-update-ns index 328eab743..e9315f5c7 100644 --- a/apparmor.d/profiles-s-z/snap-update-ns +++ b/apparmor.d/profiles-s-z/snap-update-ns @@ -54,4 +54,6 @@ profile snap-update-ns @{exec_path} { @{PROC}/version r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/snapd b/apparmor.d/profiles-s-z/snapd index dfae29999..3892a8ca4 100644 --- a/apparmor.d/profiles-s-z/snapd +++ b/apparmor.d/profiles-s-z/snapd @@ -180,4 +180,6 @@ profile snapd @{exec_path} { } include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/snapd-aa-prompt-listener b/apparmor.d/profiles-s-z/snapd-aa-prompt-listener index f8c1df718..3e3045b80 100644 --- a/apparmor.d/profiles-s-z/snapd-aa-prompt-listener +++ b/apparmor.d/profiles-s-z/snapd-aa-prompt-listener @@ -21,4 +21,6 @@ profile snapd-aa-prompt-listener @{exec_path} { @{PROC}/cmdline r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/snapd-aa-prompt-ui b/apparmor.d/profiles-s-z/snapd-aa-prompt-ui index 35c6d5e4c..d7b9b3713 100644 --- a/apparmor.d/profiles-s-z/snapd-aa-prompt-ui +++ b/apparmor.d/profiles-s-z/snapd-aa-prompt-ui @@ -19,4 +19,6 @@ profile snapd-aa-prompt-ui @{exec_path} { @{PROC}/cmdline r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/snapd-apparmor b/apparmor.d/profiles-s-z/snapd-apparmor index d9be96e87..22a9c5faa 100644 --- a/apparmor.d/profiles-s-z/snapd-apparmor +++ b/apparmor.d/profiles-s-z/snapd-apparmor @@ -27,4 +27,6 @@ profile snapd-apparmor @{exec_path} { @{PROC}/cmdline r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/snapd-core-fixup b/apparmor.d/profiles-s-z/snapd-core-fixup index 7d407df32..fffbc4468 100644 --- a/apparmor.d/profiles-s-z/snapd-core-fixup +++ b/apparmor.d/profiles-s-z/snapd-core-fixup @@ -13,4 +13,6 @@ profile snapd-core-fixup @{exec_path} { @{exec_path} mr, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/spacefm-auth b/apparmor.d/profiles-s-z/spacefm-auth index 2e7f34125..754908eac 100644 --- a/apparmor.d/profiles-s-z/spacefm-auth +++ b/apparmor.d/profiles-s-z/spacefm-auth @@ -16,3 +16,5 @@ profile spacefm-auth @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/spectre-meltdown-checker b/apparmor.d/profiles-s-z/spectre-meltdown-checker index 2ff6defc3..98d677189 100644 --- a/apparmor.d/profiles-s-z/spectre-meltdown-checker +++ b/apparmor.d/profiles-s-z/spectre-meltdown-checker @@ -187,3 +187,5 @@ profile spectre-meltdown-checker @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/speedtest b/apparmor.d/profiles-s-z/speedtest index 5c299fb8d..511f32a96 100644 --- a/apparmor.d/profiles-s-z/speedtest +++ b/apparmor.d/profiles-s-z/speedtest @@ -34,3 +34,5 @@ profile speedtest @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/spice-client-glib-usb-acl-helper b/apparmor.d/profiles-s-z/spice-client-glib-usb-acl-helper index be131b3e9..1847c93d7 100644 --- a/apparmor.d/profiles-s-z/spice-client-glib-usb-acl-helper +++ b/apparmor.d/profiles-s-z/spice-client-glib-usb-acl-helper @@ -23,4 +23,6 @@ profile spice-client-glib-usb-acl-helper @{exec_path} { @{PROC}/sys/kernel/cap_last_cap r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/spice-vdagent b/apparmor.d/profiles-s-z/spice-vdagent index e25574bb9..c2fd27ced 100644 --- a/apparmor.d/profiles-s-z/spice-vdagent +++ b/apparmor.d/profiles-s-z/spice-vdagent @@ -47,3 +47,5 @@ profile spice-vdagent @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/spice-vdagentd b/apparmor.d/profiles-s-z/spice-vdagentd index cdaf03b9a..e9a8b6330 100644 --- a/apparmor.d/profiles-s-z/spice-vdagentd +++ b/apparmor.d/profiles-s-z/spice-vdagentd @@ -30,3 +30,5 @@ profile spice-vdagentd @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/spotify b/apparmor.d/profiles-s-z/spotify index e588ffbcf..db2e7ebe9 100644 --- a/apparmor.d/profiles-s-z/spotify +++ b/apparmor.d/profiles-s-z/spotify @@ -56,3 +56,5 @@ profile spotify @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/ss b/apparmor.d/profiles-s-z/ss index 99d05d286..36f4c988d 100644 --- a/apparmor.d/profiles-s-z/ss +++ b/apparmor.d/profiles-s-z/ss @@ -45,3 +45,5 @@ profile ss @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/sslocal b/apparmor.d/profiles-s-z/sslocal index 2ce04f3e6..beff6a1e9 100644 --- a/apparmor.d/profiles-s-z/sslocal +++ b/apparmor.d/profiles-s-z/sslocal @@ -29,3 +29,5 @@ profile sslocal @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/ssmanager b/apparmor.d/profiles-s-z/ssmanager index affdd3e85..7a89ea8bd 100644 --- a/apparmor.d/profiles-s-z/ssmanager +++ b/apparmor.d/profiles-s-z/ssmanager @@ -29,3 +29,5 @@ profile ssmanager @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/ssserver b/apparmor.d/profiles-s-z/ssserver index 07690f08c..51dc62837 100644 --- a/apparmor.d/profiles-s-z/ssserver +++ b/apparmor.d/profiles-s-z/ssserver @@ -28,3 +28,5 @@ profile ssserver @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/ssservice b/apparmor.d/profiles-s-z/ssservice index 5c63da5c2..1c62764b2 100644 --- a/apparmor.d/profiles-s-z/ssservice +++ b/apparmor.d/profiles-s-z/ssservice @@ -16,3 +16,5 @@ profile ssservice @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/ssurl b/apparmor.d/profiles-s-z/ssurl index 9471ab0ad..e1c7b9068 100644 --- a/apparmor.d/profiles-s-z/ssurl +++ b/apparmor.d/profiles-s-z/ssurl @@ -24,3 +24,5 @@ profile ssurl @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/start-pulseaudio-x11 b/apparmor.d/profiles-s-z/start-pulseaudio-x11 index 3287c7556..616b66963 100644 --- a/apparmor.d/profiles-s-z/start-pulseaudio-x11 +++ b/apparmor.d/profiles-s-z/start-pulseaudio-x11 @@ -24,4 +24,6 @@ profile start-pulseaudio-x11 @{exec_path} { /dev/tty rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/startx b/apparmor.d/profiles-s-z/startx index 9a51396c9..26cf4027f 100644 --- a/apparmor.d/profiles-s-z/startx +++ b/apparmor.d/profiles-s-z/startx @@ -47,3 +47,5 @@ profile startx @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/steam b/apparmor.d/profiles-s-z/steam index 49157e257..8de447bfe 100644 --- a/apparmor.d/profiles-s-z/steam +++ b/apparmor.d/profiles-s-z/steam @@ -418,3 +418,5 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/steam-fossilize b/apparmor.d/profiles-s-z/steam-fossilize index b8ec7e182..b33c90d8b 100644 --- a/apparmor.d/profiles-s-z/steam-fossilize +++ b/apparmor.d/profiles-s-z/steam-fossilize @@ -49,3 +49,5 @@ profile steam-fossilize @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/steam-game-native b/apparmor.d/profiles-s-z/steam-game-native index 0a79b99d8..9453076ea 100644 --- a/apparmor.d/profiles-s-z/steam-game-native +++ b/apparmor.d/profiles-s-z/steam-game-native @@ -35,4 +35,6 @@ profile steam-game-native @{exec_path} flags=(attach_disconnected) { @{lib_dirs}/** mr, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/steam-game-proton b/apparmor.d/profiles-s-z/steam-game-proton index ed67e72b9..49a668996 100644 --- a/apparmor.d/profiles-s-z/steam-game-proton +++ b/apparmor.d/profiles-s-z/steam-game-proton @@ -106,4 +106,6 @@ profile steam-game-proton @{exec_path} flags=(attach_disconnected) { @{PROC}/sys/net/core/bpf_jit_enable r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/steam-gameoverlayui b/apparmor.d/profiles-s-z/steam-gameoverlayui index d78751bf9..bbe2452e2 100644 --- a/apparmor.d/profiles-s-z/steam-gameoverlayui +++ b/apparmor.d/profiles-s-z/steam-gameoverlayui @@ -69,3 +69,5 @@ profile steam-gameoverlayui @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/steam-launch b/apparmor.d/profiles-s-z/steam-launch index 1b2afd212..877181b61 100644 --- a/apparmor.d/profiles-s-z/steam-launch +++ b/apparmor.d/profiles-s-z/steam-launch @@ -43,4 +43,6 @@ profile steam-launch @{exec_path} { deny /opt/** r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/steam-launcher b/apparmor.d/profiles-s-z/steam-launcher index 9b4f09b91..45fa30245 100644 --- a/apparmor.d/profiles-s-z/steam-launcher +++ b/apparmor.d/profiles-s-z/steam-launcher @@ -26,4 +26,6 @@ profile steam-launcher @{exec_path} flags=(attach_disconnected) { @{lib_dirs}/** mr, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/steam-runtime b/apparmor.d/profiles-s-z/steam-runtime index 9beaa2e8c..5d6d0f856 100644 --- a/apparmor.d/profiles-s-z/steam-runtime +++ b/apparmor.d/profiles-s-z/steam-runtime @@ -80,4 +80,6 @@ profile steam-runtime @{exec_path} flags=(attach_disconnected) { /dev/tty rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/steamerrorreporter b/apparmor.d/profiles-s-z/steamerrorreporter index 0f765c301..3e206e898 100644 --- a/apparmor.d/profiles-s-z/steamerrorreporter +++ b/apparmor.d/profiles-s-z/steamerrorreporter @@ -38,4 +38,6 @@ profile steamerrorreporter @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/status r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/strawberry b/apparmor.d/profiles-s-z/strawberry index 5ed3ceace..a790e6b7b 100644 --- a/apparmor.d/profiles-s-z/strawberry +++ b/apparmor.d/profiles-s-z/strawberry @@ -79,3 +79,5 @@ profile strawberry @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/strawberry-tagreader b/apparmor.d/profiles-s-z/strawberry-tagreader index de4462c8c..0e1aced4f 100644 --- a/apparmor.d/profiles-s-z/strawberry-tagreader +++ b/apparmor.d/profiles-s-z/strawberry-tagreader @@ -29,3 +29,5 @@ profile strawberry-tagreader @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/su b/apparmor.d/profiles-s-z/su index 940536a07..429c48938 100644 --- a/apparmor.d/profiles-s-z/su +++ b/apparmor.d/profiles-s-z/su @@ -28,3 +28,5 @@ profile su @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/sudo b/apparmor.d/profiles-s-z/sudo index f67917f55..0ba2694bd 100644 --- a/apparmor.d/profiles-s-z/sudo +++ b/apparmor.d/profiles-s-z/sudo @@ -47,3 +47,5 @@ profile sudo @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/sulogin b/apparmor.d/profiles-s-z/sulogin index a50aeea42..3793df043 100644 --- a/apparmor.d/profiles-s-z/sulogin +++ b/apparmor.d/profiles-s-z/sulogin @@ -26,4 +26,6 @@ profile sulogin @{exec_path} { /dev/tty@{int} rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/swaplabel b/apparmor.d/profiles-s-z/swaplabel index a038e9dc9..03d2fe8d0 100644 --- a/apparmor.d/profiles-s-z/swaplabel +++ b/apparmor.d/profiles-s-z/swaplabel @@ -19,3 +19,5 @@ profile swaplabel @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/swapon b/apparmor.d/profiles-s-z/swapon index 613e1b3de..31ee2e93a 100644 --- a/apparmor.d/profiles-s-z/swapon +++ b/apparmor.d/profiles-s-z/swapon @@ -28,3 +28,5 @@ profile swapon @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/switcheroo-control b/apparmor.d/profiles-s-z/switcheroo-control index 19b991cc1..4cfa8ba96 100644 --- a/apparmor.d/profiles-s-z/switcheroo-control +++ b/apparmor.d/profiles-s-z/switcheroo-control @@ -34,3 +34,5 @@ profile switcheroo-control @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/switcherooctl b/apparmor.d/profiles-s-z/switcherooctl index 1afd61d9c..9979c9246 100644 --- a/apparmor.d/profiles-s-z/switcherooctl +++ b/apparmor.d/profiles-s-z/switcherooctl @@ -17,4 +17,6 @@ profile switcherooctl @{exec_path} { @{exec_path} mr, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/swtpm b/apparmor.d/profiles-s-z/swtpm index 8b4fd09d0..4f6d1b38c 100644 --- a/apparmor.d/profiles-s-z/swtpm +++ b/apparmor.d/profiles-s-z/swtpm @@ -28,4 +28,6 @@ profile swtpm @{exec_path} { @{run}/libvirt/qemu/swtpm/*.pid w, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/swtpm_ioctl b/apparmor.d/profiles-s-z/swtpm_ioctl index 708ee3982..c77810624 