Unbreak Debian 11 and partially Ubuntu 22.04 (Wayland+GDM+Gnome) (#81)
* Unbreaking Debian 11 and partially Ubuntu 22.04 * pre-cleanup * pre-cleanup2 * Update im-launch * Update gnome-extension-ding * polishing * not yet * Update ubuntu.flags Allow GDM to boot. `No new privs` fix. * Update debian.flags Allow GDM to boot. `No new privs` fix. * Update CONTRIBUTING.md * fixes * reverting w * move setpriv to main.flags
This commit is contained in:
nobodysu
GitHub
parent
bdcaa040fe
commit
643a84997e
110 changed files with 3157 additions and 182 deletions
|
|
@ -25,6 +25,7 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) {
|
|||
signal (receive) set=(term hup kill) peer=dbus-run-session,
|
||||
signal (receive) set=(term hup kill) peer=gdm*,
|
||||
signal (send) set=(term hup kill) peer=at-spi-bus-launcher,
|
||||
signal (send) set=(term hup kill) peer=at-spi2-registryd,
|
||||
signal (send) set=(term hup kill) peer=dconf-service,
|
||||
signal (send) set=(term hup kill) peer=xdg-permission-store,
|
||||
|
||||
|
|
@ -47,6 +48,7 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) {
|
|||
/{usr/,}lib/@{multiarch}/tumbler-1/tumblerd rPUx,
|
||||
|
||||
/usr/share/org.gnome.Characters/org.gnome.Characters.BackgroundService rPx,
|
||||
/usr/share/gnome-documents/org.gnome.Documents rPx,
|
||||
|
||||
/etc/dbus-1/{,**} r,
|
||||
|
||||
|
|
|
|||
|
|
@ -22,8 +22,11 @@ profile dbus-daemon-launch-helper @{exec_path} {
|
|||
/{usr/,}lib/cups-pk-helper-mechanism rPx,
|
||||
/{usr/,}lib/cups-pk-helper/cups-pk-helper-mechanism rPx,
|
||||
/{usr/,}lib/software-properties/software-properties-dbus rPx,
|
||||
@{libexec}/language-selector/ls-dbus-backend rPx,
|
||||
|
||||
/usr/share/org.gnome.Characters/org.gnome.Characters.BackgroundService rPx,
|
||||
/usr/share/usb-creator/usb-creator-helper rPx,
|
||||
/usr/share/hplip/pkservice.py rPx,
|
||||
|
||||
/usr/share/dbus-1/{,**} r,
|
||||
|
||||
|
|
@ -32,4 +35,4 @@ profile dbus-daemon-launch-helper @{exec_path} {
|
|||
owner @{PROC}/@{pid}/oom_score_adj rw,
|
||||
|
||||
include if exists <local/dbus-daemon-launch-helper>
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ profile dbus-run-session @{exec_path} {
|
|||
|
||||
/var/lib/gdm{3,}/.config/dconf/user r,
|
||||
/var/lib/gdm{3,}/.cache/dconf/ rw,
|
||||
/var/lib/gdm{3,}/greeter-dconf-defaults r,
|
||||
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
|
||||
|
|
|
|||
|
|
@ -16,6 +16,33 @@ profile ibus-daemon @{exec_path} flags=(attach_disconnected) {
|
|||
signal (receive) set=(usr1) peer=gnome-shell,
|
||||
signal (send) set=(term) peer=ibus*,
|
||||
|
||||
unix (bind, listen) type=stream addr=@/var/lib/gdm{3,}/.cache/ibus/dbus-*,
|
||||
unix (send, receive, accept) type=stream addr=@/var/lib/gdm{3,}/.cache/ibus/dbus-* peer=(label=ibus-*),
|
||||
unix (send, receive, accept) type=stream addr=@/var/lib/gdm{3,}/.cache/ibus/dbus-* peer=(label=gnome-shell),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={Hello,RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/IBus
|
||||
interface=org.freedesktop.DBus.Peer
|
||||
peer=(name=org.freedesktop.portal.IBus), # all members, all peer's labels
|
||||
|
||||
dbus send bus=session path=/org/gtk/vfs/mounttracker
|
||||
interface=org.gtk.vfs.MountTracker
|
||||
member=ListMountableInfo
|
||||
peer=(name=:*, label=gvfsd),
|
||||
|
||||
dbus receive bus=session path=/
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session name=org.freedesktop.portal.IBus,
|
||||
|
||||
dbus bind bus=session name=org.freedesktop.IBus,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}lib/ibus/ibus-* rPx,
