diff --git a/apparmor.d/groups/browsers/firefox-pingsender b/apparmor.d/groups/browsers/firefox-pingsender index bc1e3f361..751f1e9f5 100644 --- a/apparmor.d/groups/browsers/firefox-pingsender +++ b/apparmor.d/groups/browsers/firefox-pingsender @@ -21,7 +21,6 @@ profile firefox-pingsender @{exec_path} { network inet stream, network inet6 stream, - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (receive) set=(term, kill) peer=firefox, @{exec_path} mr, diff --git a/apparmor.d/groups/bus/dbus-broker b/apparmor.d/groups/bus/dbus-broker index 98d6a44fc..3d57acf7b 100644 --- a/apparmor.d/groups/bus/dbus-broker +++ b/apparmor.d/groups/bus/dbus-broker @@ -18,8 +18,6 @@ profile dbus-broker @{exec_path} flags=(attach_disconnected) { network bluetooth stream, network bluetooth seqpacket, - signal (receive) set=(cont, term) peer=@{systemd_user}, - dbus bus=accessibility, dbus bus=session, dbus bus=system, diff --git a/apparmor.d/groups/bus/dbus-daemon b/apparmor.d/groups/bus/dbus-daemon index e85a4af7e..434f19b7f 100644 --- a/apparmor.d/groups/bus/dbus-daemon +++ b/apparmor.d/groups/bus/dbus-daemon @@ -27,7 +27,6 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) { network bluetooth stream, network bluetooth seqpacket, - signal (receive) set=(cont term) peer=@{systemd_user}, signal (receive) set=(term hup kill) peer=at-spi-bus-launcher, signal (receive) set=(term hup kill) peer=dbus-run-session, signal (receive) set=(term hup kill) peer=gdm*, diff --git a/apparmor.d/groups/bus/ibus-dconf b/apparmor.d/groups/bus/ibus-dconf index 630ee89f4..3ad8898bb 100644 --- a/apparmor.d/groups/bus/ibus-dconf +++ b/apparmor.d/groups/bus/ibus-dconf @@ -14,7 +14,6 @@ profile ibus-dconf @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (receive) set=term peer=ibus-daemon, unix (send, receive, connect) type=stream peer=(addr="@/home/*/.cache/ibus/dbus-????????", label=ibus-daemon), diff --git a/apparmor.d/groups/bus/ibus-x11 b/apparmor.d/groups/bus/ibus-x11 index 74ee525fb..2383fc3c1 100644 --- a/apparmor.d/groups/bus/ibus-x11 +++ b/apparmor.d/groups/bus/ibus-x11 @@ -20,8 +20,6 @@ profile ibus-x11 @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=@{systemd_user}, - unix (connect, receive, send) type=stream peer=(label=ibus-daemon), network inet stream, diff --git a/apparmor.d/groups/freedesktop/at-spi-bus-launcher b/apparmor.d/groups/freedesktop/at-spi-bus-launcher index c9d1243f9..8ced17884 100644 --- a/apparmor.d/groups/freedesktop/at-spi-bus-launcher +++ b/apparmor.d/groups/freedesktop/at-spi-bus-launcher @@ -22,7 +22,6 @@ profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) { network inet6 dgram, network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term hup kill) peer=dbus-daemon, signal (receive) set=(term hup kill) peer=gdm*, signal (receive) set=(term hup kill) peer=gnome-session-binary, diff --git a/apparmor.d/groups/freedesktop/at-spi2-registryd b/apparmor.d/groups/freedesktop/at-spi2-registryd index 452488579..5451b881d 100644 --- a/apparmor.d/groups/freedesktop/at-spi2-registryd +++ b/apparmor.d/groups/freedesktop/at-spi2-registryd @@ -17,7 +17,6 @@ profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (receive) set=(term hup kill) peer=@{systemd}, signal (receive) set=(term hup kill) peer=dbus-daemon, signal (receive) set=(term hup kill) peer=gdm*, diff --git a/apparmor.d/groups/freedesktop/dconf-service b/apparmor.d/groups/freedesktop/dconf-service index 160ef5e67..d074a30ef 100644 --- a/apparmor.d/groups/freedesktop/dconf-service +++ b/apparmor.d/groups/freedesktop/dconf-service @@ -13,7 +13,6 @@ profile dconf-service @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term kill hup) peer=dbus-daemon, signal (receive) set=(term hup) peer=gdm*, diff --git a/apparmor.d/groups/freedesktop/geoclue b/apparmor.d/groups/freedesktop/geoclue index b0aff8219..0182f71b4 100644 --- a/apparmor.d/groups/freedesktop/geoclue +++ b/apparmor.d/groups/freedesktop/geoclue @@ -24,8 +24,6 @@ profile geoclue @{exec_path} flags=(attach_disconnected) { network inet6 stream, network netlink raw, - signal (receive) set=(cont, term) peer=@{systemd_user}, - # dbus: own bus=system name=org.freedesktop.GeoClue2 dbus send bus=system path=/org/freedesktop/DBus