felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profiles): add the dconf-write abstraction.

Browse source
This commit is contained in:
Alexandre Pujol 2022-06-09 21:55:55 +01:00
parent 583d7a15f0
commit 5d45b8e7a7
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
104 changed files with 124 additions and 371 deletions
Download patch file Download diff file Expand all files Collapse all files

5
apparmor.d/groups/gnome/evolution-addressbook-factory
View file

@ -12,7 +12,7 @@ profile evolution-addressbook-factory @{exec_path} {
include <abstractions/dbus-network-manager-strict>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/nameservice-strict>
include <abstractions/ssl_certs>
include <abstractions/p11-kit>
@ -47,9 +47,6 @@ profile evolution-addressbook-factory @{exec_path} {
owner @{user_share_dirs}/evolution/{,**} rwk,
owner @{user_cache_dirs}/evolution/addressbook/{,**} rwk,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
@{PROC}/sys/kernel/osrelease r,
@{PROC}/cmdline r,

4
apparmor.d/groups/gnome/evolution-alarm-notify
View file

@ -10,7 +10,7 @@ include <tunables/global>
profile evolution-alarm-notify @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/fontconfig-cache-read>
include <abstractions/gnome>
include <abstractions/nameservice-strict>
@ -25,8 +25,6 @@ profile evolution-alarm-notify @{exec_path} {
/usr/share/zoneinfo-icu/{,**} r,
owner @{run}/user/@{uid}/at-spi/bus rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
include if exists <local/evolution-alarm-notify>
}

5
apparmor.d/groups/gnome/evolution-calendar-factory
View file

@ -12,7 +12,7 @@ profile evolution-calendar-factory @{exec_path} {
include <abstractions/dbus-network-manager-strict>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/nameservice-strict>
include <abstractions/ssl_certs>
include <abstractions/p11-kit>
@ -37,9 +37,6 @@ profile evolution-calendar-factory @{exec_path} {
owner @{user_cache_dirs}/evolution/calendar/{,**} rwk,
owner @{user_cache_dirs}/evolution/tasks/{,**} rwk,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
@{PROC}/sys/kernel/osrelease r,
@{PROC}/cmdline r,

5
apparmor.d/groups/gnome/evolution-source-registry
View file

@ -10,7 +10,7 @@ include <tunables/global>
profile evolution-source-registry @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/nameservice-strict>
include <abstractions/p11-kit>
include <abstractions/ssl_certs>
@ -30,9 +30,6 @@ profile evolution-source-registry @{exec_path} {
owner @{user_share_dirs}/gvfs-metadata/{,*} r,
owner @{user_cache_dirs}/evolution/{,**} rwk,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
@{PROC}/sys/kernel/osrelease r,
@{PROC}/cmdline r,

4
apparmor.d/groups/gnome/gdm-wayland-session
View file

@ -12,7 +12,7 @@ profile gdm-wayland-session @{exec_path} {
include <abstractions/bash>
include <abstractions/consoles>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/nameservice-strict>
include <abstractions/zsh>
@ -62,8 +62,6 @@ profile gdm-wayland-session @{exec_path} {
/usr/share/glib-2.0/schemas/gschemas.compiled r,
owner @{run}/user/@{uid}/bus rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
@{run}/gdm/custom.conf r,
owner @{PROC}/@{pid}/fd/ r,

5
apparmor.d/groups/gnome/gdm-xsession
View file

@ -11,7 +11,7 @@ profile gdm-xsession @{exec_path} {
include <abstractions/base>
include <abstractions/bash>
include <abstractions/consoles>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/nameservice-strict>
@{exec_path} mr,
@ -34,9 +34,6 @@ profile gdm-xsession @{exec_path} {
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/etc/X11/{,**} r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
# file_inherit
/dev/tty[0-9]* rw,

4
apparmor.d/groups/gnome/gjs-console
View file

@ -10,7 +10,7 @@ include <tunables/global>
profile gjs-console @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/fonts>
@ -46,8 +46,6 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
owner @{user_cache_dirs}/gstreamer-1.0/ rw,
owner @{user_cache_dirs}/gstreamer-1.0/registry.*.bin{,.tmp*} rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
@{run}/user/@{uid}/wayland-cursor-shared-* rw,