|
||||
|
|
@ -28,6 +55,7 @@ profile ibus-daemon @{exec_path} flags=(attach_disconnected) {
|
|||
/var/lib/dbus/machine-id r,
|
||||
|
||||
owner @{user_cache_dirs}/ibus/{,**} rw,
|
||||
|
||||
/var/lib/gdm{3,}/.config/ibus/{,**} rw,
|
||||
/var/lib/gdm{3,}/.cache/ibus/{,**} rw,
|
||||
/var/lib/gdm{3,}/.config/ibus/bus/ r,
|
||||
|
|
@ -37,4 +65,4 @@ profile ibus-daemon @{exec_path} flags=(attach_disconnected) {
|
|||
owner /dev/tty[0-9]* rw,
|
||||
|
||||
include if exists <local/ibus-daemon>
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,10 +11,20 @@ include <tunables/global>
|
|||
profile ibus-dconf @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
signal (receive) set=term peer=ibus-daemon,
|
||||
|
||||
unix (send, receive, connect) type=stream peer=(addr="@/home/*/.cache/ibus/dbus-*", label=ibus-daemon),
|
||||
unix (send, receive, connect) type=stream peer=(addr="@/var/lib/gdm{3,}/.cache/ibus/dbus-*", label=ibus-daemon),
|
||||
|
||||
dbus receive bus=session path=/
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/gdm/greeter-dconf-defaults r,
|
||||
|
|
@ -22,16 +32,16 @@ profile ibus-dconf @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
/etc/dconf/profile/ibus r,
|
||||
/etc/dconf/db/ibus r,
|
||||
/var/lib/dbus/machine-id r,
|
||||
|
||||
owner @{user_config_dirs}/ibus/bus/{,@{hex}-unix-wayland-[0-9]*} r,
|
||||
owner @{user_config_dirs}/ibus/bus/@{hex}-unix-[0-9]* r,
|
||||
|
||||
/var/lib/gdm{3,}/.config/ibus/bus/{,@{hex}-unix-wayland-[0-9]*} r,
|
||||
/var/lib/gdm{3,}/.config/ibus/bus/@{hex}-unix-[0-9]* r,
|
||||
|
||||
/var/lib/gdm{3,}/.cache/dconf/ w,
|
||||
/var/lib/gdm{3,}/.cache/dconf/user rw,
|
||||
/var/lib/gdm{3,}/.config/dconf/user rw,
|
||||
/var/lib/gdm{3,}/greeter-dconf-defaults r,
|
||||
|
||||
owner /dev/tty[0-9]* rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -14,6 +14,8 @@ profile ibus-engine-simple @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
signal (receive) set=term peer=ibus-daemon,
|
||||
|
||||
unix (send, receive, connect) type=stream peer=(addr="@/var/lib/gdm{3,}/.cache/ibus/dbus-*", label=ibus-daemon),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/etc/machine-id r,
|
||||
|
|
|
|||
|
|
@ -8,9 +8,10 @@ include <tunables/global>
|
|||
|
||||
@{exec_path} = /{usr/,}lib/ibus/ibus-extension-gtk3
|
||||
@{exec_path} += @{libexec}/ibus-extension-gtk3
|
||||
profile ibus-extension-gtk3 @{exec_path} {
|
||||
profile ibus-extension-gtk3 @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/fontconfig-cache-write>
|
||||
include <abstractions/fonts>
|
||||
|
|
@ -26,6 +27,43 @@ profile ibus-extension-gtk3 @{exec_path} {
|
|||
network inet6 stream,
|
||||
network netlink raw,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus send bus=session path=/org/gtk/Settings
|
||||
interface=org.freedesktop.DBus.Properties
|
||||
member=GetAll
|
||||
peer=(name=:*, label=gsd-xsettings),
|
||||
|
||||
dbus send bus=session path=/org/a11y/bus
|
||||
interface=org.a11y.Bus
|
||||
member=GetAddress
|
||||
peer=(name=org.a11y.Bus, label=at-spi-bus-launcher),
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=GetRegisteredEvents
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry/deviceeventcontroller
|
||||
interface=org.a11y.atspi.DeviceEventController
|
||||
member={GetKeystrokeListeners,GetDeviceEventListeners}
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.a11y.atspi.Socket
|
||||
member=Embed
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus receive bus=session path=/
