diff --git a/apparmor.d/abstractions/deny-dconf b/apparmor.d/abstractions/deny-dconf index 69f18b726..bc31fa8f4 100644 --- a/apparmor.d/abstractions/deny-dconf +++ b/apparmor.d/abstractions/deny-dconf @@ -11,11 +11,11 @@ # dconf will not work properly. deny owner @{run}/user/[0-9]*/dconf/{,**} rw, - deny owner @{HOME}/.config/dconf/{,**} rw, + deny owner @{user_config_dirs}/dconf/{,**} rw, deny owner @{user_cache_dirs}/dconf/{,**} rw, # When GSETTINGS_BACKEND=keyfile - deny owner @{HOME}/.config/glib-2.0/ rw, - deny owner @{HOME}/.config/glib-2.0/settings/ rw, - deny owner @{HOME}/.config/glib-2.0/settings/keyfile rw, - deny owner @{HOME}/.config/glib-2.0/settings/.goutputstream-* rw, + deny owner @{user_config_dirs}/glib-2.0/ rw, + deny owner @{user_config_dirs}/glib-2.0/settings/ rw, + deny owner @{user_config_dirs}/glib-2.0/settings/keyfile rw, + deny owner @{user_config_dirs}/glib-2.0/settings/.goutputstream-* rw, diff --git a/apparmor.d/abstractions/evince b/apparmor.d/abstractions/evince index 8ff3fe068..3b16067b3 100644 --- a/apparmor.d/abstractions/evince +++ b/apparmor.d/abstractions/evince @@ -36,8 +36,8 @@ /etc/texmf/ r, /etc/texmf/** r, /etc/xpdf/* r, - owner @{HOME}/.config/evince/ rw, - owner @{HOME}/.config/evince/** rwkl, + owner @{user_config_dirs}/evince/ rw, + owner @{user_config_dirs}/evince/** rwkl, /usr/bin/gs-esp ixr, /usr/bin/mktexpk Cx -> sanitized_helper, @@ -108,9 +108,9 @@ audit deny @{HOME}/.mozilla/**/extensions/** mrwkl, audit deny @{HOME}/.mozilla/**/gm_scripts/** mrwkl, - audit deny @{HOME}/.config/chromium/** mrwkl, + audit deny @{user_config_dirs}/chromium/** mrwkl, audit deny @{HOME}/.evolution/** mrwkl, - audit deny @{HOME}/.config/evolution/** mrwkl, + audit deny @{user_config_dirs}/evolution/** mrwkl, audit deny @{HOME}/.kde/share/config/** mrwkl, audit deny @{HOME}/.kde/share/apps/kmail/** mrwkl, audit deny @{HOME}/.{,mozilla-}thunderbird/*/* mrwkl, diff --git a/apparmor.d/abstractions/gtk b/apparmor.d/abstractions/gtk index a6da78104..d2936046d 100644 --- a/apparmor.d/abstractions/gtk +++ b/apparmor.d/abstractions/gtk @@ -23,16 +23,16 @@ owner @{HOME}/.gtkrc r, owner @{HOME}/.gtkrc-2.0 r, owner @{HOME}/.gtk-bookmarks r, - owner @{HOME}/.config/gtkrc r, - owner @{HOME}/.config/gtkrc-2.0 r, - owner @{HOME}/.config/gtk-3.0/ rw, - owner @{HOME}/.config/gtk-3.0/settings.ini r, - owner @{HOME}/.config/gtk-3.0/bookmarks r, - owner @{HOME}/.config/gtk-3.0/gtk.css r, + owner @{user_config_dirs}/gtkrc r, + owner @{user_config_dirs}/gtkrc-2.0 r, + owner @{user_config_dirs}/gtk-3.0/ rw, + owner @{user_config_dirs}/gtk-3.0/settings.ini r, + owner @{user_config_dirs}/gtk-3.0/bookmarks r, + owner @{user_config_dirs}/gtk-3.0/gtk.css r, # for gtk file dialog - owner @{HOME}/.config/gtk-2.0/ rw, - owner @{HOME}/.config/gtk-2.0/gtkfilechooser.ini* rw, + owner @{user_config_dirs}/gtk-2.0/ rw, + owner @{user_config_dirs}/gtk-2.0/gtkfilechooser.ini* rw, # .Xauthority file required for X connections owner @{HOME}/.Xauthority r, diff --git a/apparmor.d/abstractions/kde4 b/apparmor.d/abstractions/kde4 index cf2d900ae..cb98f0a18 100644 --- a/apparmor.d/abstractions/kde4 +++ b/apparmor.d/abstractions/kde4 @@ -13,8 +13,8 @@ # Create home KDE directory structure owner @{HOME}/.kde{,4}/ rw, owner @{HOME}/.kde{,4}/**/ rw, - owner @{HOME}/.config/kde.org/ rw, - owner @{HOME}/.config/kde.org/**/ rw, + owner @{user_config_dirs}/kde.org/ rw, + owner @{user_config_dirs}/kde.org/**/ rw, # Common configs owner @{HOME}/.kde{,4}/share/config/kdeglobals r, @@ -22,9 +22,9 @@ owner @{HOME}/.kde{,4}/share/config/servicetype_profilerc r, # Phonon - owner @{HOME}/.config/kde.org/libphonon.conf rk, + owner @{user_config_dirs}/kde.org/libphonon.conf rk, - owner @{HOME}/.config/Trolltech.conf rk, + owner @{user_config_dirs}/Trolltech.conf rk, owner /var/tmp/kdecache-*/ r, owner /var/tmp/kdecache-*/** r, diff --git a/apparmor.d/abstractions/kde5-plasma5 b/apparmor.d/abstractions/kde5-plasma5 index 8d5810f9d..d160ef275 100644 --- a/apparmor.d/abstractions/kde5-plasma5 +++ b/apparmor.d/abstractions/kde5-plasma5 @@ -19,18 +19,18 @@ # For app config (in order to work the KDE_APP_NAME variable has to be set in profile which # includes this abstraction) - #owner @{HOME}/.config/#[0-9]*[0-9] rwk, - #owner @{HOME}/.config/@{KDE_APP_NAME}rc* rwlk -> @{HOME}/.config/#[0-9]*[0-9], + #owner @{user_config_dirs}/#[0-9]*[0-9] rwk, + #owner @{user_config_dirs}/@{KDE_APP_NAME}rc* rwlk -> @{user_config_dirs}/#[0-9]*[0-9], #owner @{run}/user/[0-9]*/#[0-9]*[0-9] rw, #owner @{run}/user/[0-9]*/@{KDE_APP_NAME}*.slave-socket rwl -> @{run}/user/[0-9]*/#[0-9]*[0-9], # Common KDE config files - #owner @{HOME}/.config/#[0-9]*[0-9] rw, - #owner @{HOME}/.config/kdeglobals* rwkl -> @{HOME}/.config/#[0-9]*[0-9], - #owner @{HOME}/.config/baloofilerc r, - #owner @{HOME}/.config/dolphinrc r, - #owner @{HOME}/.config/trashrc r, - #owner @{HOME}/.config/knfsshare r, + #owner @{user_config_dirs}/#[0-9]*[0-9] rw, + #owner @{user_config_dirs}/kdeglobals* rwkl -> @{user_config_dirs}/#[0-9]*[0-9], + #owner @{user_config_dirs}/baloofilerc r, + #owner @{user_config_dirs}/dolphinrc r, + #owner @{user_config_dirs}/trashrc r, + #owner @{user_config_dirs}/knfsshare r, #owner /**/.directory r, # For bookmarks @@ -56,5 +56,5 @@ #/etc/exports r, #/etc/xdg/menus/ r, #/usr/share/mime/ r, - #owner @{HOME}/.config/menus/ r, - #owner @{HOME}/.config/menus/applications-merged/ r, + #owner @{user_config_dirs}/menus/ r, + #owner @{user_config_dirs}/menus/applications-merged/ r, diff --git a/apparmor.d/abstractions/totem b/apparmor.d/abstractions/totem index 3e5406dfc..983a41422 100644 --- a/apparmor.d/abstractions/totem +++ b/apparmor.d/abstractions/totem @@ -36,8 +36,8 @@ owner @{user_cache_dirs}/tracker/db-locale.txt r, owner @{user_cache_dirs}/tracker/meta.db{,-shm,-journal,-wal} rwk, owner @{user_cache_dirs}/tracker/ontologies.gvdb r, - owner @{HOME}/.config/totem/ rwk, - owner @{HOME}/.config/totem/** rwk, + owner @{user_config_dirs}/totem/ rwk, + owner @{user_config_dirs}/totem/** rwk, owner @{HOME}/.local/share/grilo-plugins/ rwk, owner @{HOME}/.local/share/grilo-plugins/*.db{,-shm,-journal,-wal} rwk, owner @{HOME}/.local/share/gvfs-metadata/** r, diff --git a/apparmor.d/abstractions/trash b/apparmor.d/abstractions/trash index c0b7b6b85..6b3285903 100644 --- a/apparmor.d/abstractions/trash +++ b/apparmor.d/abstractions/trash @@ -4,10 +4,10 @@ abi , - owner @{HOME}/.config/trashrc rw, - owner @{HOME}/.config/trashrc.lock rwk, - owner @{HOME}/.config/#[0-9]*[0-9] rwk, - owner @{HOME}/.config/trashrc.* rwl -> @{HOME}/.config/#[0-9]*[0-9], + owner @{user_config_dirs}/trashrc rw, + owner @{user_config_dirs}/trashrc.lock rwk, + owner @{user_config_dirs}/#[0-9]*[0-9] rwk, + owner @{user_config_dirs}/trashrc.* rwl -> @{user_config_dirs}/#[0-9]*[0-9], owner @{run}/user/[0-9]*/#[0-9]*[0-9] rw, owner @{run}/user/[0-9]*/trash.so*.[0-9].slave-socket rwl -> @{run}/user/[0-9]*/#[0-9]*[0-9], diff --git a/apparmor.d/groups/apps/android-studio b/apparmor.d/groups/apps/android-studio index 4d201f8d2..1b4c6d863 100644 --- a/apparmor.d/groups/apps/android-studio +++ b/apparmor.d/groups/apps/android-studio @@ -127,11 +127,11 @@ profile android-studio @{exec_path} { owner @{HOME}/Android/ rw, owner @{HOME}/Android/** mrwkix, - owner "@{HOME}/.config/Android Open Source Project/" rw, - owner "@{HOME}/.config/Android Open Source Project/**" rwk, + owner "@{user_config_dirs}/Android Open Source Project/" rw, + owner "@{user_config_dirs}/Android Open Source Project/**" rwk, - owner @{HOME}/.config/Google/ rw, - owner @{HOME}/.config/Google/** rwk, + owner @{user_config_dirs}/Google/ rw, + owner @{user_config_dirs}/Google/** rwk, owner @{user_cache_dirs}/ rw, owner "@{user_cache_dirs}/Android Open Source Project/" rw, diff --git a/apparmor.d/groups/apps/atom b/apparmor.d/groups/apps/atom index 0c6975a56..eaf3c51bb 100644 --- a/apparmor.d/groups/apps/atom +++ b/apparmor.d/groups/apps/atom @@ -81,8 +81,8 @@ profile atom @{exec_path} { #owner @{HOME}/ r, owner @{HOME}/.atom/ rw, owner @{HOME}/.atom/** rwkl -> @{HOME}/.atom/**, - owner @{HOME}/.config/Atom/ rw, - owner @{HOME}/.config/Atom/** rwkl -> @{HOME}/.config/Atom/**, + owner @{user_config_dirs}/Atom/ rw, + owner @{user_config_dirs}/Atom/** rwkl -> @{user_config_dirs}/Atom/**, # Git dirs / r, @@ -91,7 +91,7 @@ profile atom @{exec_path} { owner /media/*/atom/ r, owner /media/*/atom/** rwkl -> /media/*/atom/**, - owner @{HOME}/.config/git/config r, + owner @{user_config_dirs}/git/config r, # To remove the following error: # Error initializing NSS with a persistent database diff --git a/apparmor.d/groups/apps/calibre b/apparmor.d/groups/apps/calibre index b8c750f7c..a70cf0492 100644 --- a/apparmor.d/groups/apps/calibre +++ b/apparmor.d/groups/apps/calibre @@ -86,8 +86,8 @@ profile calibre @{exec_path} { owner /media/*/Calibre_Library*/ rw, owner /media/*/Calibre_Library*/** rwkl -> /media/*/Calibre_Library*/**, - owner @{HOME}/.config/calibre/ rw, - owner @{HOME}/.config/calibre/** rwk, + owner @{user_config_dirs}/calibre/ rw, + owner @{user_config_dirs}/calibre/** rwk, owner @{HOME}/.local/share/calibre-ebook.com/ rw, owner @{HOME}/.local/share/calibre-ebook.com/calibre/ rw, @@ -129,7 +129,7 @@ profile calibre @{exec_path} { /etc/fstab r, - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, # no new privs diff --git a/apparmor.d/groups/apps/code b/apparmor.d/groups/apps/code index 445f424eb..a36d30c52 100644 --- a/apparmor.d/groups/apps/code +++ b/apparmor.d/groups/apps/code @@ -58,8 +58,8 @@ profile code @{exec_path} { # Reading of the user home dir is required or the following error will be printed: # Unexpected end of JSON input: #owner @{HOME}/ r, - owner @{HOME}/.config/Code/ rw, - owner @{HOME}/.config/Code/** rwkl -> {HOME}/.config/Code/**, + owner @{user_config_dirs}/Code/ rw, + owner @{user_config_dirs}/Code/** rwkl -> {HOME}/.config/Code/**, owner @{HOME}/.vscode/ rw, owner @{HOME}/.vscode/** rwlk -> @{HOME}/.vscode/**, diff --git a/apparmor.d/groups/apps/discord b/apparmor.d/groups/apps/discord index d1866a2e5..abf55b588 100644 --- a/apparmor.d/groups/apps/discord +++ b/apparmor.d/groups/apps/discord @@ -7,7 +7,7 @@ abi , include @{DISCORD_LIBDIR} = /usr/share/discord -@{DISCORD_HOMEDIR} = @{HOME}/.config/discord +@{DISCORD_HOMEDIR} = @{user_config_dirs}/discord @{DISCORD_CACHEDIR} = @{user_cache_dirs}/discord @{exec_path} = @{DISCORD_LIBDIR}/Discord /{usr/,}bin/discord @@ -152,9 +152,9 @@ profile discord @{exec_path} { # file_inherit /usr/share/discord/** r, owner /dev/shm/.org.chromium.Chromium.* rw, - owner @{HOME}/.config/discord/GPUCache/data_[0-9] rw, - owner @{HOME}/.config/discord/*/modules/discord_desktop_core/core.asar r, - owner @{HOME}/.config/discord/GPUCache/index rw, + owner @{user_config_dirs}/discord/GPUCache/data_[0-9] rw, + owner @{user_config_dirs}/discord/*/modules/discord_desktop_core/core.asar r, + owner @{user_config_dirs}/discord/GPUCache/index rw, } @@ -180,9 +180,9 @@ profile discord @{exec_path} { # file_inherit deny /usr/share/discord/** r, deny owner /dev/shm/.org.chromium.Chromium.* rw, - deny owner @{HOME}/.config/discord/GPUCache/data_[0-9] rw, - deny owner @{HOME}/.config/discord/*/modules/discord_desktop_core/core.asar r, - deny owner @{HOME}/.config/discord/GPUCache/index rw, + deny owner @{user_config_dirs}/discord/GPUCache/data_[0-9] rw, + deny owner @{user_config_dirs}/discord/*/modules/discord_desktop_core/core.asar r, + deny owner @{user_config_dirs}/discord/GPUCache/index rw, } diff --git a/apparmor.d/groups/apps/discord-chrome-sandbox b/apparmor.d/groups/apps/discord-chrome-sandbox index 1b1f7c484..df2c9e000 100644 --- a/apparmor.d/groups/apps/discord-chrome-sandbox +++ b/apparmor.d/groups/apps/discord-chrome-sandbox @@ -7,7 +7,7 @@ abi , include @{DISCORD_LIBDIR} = /usr/share/discord -@{DISCORD_HOMEDIR} = @{HOME}/.config/discord +@{DISCORD_HOMEDIR} = @{user_config_dirs}/discord @{DISCORD_CACHEDIR} = @{user_cache_dirs}/discord @{exec_path} = @{DISCORD_LIBDIR}/chrome-sandbox diff --git a/apparmor.d/groups/apps/dropbox b/apparmor.d/groups/apps/dropbox index 2bca3799e..4994dd6f3 100644 --- a/apparmor.d/groups/apps/dropbox +++ b/apparmor.d/groups/apps/dropbox @@ -69,7 +69,7 @@ profile dropbox @{exec_path} { owner @{HOME}/.dropbox-dist-tmp-*/{,**} rw, # For autostart - deny owner @{HOME}/.config/autostart/dropbox.desktop rw, + deny owner @{user_config_dirs}/autostart/dropbox.desktop rw, # What's this for? /{usr/,}bin/mount mrix, diff --git a/apparmor.d/groups/apps/filezilla b/apparmor.d/groups/apps/filezilla index 281473593..b9e3d3f91 100644 --- a/apparmor.d/groups/apps/filezilla +++ b/apparmor.d/groups/apps/filezilla @@ -30,8 +30,8 @@ profile filezilla @{exec_path} { /{usr/,}bin/lsb_release rPx -> child-lsb_release, owner @{HOME}/ r, - owner @{HOME}/.config/filezilla/ rw, - owner @{HOME}/.config/filezilla/* rwk, + owner @{user_config_dirs}/filezilla/ rw, + owner @{user_config_dirs}/filezilla/* rwk, owner @{user_cache_dirs}/filezilla/ rw, owner @{user_cache_dirs}/filezilla/default_*.png rw, diff --git a/apparmor.d/groups/apps/flameshot b/apparmor.d/groups/apps/flameshot index 7d64d0732..800662bad 100644 --- a/apparmor.d/groups/apps/flameshot +++ b/apparmor.d/groups/apps/flameshot @@ -39,13 +39,13 @@ profile flameshot @{exec_path} { /{usr/,}bin/xdg-open rCx -> open, # Flameshot home files - owner @{HOME}/.config/flameshot/ rw, - owner @{HOME}/.config/flameshot/flameshot.ini rw, - owner @{HOME}/.config/flameshot/#[0-9]*[0-9] rw, - owner @{HOME}/.config/flameshot/flameshot.ini* rwl -> @{HOME}/.config/flameshot/#[0-9]*[0-9], - owner @{HOME}/.config/flameshot/flameshot.ini.lock rwk, + owner @{user_config_dirs}/flameshot/ rw, + owner @{user_config_dirs}/flameshot/flameshot.ini rw, + owner @{user_config_dirs}/flameshot/#[0-9]*[0-9] rw, + owner @{user_config_dirs}/flameshot/flameshot.ini* rwl -> @{user_config_dirs}/flameshot/#[0-9]*[0-9], + owner @{user_config_dirs}/flameshot/flameshot.ini.lock rwk, - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, /var/lib/dbus/machine-id r, diff --git a/apparmor.d/groups/apps/freetube b/apparmor.d/groups/apps/freetube index 9a0bbdec8..47337befc 100644 --- a/apparmor.d/groups/apps/freetube +++ b/apparmor.d/groups/apps/freetube @@ -52,8 +52,8 @@ profile freetube @{exec_path} { @{FT_LIBDIR}/chrome-sandbox rPx, owner @{HOME}/ r, - owner @{HOME}/.config/FreeTube/ rw, - owner @{HOME}/.config/FreeTube/** rwk, + owner @{user_config_dirs}/FreeTube/ rw, + owner @{user_config_dirs}/FreeTube/** rwk, /var/tmp/ r, /tmp/ r, diff --git a/apparmor.d/groups/apps/geany b/apparmor.d/groups/apps/geany index 9344ab36a..2b97957fe 100644 --- a/apparmor.d/groups/apps/geany +++ b/apparmor.d/groups/apps/geany @@ -49,7 +49,7 @@ profile geany @{exec_path} { /usr/share/geany/{,**} r, - owner @{HOME}/.config/geany/{,**} rw, + owner @{user_config_dirs}/geany/{,**} rw, owner /{run/,}user/[0-9]*/geany/geany_socket.[0-9a-f]* rw, diff --git a/apparmor.d/groups/apps/okular b/apparmor.d/groups/apps/okular index b2a7d8338..abb1662aa 100644 --- a/apparmor.d/groups/apps/okular +++ b/apparmor.d/groups/apps/okular @@ -39,22 +39,22 @@ profile okular @{exec_path} { /tmp/mozilla_*/ r, owner /{home,media,tmp/mozilla_*}/**.@{okular_ext} rw, - owner @{HOME}/.config/#[0-9]*[0-9] rw, + owner @{user_config_dirs}/#[0-9]*[0-9] rw, - owner @{HOME}/.config/okularrc rw, - owner @{HOME}/.config/okularrc.lock rwk, - owner @{HOME}/.config/okularrc.* rwl -> @{HOME}/.config/#[0-9]*[0-9], + owner @{user_config_dirs}/okularrc rw, + owner @{user_config_dirs}/okularrc.lock rwk, + owner @{user_config_dirs}/okularrc.* rwl -> @{user_config_dirs}/#[0-9]*[0-9], - owner @{HOME}/.config/okularpartrc rw, - owner @{HOME}/.config/okularpartrc.lock rwk, - owner @{HOME}/.config/okularpartrc.* rwl -> @{HOME}/.config/#[0-9]*[0-9], + owner @{user_config_dirs}/okularpartrc rw, + owner @{user_config_dirs}/okularpartrc.lock rwk, + owner @{user_config_dirs}/okularpartrc.* rwl -> @{user_config_dirs}/#[0-9]*[0-9], - owner @{HOME}/.config/kdeglobals r, - owner @{HOME}/.config/kwalletrc r, + owner @{user_config_dirs}/kdeglobals r, + owner @{user_config_dirs}/kwalletrc r, owner @{HOME}/.local/share/okular/{,**} rw, - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, owner @{user_cache_dirs}/ rw, diff --git a/apparmor.d/groups/apps/signal-desktop b/apparmor.d/groups/apps/signal-desktop index 953ef6431..569565845 100644 --- a/apparmor.d/groups/apps/signal-desktop +++ b/apparmor.d/groups/apps/signal-desktop @@ -6,7 +6,7 @@ abi , include @{SIGNAL_INSTALLDIR} = "/opt/Signal{, Beta}" -@{SIGNAL_HOMEDIR} = "@{HOME}/.config/Signal{, Beta}" +@{SIGNAL_HOMEDIR} = "@{user_config_dirs}/Signal{, Beta}" @{exec_path} = @{SIGNAL_INSTALLDIR}/signal-desktop{,-beta} profile signal-desktop @{exec_path} { diff --git a/apparmor.d/groups/apps/signal-desktop-chrome-sandbox b/apparmor.d/groups/apps/signal-desktop-chrome-sandbox index 2c1fe2c1e..cd20d1337 100644 --- a/apparmor.d/groups/apps/signal-desktop-chrome-sandbox +++ b/apparmor.d/groups/apps/signal-desktop-chrome-sandbox @@ -7,7 +7,7 @@ abi , include @{SIGNAL_INSTALLDIR} = "/opt/Signal{, Beta}" -@{SIGNAL_HOMEDIR} = "@{HOME}/.config/Signal{, Beta}" +@{SIGNAL_HOMEDIR} = "@{user_config_dirs}/Signal{, Beta}" @{exec_path} = @{SIGNAL_INSTALLDIR}/signal-desktop{,-beta} profile signal-desktop-chrome-sandbox @{exec_path} { diff --git a/apparmor.d/groups/apps/spotify b/apparmor.d/groups/apps/spotify index d561a369c..986aec019 100644 --- a/apparmor.d/groups/apps/spotify +++ b/apparmor.d/groups/apps/spotify @@ -30,8 +30,8 @@ profile spotify @{exec_path} { /usr/share/spotify/swiftshader/libGLESv2.so mr, /usr/share/spotify/swiftshader/libEGL.so mr, - owner @{HOME}/.config/spotify/ rw, - owner @{HOME}/.config/spotify/** rw, + owner @{user_config_dirs}/spotify/ rw, + owner @{user_config_dirs}/spotify/** rw, owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/spotify/ rw, diff --git a/apparmor.d/groups/apps/telegram-desktop b/apparmor.d/groups/apps/telegram-desktop index 79be0de6d..03080a16c 100644 --- a/apparmor.d/groups/apps/telegram-desktop +++ b/apparmor.d/groups/apps/telegram-desktop @@ -57,7 +57,7 @@ profile telegram-desktop @{exec_path} { #owner @{TELEGRAM_WORK_DIR}/{,**} rw, # Autostart - owner @{HOME}/.config/autostart/telegramdesktop.desktop rw, + owner @{user_config_dirs}/autostart/telegramdesktop.desktop rw, /dev/shm/#[0-9]*[0-9] rw, diff --git a/apparmor.d/groups/apps/thunderbird b/apparmor.d/groups/apps/thunderbird index 028890c28..43b3b8f4a 100644 --- a/apparmor.d/groups/apps/thunderbird +++ b/apparmor.d/groups/apps/thunderbird @@ -101,16 +101,16 @@ profile thunderbird @{exec_path} { # System integration /etc/mime.types r, - owner @{HOME}/.config/mimeapps.list.* rw, + owner @{user_config_dirs}/mimeapps.list.* rw, # KDE system keyring /{usr/,}lib/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemX11Plugin.so mr, /usr/share/xul-ext/kwallet5/* r, /etc/xul-ext/kwallet5.js r, - owner @{HOME}/.config/kwalletrc r, + owner @{user_config_dirs}/kwalletrc r, # QT5 - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, deny @{sys}/devices/system/cpu/present r, diff --git a/apparmor.d/groups/apps/usr.lib.libreoffice.program.oosplash b/apparmor.d/groups/apps/usr.lib.libreoffice.program.oosplash index f5b055a1a..b77b79d33 100644 --- a/apparmor.d/groups/apps/usr.lib.libreoffice.program.oosplash +++ b/apparmor.d/groups/apps/usr.lib.libreoffice.program.oosplash @@ -30,7 +30,7 @@ profile libreoffice-oopslash /usr/lib/libreoffice/program/oosplash flags=(compla /usr/lib/libreoffice/program/soffice.bin rmpx, /usr/lib/libreoffice/program/javaldx rmpux, owner @{HOME}/.Xauthority r, - owner @{HOME}/.config/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw, + owner @{user_config_dirs}/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw, unix peer=(addr=@/tmp/.ICE-unix/* label=unconfined), unix peer=(addr=@/tmp/.X11-unix/* label=unconfined), } diff --git a/apparmor.d/groups/apps/usr.lib.libreoffice.program.senddoc b/apparmor.d/groups/apps/usr.lib.libreoffice.program.senddoc index 12724fd6a..04ba646f4 100644 --- a/apparmor.d/groups/apps/usr.lib.libreoffice.program.senddoc +++ b/apparmor.d/groups/apps/usr.lib.libreoffice.program.senddoc @@ -32,6 +32,6 @@ profile libreoffice-senddoc /usr/lib/libreoffice/program/senddoc flags=(complain /dev/null rw, /usr/lib/libreoffice/program/uri-encode rmpux, /usr/share/libreoffice/share/config/* r, - owner @{HOME}/.config/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw, + owner @{user_config_dirs}/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw, } diff --git a/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin b/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin index 4049b92f8..59f16049d 100644 --- a/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin +++ b/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin @@ -118,15 +118,15 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp /etc/xml/catalog r, #exporting to .xhtml, for libxml2 /proc/*/status r, - owner @{HOME}/.config/libreoffice{,dev}/** rwk, - owner @{HOME}/.config/soffice.binrc rwl -> @{HOME}/.config/#[0-9]*, - owner @{HOME}/.config/soffice.binrc.* rwl -> @{HOME}/.config/#[0-9]*, - owner @{HOME}/.config/soffice.binrc.lock rwk, + owner @{user_config_dirs}/libreoffice{,dev}/** rwk, + owner @{user_config_dirs}/soffice.binrc rwl -> @{user_config_dirs}/#[0-9]*, + owner @{user_config_dirs}/soffice.binrc.* rwl -> @{user_config_dirs}/#[0-9]*, + owner @{user_config_dirs}/soffice.binrc.lock rwk, owner @{user_cache_dirs}/fontconfig/** rw, - owner @{HOME}/.config/gtk-???/bookmarks r, #Make bookmarks work + owner @{user_config_dirs}/gtk-???/bookmarks r, #Make bookmarks work owner /{,var/}run/user/*/dconf/user rw, - owner @{HOME}/.config/dconf/user r, + owner @{user_config_dirs}/dconf/user r, # allow schema to be read /usr/share/glib-*/schemas/ r, @@ -227,7 +227,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp # probably should become a subprofile like gpg above, but then it doesn't # work either as it tries to access stuff only allowed above... - owner @{HOME}/.config/kdeglobals r, + owner @{user_config_dirs}/kdeglobals r, /usr/lib/libreoffice/program/lo_kde5filepicker rPUx, /usr/share/qt5/translations/* r, /usr/lib/*/qt5/plugins/** rm, @@ -235,11 +235,11 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp # TODO: remove when rules are available in abstractions/kde owner @{user_cache_dirs}/ksycoca5_??_* r, # KDE System Configuration Cache - owner @{HOME}/.config/baloofilerc r, # indexing options (excludes, etc), used by KFileWidget - owner @{HOME}/.config/dolphinrc r, # settings used by KFileWidget - owner @{HOME}/.config/kde.org/libphonon.conf r, # for KNotifications::sendEvent() - owner @{HOME}/.config/klanguageoverridesrc r, # per-application languages, for KDEPrivate::initializeLanguages() from libKF5XmlGui.so - owner @{HOME}/.config/trashrc r, # user by KFileWidget + owner @{user_config_dirs}/baloofilerc r, # indexing options (excludes, etc), used by KFileWidget + owner @{user_config_dirs}/dolphinrc r, # settings used by KFileWidget + owner @{user_config_dirs}/kde.org/libphonon.conf r, # for KNotifications::sendEvent() + owner @{user_config_dirs}/klanguageoverridesrc r, # per-application languages, for KDEPrivate::initializeLanguages() from libKF5XmlGui.so + owner @{user_config_dirs}/trashrc r, # user by KFileWidget /usr/share/knotifications5/*.notifyrc r, # KNotification::sendEvent # TODO: remove when rules are available in abstractions/kde-write-icon-cache or similar @@ -249,11 +249,11 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp /usr/share/kservices5/*.protocol r, # TODO: use qt5-settings-write abstraction when it is available - owner @{HOME}/.config/#[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] rw, - owner @{HOME}/.config/QtProject.conf rw, - owner @{HOME}/.config/QtProject.conf.?????? l -> @{HOME}/.config/#[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9], - owner @{HOME}/.config/QtProject.conf.?????? rw, # for temporary files like QtProject.conf.Aqrgeb - owner @{HOME}/.config/QtProject.conf.lock rwk, + owner @{user_config_dirs}/#[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9] rw, + owner @{user_config_dirs}/QtProject.conf rw, + owner @{user_config_dirs}/QtProject.conf.?????? l -> @{user_config_dirs}/#[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9], + owner @{user_config_dirs}/QtProject.conf.?????? rw, # for temporary files like QtProject.conf.Aqrgeb + owner @{user_config_dirs}/QtProject.conf.lock rwk, # TODO: use qt5-compose-cache-write abstraction when it is available owner @{user_cache_dirs}/qt_compose_cache_{little,big}_endian_* r, @@ -265,7 +265,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp owner @{HOME}/.local/share/RecentDocuments/*.lock rwk, # TODO: use kde-globals-write abstraction when it is available - owner @{HOME}/.config/kdeglobals rw, - owner @{HOME}/.config/kdeglobals.* rwl -> @{HOME}/.config/#[0-9]*, - owner @{HOME}/.config/kdeglobals.lock rwk, + owner @{user_config_dirs}/kdeglobals rw, + owner @{user_config_dirs}/kdeglobals.* rwl -> @{user_config_dirs}/#[0-9]*, + owner @{user_config_dirs}/kdeglobals.lock rwk, } diff --git a/apparmor.d/groups/apps/usr.lib.libreoffice.program.xpdfimport b/apparmor.d/groups/apps/usr.lib.libreoffice.program.xpdfimport index 04c469e63..d934834f8 100644 --- a/apparmor.d/groups/apps/usr.lib.libreoffice.program.xpdfimport +++ b/apparmor.d/groups/apps/usr.lib.libreoffice.program.xpdfimport @@ -21,7 +21,7 @@ profile libreoffice-xpdfimport /usr/lib/libreoffice/program/xpdfimport flags=(co /usr/share/poppler/** r, /usr/share/libreoffice/share/config/* r, - owner @{HOME}/.config/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw, + owner @{user_config_dirs}/libreoffice{,dev}/?/user/uno_packages/cache/log.txt rw, /usr/lib/libreoffice/program/xpdfimport pxm, diff --git a/apparmor.d/groups/apps/vlc b/apparmor.d/groups/apps/vlc index cfb1570b1..34008ea4a 100644 --- a/apparmor.d/groups/apps/vlc +++ b/apparmor.d/groups/apps/vlc @@ -98,8 +98,8 @@ profile vlc @{exec_path} { # VLC config files owner @{HOME}/ r, - owner @{HOME}/.config/vlc/ rw, - owner @{HOME}/.config/vlc/* rwkl -> @{HOME}/.config/vlc/#[0-9]*[0-9], + owner @{user_config_dirs}/vlc/ rw, + owner @{user_config_dirs}/vlc/* rwkl -> @{user_config_dirs}/vlc/#[0-9]*[0-9], owner @{HOME}/.local/share/vlc/{,*} rw, owner @{user_cache_dirs}/ rw, @@ -107,7 +107,7 @@ profile vlc @{exec_path} { owner @{user_cache_dirs}/#[0-9]*[0-9] rw, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, /dev/shm/#[0-9]*[0-9] rw, diff --git a/apparmor.d/groups/apt/dpkg-buildflags b/apparmor.d/groups/apt/dpkg-buildflags index 89d1c697f..b6c0ba3a0 100644 --- a/apparmor.d/groups/apt/dpkg-buildflags +++ b/apparmor.d/groups/apt/dpkg-buildflags @@ -19,7 +19,7 @@ profile dpkg-buildflags @{exec_path} flags=(complain) { /usr/share/dpkg/cputable r, /usr/share/dpkg/tupletable r, - owner @{HOME}/.config/dpkg/buildflags.conf r, + owner @{user_config_dirs}/dpkg/buildflags.conf r, include if exists } diff --git a/apparmor.d/groups/apt/dpkg-genbuildinfo b/apparmor.d/groups/apt/dpkg-genbuildinfo index d574bae70..2478c4917 100644 --- a/apparmor.d/groups/apt/dpkg-genbuildinfo +++ b/apparmor.d/groups/apt/dpkg-genbuildinfo @@ -26,7 +26,7 @@ profile dpkg-genbuildinfo @{exec_path} flags=(complain) { /usr/share/dpkg/cputable r, /usr/share/dpkg/tupletable r, - owner @{HOME}/.config/dpkg/buildflags.conf r, + owner @{user_config_dirs}/dpkg/buildflags.conf r, /usr/local/bin/ r, /usr/local/sbin/ r, diff --git a/apparmor.d/groups/browsers/brave b/apparmor.d/groups/browsers/brave index 38d9d78df..9d6278e66 100644 --- a/apparmor.d/groups/browsers/brave +++ b/apparmor.d/groups/browsers/brave @@ -7,7 +7,7 @@ abi , include @{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev} -@{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev} +@{BRAVE_HOMEDIR} = @{user_config_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev} @{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev} @{exec_path} = @{BRAVE_INSTALLDIR}/brave{,-beta,-dev} @@ -87,7 +87,7 @@ profile brave @{exec_path} { owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw, owner @{HOME}/ r, - owner @{HOME}/.config/BraveSoftware/ w, + owner @{user_config_dirs}/BraveSoftware/ w, owner @{BRAVE_HOMEDIR}/ rw, owner @{BRAVE_HOMEDIR}/** rwk, # For Widevine plugin @@ -111,14 +111,14 @@ profile brave @{exec_path} { owner @{HOME}/.mozilla/firefox/*/{cert9,key4}.db rwk, owner @{HOME}/.mozilla/firefox/*/logins.json r, # For importing data from Chromium - owner "@{HOME}/.config/chromium/Local State" r, - owner @{HOME}/.config/chromium/Singleton{Lock,Socket,Cookie} w, - owner "@{HOME}/.config/chromium/*/Login Data{,-journal}" rwk, - owner @{HOME}/.config/chromium/*/ r, - owner @{HOME}/.config/chromium/*/{History,Cookies,Favicons,Bookmarks} rwk, + owner "@{user_config_dirs}/chromium/Local State" r, + owner @{user_config_dirs}/chromium/Singleton{Lock,Socket,Cookie} w, + owner "@{user_config_dirs}/chromium/*/Login Data{,-journal}" rwk, + owner @{user_config_dirs}/chromium/*/ r, + owner @{user_config_dirs}/chromium/*/{History,Cookies,Favicons,Bookmarks} rwk, - owner @{HOME}/.config/menus/applications-merged/ r, - owner @{HOME}/.config/menus/applications-merged/xdg-desktop-menu-dummy.menu r, + owner @{user_config_dirs}/menus/applications-merged/ r, + owner @{user_config_dirs}/menus/applications-merged/xdg-desktop-menu-dummy.menu r, /etc/fstab r, diff --git a/apparmor.d/groups/browsers/brave-browser b/apparmor.d/groups/browsers/brave-browser index 558d69919..df4a551f4 100644 --- a/apparmor.d/groups/browsers/brave-browser +++ b/apparmor.d/groups/browsers/brave-browser @@ -3,7 +3,7 @@ # SPDX-License-Identifier: GPL-2.0-only @{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev} -@{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev} +@{BRAVE_HOMEDIR} = @{user_config_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev} @{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev} abi , diff --git a/apparmor.d/groups/browsers/brave-sandbox b/apparmor.d/groups/browsers/brave-sandbox index 534418b19..c91749d69 100644 --- a/apparmor.d/groups/browsers/brave-sandbox +++ b/apparmor.d/groups/browsers/brave-sandbox @@ -3,7 +3,7 @@ # SPDX-License-Identifier: GPL-2.0-only @{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev} -@{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev} +@{BRAVE_HOMEDIR} = @{user_config_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev} @{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev} abi , diff --git a/apparmor.d/groups/browsers/chromium b/apparmor.d/groups/browsers/chromium index e6237ed30..df8d87c88 100644 --- a/apparmor.d/groups/browsers/chromium +++ b/apparmor.d/groups/browsers/chromium @@ -7,7 +7,7 @@ abi , include @{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium -@{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium +@{CHROMIUM_HOMEDIR} = @{user_config_dirs}/chromium @{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium @{exec_path} = /{usr/,}bin/chromium diff --git a/apparmor.d/groups/browsers/chromium-chrome-sandbox b/apparmor.d/groups/browsers/chromium-chrome-sandbox index 20461570e..77bd8c665 100644 --- a/apparmor.d/groups/browsers/chromium-chrome-sandbox +++ b/apparmor.d/groups/browsers/chromium-chrome-sandbox @@ -7,7 +7,7 @@ abi , include @{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium -@{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium +@{CHROMIUM_HOMEDIR} = @{user_config_dirs}/chromium @{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium @{exec_path} = @{CHROMIUM_INSTALLDIR}/chrome-sandbox diff --git a/apparmor.d/groups/browsers/chromium-chromium b/apparmor.d/groups/browsers/chromium-chromium index 5daf2f87e..688ba0437 100644 --- a/apparmor.d/groups/browsers/chromium-chromium +++ b/apparmor.d/groups/browsers/chromium-chromium @@ -7,7 +7,7 @@ abi , include @{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium -@{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium +@{CHROMIUM_HOMEDIR} = @{user_config_dirs}/chromium @{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium @{exec_path} = @{CHROMIUM_INSTALLDIR}/chromium @@ -83,7 +83,7 @@ profile chromium-chromium @{exec_path} { # Chromium home files owner @{HOME}/ r, - owner @{HOME}/.config/ r, + owner @{user_config_dirs}/ r, owner @{CHROMIUM_HOMEDIR}/ rw, owner @{CHROMIUM_HOMEDIR}/** rwk, owner @{CHROMIUM_HOMEDIR}/WidevineCdm/*/_platform_specific/linux_*/libwidevinecdm.so mrw, diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox index 8a4b4401f..ed85051ea 100644 --- a/apparmor.d/groups/browsers/firefox +++ b/apparmor.d/groups/browsers/firefox @@ -121,7 +121,7 @@ profile firefox @{exec_path} { # Set default browser /{usr/,}bin/update-mime-database rPUx, - owner @{HOME}/.config/mimeapps.list{,.*} rw, + owner @{user_config_dirs}/mimeapps.list{,.*} rw, owner @{HOME}/.local/share/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml rw, owner @{HOME}/.local/share/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml.* rw, diff --git a/apparmor.d/groups/browsers/google-chrome-chrome b/apparmor.d/groups/browsers/google-chrome-chrome index 6ed75bf6f..8bf83a261 100644 --- a/apparmor.d/groups/browsers/google-chrome-chrome +++ b/apparmor.d/groups/browsers/google-chrome-chrome @@ -7,7 +7,7 @@ abi , include @{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable} -@{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable} +@{CHROME_HOMEDIR} = @{user_config_dirs}/google-chrome{,-beta,-unstable} @{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable} @{exec_path} = @{CHROME_INSTALLDIR}/chrome{,-beta,-unstable} @@ -107,11 +107,11 @@ profile google-chrome-chrome @{exec_path} { owner @{HOME}/.mozilla/firefox/*/{cert9,key4}.db rwk, owner @{HOME}/.mozilla/firefox/*/logins.json r, # For importing data from Chromium - owner "@{HOME}/.config/chromium/Local State" r, - owner @{HOME}/.config/chromium/Singleton{Lock,Socket,Cookie} w, - owner "@{HOME}/.config/chromium/*/Login Data{,-journal}" rwk, - owner @{HOME}/.config/chromium/*/ r, - owner @{HOME}/.config/chromium/*/{History,Cookies,Favicons,Bookmarks} rwk, + owner "@{user_config_dirs}/chromium/Local State" r, + owner @{user_config_dirs}/chromium/Singleton{Lock,Socket,Cookie} w, + owner "@{user_config_dirs}/chromium/*/Login Data{,-journal}" rwk, + owner @{user_config_dirs}/chromium/*/ r, + owner @{user_config_dirs}/chromium/*/{History,Cookies,Favicons,Bookmarks} rwk, /etc/fstab r, diff --git a/apparmor.d/groups/browsers/google-chrome-chrome-sandbox b/apparmor.d/groups/browsers/google-chrome-chrome-sandbox index 73b3aecdf..23e59bf91 100644 --- a/apparmor.d/groups/browsers/google-chrome-chrome-sandbox +++ b/apparmor.d/groups/browsers/google-chrome-chrome-sandbox @@ -7,7 +7,7 @@ abi , include @{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable} -@{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable} +@{CHROME_HOMEDIR} = @{user_config_dirs}/google-chrome{,-beta,-unstable} @{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable} @{exec_path} = @{CHROME_INSTALLDIR}/chrome-sandbox diff --git a/apparmor.d/groups/browsers/google-chrome-google-chrome b/apparmor.d/groups/browsers/google-chrome-google-chrome index 6378ccad5..23f0d1095 100644 --- a/apparmor.d/groups/browsers/google-chrome-google-chrome +++ b/apparmor.d/groups/browsers/google-chrome-google-chrome @@ -7,7 +7,7 @@ abi , include @{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable} -@{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable} +@{CHROME_HOMEDIR} = @{user_config_dirs}/google-chrome{,-beta,-unstable} @{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable} @{exec_path} = @{CHROME_INSTALLDIR}/google-chrome{,-beta,-unstable} diff --git a/apparmor.d/groups/browsers/opera b/apparmor.d/groups/browsers/opera index 625e3c9b4..0a2c9ceae 100644 --- a/apparmor.d/groups/browsers/opera +++ b/apparmor.d/groups/browsers/opera @@ -7,7 +7,7 @@ abi , include @{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer} -@{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer} +@{OPERA_HOMEDIR} = @{user_config_dirs}/opera{,-beta,-developer} @{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer} @{exec_path} = @{OPERA_INSTALLDIR}/opera{,-beta,-developer} @@ -94,16 +94,16 @@ profile opera @{exec_path} { owner @{HOME}/.mozilla/firefox/*/{cert9,key4}.db rwk, owner @{HOME}/.mozilla/firefox/*/logins.json r, # For importing data from Chromium - owner "@{HOME}/.config/chromium/Local State" r, - owner @{HOME}/.config/chromium/Singleton{Lock,Socket,Cookie} w, - owner "@{HOME}/.config/chromium/*/Login Data{,-journal}" rwk, - owner @{HOME}/.config/chromium/*/ r, - owner @{HOME}/.config/chromium/*/{History,Cookies,Favicons,Bookmarks} rwk, + owner "@{user_config_dirs}/chromium/Local State" r, + owner @{user_config_dirs}/chromium/Singleton{Lock,Socket,Cookie} w, + owner "@{user_config_dirs}/chromium/*/Login Data{,-journal}" rwk, + owner @{user_config_dirs}/chromium/*/ r, + owner @{user_config_dirs}/chromium/*/{History,Cookies,Favicons,Bookmarks} rwk, # Flashplayer - owner @{HOME}/.config/google-chrome{,-beta,-unstable}/PepperFlash/**/manifest.json r, - owner @{HOME}/.config/google-chrome{,-beta,-unstable}/PepperFlash/latest-component-updated-flash r, - owner @{HOME}/.config/google-chrome{,-beta,-unstable}/PepperFlash/**/libpepflashplayer.so mr, + owner @{user_config_dirs}/google-chrome{,-beta,-unstable}/PepperFlash/**/manifest.json r, + owner @{user_config_dirs}/google-chrome{,-beta,-unstable}/PepperFlash/latest-component-updated-flash r, + owner @{user_config_dirs}/google-chrome{,-beta,-unstable}/PepperFlash/**/libpepflashplayer.so mr, /etc/fstab r, diff --git a/apparmor.d/groups/browsers/opera-crashreporter b/apparmor.d/groups/browsers/opera-crashreporter index 1b7fb7dc2..79e0074f4 100644 --- a/apparmor.d/groups/browsers/opera-crashreporter +++ b/apparmor.d/groups/browsers/opera-crashreporter @@ -7,7 +7,7 @@ abi , include @{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer} -@{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer} +@{OPERA_HOMEDIR} = @{user_config_dirs}/opera{,-beta,-developer} @{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer} @{exec_path} = @{OPERA_INSTALLDIR}/opera_crashreporter diff --git a/apparmor.d/groups/browsers/opera-sandbox b/apparmor.d/groups/browsers/opera-sandbox index db9131db8..38b230e9a 100644 --- a/apparmor.d/groups/browsers/opera-sandbox +++ b/apparmor.d/groups/browsers/opera-sandbox @@ -7,7 +7,7 @@ abi , include @{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer} -@{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer} +@{OPERA_HOMEDIR} = @{user_config_dirs}/opera{,-beta,-developer} @{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer} @{exec_path} = @{OPERA_INSTALLDIR}/opera_sandbox diff --git a/apparmor.d/groups/browsers/torbrowser.Browser.firefox b/apparmor.d/groups/browsers/torbrowser.Browser.firefox index f8e7130a1..284869de3 100644 --- a/apparmor.d/groups/browsers/torbrowser.Browser.firefox +++ b/apparmor.d/groups/browsers/torbrowser.Browser.firefox @@ -119,8 +119,8 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { deny /dev/dri/ rwklx, deny @{user_cache_dirs}/fontconfig/ rw, deny @{user_cache_dirs}/fontconfig/** rw, - deny @{HOME}/.config/gtk-2.0/ rw, - deny @{HOME}/.config/gtk-2.0/** rw, + deny @{user_config_dirs}/gtk-2.0/ rw, + deny @{user_config_dirs}/gtk-2.0/** rw, deny @{PROC}/@{pid}/net/route r, deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r, deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r, diff --git a/apparmor.d/groups/desktop/dconf-editor b/apparmor.d/groups/desktop/dconf-editor index 26e6a490c..73735bd63 100644 --- a/apparmor.d/groups/desktop/dconf-editor +++ b/apparmor.d/groups/desktop/dconf-editor @@ -22,10 +22,10 @@ profile dconf-editor @{exec_path} { owner @{run}/user/[0-9]*/dconf/user rw, # When GSETTINGS_BACKEND=keyfile - owner @{HOME}/.config/glib-2.0/ rw, - owner @{HOME}/.config/glib-2.0/settings/ rw, - owner @{HOME}/.config/glib-2.0/settings/keyfile rw, - owner @{HOME}/.config/glib-2.0/settings/.goutputstream-* rw, + owner @{user_config_dirs}/glib-2.0/ rw, + owner @{user_config_dirs}/glib-2.0/settings/ rw, + owner @{user_config_dirs}/glib-2.0/settings/keyfile rw, + owner @{user_config_dirs}/glib-2.0/settings/.goutputstream-* rw, /usr/share/glib-2.0/schemas/{,*} r, diff --git a/apparmor.d/groups/desktop/dconf-service b/apparmor.d/groups/desktop/dconf-service index 1d0524959..a20573b22 100644 --- a/apparmor.d/groups/desktop/dconf-service +++ b/apparmor.d/groups/desktop/dconf-service @@ -18,8 +18,8 @@ profile dconf-service @{exec_path} { owner @{run}/user/[0-9]*/dconf/ rw, owner @{run}/user/[0-9]*/dconf/user rw, - owner @{HOME}/.config/dconf/ rw, - owner @{HOME}/.config/dconf/user{,.*} rw, + owner @{user_config_dirs}/dconf/ rw, + owner @{user_config_dirs}/dconf/user{,.*} rw, owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/dconf/ rw, diff --git a/apparmor.d/groups/gnome/gio-launch-desktop b/apparmor.d/groups/gnome/gio-launch-desktop index 3289d4705..b6c9a821c 100644 --- a/apparmor.d/groups/gnome/gio-launch-desktop +++ b/apparmor.d/groups/gnome/gio-launch-desktop @@ -23,7 +23,7 @@ profile gio-launch-desktop @{exec_path} { /var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r, # User files - owner @{HOME}/.config/mimeapps.list r, + owner @{user_config_dirs}/mimeapps.list r, owner @{HOME}/.local/share/applications/{,*.desktop} r, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/profiles-a-l/amarok b/apparmor.d/profiles-a-l/amarok index 6a142f26b..3d2fab0eb 100644 --- a/apparmor.d/profiles-a-l/amarok +++ b/apparmor.d/profiles-a-l/amarok @@ -114,7 +114,7 @@ profile amarok @{exec_path} { owner @{HOME}/.local/share/user-places.xbel rw, - owner @{HOME}/.config/Trolltech.conf rwk, + owner @{user_config_dirs}/Trolltech.conf rwk, deny /etc/rpc r, diff --git a/apparmor.d/profiles-a-l/amixer b/apparmor.d/profiles-a-l/amixer index efdf9ec4a..0ba1f05c8 100644 --- a/apparmor.d/profiles-a-l/amixer +++ b/apparmor.d/profiles-a-l/amixer @@ -18,7 +18,7 @@ profile amixer @{exec_path} { owner @{HOME}/.Xauthority r, - owner @{HOME}/.config/pulse/ r, + owner @{user_config_dirs}/pulse/ r, include if exists } diff --git a/apparmor.d/profiles-a-l/anki b/apparmor.d/profiles-a-l/anki index c9d008b5f..d0cbb1c24 100644 --- a/apparmor.d/profiles-a-l/anki +++ b/apparmor.d/profiles-a-l/anki @@ -42,7 +42,7 @@ profile anki @{exec_path} { /{usr/,}lib/@{multiarch}/qt5/libexec/QtWebEngineProcess rix, /usr/share/qt5/**/*.pak r, - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, owner @{HOME}/ r, diff --git a/apparmor.d/profiles-a-l/aplay b/apparmor.d/profiles-a-l/aplay index 6d3b2457d..0516410b8 100644 --- a/apparmor.d/profiles-a-l/aplay +++ b/apparmor.d/profiles-a-l/aplay @@ -18,7 +18,7 @@ profile aplay @{exec_path} flags=(complain) { owner @{HOME}/.Xauthority r, - owner @{HOME}/.config/pulse/ r, + owner @{user_config_dirs}/pulse/ r, include if exists } diff --git a/apparmor.d/profiles-a-l/appimage-beyond-all-reason b/apparmor.d/profiles-a-l/appimage-beyond-all-reason index 5a48958ab..81c5c9bc8 100644 --- a/apparmor.d/profiles-a-l/appimage-beyond-all-reason +++ b/apparmor.d/profiles-a-l/appimage-beyond-all-reason @@ -66,8 +66,8 @@ profile appimage-beyond-all-reason @{exec_path} { owner /tmp/.org.chromium.Chromium.*/*.png rw, owner /tmp/.org.chromium.Chromium.* rw, - owner @{HOME}/.config/Beyond-All-Reason/ rw, - owner @{HOME}/.config/Beyond-All-Reason/** rwk, + owner @{user_config_dirs}/Beyond-All-Reason/ rw, + owner @{user_config_dirs}/Beyond-All-Reason/** rwk, owner "@{HOME}/Beyond All Reason/" rw, owner "@{HOME}/Beyond All Reason/**" rwkm, diff --git a/apparmor.d/profiles-a-l/birdtray b/apparmor.d/profiles-a-l/birdtray index 58f28a76f..04758e49d 100644 --- a/apparmor.d/profiles-a-l/birdtray +++ b/apparmor.d/profiles-a-l/birdtray @@ -35,11 +35,11 @@ profile birdtray @{exec_path} { /usr/share/ulduzsoft/birdtray/{,**} r, - owner @{HOME}/.config/ulduzsoft/ rw, - owner @{HOME}/.config/ulduzsoft/* rwkl -> /home/morfik/.config/ulduzsoft/*, + owner @{user_config_dirs}/ulduzsoft/ rw, + owner @{user_config_dirs}/ulduzsoft/* rwkl -> /home/morfik/.config/ulduzsoft/*, - owner @{HOME}/.config/birdtray-config.json rwl -> @{HOME}/.config/#[0-9]*[0-9], - owner @{HOME}/.config/birdtray-config.json.* rwl -> @{HOME}/.config/#[0-9]*[0-9], + owner @{user_config_dirs}/birdtray-config.json rwl -> @{user_config_dirs}/#[0-9]*[0-9], + owner @{user_config_dirs}/birdtray-config.json.* rwl -> @{user_config_dirs}/#[0-9]*[0-9], owner /tmp/birdtray.ulduzsoft.single.instance.server.socket w, @@ -52,7 +52,7 @@ profile birdtray @{exec_path} { owner @{HOME}/.thunderbird/*.*/{Imap,}Mail/**/*.msf r, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, /usr/share/hwdata/pnp.ids r, diff --git a/apparmor.d/profiles-a-l/borg b/apparmor.d/profiles-a-l/borg index 69c224137..e5badbaf2 100644 --- a/apparmor.d/profiles-a-l/borg +++ b/apparmor.d/profiles-a-l/borg @@ -47,8 +47,8 @@ profile borg @{exec_path} { owner @{user_cache_dirs}/borg/ rw, owner @{user_cache_dirs}/borg/** rw, - owner @{HOME}/.config/borg/ rw, - owner @{HOME}/.config/borg/** rw, + owner @{user_config_dirs}/borg/ rw, + owner @{user_config_dirs}/borg/** rw, # If /tmp/ isn't accessible, then /var/tmp/ is used. owner /tmp/* rw, diff --git a/apparmor.d/profiles-a-l/cawbird b/apparmor.d/profiles-a-l/cawbird index 61452ef48..cc2eb415b 100644 --- a/apparmor.d/profiles-a-l/cawbird +++ b/apparmor.d/profiles-a-l/cawbird @@ -28,8 +28,8 @@ profile cawbird @{exec_path} { /{usr/,}lib/@{multiarch}/gstreamer[0-9]*.[0-9]*/gstreamer-[0-9]*.[0-9]*/gst-plugin-scanner rPx, - owner @{HOME}/.config/cawbird/ rw, - owner @{HOME}/.config/cawbird/** rwk, + owner @{user_config_dirs}/cawbird/ rw, + owner @{user_config_dirs}/cawbird/** rwk, owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/cawbird-* rw, diff --git a/apparmor.d/profiles-a-l/compton b/apparmor.d/profiles-a-l/compton index b0dc2dede..367fde50b 100644 --- a/apparmor.d/profiles-a-l/compton +++ b/apparmor.d/profiles-a-l/compton @@ -14,7 +14,7 @@ profile compton @{exec_path} { @{exec_path} mr, # Compton config file - owner @{HOME}/.config/compton.conf rw, + owner @{user_config_dirs}/compton.conf rw, /usr/share/X11/XErrorDB r, owner @{HOME}/.Xauthority r, diff --git a/apparmor.d/profiles-a-l/convertall b/apparmor.d/profiles-a-l/convertall index 6aab92e16..cd7041a68 100644 --- a/apparmor.d/profiles-a-l/convertall +++ b/apparmor.d/profiles-a-l/convertall @@ -31,7 +31,7 @@ profile convertall @{exec_path} { deny owner @{PROC}/@{pid}/cmdline r, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, /usr/share/convertall/{,**} r, diff --git a/apparmor.d/profiles-a-l/dfc b/apparmor.d/profiles-a-l/dfc index 389c0516f..ca7e24778 100644 --- a/apparmor.d/profiles-a-l/dfc +++ b/apparmor.d/profiles-a-l/dfc @@ -14,7 +14,7 @@ profile dfc @{exec_path} { owner @{PROC}/@{pid}/mounts r, - owner @{HOME}/.config/dfc/dfcrc r, + owner @{user_config_dirs}/dfc/dfcrc r, owner @{HOME}/.dfcrc r, include if exists diff --git a/apparmor.d/profiles-a-l/engrampa b/apparmor.d/profiles-a-l/engrampa index 43703be8c..e8e1d5dab 100644 --- a/apparmor.d/profiles-a-l/engrampa +++ b/apparmor.d/profiles-a-l/engrampa @@ -48,7 +48,7 @@ profile engrampa @{exec_path} { owner @{run}/user/[0-9]*/dconf/ rw, owner @{run}/user/[0-9]*/dconf/user rw, - owner @{HOME}/.config/engrampa/ rw, + owner @{user_config_dirs}/engrampa/ rw, / r, /home/ r, @@ -62,8 +62,8 @@ profile engrampa @{exec_path} { owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/.fr-*/{,**} rw, - owner @{HOME}/.config/ r, - owner @{HOME}/.config/mimeapps.list{,.*} rw, + owner @{user_config_dirs}/ r, + owner @{user_config_dirs}/mimeapps.list{,.*} rw, owner @{HOME}/.local/share/ r, owner @{HOME}/.local/share/gvfs-metadata/** r, diff --git a/apparmor.d/profiles-a-l/exo-helper b/apparmor.d/profiles-a-l/exo-helper index eccdac72f..4fa2c6163 100644 --- a/apparmor.d/profiles-a-l/exo-helper +++ b/apparmor.d/profiles-a-l/exo-helper @@ -31,12 +31,12 @@ profile exo-helper @{exec_path} { /etc/xdg/{,xdg-*/}xfce4/helpers.rc r, - owner @{HOME}/.config/xfce4/helpers.rc rw, - owner @{HOME}/.config/xfce4/helpers.rc.@{pid}.tmp rw, + owner @{user_config_dirs}/xfce4/helpers.rc rw, + owner @{user_config_dirs}/xfce4/helpers.rc.@{pid}.tmp rw, owner @{HOME}/.local/share/xfce4/helpers/*.desktop rw, owner @{HOME}/.local/share/xfce4/helpers/*.desktop.@{pid}.tmp rw, - owner @{HOME}/.config/mimeapps.list{,.*} rw, + owner @{user_config_dirs}/mimeapps.list{,.*} rw, # Some missing icons /usr/share/**.png r, diff --git a/apparmor.d/profiles-a-l/font-manager b/apparmor.d/profiles-a-l/font-manager index 9b4258ae8..09ddcd815 100644 --- a/apparmor.d/profiles-a-l/font-manager +++ b/apparmor.d/profiles-a-l/font-manager @@ -36,12 +36,12 @@ profile font-manager @{exec_path} { owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, - owner @{HOME}/.config/font-manager/ rw, - owner @{HOME}/.config/font-manager/* rw, + owner @{user_config_dirs}/font-manager/ rw, + owner @{user_config_dirs}/font-manager/* rw, - owner @{HOME}/.config/fontconfig/ rw, - owner @{HOME}/.config/fontconfig/conf.d/ rw, - owner @{HOME}/.config/fontconfig/conf.d/* rw, + owner @{user_config_dirs}/fontconfig/ rw, + owner @{user_config_dirs}/fontconfig/conf.d/ rw, + owner @{user_config_dirs}/fontconfig/conf.d/* rw, owner @{HOME}/.local/share/fonts/ rw, owner "@{HOME}/.local/share/fonts/Google Fonts/" rw, diff --git a/apparmor.d/profiles-a-l/fritzing b/apparmor.d/profiles-a-l/fritzing index 995165b64..ef3eb4a4e 100644 --- a/apparmor.d/profiles-a-l/fritzing +++ b/apparmor.d/profiles-a-l/fritzing @@ -28,14 +28,14 @@ profile