Update profiles.

2021-09-15 20:40:47 +01:00 · 2021-09-15 20:40:47 +01:00 · 79ab7e3eec
commit 79ab7e3eec
parent 5cc6fd5c08
9 changed files with 14 additions and 12 deletions
--- a/apparmor.d/groups/gnome/gnome-shell
+++ b/apparmor.d/groups/gnome/gnome-shell
@ -80,10 +80,11 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
  owner @{user_share_dirs}/gnome-shell/{,**} rw,
  owner @{user_share_dirs}/gnome-shell/extensions/{,**} r,

+  owner @{user_cache_dirs}/evolution/addressbook/*/PHOTO-*.JPEG r,
+  owner @{user_cache_dirs}/gnome-photos/{,**} r,
+  owner @{user_cache_dirs}/gnome-screenshot/{,**} rw,
  owner @{user_cache_dirs}/libgweather/{,**} r,
  owner @{user_cache_dirs}/media-art/{,**} r,
-  owner @{user_cache_dirs}/gnome-screenshot/{,**} rw,
-  owner @{user_cache_dirs}/evolution/addressbook/*/PHOTO-*.JPEG r,

  include <abstractions/dconf>
  owner @{run}/user/@{uid}/dconf/ rw,
@ -113,6 +114,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
  @{run}/udev/data/+sound:card* r,  # for sound
  @{run}/udev/data/+usb* r,         # for USB mouse and keyboard
  @{run}/udev/data/+i2c:* r,
+  @{run}/udev/data/+hid* r,         # for HID-Compliant Keyboard
  @{run}/udev/data/c10:[0-9]* r,
  @{run}/udev/data/c13:[0-9]* r,    # for /dev/input/*
  @{run}/udev/data/c189:[0-9]*  r,  # for /dev/bus/usb/**
--- a/apparmor.d/groups/gpg/dirmngr
+++ b/apparmor.d/groups/gpg/dirmngr
@ -31,7 +31,7 @@ profile dirmngr @{exec_path} {

  owner @{run}/user/@{uid}/gnupg/ rw,
  owner @{run}/user/@{uid}/gnupg/S.dirmngr rw,
-        @{run}/user/@{uid}/d.*/S.dirmngr rw,
+  owner @{run}/user/@{uid}/gnupg/d.*/S.dirmngr rw,

  owner @{PROC}/@{pid}/task/@{tid}/comm rw,

--- a/apparmor.d/groups/pacman/pacman
+++ b/apparmor.d/groups/pacman/pacman
@ -42,7 +42,6 @@ profile pacman @{exec_path} {
  /{usr/,}bin/gpgconf      rCx -> gpg,
  /{usr/,}bin/gpgsm        rCx -> gpg,

-
  # Pacman hooks & install scripts
  /{usr/,}{s,}bin/ldconfig                rix,
  /{usr/,}bin/{,ba}sh                     rix,
@ -50,6 +49,7 @@ profile pacman @{exec_path} {
  /{usr/,}bin/env                         rix,
  /{usr/,}bin/rm                          rix,
  /{usr/,}bin/vercmp                      rix,
+  /{usr/,}bin/xmlcatalog                  rix,
  /{usr/,}lib/ghc-*/bin/ghc-pkg           rix,
  /{usr/,}bin/arch-audit                  rPx,
  /{usr/,}bin/bootctl                     rPx,
--- a/apparmor.d/groups/pacman/pacman-hook-dkms
+++ b/apparmor.d/groups/pacman/pacman-hook-dkms
@ -12,6 +12,8 @@ profile pacman-hook-dkms @{exec_path} {

  capability dac_read_search,

+  unix (receive) type=stream,
+
  @{exec_path} mr,

  /{usr/,}bin/bash rix,
--- a/apparmor.d/groups/systemd/systemd-logind
+++ b/apparmor.d/groups/systemd/systemd-logind
@ -52,7 +52,7 @@ profile systemd-logind @{exec_path} flags=(complain) {
  @{run}/systemd/seats/ rw,
  @{run}/systemd/seats/.#seat* rw,
  @{run}/systemd/seats/seat[0-9]* rw,
-  @{run}/systemd/inhibit/ r,
+  @{run}/systemd/inhibit/ rw,
  @{run}/systemd/inhibit/[0-9]*{,.ref} rw,
  @{run}/systemd/inhibit/.#* rw,
  @{run}/systemd/sessions/ rw,