diff --git a/apparmor.d/groups/freedesktop/pipewire b/apparmor.d/groups/freedesktop/pipewire index 40bb05c4c..7f81d75f5 100644 --- a/apparmor.d/groups/freedesktop/pipewire +++ b/apparmor.d/groups/freedesktop/pipewire @@ -21,8 +21,6 @@ profile pipewire @{exec_path} flags=(attach_disconnected) { network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - ptrace (read), # dbus: own bus=session name=org.pulseaudio.Server diff --git a/apparmor.d/groups/freedesktop/pipewire-media-session b/apparmor.d/groups/freedesktop/pipewire-media-session index a066fe119..0bb4c0334 100644 --- a/apparmor.d/groups/freedesktop/pipewire-media-session +++ b/apparmor.d/groups/freedesktop/pipewire-media-session @@ -23,8 +23,6 @@ profile pipewire-media-session @{exec_path} { network bluetooth stream, network netlink raw, - signal (receive) set=(cont term) peer=@{systemd_user}, - dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetConnectionUnixProcessID diff --git a/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent b/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent index c9f674db4..f5cbac884 100644 --- a/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent +++ b/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent @@ -24,7 +24,6 @@ profile polkit-kde-authentication-agent @{exec_path} flags=(attach_disconnected) network inet6 stream, network netlink raw, - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (send) set=(term, kill) peer=polkit-agent-helper, @{exec_path} mr, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal b/apparmor.d/groups/freedesktop/xdg-desktop-portal index 562d1eaea..19547ad54 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal @@ -24,8 +24,6 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) { network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - ptrace (read), # dbus: own bus=session name=org.freedesktop.portal.Desktop path=/org/freedesktop/portal/desktop interface={org.freedesktop.DBus.Properties,org.freedesktop{,.impl}.portal.{Settings,Background}} diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome index 39416eebb..7ceb1ba4b 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome @@ -26,7 +26,6 @@ profile xdg-desktop-portal-gnome @{exec_path} { network unix stream, - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=term peer=gdm, dbus bind bus=session name=org.freedesktop.impl.portal.desktop.gnome, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk index 2963a8015..949fc9875 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk @@ -29,8 +29,6 @@ profile xdg-desktop-portal-gtk @{exec_path} { include include - signal (receive) set=(cont, term) peer=systemd-user, - unix (send, receive, connect) type=stream peer=(addr="@/tmp/.X11-unix/*", label=gnome-shell), dbus bind bus=session name=org.freedesktop.impl.portal.desktop.gtk, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde index 07a82f0a8..9008bf76c 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde @@ -19,8 +19,6 @@ profile xdg-desktop-portal-kde @{exec_path} { network inet6 stream, network netlink raw, - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mr, owner @{user_cache_dirs}/*.kcache r, diff --git a/apparmor.d/groups/freedesktop/xdg-document-portal b/apparmor.d/groups/freedesktop/xdg-document-portal index d72e85b51..70b2cf7fa 100644 --- a/apparmor.d/groups/freedesktop/xdg-document-portal +++ b/apparmor.d/groups/freedesktop/xdg-document-portal @@ -18,7 +18,6 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) { mount fstype=fuse.portal -> @{run}/user/@{uid}/doc/, - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term) peer=gdm, ptrace (read) peer=xdg-desktop-portal, @@ -65,8 +64,6 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) { umount @{run}/user/@{uid}/doc/, - signal (receive) set=(cont, term) peer=systemd-user, - unix (send receive) type=stream peer=(label=xdg-document-portal), @{bin}/fusermount{,3} mr, diff --git a/apparmor.d/groups/freedesktop/xdg-permission-store b/apparmor.d/groups/freedesktop/xdg-permission-store index bd35ddb14..cdddb22b7 100644 --- a/apparmor.d/groups/freedesktop/xdg-permission-store +++ b/apparmor.d/groups/freedesktop/xdg-permission-store @@ -13,7 +13,6 @@ profile xdg-permission-store @{exec_path} flags=(attach_disconnected) { capability sys_nice, - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term hup kill) peer=dbus-daemon, signal (receive) set=(term hup kill) peer=gdm*, diff --git a/apparmor.d/groups/freedesktop/xwayland b/apparmor.d/groups/freedesktop/xwayland index 5f52fdb64..bba6a6abb 100644 --- a/apparmor.d/groups/freedesktop/xwayland +++ b/apparmor.d/groups/freedesktop/xwayland @@ -13,7 +13,6 @@ profile xwayland @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term hup) peer=gdm*, signal (receive) set=(term hup) peer=gnome-shell, signal (receive) set=(term hup) peer=kwin_wayland, diff --git a/apparmor.d/groups/gnome/evolution-addressbook-factory b/apparmor.d/groups/gnome/evolution-addressbook-factory index 623de6c5a..59fc0c139 100644 --- a/apparmor.d/groups/gnome/evolution-addressbook-factory +++ b/apparmor.d/groups/gnome/evolution-addressbook-factory @@ -25,8 +25,6 @@ profile evolution-addressbook-factory @{exec_path} { network inet6 dgram, network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - dbus bind bus=session name=org.gnome.evolution.dataserver.AddressBook@{int}, dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/** diff --git a/apparmor.d/groups/gnome/evolution-alarm-notify b/apparmor.d/groups/gnome/evolution-alarm-notify index 5de607fcb..2cec7f15a 100644 --- a/apparmor.d/groups/gnome/evolution-alarm-notify +++ b/apparmor.d/groups/gnome/evolution-alarm-notify @@ -21,8 +21,6 @@ profile evolution-alarm-notify @{exec_path} { network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - # dbus: own bus=session name=org.gnome.Evolution-alarm-notify dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/** diff --git a/apparmor.d/groups/gnome/evolution-calendar-factory b/apparmor.d/groups/gnome/evolution-calendar-factory index 4cdc11fa4..f1a59102a 100644 --- a/apparmor.d/groups/gnome/evolution-calendar-factory +++ b/apparmor.d/groups/gnome/evolution-calendar-factory @@ -24,8 +24,6 @@ profile evolution-calendar-factory @{exec_path} { network inet6 dgram, network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - dbus bind bus=session name=org.gnome.evolution.dataserver.Calendar@{int}, dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/** diff --git a/apparmor.d/groups/gnome/evolution-source-registry b/apparmor.d/groups/gnome/evolution-source-registry index 238d53ffc..0a17f3666 100644 --- a/apparmor.d/groups/gnome/evolution-source-registry +++ b/apparmor.d/groups/gnome/evolution-source-registry @@ -22,9 +22,7 @@ profile evolution-source-registry @{exec_path} { network inet6 dgram, network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - dbus bind bus=session name=org.gnome.evolution.dataserver.Sources@{int}, dbus receive bus=session path=/org/gnome/evolution/dataserver/SourceManager{,/**} interface={org.freedesktop.DBus.ObjectManager,org.freedesktop.DBus.Properties} peer=(name=:*), diff --git a/apparmor.d/groups/gnome/gjs-console b/apparmor.d/groups/gnome/gjs-console index fb276acf0..db4a703ff 100644 --- a/apparmor.d/groups/gnome/gjs-console +++ b/apparmor.d/groups/gnome/gjs-console @@ -27,7 +27,6 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) { network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term hup) peer=gdm*, # dbus: own bus=session name=org.freedesktop.Notifications diff --git a/apparmor.d/groups/gnome/gnome-keyring-daemon b/apparmor.d/groups/gnome/gnome-keyring-daemon index 365be69d9..a2829ee6e 100644 --- a/apparmor.d/groups/gnome/gnome-keyring-daemon +++ b/apparmor.d/groups/gnome/gnome-keyring-daemon @@ -19,7 +19,6 @@ profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) { capability ipc_lock, - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term) peer=gdm, signal (send) set=(term) peer=ssh-agent, diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index 4246341bc..a0d7a7331 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -65,7 +65,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { ptrace (read), ptrace (readby) peer=pipewire, - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, signal (send), diff --git a/apparmor.d/groups/gnome/gnome-shell-calendar-server b/apparmor.d/groups/gnome/gnome-shell-calendar-server index 15bb651f5..6f3d3ce90 100644 --- a/apparmor.d/groups/gnome/gnome-shell-calendar-server +++ b/apparmor.d/groups/gnome/gnome-shell-calendar-server @@ -13,8 +13,6 @@ profile gnome-shell-calendar-server @{exec_path} { include include - signal (receive) set=(cont, term) peer=systemd-user, - # dbus: own bus=session name=org.gnome.Shell.CalendarServer dbus (send receive) bus=session path=/org/gnome/evolution/dataserver/{,**} diff --git a/apparmor.d/groups/gnome/gnome-terminal-server b/apparmor.d/groups/gnome/gnome-terminal-server index 7c076809a..178e50e4e 100644 --- a/apparmor.d/groups/gnome/gnome-terminal-server +++ b/apparmor.d/groups/gnome/gnome-terminal-server @@ -18,7 +18,6 @@ profile gnome-terminal-server @{exec_path} { include include - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (send) set=(hup) peer=htop, signal (send) set=(term hup kill) peer=unconfined, diff --git a/apparmor.d/groups/gnome/goa-daemon b/apparmor.d/groups/gnome/goa-daemon index ba37f78d3..68a490457 100644 --- a/apparmor.d/groups/gnome/goa-daemon +++ b/apparmor.d/groups/gnome/goa-daemon @@ -25,8 +25,6 @@ profile goa-daemon @{exec_path} { network inet6 dgram, network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - # dbus: own bus=session name=org.gnome.OnlineAccounts dbus send bus=session path=/org/gnome/Identity diff --git a/apparmor.d/groups/gnome/goa-identity-service b/apparmor.d/groups/gnome/goa-identity-service index 50983587f..5bdf6de6f 100644 --- a/apparmor.d/groups/gnome/goa-identity-service +++ b/apparmor.d/groups/gnome/goa-identity-service @@ -12,8 +12,6 @@ profile goa-identity-service @{exec_path} { include include - signal (receive) set=(cont, term) peer=systemd-user, - # dbus: own bus=session name=org.gnome.Identity dbus send bus=session path=/org/gnome/OnlineAccounts diff --git a/apparmor.d/groups/gnome/gsd-a11y-settings b/apparmor.d/groups/gnome/gsd-a11y-settings index 50ff4c57b..a002792e0 100644 --- a/apparmor.d/groups/gnome/gsd-a11y-settings +++ b/apparmor.d/groups/gnome/gsd-a11y-settings @@ -13,7 +13,6 @@ profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, # dbus: own bus=session name=org.gnome.SettingsDaemon.A11ySettings diff --git a/apparmor.d/groups/gnome/gsd-color b/apparmor.d/groups/gnome/gsd-color index 474180e39..661e561a1 100644 --- a/apparmor.d/groups/gnome/gsd-color +++ b/apparmor.d/groups/gnome/gsd-color @@ -21,7 +21,6 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, # dbus: own bus=session name=org.gnome.SettingsDaemon.Color diff --git a/apparmor.d/groups/gnome/gsd-datetime b/apparmor.d/groups/gnome/gsd-datetime index f6bf3c64d..047e52298 100644 --- a/apparmor.d/groups/gnome/gsd-datetime +++ b/apparmor.d/groups/gnome/gsd-datetime @@ -13,7 +13,6 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, # dbus: own bus=session name=org.gnome.SettingsDaemon.Datetime diff --git a/apparmor.d/groups/gnome/gsd-disk-utility-notify b/apparmor.d/groups/gnome/gsd-disk-utility-notify index e910bfb86..f06474152 100644 --- a/apparmor.d/groups/gnome/gsd-disk-utility-notify +++ b/apparmor.d/groups/gnome/gsd-disk-utility-notify @@ -13,8 +13,6 @@ profile gsd-disk-utility-notify @{exec_path} { include include - signal (receive) set=(cont, term) peer=systemd-user, - # dbus: own bus=session name=org.gnome.Disks.NotificationMonitor dbus receive bus=session diff --git a/apparmor.d/groups/gnome/gsd-housekeeping b/apparmor.d/groups/gnome/gsd-housekeeping index 00b97fe50..0545fdd91 100644 --- a/apparmor.d/groups/gnome/gsd-housekeeping +++ b/apparmor.d/groups/gnome/gsd-housekeeping @@ -16,7 +16,6 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gnome*, diff --git a/apparmor.d/groups/gnome/gsd-keyboard b/apparmor.d/groups/gnome/gsd-keyboard index aefedf2b6..b34a984e0 100644 --- a/apparmor.d/groups/gnome/gsd-keyboard +++ b/apparmor.d/groups/gnome/gsd-keyboard @@ -21,7 +21,6 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, # dbus: own bus=session name=org.gnome.SettingsDaemon.Keyboard diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys index c38fe81af..7ffa86d59 100644 --- a/apparmor.d/groups/gnome/gsd-media-keys +++ b/apparmor.d/groups/gnome/gsd-media-keys @@ -24,7 +24,6 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, network netlink raw, diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power index 2b883fcb9..f1f24bffd 100644 --- a/apparmor.d/groups/gnome/gsd-power +++ b/apparmor.d/groups/gnome/gsd-power @@ -31,7 +31,6 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, # dbus: own bus=session name=org.gnome.SettingsDaemon.Power diff --git a/apparmor.d/groups/gnome/gsd-print-notifications b/apparmor.d/groups/gnome/gsd-print-notifications index f1e980c69..cce833231 100644 --- a/apparmor.d/groups/gnome/gsd-print-notifications +++ b/apparmor.d/groups/gnome/gsd-print-notifications @@ -18,7 +18,6 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) { network inet stream, network inet6 stream, - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, signal (send) set=(hup) peer=gsd-printer, diff --git a/apparmor.d/groups/gnome/gsd-printer b/apparmor.d/groups/gnome/gsd-printer index b8ac31f33..b9ecce186 100644 --- a/apparmor.d/groups/gnome/gsd-printer +++ b/apparmor.d/groups/gnome/gsd-printer @@ -14,7 +14,6 @@ profile gsd-printer @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(hup) peer=gsd-print-notifications, diff --git a/apparmor.d/groups/gnome/gsd-rfkill b/apparmor.d/groups/gnome/gsd-rfkill index 36130dd15..7a38625a2 100644 --- a/apparmor.d/groups/gnome/gsd-rfkill +++ b/apparmor.d/groups/gnome/gsd-rfkill @@ -16,7 +16,6 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, network netlink raw, diff --git a/apparmor.d/groups/gnome/gsd-screensaver-proxy b/apparmor.d/groups/gnome/gsd-screensaver-proxy index 93896dfaa..9fe946928 100644 --- a/apparmor.d/groups/gnome/gsd-screensaver-proxy +++ b/apparmor.d/groups/gnome/gsd-screensaver-proxy @@ -12,7 +12,6 @@ profile gsd-screensaver-proxy @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, # dbus: own bus=session name=org.freedesktop.ScreenSaver diff --git a/apparmor.d/groups/gnome/gsd-sharing b/apparmor.d/groups/gnome/gsd-sharing index b72a3c27f..640e9bf4f 100644 --- a/apparmor.d/groups/gnome/gsd-sharing +++ b/apparmor.d/groups/gnome/gsd-sharing @@ -15,7 +15,6 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, # dbus: own bus=session name=org.gnome.SettingsDaemon.Sharing diff --git a/apparmor.d/groups/gnome/gsd-smartcard b/apparmor.d/groups/gnome/gsd-smartcard index 5a8bdfe2d..51564e8ed 100644 --- a/apparmor.d/groups/gnome/gsd-smartcard +++ b/apparmor.d/groups/gnome/gsd-smartcard @@ -15,7 +15,6 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, # dbus: own bus=session name=org.gnome.SettingsDaemon.Smartcard diff --git a/apparmor.d/groups/gnome/gsd-sound b/apparmor.d/groups/gnome/gsd-sound index 08c6fac12..2db9cefc3 100644 --- a/apparmor.d/groups/gnome/gsd-sound +++ b/apparmor.d/groups/gnome/gsd-sound @@ -15,7 +15,6 @@ profile gsd-sound @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, # dbus: own bus=session name=org.gnome.SettingsDaemon.Sound diff --git a/apparmor.d/groups/gnome/gsd-usb-protection b/apparmor.d/groups/gnome/gsd-usb-protection index b4fb10074..30f150d29 100644 --- a/apparmor.d/groups/gnome/gsd-usb-protection +++ b/apparmor.d/groups/gnome/gsd-usb-protection @@ -11,8 +11,6 @@ profile gsd-usb-protection @{exec_path} { include include - signal (receive) set=(cont, term) peer=systemd-user, - @{exec_path} mr, /usr/share/glib-2.0/schemas/gschemas.compiled r, diff --git a/apparmor.d/groups/gnome/gsd-wacom b/apparmor.d/groups/gnome/gsd-wacom index fa2f5da0d..7bfee2237 100644 --- a/apparmor.d/groups/gnome/gsd-wacom +++ b/apparmor.d/groups/gnome/gsd-wacom @@ -19,7 +19,6 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, # dbus: own bus=session name=org.gnome.SettingsDaemon.Wacom diff --git a/apparmor.d/groups/gnome/gsd-xsettings b/apparmor.d/groups/gnome/gsd-xsettings index 7ee95cb29..dac3c6a41 100644 --- a/apparmor.d/groups/gnome/gsd-xsettings +++ b/apparmor.d/groups/gnome/gsd-xsettings @@ -30,8 +30,6 @@ profile gsd-xsettings @{exec_path} { network inet6 dgram, network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - # dbus: own bus=session name=org.gnome.SettingsDaemon.XSettings # dbus: own bus=session name=org.gtk.Settings diff --git a/apparmor.d/groups/gnome/mutter-x11-frames b/apparmor.d/groups/gnome/mutter-x11-frames index fd9d4fc25..1363f3d05 100644 --- a/apparmor.d/groups/gnome/mutter-x11-frames +++ b/apparmor.d/groups/gnome/mutter-x11-frames @@ -17,8 +17,6 @@ profile mutter-x11-frames @{exec_path} { include include - signal (receive) set=(cont, term) peer=systemd-user, - @{exec_path} mr, /usr/share/dconf/profile/gdm r, diff --git a/apparmor.d/groups/gnome/tracker-extract b/apparmor.d/groups/gnome/tracker-extract index d3b1ad2ba..b41f07317 100644 --- a/apparmor.d/groups/gnome/tracker-extract +++ b/apparmor.d/groups/gnome/tracker-extract @@ -25,7 +25,6 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) { network netlink raw, - signal (receive) set=(cont term) peer=@{systemd_user}, signal (receive) set=(term) peer=gdm, # dbus: own bus=session name=org.freedesktop.Tracker3.Miner.Extract diff --git a/apparmor.d/groups/gnome/tracker-miner b/apparmor.d/groups/gnome/tracker-miner index 0a98a387a..554e4e441 100644 --- a/apparmor.d/groups/gnome/tracker-miner +++ b/apparmor.d/groups/gnome/tracker-miner @@ -25,7 +25,6 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) { network netlink raw, - signal (receive) set=(cont term) peer=@{systemd_user}, signal (receive) set=(term, kill) peer=gdm, signal (receive) set=(hup) peer=gdm-session-worker, diff --git a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor index 5dd480c2e..60ae79841 100644 --- a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor @@ -12,8 +12,6 @@ profile gvfs-afc-volume-monitor @{exec_path} { include include - signal (receive) set=(cont, term) peer=systemd-user, - # dbus: own bus=session name=org.gtk.vfs.AfcVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor dbus receive bus=session diff --git a/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor b/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor index a9865e1a8..efe6f3ecc 100644 --- a/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor @@ -12,8 +12,6 @@ profile gvfs-goa-volume-monitor @{exec_path} { include include - signal (receive) set=(cont, term) peer=systemd-user, - dbus bind bus=session name=org.gtk.vfs.GoaVolumeMonitor, dbus (send, receive) bus=session path=/org/gtk/Private/RemoteVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor diff --git a/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor index 7c9a2d3d9..7d9f93fba 100644 --- a/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor @@ -16,8 +16,6 @@ profile gvfs-gphoto2-volume-monitor @{exec_path} { network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - dbus bind bus=session name=org.gtk.vfs.GPhoto2VolumeMonitor, dbus (send, receive) bus=session path=/org/gtk/Private/RemoteVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor diff --git a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor index d09e28858..e145a24d6 100644 --- a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor @@ -15,8 +15,6 @@ profile gvfs-mtp-volume-monitor @{exec_path} { network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - dbus bind bus=session name=org.gtk.vfs.MTPVolumeMonitor, dbus (send, receive) bus=session path=/org/gtk/Private/RemoteVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor diff --git a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor index 35154585e..78eb32b4a 100644 --- a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor @@ -26,7 +26,6 @@ profile gvfs-udisks2-volume-monitor @{exec_path} flags=(attach_disconnected) { network inet6 stream, network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, signal (send) set=(term, kill) peer=mount, ptrace (read), diff --git a/apparmor.d/groups/gvfs/gvfsd b/apparmor.d/groups/gvfs/gvfsd index ca821bfb6..e7e5f4913 100644 --- a/apparmor.d/groups/gvfs/gvfsd +++ b/apparmor.d/groups/gvfs/gvfsd @@ -12,8 +12,6 @@ profile gvfsd @{exec_path} { include include - signal (receive) set=(cont, term) peer=systemd-user, - dbus bind bus=session name=org.gtk.vfs.Daemon, dbus send bus=session path=/org/gtk/vfs/mounttracker diff --git a/apparmor.d/groups/gvfs/gvfsd-fuse b/apparmor.d/groups/gvfs/gvfsd-fuse index b87b4cf1d..b29faeea4 100644 --- a/apparmor.d/groups/gvfs/gvfsd-fuse +++ b/apparmor.d/groups/gvfs/gvfsd-fuse @@ -15,8 +15,6 @@ profile gvfsd-fuse @{exec_path} { mount fstype={fuse,fuse.*} -> @{run}/user/@{uid}/gvfs/, - signal (receive) set=(cont, term) peer=systemd-user, - unix (send,receive) type=stream addr=none peer=(label=gvfsd-fuse//fusermount), dbus send bus=session path=/org/gtk/vfs/mounttracker @@ -47,8 +45,6 @@ profile gvfsd-fuse @{exec_path} { mount fstype={fuse,fuse.*} -> @{run}/user/@{uid}/gvfs/, umount @{run}/user/@{uid}/**/, - signal (receive) set=(cont, term) peer=systemd-user, - unix (send,receive) type=stream addr=none peer=(label=gvfsd-fuse), @{bin}/fusermount{,3} mr, diff --git a/apparmor.d/groups/kde/DiscoverNotifier b/apparmor.d/groups/kde/DiscoverNotifier index 8829b7271..9b1707e90 100644 --- a/apparmor.d/groups/kde/DiscoverNotifier +++ b/apparmor.d/groups/kde/DiscoverNotifier @@ -17,8 +17,6 @@ profile DiscoverNotifier @{exec_path} { network inet6 dgram, network netlink dgram, - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mr, /etc/flatpak/remotes.d/ r, diff --git a/apparmor.d/groups/kde/baloo b/apparmor.d/groups/kde/baloo index ad94e133a..297906b49 100644 --- a/apparmor.d/groups/kde/baloo +++ b/apparmor.d/groups/kde/baloo @@ -19,8 +19,6 @@ profile baloo @{exec_path} { network netlink raw, - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mr, @{lib}/{,kf6/}baloo_file_extractor rix, diff --git a/apparmor.d/groups/kde/gmenudbusmenuproxy b/apparmor.d/groups/kde/gmenudbusmenuproxy index 34e47f7f0..8818aeaff 100644 --- a/apparmor.d/groups/kde/gmenudbusmenuproxy +++ b/apparmor.d/groups/kde/gmenudbusmenuproxy @@ -15,8 +15,6 @@ profile gmenudbusmenuproxy @{exec_path} { ptrace (read) peer=kded, - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mr, /etc/machine-id r, diff --git a/apparmor.d/groups/kde/kaccess b/apparmor.d/groups/kde/kaccess index 536db33d2..02a095c82 100644 --- a/apparmor.d/groups/kde/kaccess +++ b/apparmor.d/groups/kde/kaccess @@ -13,8 +13,6 @@ profile kaccess @{exec_path} { include include - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mr, @{bin}/gsettings rPx, diff --git a/apparmor.d/groups/kde/kactivitymanagerd b/apparmor.d/groups/kde/kactivitymanagerd index 978f85f5b..fc8e63d83 100644 --- a/apparmor.d/groups/kde/kactivitymanagerd +++ b/apparmor.d/groups/kde/kactivitymanagerd @@ -15,8 +15,6 @@ profile kactivitymanagerd @{exec_path} { include include - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mr, /etc/xdg/menus/{,*/} r, diff --git a/apparmor.d/groups/kde/kde-powerdevil b/apparmor.d/groups/kde/kde-powerdevil index fa95f5aa4..7bea54a88 100644 --- a/apparmor.d/groups/kde/kde-powerdevil +++ b/apparmor.d/groups/kde/kde-powerdevil @@ -18,8 +18,6 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted) network netlink raw, - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mrix, @{sh_path} rix, diff --git a/apparmor.d/groups/kde/kded b/apparmor.d/groups/kde/kded index 439d4cab8..d7e66dad1 100644 --- a/apparmor.d/groups/kde/kded +++ b/apparmor.d/groups/kde/kded @@ -32,7 +32,6 @@ profile kded @{exec_path} { ptrace (read), - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (send) set=hup peer=xsettingsd, dbus receive bus=system path=/org/freedesktop/NetworkManager/SecretAgent diff --git a/apparmor.d/groups/kde/kscreenlocker-greet b/apparmor.d/groups/kde/kscreenlocker-greet index d438600c2..96b155831 100644 --- a/apparmor.d/groups/kde/kscreenlocker-greet +++ b/apparmor.d/groups/kde/kscreenlocker-greet @@ -25,7 +25,6 @@ profile kscreenlocker-greet @{exec_path} { network netlink raw, - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (receive) set=(term) peer=kwin_wayland, signal (receive) set=(usr1, term) peer=ksmserver, signal (send) peer=kcheckpass, diff --git a/apparmor.d/groups/kde/ksmserver b/apparmor.d/groups/kde/ksmserver index bf20c1ea0..aae75a017 100644 --- a/apparmor.d/groups/kde/ksmserver +++ b/apparmor.d/groups/kde/ksmserver @@ -15,7 +15,6 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) { include include - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (send) set=(usr1,term) peer=kscreenlocker-greet, unix (send, receive) type=stream peer=(label="kscreenlocker-greet",addr=none), diff --git a/apparmor.d/groups/kde/kwin_wayland b/apparmor.d/groups/kde/kwin_wayland index 506a8f672..0a15b59b8 100644 --- a/apparmor.d/groups/kde/kwin_wayland +++ b/apparmor.d/groups/kde/kwin_wayland @@ -19,7 +19,6 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) { ptrace (read), - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (receive) set=term peer=sddm, signal (receive) set=(kill, term) peer=kwin_wayland_wrapper, signal (send) set=(kill, term) peer=xwayland, diff --git a/apparmor.d/groups/kde/kwin_wayland_wrapper b/apparmor.d/groups/kde/kwin_wayland_wrapper index 924c0f4ba..6690d4472 100644 --- a/apparmor.d/groups/kde/kwin_wayland_wrapper +++ b/apparmor.d/groups/kde/kwin_wayland_wrapper @@ -12,7 +12,6 @@ profile kwin_wayland_wrapper @{exec_path} { include include - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (send) set=(term, kill) peer=kwin_wayland, @{exec_path} mr, diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell index 250e18e37..8dce5da44 100644 --- a/apparmor.d/groups/kde/plasmashell +++ b/apparmor.d/groups/kde/plasmashell @@ -42,7 +42,6 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { ptrace (read) peer=libreoffice*, ptrace (read) peer=pinentry-qt, - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (send), @{exec_path} mr, diff --git a/apparmor.d/groups/kde/xembedsniproxy b/apparmor.d/groups/kde/xembedsniproxy index 1de9e6fed..cc96b0678 100644 --- a/apparmor.d/groups/kde/xembedsniproxy +++ b/apparmor.d/groups/kde/xembedsniproxy @@ -13,8 +13,6 @@ profile xembedsniproxy @{exec_path} { include include - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mr, /usr/share/hwdata/*.ids r, diff --git a/apparmor.d/groups/ssh/gcr-ssh-agent b/apparmor.d/groups/ssh/gcr-ssh-agent index c2d7acda4..261ab8d9e 100644 --- a/apparmor.d/groups/ssh/gcr-ssh-agent +++ b/apparmor.d/groups/ssh/gcr-ssh-agent @@ -10,8 +10,6 @@ include profile gcr-ssh-agent @{exec_path} { include - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mr, @{bin}/ssh-agent rPx, diff --git a/apparmor.d/groups/ssh/ssh-agent b/apparmor.d/groups/ssh/ssh-agent index 6cb27bba0..0070d955a 100644 --- a/apparmor.d/groups/ssh/ssh-agent +++ b/apparmor.d/groups/ssh/ssh-agent @@ -13,7 +13,6 @@ profile ssh-agent @{exec_path} { include include - signal (receive) set=(cont term) peer=@{systemd_user}, signal (receive) set=term peer=cockpit-bridge, signal (receive) set=term peer=gnome-keyring-daemon, diff --git a/apparmor.d/groups/ubuntu/ubuntu-report b/apparmor.d/groups/ubuntu/ubuntu-report index 6bf0e6aab..c29ef3215 100644 --- a/apparmor.d/groups/ubuntu/ubuntu-report +++ b/apparmor.d/groups/ubuntu/ubuntu-report @@ -17,8 +17,6 @@ profile ubuntu-report @{exec_path} { network inet dgram, network inet6 dgram, - signal (receive) set=(cont term) peer=@{systemd_user}, - @{exec_path} mr, @{bin}/dpkg rPx -> child-dpkg, diff --git a/apparmor.d/profiles-a-f/aa-notify b/apparmor.d/profiles-a-f/aa-notify index 5dda75fc6..51835f9dc 100644 --- a/apparmor.d/profiles-a-f/aa-notify +++ b/apparmor.d/profiles-a-f/aa-notify @@ -19,8 +19,6 @@ profile aa-notify @{exec_path} { ptrace (read), - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mr, @{bin}/ r, diff --git a/apparmor.d/profiles-a-f/blueman b/apparmor.d/profiles-a-f/blueman index 49ac837b9..aa0333e77 100644 --- a/apparmor.d/profiles-a-f/blueman +++ b/apparmor.d/profiles-a-f/blueman @@ -29,8 +29,6 @@ profile blueman @{exec_path} flags=(attach_disconnected) { ptrace (read) peer=gjs-console, - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mrix, @{sh_path} rix, diff --git a/apparmor.d/profiles-s-z/spice-vdagent b/apparmor.d/profiles-s-z/spice-vdagent index 8a81a90e1..28e5e357f 100644 --- a/apparmor.d/profiles-s-z/spice-vdagent +++ b/apparmor.d/profiles-s-z/spice-vdagent @@ -24,8 +24,6 @@ profile spice-vdagent @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, - dbus send bus=session path=/org/freedesktop/portal/desktop interface=org.freedesktop.portal.Realtime member=MakeThreadRealtimeWithPID diff --git a/apparmor.d/profiles-s-z/wireplumber b/apparmor.d/profiles-s-z/wireplumber index 267d3aa6c..19084dfd7 100644 --- a/apparmor.d/profiles-s-z/wireplumber +++ b/apparmor.d/profiles-s-z/wireplumber @@ -23,8 +23,6 @@ profile wireplumber @{exec_path} { network bluetooth stream, network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - dbus bind bus=session name=org.freedesktop.ReserveDevice1.Audio0, dbus receive bus=session