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session name=org.freedesktop.IBus.Panel.Extension.Gtk3,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/dconf/profile/gdm r,
|
||||
|
|
@ -38,7 +76,12 @@ profile ibus-extension-gtk3 @{exec_path} {
|
|||
owner @{run}/user/@{uid}/gdm/Xauthority r,
|
||||
owner @{run}/user/@{uid}/wayland-[0-9] rw,
|
||||
|
||||
/var/lib/gdm{3,}/.config/ibus/bus/*-unix{,-wayland}-[0-9]* r,
|
||||
/var/lib/gdm{3,}/.config/dconf/user r,
|
||||
/var/lib/gdm{3,}/greeter-dconf-defaults r,
|
||||
|
||||
# file inherit
|
||||
/dev/tty[0-9]* rw,
|
||||
|
||||
include if exists <local/ibus-extension-gtk3>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,6 +15,18 @@ profile ibus-portal @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
signal (receive) set=(term, hup) peer=gdm*,
|
||||
|
||||
dbus send bus=session path=/org/freedesktop/DBus
|
||||
interface=org.freedesktop.DBus
|
||||
member={RequestName,ReleaseName}
|
||||
peer=(name=org.freedesktop.DBus, label=dbus-daemon),
|
||||
|
||||
dbus receive bus=session path={/,/org}
|
||||
interface=org.freedesktop.DBus.Introspectable
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
dbus bind bus=session name=org.freedesktop.portal.IBus,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/{usr/,}lib/gio/modules/{,*} r,
|
||||
|
|
@ -29,7 +41,6 @@ profile ibus-portal @{exec_path} flags=(attach_disconnected) {
|
|||
/var/lib/gdm{3,}/.config/ibus/bus/@{hex}-unix-{,wayland-}[0-9] r,
|
||||
|
||||
owner /dev/tty[0-9]* rw,
|
||||
/dev/null rw,
|
||||
|
||||
include if exists <local/ibus-portal>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ include <tunables/global>
|
|||
profile ibus-x11 @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dbus-session-strict>
|
||||
include <abstractions/dbus-accessibility-strict>
|
||||
include <abstractions/dri-common>
|
||||
include <abstractions/dri-enumerate>
|
||||
include <abstractions/fonts>
|
||||
|
|
@ -21,12 +22,34 @@ profile ibus-x11 @{exec_path} flags=(attach_disconnected) {
|
|||
|
||||
unix (connect, receive, send) type=stream peer=(label=ibus-daemon),
|
||||
|
||||
dbus send bus=session path=/org/a11y/bus
|
||||
interface=org.a11y.Bus
|
||||
member=GetAddress
|
||||
peer=(name=org.a11y.Bus), # all peer's labels
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry
|
||||
interface=org.a11y.atspi.Registry
|
||||
member=GetRegisteredEvents
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/registry/deviceeventcontroller
|
||||
interface=org.a11y.atspi.DeviceEventController
|
||||
member={GetKeystrokeListeners,GetDeviceEventListeners}
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
dbus send bus=accessibility path=/org/a11y/atspi/accessible/root
|
||||
interface=org.a11y.atspi.Socket
|
||||
member=Embed
|
||||
peer=(name=org.a11y.atspi.Registry), # all peer's labels
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/var/lib/gdm{3,}/.config/ibus/bus/{,@{hex}-unix-wayland-[0-9]} r,
|
||||
/var/lib/gdm{3,}/.config/ibus/bus/ r,
|
||||
/var/lib/gdm{3,}/.config/ibus/bus/@{hex}-unix{,-wayland}-[0-9] r,
|
||||
/var/lib/gdm{3,}/.cache/mesa_shader_cache/index rw,
|
||||
|
||||
owner @{user_config_dirs}/ibus/bus/{,@{hex}-unix-wayland-[0-9]} r,
|
||||
owner @{user_config_dirs}/ibus/bus/@{hex}-unix-[0-9] r,
|
||||
owner @{user_config_dirs}/ibus/bus/ r,
|
||||
owner @{user_config_dirs}/ibus/bus/@{hex}-unix{,-wayland}-[0-9] r,
|
||||
|
||||
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* r,
|
||||
owner @{run}/user/@{uid}/gdm/Xauthority r,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue