Unbreak Debian 11 and partially Ubuntu 22.04 (Wayland+GDM+Gnome) (#81)

* Unbreaking Debian 11 and partially Ubuntu 22.04 * pre-cleanup * pre-cleanup2 * Update im-launch * Update gnome-extension-ding * polishing * not yet * Update ubuntu.flags Allow GDM to boot. `No new privs` fix. * Update debian.flags Allow GDM to boot. `No new privs` fix. * Update CONTRIBUTING.md * fixes * reverting w * move setpriv to main.flags
2022-10-14 21:21:56 +00:00 · 2022-10-14 21:21:56 +00:00 · 643a84997e
commit 643a84997e
parent bdcaa040fe
110 changed files with 3157 additions and 182 deletions
--- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
+++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
@ -9,8 +9,10 @@ include <tunables/global>
@{exec_path} = @{libexec}/xdg-desktop-portal-gtk
 profile xdg-desktop-portal-gtk @{exec_path} {
  include <abstractions/base>
+  include <abstractions/nameservice-strict>
  include <abstractions/dbus-session-strict>
  include <abstractions/dbus-strict>
+  include <abstractions/dbus-accessibility-strict>
  include <abstractions/dconf-write>
  include <abstractions/fontconfig-cache-write>
  include <abstractions/fonts>
@ -20,6 +22,13 @@ profile xdg-desktop-portal-gtk @{exec_path} {
  include <abstractions/user-download>
  include <abstractions/user-write>

+  unix (send, receive, connect) type=stream peer=(addr="@/tmp/.X11-unix/*", label=gnome-shell),
+
+  dbus send bus=session path=/org/freedesktop/DBus
+       interface=org.freedesktop.DBus
+       member={RequestName,ReleaseName}
+       peer=(name=org.freedesktop.DBus, label=dbus-daemon),
+
  dbus send bus=system path=/org/freedesktop/Accounts/User[0-9]*
       interface=org.freedesktop.DBus.Properties
       member=GetAll,
@ -40,6 +49,104 @@ profile xdg-desktop-portal-gtk @{exec_path} {
       interface=org.freedesktop.DBus.Properties
       member=PropertiesChanged,

+  dbus send    bus=session path=/org/gtk/Settings
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=gsd-xsettings),
+
+  dbus send    bus=session path=/org/gnome/SessionManager
+       interface=org.gnome.SessionManager
+       member=RegisterClient
+       peer=(name=:*, label=gnome-session-binary),
+
+  dbus receive bus=session path=/org/gnome/SessionManager
+       interface=org.gnome.SessionManager
+       member={ClientAdded,ClientRemoved,SessionRunning}
+       peer=(name=:*, label=gnome-session-binary),
+
+  dbus send    bus=session path=/org/gnome/SessionManager{,/Client[0-9]*}
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=gnome-session-binary),
+
+  dbus send    bus=session path=/org/gnome/SessionManager/Client[0-9]*
+       interface=org.gnome.SessionManager.ClientPrivate
+       member=EndSessionResponse
+       peer=(name=:*, label=gnome-session-binary),
+
+  dbus receive bus=session path=/org/gnome/SessionManager/Client[0-9]*
+       interface=org.gnome.SessionManager.ClientPrivate
+       member={EndSession,QueryEndSession,CancelEndSession,Stop}
+       peer=(name=:*, label=gnome-session-binary),
+
+  dbus receive bus=session path=/org/gnome/Shell/Introspect
+       interface=org.gnome.Shell.Introspect
+       member={RunningApplicationsChanged,WindowsChanged}
+       peer=(name=:*, label=gnome-shell),
+
+  dbus send    bus=accessibility path=/org/a11y/atspi/registry/deviceeventcontroller
+       interface=org.a11y.atspi.DeviceEventController
+       member={GetKeystrokeListeners,GetDeviceEventListeners}
+       peer=(name=org.a11y.atspi.Registry), # all peer's labels
+
+  dbus send    bus=accessibility path=/org/a11y/atspi/registry
+       interface=org.a11y.atspi.Registry
+       member=GetRegisteredEvents
+       peer=(name=org.a11y.atspi.Registry), # all peer's labels
+
+  dbus receive bus=accessibility path=/org/a11y/atspi/registry
+       interface=org.a11y.atspi.Registry
+       member=EventListenerDeregistered
+       peer=(name=:*, label=at-spi2-registryd),
+
+  dbus send bus=accessibility path=/org/a11y/atspi/accessible/root
+       interface=org.a11y.atspi.Socket
+       member=Embed
+       peer=(name=org.a11y.atspi.Registry), # all peer's labels
+
+  dbus send bus=session path=/org/a11y/bus
+       interface=org.a11y.Bus
+       member=GetAddress
+       peer=(name=org.a11y.Bus, label=at-spi-bus-launcher),
+
+  dbus send bus=session path=/org/gtk/vfs/mounttracker
+       interface=org.gtk.vfs.MountTracker
+       member=ListMountableInfo
+       peer=(name=:*, label=gvfsd),
+
+  dbus send bus=session path=/org/gnome/ScreenSaver
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=gjs-console),
+
+  dbus send bus=session path=/org/gnome/Shell/Introspect
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=gnome-shell),
+
+  dbus receive bus=session path=/org/gnome/ScreenSaver
+       interface=org.gnome.ScreenSaver
+       member=ActiveChanged
+       peer=(name=:*, label=gjs-console),
+
+  dbus send bus=session path=/org/freedesktop/portal/desktop
+       interface=org.freedesktop.impl.portal.Settings
+       member=SettingChanged
+       peer=(name=org.freedesktop.DBus, label=xdg-desktop-portal),
+
+  dbus receive bus=session path=/org/freedesktop/portal/desktop
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=xdg-desktop-portal),
+
+  dbus send bus=session path=/org/gtk/Notifications
+       interface=org.freedesktop.DBus.Properties
+       member=GetAll
+       peer=(name=:*, label=gnome-shell),
+
+  dbus bind bus=session
+       name=org.freedesktop.impl.portal.desktop.gtk,
+
  @{exec_path} mr,

  /usr/share/glib-2.0/schemas/gschemas.compiled r,
@ -58,4 +165,4 @@ profile xdg-desktop-portal-gtk @{exec_path} {
  owner @{PROC}/@{pid}/mountinfo r,

  include if exists <local/xdg-desktop-portal-gtk>
-}
+}