Unbreak Debian 11 and partially Ubuntu 22.04 (Wayland+GDM+Gnome) (#81)

* Unbreaking Debian 11 and partially Ubuntu 22.04 * pre-cleanup * pre-cleanup2 * Update im-launch * Update gnome-extension-ding * polishing * not yet * Update ubuntu.flags Allow GDM to boot. `No new privs` fix. * Update debian.flags Allow GDM to boot. `No new privs` fix. * Update CONTRIBUTING.md * fixes * reverting w * move setpriv to main.flags
2022-10-14 21:21:56 +00:00 · 2022-10-14 21:21:56 +00:00 · 643a84997e
commit 643a84997e
parent bdcaa040fe
110 changed files with 3157 additions and 182 deletions
--- a/apparmor.d/profiles-m-r/man
+++ b/apparmor.d/profiles-m-r/man
@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/man
 profile man @{exec_path} {
  include <abstractions/base>
+  include <abstractions/consoles>

  signal peer=man//man_groff,
  signal peer=man//man_filter,
@ -41,11 +42,12 @@ profile man @{exec_path} {
  /{usr/,}bin/less       rPx -> child-pager,
  /{usr/,}bin/more       rPx -> child-pager,

-  /usr/**/man/** r,
-  /var/**/man/** r,
+  /usr/**/man/{,**} r,
+  /var/**/man/{,**} r,
  /var/cache/man/index.db rk,

  /etc/man_db.conf r,
+  /etc/manpath.config r,

  /dev/tty r,

@ -75,6 +77,8 @@ profile man_groff {

  /tmp/groff* rw,
  owner /tmp/* rw,
+
+  include if exists <local/man_groff>
 }

 profile man_filter {
@ -102,4 +106,6 @@ profile man_filter {
  owner @{MOUNTS}/*/@{XDG_DATA_HOME}/** r,

  /var/cache/man/** w,
+
+  include if exists <local/man_filter>
 }
--- a/apparmor.d/profiles-m-r/pass
+++ b/apparmor.d/profiles-m-r/pass
@ -106,8 +106,8 @@ profile pass @{exec_path} {
    network inet6 stream,
    network netlink raw,

-    /{usr/,}bin/git*                  mrix,
-    /{usr/,}@{libexec}/git-core/git*  mrix,
+    /{usr/,}bin/git*          mrix,
+    @{libexec}/git-core/git*  mrix,

    /{usr/,}bin/gpg{2,}  rUx,

--- a/apparmor.d/profiles-m-r/passwd
+++ b/apparmor.d/profiles-m-r/passwd
@ -20,6 +20,8 @@ profile passwd @{exec_path} {
  capability fsetid,
  capability setuid,

+  signal (receive) set=(term, kill) peer=gnome-control-center,
+
  network netlink raw,

  @{exec_path} mr,
--- a/apparmor.d/profiles-m-r/pkexec
+++ b/apparmor.d/profiles-m-r/pkexec
@ -58,6 +58,7 @@ profile pkexec @{exec_path} flags=(complain) {
  /{usr/,}lib/polkit-[0-9]/polkit-agent-helper-[0-9] rPx,
  /{usr/,}lib/update-notifier/package-system-locked  rPx,
  /usr/share/apport/apport-gtk rPx,
+  @{libexec}/cc-remote-login-helper rPx,

  /etc/shells r,
  /etc/environment r,