4
apparmor.d/groups/gnome/gnome-calculator-search-provider
View file

@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{libexec}/gnome-calculator-search-provider
profile gnome-calculator-search-provider @{exec_path} {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/gtk>
include <abstractions/fonts>
@ -22,8 +22,6 @@ profile gnome-calculator-search-provider @{exec_path} {
/usr/share/X11/xkb/{,**} r,
/usr/share/icons/{,**} r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{PROC}/@{pid}/fd/ r,

4
apparmor.d/groups/gnome/gnome-calendar
View file

@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/gnome-calendar
profile gnome-calendar @{exec_path} {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/gnome>
include <abstractions/mesa>
include <abstractions/nameservice-strict>
@ -26,8 +26,6 @@ profile gnome-calendar @{exec_path} {
/usr/share/libgweather/Locations.xml r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
include if exists <local/gnome-calendar>

5
apparmor.d/groups/gnome/gnome-contacts
View file

@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/gnome-contacts
profile gnome-contacts @{exec_path} {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/gnome>
@ -32,8 +32,5 @@ profile gnome-contacts @{exec_path} {
owner @{user_config_dirs}/gnome-contacts/{,**} rw,
owner @{user_share_dirs}/folks/relationships.ini r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
include if exists <local/gnome-contacts>
}

5
apparmor.d/groups/gnome/gnome-contacts-search-provider
View file

@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}lib/gnome-contacts-search-provider
profile gnome-contacts-search-provider @{exec_path} {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/opencl>
include <abstractions/openssl>
@ -22,9 +22,6 @@ profile gnome-contacts-search-provider @{exec_path} {
owner @{user_share_dirs}/folks/relationships.ini r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{PROC}/@{pid}/cmdline r,
include if exists <local/gnome-contacts-search-provider>

4
apparmor.d/groups/gnome/gnome-control-center
View file

@ -10,7 +10,7 @@ include <tunables/global>
profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/audio>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/gnome>
@ -78,8 +78,6 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
owner @{user_share_dirs}/webkitgtk/databases/indexeddb/* rw,
owner @{user_share_dirs}/webkitgtk/localstorage/{,**} rwk,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gnome-shell-disable-extensions w,
owner @{run}/user/@{uid}/webkitgtk/{,**} rw,
@{run}/systemd/users/@{uid} r,

3
apparmor.d/groups/gnome/gnome-control-center-goa-helper
View file

@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}lib/gnome-control-center-goa-helper
profile gnome-control-center-goa-helper @{exec_path} {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/gnome>
@ -43,7 +43,6 @@ profile gnome-control-center-goa-helper @{exec_path} {
owner @{user_share_dirs}/webkitgtk/{,**} rw,
owner @{user_share_dirs}/webkitgtk/localstorage/{,**} rwk,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/webkitgtk/{,**} rw,
owner @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/app-gnome-org.gnome.Settings-[0-9]*.scope/memory.* r,

4
apparmor.d/groups/gnome/gnome-control-center-print-renderer
View file

@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{libexec}/gnome-control-center-print-renderer
profile gnome-control-center-print-renderer @{exec_path} {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/fonts>
@ -33,8 +33,6 @@ profile gnome-control-center-print-renderer @{exec_path} {
owner @{user_share_dirs}/icons/{,**} r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{PROC}/@{pid}/cmdline r,

6
apparmor.d/groups/gnome/gnome-control-center-search-provider
View file

@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{libexec}/gnome-control-center-search-provider
profile gnome-control-center-search-provider @{exec_path} {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/freedesktop.org>
include <abstractions/gtk>
include <abstractions/fonts>
@ -18,9 +18,7 @@ profile gnome-control-center-search-provider @{exec_path} {
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/X11/xkb/{,**} r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
include if exists <local/gnome-control-center-search-provider>

5
apparmor.d/groups/gnome/gnome-disk-image-mounter
View file

@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/gnome-disk-image-mounter
profile gnome-disk-image-mounter @{exec_path} {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/fonts>
include <abstractions/freedesktop.org>
include <abstractions/gtk>
@ -24,9 +24,6 @@ profile gnome-disk-image-mounter @{exec_path} {
owner @{MOUNTS}/*/{,**} r,
owner /tmp/*/{,**} r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{PROC}/@{pid}/mountinfo r,
@{run}/mount/utab r,

5
apparmor.d/groups/gnome/gnome-disks
View file

@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/gnome-disks
profile gnome-disks @{exec_path} {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/gnome>
@{exec_path} mr,
@ -17,9 +17,6 @@ profile gnome-disks @{exec_path} {
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/X11/xkb/{,**} r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{PROC}/@{pid}/cgroup r,
@{PROC}/1/cgroup r,

4
apparmor.d/groups/gnome/gnome-extension-ding
View file

@ -11,7 +11,7 @@ profile gnome-extension-ding @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/fonts>
include <abstractions/freedesktop.org>
include <abstractions/gtk>
@ -54,8 +54,6 @@ profile gnome-extension-ding @{exec_path} {
owner @{user_share_dirs}/gvfs-metadata/home-*.log r,
owner @{run}/user/@{uid}/at-spi/bus rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/stat r,

4
apparmor.d/groups/gnome/gnome-music
View file

@ -10,7 +10,7 @@ include <tunables/global>
profile gnome-music @{exec_path} {
include <abstractions/base>
include <abstractions/audio>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/gnome>
include <abstractions/gstreamer>
include <abstractions/mesa>
@ -48,8 +48,6 @@ profile gnome-music @{exec_path} {
owner @{user_share_dirs}/gvfs-metadata/root{,-*.log} r,
owner @{run}/user/@{uid}/orcexec.[0-9a-zA-Z]* rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
@{run}/systemd/inhibit/[0-9]*.ref rw,
owner /tmp/grilo-plugin-cache-[0-9A-Z]*/ rw,

1
apparmor.d/groups/gnome/gnome-remote-desktop-daemon
View file

@ -10,6 +10,7 @@ include <tunables/global>
profile gnome-remote-desktop-daemon @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session-strict>
include <abstractions/dconf-write>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/vulkan>

4
apparmor.d/groups/gnome/gnome-session-binary
View file

@ -11,7 +11,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/gtk>
@ -119,8 +119,6 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
owner @{user_share_dirs}/session_migration-ubuntu r,
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{run}/user/@{uid}/gnome-session-leader-fifo rw,
owner @{run}/user/@{uid}/ICEauthority{,-[a-z]} rwl,

4
apparmor.d/groups/gnome/gnome-shell
View file

@ -13,7 +13,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
include <abstractions/audio>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/fontconfig-cache-write>
@ -171,8 +171,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
owner @{user_cache_dirs}/vlc/**/*.jpg r,
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{run}/user/@{uid}/gnome-shell-disable-extensions rw,
owner @{run}/user/@{uid}/gnome-shell/{,**} rw,

5
apparmor.d/groups/gnome/gnome-shell-calendar-server
View file

@ -10,7 +10,7 @@ include <tunables/global>
profile gnome-shell-calendar-server @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/nameservice-strict>
@{exec_path} mr,
@ -20,8 +20,5 @@ profile gnome-shell-calendar-server @{exec_path} {
/etc/timezone r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
include if exists <local/gnome-shell-calendar-server>
}

4
apparmor.d/groups/gnome/gnome-terminal-server
View file

@ -10,7 +10,7 @@ include <tunables/global>
profile gnome-terminal-server @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/fonts>
include <abstractions/freedesktop.org>
include <abstractions/gtk>
@ -32,8 +32,6 @@ profile gnome-terminal-server @{exec_path} {
owner @{run}/user/@{uid}/at-spi/bus rw,
owner @{run}/user/@{uid}/bus rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{run}/user/@{uid}/wayland-[0-9]* rw,

5
apparmor.d/groups/gnome/gnome-tweaks
View file

@ -10,7 +10,7 @@ include <tunables/global>
profile gnome-tweaks @{exec_path} {
include <abstractions/base>
include <abstractions/audio>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/gnome>
include <abstractions/gtk>
include <abstractions/python>
@ -37,9 +37,6 @@ profile gnome-tweaks @{exec_path} {
owner @{user_share_dirs}/recently-used.xbel* rw,
owner @{user_share_dirs}/sounds/ r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{PROC}/@{pid}/fd/ r,
include if exists <local/gnome-tweaks>

5
apparmor.d/groups/gnome/goa-daemon
View file

@ -12,7 +12,7 @@ profile goa-daemon @{exec_path} {
include <abstractions/dbus-network-manager-strict>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/nameservice-strict>
include <abstractions/opencl>
include <abstractions/openssl>
@ -35,8 +35,5 @@ profile goa-daemon @{exec_path} {
owner @{user_config_dirs}/goa-1.0/accounts.conf r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
include if exists <local/goa-daemon>
}

5
apparmor.d/groups/gnome/gsd-a11y-settings
View file

@ -10,7 +10,7 @@ include <tunables/global>
profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
signal (receive) set=(term, hup) peer=gdm*,
@ -20,9 +20,6 @@ profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) {
/usr/share/gdm/greeter-dconf-defaults r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
/var/lib/gdm/.config/dconf/user r,
owner /dev/tty[0-9]* rw,

4
apparmor.d/groups/gnome/gsd-color
View file

@ -11,7 +11,7 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/fontconfig-cache-read>
include <abstractions/fonts>
include <abstractions/gtk>
@ -49,8 +49,6 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
owner @{user_share_dirs}/icc/edid-*.icc rw,
owner @{run}/user/@{uid}/at-spi/bus rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{run}/user/@{uid}/wayland-[0-9] rw,

5
apparmor.d/groups/gnome/gsd-datetime
View file

@ -10,7 +10,7 @@ include <tunables/global>
profile gsd-datetime @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
signal (receive) set=(term, hup) peer=gdm*,
@ -20,9 +20,6 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) {
/usr/share/gdm/greeter-dconf-defaults r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
/var/lib/gdm{3,}/.config/dconf/user r,
/var/lib/gdm{3,}/greeter-dconf-defaults r,

5
apparmor.d/groups/gnome/gsd-housekeeping
View file

@ -11,7 +11,7 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/app-launcher-user>
include <abstractions/dbus-session-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/thumbnails-cache-read>
signal (receive) set=(term, hup) peer=gdm*,
@ -28,9 +28,6 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) {
owner @{user_cache_dirs}/thumbnails/{,**} rw,
owner @{user_share_dirs}/applications/ rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
/var/lib/gdm/.config/dconf/user r,
owner @{PROC}/@{pids}/mountinfo r,

4
apparmor.d/groups/gnome/gsd-keyboard
View file

@ -11,7 +11,7 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/fontconfig-cache-read>
include <abstractions/fonts>
include <abstractions/gtk>
@ -33,8 +33,6 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) {
owner @{user_share_dirs}/gnome-settings-daemon/ rw,
owner @{run}/user/@{uid}/at-spi/bus rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{run}/user/@{uid}/wayland-[0-9] rw,

4
apparmor.d/groups/gnome/gsd-media-keys
View file

@ -12,7 +12,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
include <abstractions/audio>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/fonts>
include <abstractions/gtk>
include <abstractions/nameservice-strict>
@ -58,8 +58,6 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
/var/lib/gdm/.config/pulse/cookie rk,
owner @{run}/user/@{uid}/at-spi/bus rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{run}/user/@{uid}/wayland-[0-9]* rw,
@{run}/systemd/inhibit/[0-9]*.ref rw,

4
apparmor.d/groups/gnome/gsd-power
View file

@ -12,7 +12,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
include <abstractions/audio>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/fonts>
include <abstractions/gtk>
include <abstractions/nameservice-strict>
@ -61,8 +61,6 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
/var/lib/gdm/.config/pulse/client.conf r,
owner @{run}/user/@{uid}/at-spi/bus rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{run}/user/@{uid}/wayland-[0-9] rw,

5
apparmor.d/groups/gnome/gsd-sharing
View file

@ -12,7 +12,7 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) {
include <abstractions/dbus-network-manager-strict>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
signal (receive) set=(term, hup) peer=gdm*,
@ -26,9 +26,6 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) {
/usr/share/gdm/greeter-dconf-defaults r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
/var/lib/gdm/.config/dconf/user r,
owner /dev/tty[0-9]* rw,