100644 --- a/apparmor.d/profiles-s-z/swtpm_ioctl +++ b/apparmor.d/profiles-s-z/swtpm_ioctl @@ -16,4 +16,6 @@ profile swtpm_ioctl @{exec_path} { @{exec_path} mr, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/swtpm_localca b/apparmor.d/profiles-s-z/swtpm_localca index 6a8998829..a9749c91f 100644 --- a/apparmor.d/profiles-s-z/swtpm_localca +++ b/apparmor.d/profiles-s-z/swtpm_localca @@ -30,4 +30,6 @@ profile swtpm_localca @{exec_path} { @{run}/libvirt/qemu/swtpm/*.sock w, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/swtpm_setup b/apparmor.d/profiles-s-z/swtpm_setup index 18aafae60..f4b01f0e0 100644 --- a/apparmor.d/profiles-s-z/swtpm_setup +++ b/apparmor.d/profiles-s-z/swtpm_setup @@ -26,4 +26,6 @@ profile swtpm_setup @{exec_path} { owner @{tmp}/.swtpm_setup.pidfile* rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/sync b/apparmor.d/profiles-s-z/sync index 3211a2b59..6bdb55732 100644 --- a/apparmor.d/profiles-s-z/sync +++ b/apparmor.d/profiles-s-z/sync @@ -14,4 +14,6 @@ profile sync @{exec_path} { @{exec_path} mr, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/syncoid b/apparmor.d/profiles-s-z/syncoid index 36a5c9856..c90665cdf 100644 --- a/apparmor.d/profiles-s-z/syncoid +++ b/apparmor.d/profiles-s-z/syncoid @@ -31,3 +31,5 @@ profile syncoid @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/syncthing b/apparmor.d/profiles-s-z/syncthing index f669e73dc..50b04668b 100644 --- a/apparmor.d/profiles-s-z/syncthing +++ b/apparmor.d/profiles-s-z/syncthing @@ -45,3 +45,5 @@ profile syncthing @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/sysctl b/apparmor.d/profiles-s-z/sysctl index 839e473f6..4e50430be 100644 --- a/apparmor.d/profiles-s-z/sysctl +++ b/apparmor.d/profiles-s-z/sysctl @@ -31,4 +31,6 @@ profile sysctl @{exec_path} { deny network inet stream, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/system-config-printer b/apparmor.d/profiles-s-z/system-config-printer index fb3c60772..ab36047f2 100644 --- a/apparmor.d/profiles-s-z/system-config-printer +++ b/apparmor.d/profiles-s-z/system-config-printer @@ -58,3 +58,5 @@ profile system-config-printer @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/system-config-printer-applet b/apparmor.d/profiles-s-z/system-config-printer-applet index f5c393f64..0112b152a 100644 --- a/apparmor.d/profiles-s-z/system-config-printer-applet +++ b/apparmor.d/profiles-s-z/system-config-printer-applet @@ -31,3 +31,5 @@ profile system-config-printer-applet @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/task b/apparmor.d/profiles-s-z/task index 3c0ea26b5..bd7f276a8 100644 --- a/apparmor.d/profiles-s-z/task +++ b/apparmor.d/profiles-s-z/task @@ -47,3 +47,5 @@ profile task @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/tasksel b/apparmor.d/profiles-s-z/tasksel index 94bba6ce9..b96200dea 100644 --- a/apparmor.d/profiles-s-z/tasksel +++ b/apparmor.d/profiles-s-z/tasksel @@ -80,3 +80,5 @@ profile tasksel @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/taskwarrior-tui b/apparmor.d/profiles-s-z/taskwarrior-tui index f3678ff82..f125c993d 100644 --- a/apparmor.d/profiles-s-z/taskwarrior-tui +++ b/apparmor.d/profiles-s-z/taskwarrior-tui @@ -30,3 +30,5 @@ profile taskwarrior-tui @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/terminator b/apparmor.d/profiles-s-z/terminator index c63a5657c..3f9ba6e25 100644 --- a/apparmor.d/profiles-s-z/terminator +++ b/apparmor.d/profiles-s-z/terminator @@ -63,4 +63,6 @@ profile terminator @{exec_path} flags=(attach_disconnected) { deny @{user_share_dirs}/gvfs-metadata/{,*} r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/tftp b/apparmor.d/profiles-s-z/tftp index 977b51790..fb848cb1c 100644 --- a/apparmor.d/profiles-s-z/tftp +++ b/apparmor.d/profiles-s-z/tftp @@ -17,3 +17,5 @@ profile tftp @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/thermald b/apparmor.d/profiles-s-z/thermald index 5dfa66125..1e72d45ec 100644 --- a/apparmor.d/profiles-s-z/thermald +++ b/apparmor.d/profiles-s-z/thermald @@ -82,3 +82,5 @@ profile thermald @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/thinkfan b/apparmor.d/profiles-s-z/thinkfan index cd5160493..56a39736e 100644 --- a/apparmor.d/profiles-s-z/thinkfan +++ b/apparmor.d/profiles-s-z/thinkfan @@ -28,3 +28,5 @@ profile thinkfan @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/thunderbird b/apparmor.d/profiles-s-z/thunderbird index 7e9b67d6d..d6553d990 100644 --- a/apparmor.d/profiles-s-z/thunderbird +++ b/apparmor.d/profiles-s-z/thunderbird @@ -179,3 +179,5 @@ profile thunderbird @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/thunderbird-glxtest b/apparmor.d/profiles-s-z/thunderbird-glxtest index b69db4912..17fda9d56 100644 --- a/apparmor.d/profiles-s-z/thunderbird-glxtest +++ b/apparmor.d/profiles-s-z/thunderbird-glxtest @@ -26,4 +26,6 @@ profile thunderbird-glxtest @{exec_path} { owner @{PROC}/@{pid}/cmdline r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/thunderbird-vaapitest b/apparmor.d/profiles-s-z/thunderbird-vaapitest index 345b7a6f8..85c1a08cb 100644 --- a/apparmor.d/profiles-s-z/thunderbird-vaapitest +++ b/apparmor.d/profiles-s-z/thunderbird-vaapitest @@ -28,3 +28,5 @@ profile thunderbird-vaapitest @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/tint2 b/apparmor.d/profiles-s-z/tint2 index e098f55e4..2e44d0fab 100644 --- a/apparmor.d/profiles-s-z/tint2 +++ b/apparmor.d/profiles-s-z/tint2 @@ -62,3 +62,5 @@ profile tint2 @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/tint2conf b/apparmor.d/profiles-s-z/tint2conf index 2ad3762cf..776b843a3 100644 --- a/apparmor.d/profiles-s-z/tint2conf +++ b/apparmor.d/profiles-s-z/tint2conf @@ -41,3 +41,5 @@ profile tint2conf @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/top b/apparmor.d/profiles-s-z/top index 91cdd57a1..9e4b7c11a 100644 --- a/apparmor.d/profiles-s-z/top +++ b/apparmor.d/profiles-s-z/top @@ -68,3 +68,5 @@ profile top @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/torify b/apparmor.d/profiles-s-z/torify index 6eb5f76fa..fcc4c9b98 100644 --- a/apparmor.d/profiles-s-z/torify +++ b/apparmor.d/profiles-s-z/torify @@ -16,3 +16,5 @@ profile torify @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/torsocks b/apparmor.d/profiles-s-z/torsocks index b72a959e7..8d75133da 100644 --- a/apparmor.d/profiles-s-z/torsocks +++ b/apparmor.d/profiles-s-z/torsocks @@ -25,3 +25,5 @@ profile torsocks @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/tpacpi-bat b/apparmor.d/profiles-s-z/tpacpi-bat index 3febe67c9..673f46e32 100644 --- a/apparmor.d/profiles-s-z/tpacpi-bat +++ b/apparmor.d/profiles-s-z/tpacpi-bat @@ -28,3 +28,5 @@ profile tpacpi-bat @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/transmission-gtk b/apparmor.d/profiles-s-z/transmission-gtk index 3da3784e5..40586fa03 100644 --- a/apparmor.d/profiles-s-z/transmission-gtk +++ b/apparmor.d/profiles-s-z/transmission-gtk @@ -50,3 +50,5 @@ profile transmission-gtk @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/transmission-qt b/apparmor.d/profiles-s-z/transmission-qt index 5b232a005..bbfe5bff4 100644 --- a/apparmor.d/profiles-s-z/transmission-qt +++ b/apparmor.d/profiles-s-z/transmission-qt @@ -52,3 +52,5 @@ profile transmission-qt @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/tune2fs b/apparmor.d/profiles-s-z/tune2fs index 192fff844..d9a8c5409 100644 --- a/apparmor.d/profiles-s-z/tune2fs +++ b/apparmor.d/profiles-s-z/tune2fs @@ -34,3 +34,5 @@ profile tune2fs @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/udev-dmi-memory-id b/apparmor.d/profiles-s-z/udev-dmi-memory-id index 62c834d99..ab6a2de77 100644 --- a/apparmor.d/profiles-s-z/udev-dmi-memory-id +++ b/apparmor.d/profiles-s-z/udev-dmi-memory-id @@ -18,4 +18,6 @@ profile udev-dmi-memory-id @{exec_path} { @{sys}/firmware/dmi/tables/smbios_entry_point r, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/udiskie b/apparmor.d/profiles-s-z/udiskie index f6e7aaafc..505017bcd 100644 --- a/apparmor.d/profiles-s-z/udiskie +++ b/apparmor.d/profiles-s-z/udiskie @@ -68,3 +68,5 @@ profile udiskie @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/udiskie-info b/apparmor.d/profiles-s-z/udiskie-info index 947144150..aa359ef56 100644 --- a/apparmor.d/profiles-s-z/udiskie-info +++ b/apparmor.d/profiles-s-z/udiskie-info @@ -24,3 +24,5 @@ profile udiskie-info @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/udiskie-mount b/apparmor.d/profiles-s-z/udiskie-mount index bbfb20ad8..7e72e9713 100644 --- a/apparmor.d/profiles-s-z/udiskie-mount +++ b/apparmor.d/profiles-s-z/udiskie-mount @@ -24,3 +24,5 @@ profile udiskie-mount @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/udiskie-umount b/apparmor.d/profiles-s-z/udiskie-umount index edf8c79b9..8dc30eb9a 100644 --- a/apparmor.d/profiles-s-z/udiskie-umount +++ b/apparmor.d/profiles-s-z/udiskie-umount @@ -24,3 +24,5 @@ profile udiskie-umount @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/udisksctl b/apparmor.d/profiles-s-z/udisksctl index c4f6dc96b..a05cede9c 100644 --- a/apparmor.d/profiles-s-z/udisksctl +++ b/apparmor.d/profiles-s-z/udisksctl @@ -23,3 +23,5 @@ profile udisksctl @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/udisksd b/apparmor.d/profiles-s-z/udisksd index cbe3a79b0..365044702 100644 --- a/apparmor.d/profiles-s-z/udisksd +++ b/apparmor.d/profiles-s-z/udisksd @@ -150,3 +150,5 @@ profile udisksd @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/umount b/apparmor.d/profiles-s-z/umount index 8253f4335..e066dff89 100644 --- a/apparmor.d/profiles-s-z/umount +++ b/apparmor.d/profiles-s-z/umount @@ -48,3 +48,5 @@ profile umount @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/umount.udisks2 b/apparmor.d/profiles-s-z/umount.udisks2 index 87a8e2b33..2a6f7747d 100644 --- a/apparmor.d/profiles-s-z/umount.udisks2 +++ b/apparmor.d/profiles-s-z/umount.udisks2 @@ -15,3 +15,5 @@ profile umount.udisks2 @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/uname b/apparmor.d/profiles-s-z/uname index 267fdb82a..4dd41a7bf 100644 --- a/apparmor.d/profiles-s-z/uname +++ b/apparmor.d/profiles-s-z/uname @@ -21,3 +21,5 @@ profile uname @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/unhide-linux b/apparmor.d/profiles-s-z/unhide-linux index a782c72ca..d03561452 100644 --- a/apparmor.d/profiles-s-z/unhide-linux +++ b/apparmor.d/profiles-s-z/unhide-linux @@ -36,3 +36,5 @@ profile unhide-linux @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/unhide-posix b/apparmor.d/profiles-s-z/unhide-posix index 0e869207c..1277e299c 100644 --- a/apparmor.d/profiles-s-z/unhide-posix +++ b/apparmor.d/profiles-s-z/unhide-posix @@ -39,3 +39,5 @@ profile unhide-posix @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/unhide-rb b/apparmor.d/profiles-s-z/unhide-rb index a860f5218..e503f639a 100644 --- a/apparmor.d/profiles-s-z/unhide-rb +++ b/apparmor.d/profiles-s-z/unhide-rb @@ -23,3 +23,5 @@ profile unhide-rb @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/unhide-tcp b/apparmor.d/profiles-s-z/unhide-tcp index bd17557df..bb54d19b1 100644 --- a/apparmor.d/profiles-s-z/unhide-tcp +++ b/apparmor.d/profiles-s-z/unhide-tcp @@ -33,3 +33,5 @@ profile unhide-tcp @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/unix-chkpwd b/apparmor.d/profiles-s-z/unix-chkpwd index 65fd4330c..c24da3bab 100644 --- a/apparmor.d/profiles-s-z/unix-chkpwd +++ b/apparmor.d/profiles-s-z/unix-chkpwd @@ -30,3 +30,5 @@ profile unix-chkpwd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/unmkinitramfs b/apparmor.d/profiles-s-z/unmkinitramfs index 23f4e2490..d5d1cb953 100644 --- a/apparmor.d/profiles-s-z/unmkinitramfs +++ b/apparmor.d/profiles-s-z/unmkinitramfs @@ -52,3 +52,5 @@ profile unmkinitramfs @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/update-alternatives b/apparmor.d/profiles-s-z/update-alternatives index 3ef1d8f1d..dfe7725d8 100644 --- a/apparmor.d/profiles-s-z/update-alternatives +++ b/apparmor.d/profiles-s-z/update-alternatives @@ -32,3 +32,5 @@ profile update-alternatives @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/update-ca-certificates b/apparmor.d/profiles-s-z/update-ca-certificates index d1dba09ea..f08383fba 100644 --- a/apparmor.d/profiles-s-z/update-ca-certificates +++ b/apparmor.d/profiles-s-z/update-ca-certificates @@ -59,3 +59,5 @@ profile update-ca-certificates @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/update-ca-trust b/apparmor.d/profiles-s-z/update-ca-trust index 4a9df2282..a4434ad48 100644 --- a/apparmor.d/profiles-s-z/update-ca-trust +++ b/apparmor.d/profiles-s-z/update-ca-trust @@ -37,4 +37,6 @@ profile update-ca-trust @{exec_path} { deny network inet stream, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/update-command-not-found b/apparmor.d/profiles-s-z/update-command-not-found index a6e3eb3b4..56c215402 100644 --- a/apparmor.d/profiles-s-z/update-command-not-found +++ b/apparmor.d/profiles-s-z/update-command-not-found @@ -47,3 +47,5 @@ profile update-command-not-found @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/update-cracklib b/apparmor.d/profiles-s-z/update-cracklib index 7c2d4c1b9..6b4192903 100644 --- a/apparmor.d/profiles-s-z/update-cracklib +++ b/apparmor.d/profiles-s-z/update-cracklib @@ -39,4 +39,6 @@ profile update-cracklib @{exec_path} { owner @{tmp}/sort@{rand6} rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/update-dlocatedb b/apparmor.d/profiles-s-z/update-dlocatedb index fcf3c65b1..08687c6c8 100644 --- a/apparmor.d/profiles-s-z/update-dlocatedb +++ b/apparmor.d/profiles-s-z/update-dlocatedb @@ -62,3 +62,5 @@ profile update-dlocatedb @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/update-initramfs b/apparmor.d/profiles-s-z/update-initramfs index be61c82b0..fc62d99f2 100644 --- a/apparmor.d/profiles-s-z/update-initramfs +++ b/apparmor.d/profiles-s-z/update-initramfs @@ -53,3 +53,5 @@ profile update-initramfs @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/update-pciids b/apparmor.d/profiles-s-z/update-pciids index 759166464..233ed60be 100644 --- a/apparmor.d/profiles-s-z/update-pciids +++ b/apparmor.d/profiles-s-z/update-pciids @@ -66,3 +66,5 @@ profile update-pciids @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/update-secureboot-policy b/apparmor.d/profiles-s-z/update-secureboot-policy index 8c3db4b0d..8431fd1e6 100644 --- a/apparmor.d/profiles-s-z/update-secureboot-policy +++ b/apparmor.d/profiles-s-z/update-secureboot-policy @@ -34,3 +34,5 @@ profile update-secureboot-policy @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/update-smart-drivedb b/apparmor.d/profiles-s-z/update-smart-drivedb index 60c1de581..7140bbd5b 100644 --- a/apparmor.d/profiles-s-z/update-smart-drivedb +++ b/apparmor.d/profiles-s-z/update-smart-drivedb @@ -92,3 +92,5 @@ profile update-smart-drivedb @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/updatedb-mlocate b/apparmor.d/profiles-s-z/updatedb-mlocate index 6a2469e3a..9e470d878 100644 --- a/apparmor.d/profiles-s-z/updatedb-mlocate +++ b/apparmor.d/profiles-s-z/updatedb-mlocate @@ -64,3 +64,5 @@ profile updatedb-mlocate @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/updatedb.plocate b/apparmor.d/profiles-s-z/updatedb.plocate index 3b2cdd991..67ea546fd 100644 --- a/apparmor.d/profiles-s-z/updatedb.plocate +++ b/apparmor.d/profiles-s-z/updatedb.plocate @@ -38,3 +38,5 @@ profile updatedb.plocate @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/uptime b/apparmor.d/profiles-s-z/uptime index b0cb79a81..1b28a07da 100644 --- a/apparmor.d/profiles-s-z/uptime +++ b/apparmor.d/profiles-s-z/uptime @@ -21,3 +21,5 @@ profile uptime @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/uptimed b/apparmor.d/profiles-s-z/uptimed index 0c87a121b..a850d7771 100644 --- a/apparmor.d/profiles-s-z/uptimed +++ b/apparmor.d/profiles-s-z/uptimed @@ -19,4 +19,6 @@ profile uptimed @{exec_path} { @{run}/uptimed/uptimed.pid rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/usb-devices b/apparmor.d/profiles-s-z/usb-devices index 188c6ec6b..94e6526ab 100644 --- a/apparmor.d/profiles-s-z/usb-devices +++ b/apparmor.d/profiles-s-z/usb-devices @@ -32,3 +32,5 @@ profile usb-devices @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/usbguard b/apparmor.d/profiles-s-z/usbguard index 7ceb6038b..deb5ef46d 100644 --- a/apparmor.d/profiles-s-z/usbguard +++ b/apparmor.d/profiles-s-z/usbguard @@ -37,3 +37,5 @@ profile usbguard @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/usbguard-applet-qt b/apparmor.d/profiles-s-z/usbguard-applet-qt index a266575ee..bc004b86f 100644 --- a/apparmor.d/profiles-s-z/usbguard-applet-qt +++ b/apparmor.d/profiles-s-z/usbguard-applet-qt @@ -44,3 +44,5 @@ profile usbguard-applet-qt @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/usbguard-daemon b/apparmor.d/profiles-s-z/usbguard-daemon index f831200e0..d6c05f782 100644 --- a/apparmor.d/profiles-s-z/usbguard-daemon +++ b/apparmor.d/profiles-s-z/usbguard-daemon @@ -40,3 +40,5 @@ profile usbguard-daemon @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/usbguard-dbus b/apparmor.d/profiles-s-z/usbguard-dbus index f4cc7a4cb..b02524d55 100644 --- a/apparmor.d/profiles-s-z/usbguard-dbus +++ b/apparmor.d/profiles-s-z/usbguard-dbus @@ -23,3 +23,5 @@ profile usbguard-dbus @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/usbguard-notifier b/apparmor.d/profiles-s-z/usbguard-notifier index f8f2b75a5..48f88d0aa 100644 --- a/apparmor.d/profiles-s-z/usbguard-notifier +++ b/apparmor.d/profiles-s-z/usbguard-notifier @@ -20,3 +20,5 @@ profile usbguard-notifier @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/useradd b/apparmor.d/profiles-s-z/useradd index 78cc81779..a6094867a 100644 --- a/apparmor.d/profiles-s-z/useradd +++ b/apparmor.d/profiles-s-z/useradd @@ -73,3 +73,5 @@ profile useradd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/userdel b/apparmor.d/profiles-s-z/userdel index 5c5b4f9bb..6b95a4848 100644 --- a/apparmor.d/profiles-s-z/userdel +++ b/apparmor.d/profiles-s-z/userdel @@ -55,3 +55,5 @@ profile userdel @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/usermod b/apparmor.d/profiles-s-z/usermod index 6c9dd9b2a..cfcdc6bdc 100644 --- a/apparmor.d/profiles-s-z/usermod +++ b/apparmor.d/profiles-s-z/usermod @@ -56,3 +56,5 @@ profile usermod @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/users b/apparmor.d/profiles-s-z/users index 684b489a3..fbad304bf 100644 --- a/apparmor.d/profiles-s-z/users +++ b/apparmor.d/profiles-s-z/users @@ -20,3 +20,5 @@ profile users @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/utmpdump b/apparmor.d/profiles-s-z/utmpdump index 3cb319f23..054bb69ce 100644 --- a/apparmor.d/profiles-s-z/utmpdump +++ b/apparmor.d/profiles-s-z/utmpdump @@ -18,3 +18,5 @@ profile utmpdump @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/utox b/apparmor.d/profiles-s-z/utox index 5a0c2cc81..e5642c263 100644 --- a/apparmor.d/profiles-s-z/utox +++ b/apparmor.d/profiles-s-z/utox @@ -39,3 +39,5 @@ profile utox @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/uuidd b/apparmor.d/profiles-s-z/uuidd index 2fd5956f5..c98d8175f 100644 --- a/apparmor.d/profiles-s-z/uuidd +++ b/apparmor.d/profiles-s-z/uuidd @@ -13,4 +13,6 @@ profile uuidd @{exec_path} { @{exec_path} mr, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/uuidgen b/apparmor.d/profiles-s-z/uuidgen index 4a433508f..b00ed1f26 100644 --- a/apparmor.d/profiles-s-z/uuidgen +++ b/apparmor.d/profiles-s-z/uuidgen @@ -14,4 +14,6 @@ profile uuidgen @{exec_path} { @{exec_path} mr, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/uupdate b/apparmor.d/profiles-s-z/uupdate index ffc6c4069..f49441ebf 100644 --- a/apparmor.d/profiles-s-z/uupdate +++ b/apparmor.d/profiles-s-z/uupdate @@ -52,3 +52,5 @@ profile uupdate @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/vcsi b/apparmor.d/profiles-s-z/vcsi index 9ceb9ec4b..37422840c 100644 --- a/apparmor.d/profiles-s-z/vcsi +++ b/apparmor.d/profiles-s-z/vcsi @@ -32,3 +32,5 @@ profile vcsi @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/vidcutter b/apparmor.d/profiles-s-z/vidcutter index b9c129559..226a0dd98 100644 --- a/apparmor.d/profiles-s-z/vidcutter +++ b/apparmor.d/profiles-s-z/vidcutter @@ -70,3 +70,5 @@ profile vidcutter @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/vipw-vigr b/apparmor.d/profiles-s-z/vipw-vigr index c6e58e7f5..835267c2d 100644 --- a/apparmor.d/profiles-s-z/vipw-vigr +++ b/apparmor.d/profiles-s-z/vipw-vigr @@ -49,3 +49,5 @@ profile vipw-vigr @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/virt-manager b/apparmor.d/profiles-s-z/virt-manager index 68f52dd37..9fa13e500 100644 --- a/apparmor.d/profiles-s-z/virt-manager +++ b/apparmor.d/profiles-s-z/virt-manager @@ -100,3 +100,5 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/vlc b/apparmor.d/profiles-s-z/vlc index a457d6c89..5d113ba3b 100644 --- a/apparmor.d/profiles-s-z/vlc +++ b/apparmor.d/profiles-s-z/vlc @@ -85,3 +85,5 @@ profile vlc @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/vlc-cache-gen b/apparmor.d/profiles-s-z/vlc-cache-gen index bffbd8fc0..b464f1712 100644 --- a/apparmor.d/profiles-s-z/vlc-cache-gen +++ b/apparmor.d/profiles-s-z/vlc-cache-gen @@ -23,4 +23,6 @@ profile vlc-cache-gen @{exec_path} { deny network inet stream, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/vnstat b/apparmor.d/profiles-s-z/vnstat index 2a2f3b55a..25bdcfb1b 100644 --- a/apparmor.d/profiles-s-z/vnstat +++ b/apparmor.d/profiles-s-z/vnstat @@ -68,3 +68,5 @@ profile vnstat @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/vnstatd b/apparmor.d/profiles-s-z/vnstatd index a037c684d..c37c8b6d7 100644 --- a/apparmor.d/profiles-s-z/vnstatd +++ b/apparmor.d/profiles-s-z/vnstatd @@ -30,3 +30,5 @@ profile vnstatd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/volumeicon b/apparmor.d/profiles-s-z/volumeicon index 010b83789..c58381d7d 100644 --- a/apparmor.d/profiles-s-z/volumeicon +++ b/apparmor.d/profiles-s-z/volumeicon @@ -36,3 +36,5 @@ profile volumeicon @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/vsftpd b/apparmor.d/profiles-s-z/vsftpd index 33915f7c5..aa45b805e 100644 --- a/apparmor.d/profiles-s-z/vsftpd +++ b/apparmor.d/profiles-s-z/vsftpd @@ -71,3 +71,5 @@ profile vsftpd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/w b/apparmor.d/profiles-s-z/w index 839080510..a3fc8c9e3 100644 --- a/apparmor.d/profiles-s-z/w +++ b/apparmor.d/profiles-s-z/w @@ -35,3 +35,5 @@ profile w @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/w3m b/apparmor.d/profiles-s-z/w3m index 4cc6b57e0..5b919ecc0 100644 --- a/apparmor.d/profiles-s-z/w3m +++ b/apparmor.d/profiles-s-z/w3m @@ -31,3 +31,5 @@ profile w3m @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/wavemon b/apparmor.d/profiles-s-z/wavemon index 12299df81..9ec082580 100644 --- a/apparmor.d/profiles-s-z/wavemon +++ b/apparmor.d/profiles-s-z/wavemon @@ -30,3 +30,5 @@ profile wavemon @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/whatis