From 6044e403e7ccd2fb8bba6d931b4a85bc218d32af Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Thu, 1 Apr 2021 23:45:21 +0100 Subject: [PATCH] Replace last remaining home files by the xdg variables. --- .../abstractions/thumbnails-cache-write | 2 +- apparmor.d/groups/apps/android-studio | 2 +- .../profiles-a-l/appimage-beyond-all-reason | 4 ++-- apparmor.d/profiles-a-l/dino-im | 4 ++-- apparmor.d/profiles-a-l/fritzing | 2 +- apparmor.d/profiles-a-l/fusermount | 4 ++-- apparmor.d/profiles-a-l/jdownloader-install | 2 +- apparmor.d/profiles-a-l/keepassxc | 4 +--- apparmor.d/profiles-m-z/pam_roles | 1 + apparmor.d/profiles-m-z/udisksd | 20 +++++++++---------- apparmor.d/profiles-m-z/xfconfd | 2 +- 11 files changed, 23 insertions(+), 24 deletions(-) diff --git a/apparmor.d/abstractions/thumbnails-cache-write b/apparmor.d/abstractions/thumbnails-cache-write index ff3dc93c4..540afbbd7 100644 --- a/apparmor.d/abstractions/thumbnails-cache-write +++ b/apparmor.d/abstractions/thumbnails-cache-write @@ -7,7 +7,7 @@ owner @{HOME}/thumbnails/ rw, owner @{HOME}/thumbnails/{large,normal}/ rw, owner @{HOME}/thumbnails/{large,normal}/#[0-9]*[0-9] rw, - owner @{HOME}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{user_cache_dirs}/thumbnails/{large,normal}/#[0-9]*[0-9], + owner @{HOME}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{HOME}/.cache/thumbnails/{large,normal}/#[0-9]*[0-9], owner @{user_cache_dirs}/thumbnails/ rw, owner @{user_cache_dirs}/thumbnails/{large,normal}/ rw, diff --git a/apparmor.d/groups/apps/android-studio b/apparmor.d/groups/apps/android-studio index 04573fbed..186a27247 100644 --- a/apparmor.d/groups/apps/android-studio +++ b/apparmor.d/groups/apps/android-studio @@ -182,7 +182,7 @@ profile android-studio @{exec_path} { owner @{HOME}/.emulator_console_auth_token rw, - deny owner @{HOME}/@{XDG_DESKTOP_DIR}/* rw, + deny owner @{HOME}/Desktop/* rw, @{PROC}/ r, owner @{PROC}/@{pid}/mountinfo r, diff --git a/apparmor.d/profiles-a-l/appimage-beyond-all-reason b/apparmor.d/profiles-a-l/appimage-beyond-all-reason index 81c5c9bc8..a7ef47b45 100644 --- a/apparmor.d/profiles-a-l/appimage-beyond-all-reason +++ b/apparmor.d/profiles-a-l/appimage-beyond-all-reason @@ -6,8 +6,8 @@ abi , include -@{exec_path} = "/home/*/Desktop/Beyond All Reason.AppImage" -@{exec_path} += /home/*/Desktop/BeyondAllReason.AppImage +@{exec_path} = "/home/*/@{XDG_DESKTOP_DIR}/Beyond All Reason.AppImage" +@{exec_path} += /home/*/@{XDG_DESKTOP_DIR}/BeyondAllReason.AppImage profile appimage-beyond-all-reason @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/dino-im b/apparmor.d/profiles-a-l/dino-im index a349f9f95..aa6c3a7d8 100644 --- a/apparmor.d/profiles-a-l/dino-im +++ b/apparmor.d/profiles-a-l/dino-im @@ -48,8 +48,8 @@ profile dino-im @{exec_path} { /{usr/,}bin/gpgconf mr, /{usr/,}bin/gpgsm mr, - owner @{HOME}/@{XDG_GPG_DIR}/ rw, - owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, + owner @{HOME}/.gnupg/ rw, + owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, } diff --git a/apparmor.d/profiles-a-l/fritzing b/apparmor.d/profiles-a-l/fritzing index e7645142a..fe5bece9b 100644 --- a/apparmor.d/profiles-a-l/fritzing +++ b/apparmor.d/profiles-a-l/fritzing @@ -29,7 +29,7 @@ profile fritzing @{exec_path} { @{exec_path} mrix, owner @{user_config_dirs}/Fritzing/ rw, - owner @{user_config_dirs}/Fritzing/** rwkl -> @{user_config_dirs}/Fritzing/**, + owner @{user_config_dirs}/Fritzing/** rwkl -> @{HOME}/.config/Fritzing/**, owner @{HOME}/@{XDG_DOCUMENTS_DIR}/Fritzing/ rw, owner @{HOME}/@{XDG_DOCUMENTS_DIR}/Fritzing/** rw, diff --git a/apparmor.d/profiles-a-l/fusermount b/apparmor.d/profiles-a-l/fusermount index c62527a00..886a97f83 100644 --- a/apparmor.d/profiles-a-l/fusermount +++ b/apparmor.d/profiles-a-l/fusermount @@ -32,7 +32,7 @@ profile fusermount @{exec_path} { # Be able to mount ISO images mount fstype={fuse,fuse.*} -> @{HOME}/*/, mount fstype={fuse,fuse.*} -> @{HOME}/*/*/, - mount fstype={fuse,fuse.*} -> @{user_cache_dirs}/**/, + mount fstype={fuse,fuse.*} -> @{HOME}/.cache/**/, mount fstype={fuse,fuse.*} -> /media/*/, mount fstype={fuse,fuse.*} -> /media/*/*/, # For MTP @@ -47,7 +47,7 @@ profile fusermount @{exec_path} { # Be able to unmount the ISO images umount @{HOME}/*/, umount @{HOME}/*/*/, - umount @{user_cache_dirs}/**/, + umount @{HOME}/.cache/**/, umount /media/*/, umount /tmp/.mount_*/, umount @{run}/user/[0-9]*/**/, diff --git a/apparmor.d/profiles-a-l/jdownloader-install b/apparmor.d/profiles-a-l/jdownloader-install index bb0ab9e89..aa636238d 100644 --- a/apparmor.d/profiles-a-l/jdownloader-install +++ b/apparmor.d/profiles-a-l/jdownloader-install @@ -7,7 +7,7 @@ abi , include @{JD_INSTALLDIR} = /home/*/jd2 -@{JD_SH_PATH} = /home/*/@{XDG_DOWNLOAD_DIR}{,s} +@{JD_SH_PATH} = /home/*/@{XDG_DOWNLOAD_DIR} @{JD_SH_PATH} += /home/*/@{XDG_DESKTOP_DIR} @{exec_path} = @{JD_SH_PATH}/JD2Setup_{x86,x64}.sh diff --git a/apparmor.d/profiles-a-l/keepassxc b/apparmor.d/profiles-a-l/keepassxc index c39135dca..f02df7549 100644 --- a/apparmor.d/profiles-a-l/keepassxc +++ b/apparmor.d/profiles-a-l/keepassxc @@ -56,9 +56,7 @@ profile keepassxc @{exec_path} { # For SSH keys owner @{HOME}/@{XDG_SSH_DIR}/ r, - owner @{HOME}/@{XDG_SSH_DIR}/*_rsa r, - owner @{HOME}/@{XDG_SSH_DIR}/*_ed25519 r, - owner @{HOME}/@{XDG_SSH_DIR}/*.pub r, + owner @{HOME}/@{XDG_SSH_DIR}/* r, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration owner @{user_config_dirs}/qt5ct/{,**} r, diff --git a/apparmor.d/profiles-m-z/pam_roles b/apparmor.d/profiles-m-z/pam_roles index 42055290d..e3956eb45 100644 --- a/apparmor.d/profiles-m-z/pam_roles +++ b/apparmor.d/profiles-m-z/pam_roles @@ -45,6 +45,7 @@ profile confined_user flags=(complain) { /{usr/,}bin/** Pixmr, owner @{HOMEDIRS}/bin/** ixmr, + owner @{user_bin_dirs}/** ixmr, owner /** rwkl, @{PROC}/** r, diff --git a/apparmor.d/profiles-m-z/udisksd b/apparmor.d/profiles-m-z/udisksd index f2f519f14..67e2ca91a 100644 --- a/apparmor.d/profiles-m-z/udisksd +++ b/apparmor.d/profiles-m-z/udisksd @@ -44,25 +44,25 @@ profile udisksd @{exec_path} flags=(attach_disconnected) { /{usr/,}bin/systemd-escape rCx -> systemd-escape, # Allow mounting of removable devices - mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/sd[a-z] -> /media/*/*/, - mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/sd[a-z][0-9]* -> /media/*/*/, + mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/sd[a-z] -> /{media,mnt}/*/*/, + mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/sd[a-z][0-9]* -> /{media,mnt}/*/*/, # Allow mounting of loop devices (ISO files) - mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/loop[0-9]* -> /media/*/*/, - mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/loop[0-9]*p[0-9]* -> /media/*/*/, + mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/loop[0-9]* -> /{media,mnt}/*/*/, + mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/loop[0-9]*p[0-9]* -> /{media,mnt}/*/*/, # Allow mounting of cdrom mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/loop[0-9]* -> /media/cdrom[0-9]/, mount fstype={iso9660,udf} /dev/sr[0-9]* -> /media/cdrom[0-9]/, # Allow mounting od sd cards - mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/mmcblk[0-9] -> /media/*/*/, - mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/mmcblk[0-9]*p[0-9]* -> /media/*/*/, + mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/mmcblk[0-9] -> /{media,mnt}/*/*/, + mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/mmcblk[0-9]*p[0-9]* -> /{media,mnt}/*/*/, # Allow unmounting - umount /media/*/, - umount /media/*/*/, + umount /{media,mnt}/*/, + umount /{media,mnt}/*/*/, umount /media/cdrom[0-9]/, # Be able to create/delete dirs for removable media - /media/*/ rw, - /media/*/*/ rw, + /{media,mnt}/*/ rw, + /{media,mnt}/*/*/ rw, /media/cdrom[0-9]/ rw, # Udisks2 config files diff --git a/apparmor.d/profiles-m-z/xfconfd b/apparmor.d/profiles-m-z/xfconfd index 0e1ef20c0..61c441104 100644 --- a/apparmor.d/profiles-m-z/xfconfd +++ b/apparmor.d/profiles-m-z/xfconfd @@ -15,7 +15,7 @@ profile xfconfd @{exec_path} { /etc/xdg/xfce4/xfconf/*/*.xml r, - owner @{user_config_dirs}/xfce4/xfconf/*/*.xml{,.new} rw, + owner @{HOME}/.config/xfce4/xfconf/*/*.xml{,.new} rw, # file_inherit owner /dev/tty[0-9]* rw,