5
apparmor.d/groups/gnome/gsd-smartcard
View file

@ -10,7 +10,7 @@ include <tunables/global>
profile gsd-smartcard @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/p11-kit>
signal (receive) set=(term, hup) peer=gdm*,
@ -21,9 +21,6 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) {
/usr/share/gdm/greeter-dconf-defaults r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
/var/lib/gdm/.config/dconf/user r,
/var/lib/gdm{3,}/greeter-dconf-defaults r,

5
apparmor.d/groups/gnome/gsd-sound
View file

@ -11,7 +11,7 @@ profile gsd-sound @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/audio>
include <abstractions/dbus-session-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
signal (receive) set=(term, hup) peer=gdm*,
@ -29,9 +29,6 @@ profile gsd-sound @{exec_path} flags=(attach_disconnected) {
owner @{user_share_dirs}/sounds/ rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner /dev/tty[0-9]* rw,
include if exists <local/gsd-sound>

5
apparmor.d/groups/gnome/gsd-usb-protection
View file

@ -9,14 +9,11 @@ include <tunables/global>
@{exec_path} = @{libexec}/gsd-usb-protection
profile gsd-usb-protection @{exec_path} {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/dconf-write>
@{exec_path} mr,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
include if exists <local/gsd-usb-protection>
}

4
apparmor.d/groups/gnome/gsd-wacom
View file

@ -10,7 +10,7 @@ include <tunables/global>
profile gsd-wacom @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/fontconfig-cache-write>
include <abstractions/fonts>
include <abstractions/gtk>
@ -30,8 +30,6 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) {
/etc/machine-id r,
owner @{run}/user/@{uid}/at-spi/bus rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{run}/user/@{uid}/wayland-[0-9] rw,

4
apparmor.d/groups/gnome/gsd-xsettings
View file

@ -11,7 +11,7 @@ profile gsd-xsettings @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/fontconfig-cache-read>
@ -60,8 +60,6 @@ profile gsd-xsettings @{exec_path} {
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[a-zA-z0-9]* r,
owner @{run}/user/@{uid}/at-spi/bus rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{run}/user/@{uid}/wayland-[0-9]* rw,
@{run}/systemd/sessions/* r,

5
apparmor.d/groups/gnome/nautilus
View file

@ -11,7 +11,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/app-launcher-user>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/gnome>
include <abstractions/nameservice-strict>
include <abstractions/openssl>
@ -50,9 +50,6 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
owner @{user_share_dirs}/nautilus/{,**} rwk,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
@{run}/mount/utab r,
@{sys}/devices/**/hwmon/{,name,temp*,fan*} r,

5
apparmor.d/groups/gnome/seahorse
View file

@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/seahorse
profile seahorse @{exec_path} {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/gnome>
include <abstractions/p11-kit>
include <abstractions/ssl_certs>
@ -25,9 +25,6 @@ profile seahorse @{exec_path} {
# Seahorse and SSH keys
owner @{HOME}/@{XDG_SSH_DIR}/{,**} r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{PROC}/@{pid}/fd/ r,
include if exists <local/seahorse>

4
apparmor.d/groups/gnome/tracker-extract
View file

@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{libexec}/tracker-extract-3
profile tracker-extract @{exec_path} {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/disks-read>
include <abstractions/fonts>
include <abstractions/gstreamer>
@ -48,8 +48,6 @@ profile tracker-extract @{exec_path} {
owner @{user_share_dirs}/gvfs-metadata/** r,
owner @{run}/user/@{uid}/bus rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
@{run}/blkid/blkid.tab r,
@{run}/udev/data/c235:* r,

4
apparmor.d/groups/gnome/tracker-miner
View file

@ -11,7 +11,7 @@ profile tracker-miner @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session-strict>
include <abstractions/dbus-strict>
include <abstractions/dconf>
include <abstractions/dconf-write>
include <abstractions/disks-read>
include <abstractions/freedesktop.org>
include <abstractions/nameservice-strict>
@ -54,8 +54,6 @@ profile tracker-miner @{exec_path} {
owner @{PROC}/@{pid}/mounts r,
@{PROC}/sys/fs/inotify/max_user_watches r,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
@{run}/blkid/blkid.tab r,
@{run}/mount/utab r,