b/apparmor.d/profiles-s-z/whatis index db62117f8..e99900304 100644 --- a/apparmor.d/profiles-s-z/whatis +++ b/apparmor.d/profiles-s-z/whatis @@ -30,3 +30,5 @@ profile whatis @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/whdd b/apparmor.d/profiles-s-z/whdd index 77e93426b..e5e111b8b 100644 --- a/apparmor.d/profiles-s-z/whdd +++ b/apparmor.d/profiles-s-z/whdd @@ -34,3 +34,5 @@ profile whdd @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/whereis b/apparmor.d/profiles-s-z/whereis index c79baf349..330957a62 100644 --- a/apparmor.d/profiles-s-z/whereis +++ b/apparmor.d/profiles-s-z/whereis @@ -40,3 +40,5 @@ profile whereis @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/which b/apparmor.d/profiles-s-z/which index 6b24b8a71..32d0945e1 100644 --- a/apparmor.d/profiles-s-z/which +++ b/apparmor.d/profiles-s-z/which @@ -35,3 +35,5 @@ profile which @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/whiptail b/apparmor.d/profiles-s-z/whiptail index 464d5862c..f2339717a 100644 --- a/apparmor.d/profiles-s-z/whiptail +++ b/apparmor.d/profiles-s-z/whiptail @@ -22,3 +22,5 @@ profile whiptail @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/who b/apparmor.d/profiles-s-z/who index 5a9ef26c6..bed53e7e6 100644 --- a/apparmor.d/profiles-s-z/who +++ b/apparmor.d/profiles-s-z/who @@ -22,3 +22,5 @@ profile who @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/whoami b/apparmor.d/profiles-s-z/whoami index cb7e2bb81..3072d7da0 100644 --- a/apparmor.d/profiles-s-z/whoami +++ b/apparmor.d/profiles-s-z/whoami @@ -17,3 +17,5 @@ profile whoami @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/wireplumber b/apparmor.d/profiles-s-z/wireplumber index 143b9a4cc..146408bc7 100644 --- a/apparmor.d/profiles-s-z/wireplumber +++ b/apparmor.d/profiles-s-z/wireplumber @@ -76,3 +76,5 @@ profile wireplumber @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/wireshark b/apparmor.d/profiles-s-z/wireshark index 3c10760d3..ed8fd0efa 100644 --- a/apparmor.d/profiles-s-z/wireshark +++ b/apparmor.d/profiles-s-z/wireshark @@ -63,3 +63,5 @@ profile wireshark @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/wl-copy b/apparmor.d/profiles-s-z/wl-copy index bf395d80a..3ea916395 100644 --- a/apparmor.d/profiles-s-z/wl-copy +++ b/apparmor.d/profiles-s-z/wl-copy @@ -23,4 +23,6 @@ profile wl-copy @{exec_path} { /dev/tty rw, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/wmctrl b/apparmor.d/profiles-s-z/wmctrl index ac3bf48fc..8d99da352 100644 --- a/apparmor.d/profiles-s-z/wmctrl +++ b/apparmor.d/profiles-s-z/wmctrl @@ -17,3 +17,5 @@ profile wmctrl @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/wpa-action b/apparmor.d/profiles-s-z/wpa-action index 59c06ee50..3495849e7 100644 --- a/apparmor.d/profiles-s-z/wpa-action +++ b/apparmor.d/profiles-s-z/wpa-action @@ -40,3 +40,5 @@ profile wpa-action @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/wpa-cli b/apparmor.d/profiles-s-z/wpa-cli index 03c3db367..5edd2f177 100644 --- a/apparmor.d/profiles-s-z/wpa-cli +++ b/apparmor.d/profiles-s-z/wpa-cli @@ -25,3 +25,5 @@ profile wpa-cli @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/wpa-gui b/apparmor.d/profiles-s-z/wpa-gui index 6718f20cc..ceefecbf2 100644 --- a/apparmor.d/profiles-s-z/wpa-gui +++ b/apparmor.d/profiles-s-z/wpa-gui @@ -35,3 +35,5 @@ profile wpa-gui @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/wpa-supplicant b/apparmor.d/profiles-s-z/wpa-supplicant index 0a16592a5..f3da61258 100644 --- a/apparmor.d/profiles-s-z/wpa-supplicant +++ b/apparmor.d/profiles-s-z/wpa-supplicant @@ -54,3 +54,5 @@ profile wpa-supplicant @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/wrmsr b/apparmor.d/profiles-s-z/wrmsr index cbbc56b17..1ee5bd806 100644 --- a/apparmor.d/profiles-s-z/wrmsr +++ b/apparmor.d/profiles-s-z/wrmsr @@ -20,3 +20,5 @@ profile wrmsr @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/wsdd b/apparmor.d/profiles-s-z/wsdd index d850e9f02..92b0f360f 100644 --- a/apparmor.d/profiles-s-z/wsdd +++ b/apparmor.d/profiles-s-z/wsdd @@ -27,4 +27,6 @@ profile wsdd @{exec_path} { owner @{run}/user/@{uid}/gvfsd/wsdd w, include if exists -} \ No newline at end of file +} + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/xarchiver b/apparmor.d/profiles-s-z/xarchiver index dccccc2b4..a5ec89fd9 100644 --- a/apparmor.d/profiles-s-z/xarchiver +++ b/apparmor.d/profiles-s-z/xarchiver @@ -100,3 +100,5 @@ profile xarchiver @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/xauth b/apparmor.d/profiles-s-z/xauth index 02ab30427..f051fdc0c 100644 --- a/apparmor.d/profiles-s-z/xauth +++ b/apparmor.d/profiles-s-z/xauth @@ -42,3 +42,5 @@ profile xauth @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/xautolock b/apparmor.d/profiles-s-z/xautolock index 3aebbe521..89de67bd1 100644 --- a/apparmor.d/profiles-s-z/xautolock +++ b/apparmor.d/profiles-s-z/xautolock @@ -30,3 +30,5 @@ profile xautolock @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/xbacklight b/apparmor.d/profiles-s-z/xbacklight index 8d44638f6..19eb4a9f3 100644 --- a/apparmor.d/profiles-s-z/xbacklight +++ b/apparmor.d/profiles-s-z/xbacklight @@ -17,3 +17,5 @@ profile xbacklight @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/xbrlapi b/apparmor.d/profiles-s-z/xbrlapi index f38beeca9..dc30114bd 100644 --- a/apparmor.d/profiles-s-z/xbrlapi +++ b/apparmor.d/profiles-s-z/xbrlapi @@ -19,3 +19,5 @@ profile xbrlapi @{exec_path} flags=(attach_disconnected) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/xclip b/apparmor.d/profiles-s-z/xclip index 192f17104..378e8cae3 100644 --- a/apparmor.d/profiles-s-z/xclip +++ b/apparmor.d/profiles-s-z/xclip @@ -20,3 +20,5 @@ profile xclip @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/xdpyinfo b/apparmor.d/profiles-s-z/xdpyinfo index 2bad9b330..902905d09 100644 --- a/apparmor.d/profiles-s-z/xdpyinfo +++ b/apparmor.d/profiles-s-z/xdpyinfo @@ -16,3 +16,5 @@ profile xdpyinfo @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/xinit b/apparmor.d/profiles-s-z/xinit index a789cc90f..521a182ba 100644 --- a/apparmor.d/profiles-s-z/xinit +++ b/apparmor.d/profiles-s-z/xinit @@ -99,3 +99,5 @@ profile xinit @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/xinput b/apparmor.d/profiles-s-z/xinput index 1c3304538..18eab6a78 100644 --- a/apparmor.d/profiles-s-z/xinput +++ b/apparmor.d/profiles-s-z/xinput @@ -18,3 +18,5 @@ profile xinput @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/xsel b/apparmor.d/profiles-s-z/xsel index 9fb9593d3..949aa19f7 100644 --- a/apparmor.d/profiles-s-z/xsel +++ b/apparmor.d/profiles-s-z/xsel @@ -27,3 +27,5 @@ profile xsel @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/yadifad b/apparmor.d/profiles-s-z/yadifad index 0e03b9f7f..c22e3cdd9 100644 --- a/apparmor.d/profiles-s-z/yadifad +++ b/apparmor.d/profiles-s-z/yadifad @@ -32,3 +32,5 @@ profile yadifad @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/youtube-dl b/apparmor.d/profiles-s-z/youtube-dl index 23d6b16e6..85da6bfe0 100644 --- a/apparmor.d/profiles-s-z/youtube-dl +++ b/apparmor.d/profiles-s-z/youtube-dl @@ -60,3 +60,5 @@ profile youtube-dl @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/youtube-viewer b/apparmor.d/profiles-s-z/youtube-viewer index 92c60e389..1c405e8fe 100644 --- a/apparmor.d/profiles-s-z/youtube-viewer +++ b/apparmor.d/profiles-s-z/youtube-viewer @@ -66,3 +66,5 @@ profile youtube-viewer @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/yt-dlp b/apparmor.d/profiles-s-z/yt-dlp index d147f3a65..c71b87efd 100644 --- a/apparmor.d/profiles-s-z/yt-dlp +++ b/apparmor.d/profiles-s-z/yt-dlp @@ -46,3 +46,5 @@ profile yt-dlp @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/ytdl b/apparmor.d/profiles-s-z/ytdl index 452eef3f5..230e15f80 100644 --- a/apparmor.d/profiles-s-z/ytdl +++ b/apparmor.d/profiles-s-z/ytdl @@ -43,3 +43,5 @@ profile ytdl @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/zathura b/apparmor.d/profiles-s-z/zathura index 98f218e13..b055fe31b 100644 --- a/apparmor.d/profiles-s-z/zathura +++ b/apparmor.d/profiles-s-z/zathura @@ -29,3 +29,5 @@ profile zathura @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/zed b/apparmor.d/profiles-s-z/zed index 1ce392886..c966ce839 100644 --- a/apparmor.d/profiles-s-z/zed +++ b/apparmor.d/profiles-s-z/zed @@ -57,3 +57,5 @@ profile zed @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/zenmap b/apparmor.d/profiles-s-z/zenmap index 2136952ad..bc4090be8 100644 --- a/apparmor.d/profiles-s-z/zenmap +++ b/apparmor.d/profiles-s-z/zenmap @@ -42,3 +42,5 @@ profile zenmap @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/zfs b/apparmor.d/profiles-s-z/zfs index cb36774d0..9538b9c13 100644 --- a/apparmor.d/profiles-s-z/zfs +++ b/apparmor.d/profiles-s-z/zfs @@ -34,3 +34,5 @@ profile zfs @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/zpool b/apparmor.d/profiles-s-z/zpool index aad07309a..7d12cf3b7 100644 --- a/apparmor.d/profiles-s-z/zpool +++ b/apparmor.d/profiles-s-z/zpool @@ -42,3 +42,5 @@ profile zpool @{exec_path} { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/zsys-system-autosnapshot b/apparmor.d/profiles-s-z/zsys-system-autosnapshot index 0732978e9..653690898 100644 --- a/apparmor.d/profiles-s-z/zsys-system-autosnapshot +++ b/apparmor.d/profiles-s-z/zsys-system-autosnapshot @@ -28,3 +28,5 @@ profile zsys-system-autosnapshot @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor diff --git a/apparmor.d/profiles-s-z/zsysd b/apparmor.d/profiles-s-z/zsysd index d492635eb..c325e216d 100644 --- a/apparmor.d/profiles-s-z/zsysd +++ b/apparmor.d/profiles-s-z/zsysd @@ -44,3 +44,5 @@ profile zsysd @{exec_path} flags=(complain) { include if exists } + +# vim:syntax=apparmor From a2c658072599c090c37a9f9e996a75244e5266cf Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sat, 15 Jun 2024 22:28:37 +0100 Subject: [PATCH 70/70] fix: profile compilation. --- apparmor.d/tunables/home.d/apparmor.d | 2 +- pkg/aa/apparmor_test.go | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/apparmor.d/tunables/home.d/apparmor.d b/apparmor.d/tunables/home.d/apparmor.d index 963e4bc88..c23a8d956 100644 --- a/apparmor.d/tunables/home.d/apparmor.d +++ b/apparmor.d/tunables/home.d/apparmor.d @@ -67,4 +67,4 @@ @{user_torrents_dirs}=@{HOME}/@{XDG_TORRENTS_DIR} @{MOUNTS}/@{XDG_TORRENTS_DIR} @{user_vm_dirs}=@{HOME}/@{XDG_VM_DIR} @{MOUNTS}/@{XDG_VM_DIR} -# vim:syntax=apparmor \ No newline at end of file +# vim:syntax=apparmor diff --git a/pkg/aa/apparmor_test.go b/pkg/aa/apparmor_test.go index a580e7e52..ffdf107de 100644 --- a/pkg/aa/apparmor_test.go +++ b/pkg/aa/apparmor_test.go @@ -6,6 +6,7 @@ package aa import ( "reflect" + "strings" "testing" "github.com/roddhjav/apparmor.d/pkg/paths" @@ -17,6 +18,13 @@ var ( intData = paths.New("../../apparmor.d") ) +// mustReadProfileFile read a file and return its content as a slice of string. +// It panics if an error occurs. It removes the last comment line. +func mustReadProfileFile(path *paths.Path) string { + res := strings.Split(util.MustReadFile(path), "\n") + return strings.Join(res[:len(res)-2], "\n") +} + func TestAppArmorProfileFile_String(t *testing.T) { tests := []struct { name string @@ -230,7 +238,7 @@ func TestAppArmorProfileFile_Integration(t *testing.T) { }, }}, }, - want: util.MustReadFile(intData.Join("profiles-a-f/aa-status")), + want: mustReadProfileFile(intData.Join("profiles-a-f/aa-status")), }, } for _, tt := range tests {