fritzing @{exec_path} { @{exec_path} mrix, - owner @{HOME}/.config/Fritzing/ rw, - owner @{HOME}/.config/Fritzing/** rwkl -> @{HOME}/.config/Fritzing/**, + owner @{user_config_dirs}/Fritzing/ rw, + owner @{user_config_dirs}/Fritzing/** rwkl -> @{user_config_dirs}/Fritzing/**, owner @{HOME}/Documents/Fritzing/ rw, owner @{HOME}/Documents/Fritzing/** rw, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, /usr/share/fritzing/{,**} r, diff --git a/apparmor.d/profiles-a-l/gajim b/apparmor.d/profiles-a-l/gajim index 1330b1965..adad513df 100644 --- a/apparmor.d/profiles-a-l/gajim +++ b/apparmor.d/profiles-a-l/gajim @@ -53,7 +53,7 @@ profile gajim @{exec_path} { # Gajim home files owner @{HOME}/ r, - owner @{HOME}/.config/gajim/{,**} rw, + owner @{user_config_dirs}/gajim/{,**} rw, owner @{HOME}/.local/share/gajim/ rw, owner @{HOME}/.local/share/gajim/** rwk, diff --git a/apparmor.d/profiles-a-l/games-wesnoth b/apparmor.d/profiles-a-l/games-wesnoth index 3ac8d4ffd..b548d4a0e 100644 --- a/apparmor.d/profiles-a-l/games-wesnoth +++ b/apparmor.d/profiles-a-l/games-wesnoth @@ -22,7 +22,7 @@ profile games-wesnoth @{exec_path} { /usr/share/games/wesnoth/[0-9]*/{,**} r, - owner @{HOME}/.config/wesnoth-[0-9]*/{,**} rw, + owner @{user_config_dirs}/wesnoth-[0-9]*/{,**} rw, owner @{HOME}/.Xauthority r, diff --git a/apparmor.d/profiles-a-l/git b/apparmor.d/profiles-a-l/git index e1ef98d4c..fae56d562 100644 --- a/apparmor.d/profiles-a-l/git +++ b/apparmor.d/profiles-a-l/git @@ -67,8 +67,8 @@ profile git @{exec_path} { /{usr/,}bin/sensible-editor rCx -> editor, /{usr/,}bin/vim.* rCx -> editor, - owner @{HOME}/.config/git/ rw, - owner @{HOME}/.config/git/config rw, + owner @{user_config_dirs}/git/ rw, + owner @{user_config_dirs}/git/config rw, /usr/share/git-core/{,**} r, diff --git a/apparmor.d/profiles-a-l/globaltime b/apparmor.d/profiles-a-l/globaltime index e78859fa7..6914f7e11 100644 --- a/apparmor.d/profiles-a-l/globaltime +++ b/apparmor.d/profiles-a-l/globaltime @@ -17,8 +17,8 @@ profile globaltime @{exec_path} { @{exec_path} mr, - owner @{HOME}/.config/globaltime/ rw, - owner @{HOME}/.config/globaltime/globaltimerc{,.*} rw, + owner @{user_config_dirs}/globaltime/ rw, + owner @{user_config_dirs}/globaltime/globaltimerc{,.*} rw, # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/profiles-a-l/gsmartcontrol b/apparmor.d/profiles-a-l/gsmartcontrol index 41a16d81b..16efefd34 100644 --- a/apparmor.d/profiles-a-l/gsmartcontrol +++ b/apparmor.d/profiles-a-l/gsmartcontrol @@ -37,8 +37,8 @@ profile gsmartcontrol @{exec_path} { deny /{usr/,}bin/dbus-launch rx, deny /{usr/,}bin/dbus-send rx, - owner @{HOME}/.config/gsmartcontrol/ rw, - owner @{HOME}/.config/gsmartcontrol/gsmartcontrol.conf rw, + owner @{user_config_dirs}/gsmartcontrol/ rw, + owner @{user_config_dirs}/gsmartcontrol/gsmartcontrol.conf rw, # As it's started as root @{HOME}/.Xauthority r, diff --git a/apparmor.d/profiles-a-l/gtk-youtube-viewer b/apparmor.d/profiles-a-l/gtk-youtube-viewer index fdca017b7..187101c81 100644 --- a/apparmor.d/profiles-a-l/gtk-youtube-viewer +++ b/apparmor.d/profiles-a-l/gtk-youtube-viewer @@ -44,7 +44,7 @@ profile gtk-youtube-viewer @{exec_path} { /{usr/,}bin/xdg-open rCx -> open, /{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rCx -> open, - owner @{HOME}/.config/youtube-viewer/{,*} rw, + owner @{user_config_dirs}/youtube-viewer/{,*} rw, owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/youtube-viewer/ rw, diff --git a/apparmor.d/profiles-a-l/gzdoom b/apparmor.d/profiles-a-l/gzdoom index 75ed347d1..a28859668 100644 --- a/apparmor.d/profiles-a-l/gzdoom +++ b/apparmor.d/profiles-a-l/gzdoom @@ -56,11 +56,11 @@ profile gzdoom @{exec_path} { @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/uevent r, owner @{HOME}/ r, - owner @{HOME}/.config/gzdoom/ rw, - owner @{HOME}/.config/gzdoom/** rw, + owner @{user_config_dirs}/gzdoom/ rw, + owner @{user_config_dirs}/gzdoom/** rw, - owner @{HOME}/.config/zdoom/ rw, - owner @{HOME}/.config/zdoom/** rwk, + owner @{user_config_dirs}/zdoom/ rw, + owner @{user_config_dirs}/zdoom/** rwk, owner @{HOME}/gzdoom-crash.log rw, diff --git a/apparmor.d/profiles-a-l/hexchat b/apparmor.d/profiles-a-l/hexchat index 940064d7e..0f01e7847 100644 --- a/apparmor.d/profiles-a-l/hexchat +++ b/apparmor.d/profiles-a-l/hexchat @@ -37,8 +37,8 @@ profile hexchat @{exec_path} { # Hexchat home files owner @{HOME}/ r, - owner @{HOME}/.config/hexchat/ rw, - owner @{HOME}/.config/hexchat/** rw, + owner @{user_config_dirs}/hexchat/ rw, + owner @{user_config_dirs}/hexchat/** rw, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mountinfo r, diff --git a/apparmor.d/profiles-a-l/htop b/apparmor.d/profiles-a-l/htop index 05772f5dd..50f9412f0 100644 --- a/apparmor.d/profiles-a-l/htop +++ b/apparmor.d/profiles-a-l/htop @@ -86,8 +86,8 @@ profile htop @{exec_path} { @{sys}/devices/**/hwmon[0-9]*/**/ r, @{sys}/devices/**/hwmon[0-9]*/**/{name,temp*} r, - owner @{HOME}/.config/htop/ rw, - owner @{HOME}/.config/htop/htoprc rw, + owner @{user_config_dirs}/htop/ rw, + owner @{user_config_dirs}/htop/htoprc rw, # When started in TTY, to remove the following error: # htop[]: *** err diff --git a/apparmor.d/profiles-a-l/jgmenu b/apparmor.d/profiles-a-l/jgmenu index ff0681cd2..867d363ec 100644 --- a/apparmor.d/profiles-a-l/jgmenu +++ b/apparmor.d/profiles-a-l/jgmenu @@ -32,10 +32,10 @@ profile jgmenu @{exec_path} { owner @{HOME}/ r, owner @{HOME}/.jgmenu-lockfile rwk, - owner @{HOME}/.config/tint2/* r, + owner @{user_config_dirs}/tint2/* r, - owner @{HOME}/.config/jgmenu/ rw, - owner @{HOME}/.config/jgmenu/** rw, + owner @{user_config_dirs}/jgmenu/ rw, + owner @{user_config_dirs}/jgmenu/** rw, owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/jgmenu/ rw, diff --git a/apparmor.d/profiles-a-l/kanyremote b/apparmor.d/profiles-a-l/kanyremote index 9a6091520..c70649816 100644 --- a/apparmor.d/profiles-a-l/kanyremote +++ b/apparmor.d/profiles-a-l/kanyremote @@ -60,7 +60,7 @@ profile kanyremote @{exec_path} { owner @{HOME}/ r, owner @{HOME}/.anyRemote/{,*} rw, - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, /usr/share/anyremote/{,**} r, diff --git a/apparmor.d/profiles-a-l/keepassxc b/apparmor.d/profiles-a-l/keepassxc index 451266637..f7d585e30 100644 --- a/apparmor.d/profiles-a-l/keepassxc +++ b/apparmor.d/profiles-a-l/keepassxc @@ -38,8 +38,8 @@ profile keepassxc @{exec_path} { /usr/share/keepassxc/{,**} r, - owner @{HOME}/.config/keepassxc/ rw, - owner @{HOME}/.config/keepassxc/* rwkl -> @{HOME}/.config/keepassxc/#[0-9]*[0-9], + owner @{user_config_dirs}/keepassxc/ rw, + owner @{user_config_dirs}/keepassxc/* rwkl -> @{user_config_dirs}/keepassxc/#[0-9]*[0-9], owner @{user_cache_dirs}/keepassxc/ rw, owner @{user_cache_dirs}/keepassxc/* rwkl -> @{user_cache_dirs}/keepassxc/#[0-9]*[0-9], @@ -61,7 +61,7 @@ profile keepassxc @{exec_path} { owner @{HOME}/.ssh/*.pub r, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, owner /tmp/keepassxc-*.lock{,.rmlock} rwk, @@ -87,9 +87,9 @@ profile keepassxc @{exec_path} { /dev/shm/#[0-9]*[0-9] rw, # For browser integration - owner @{HOME}/.config/google-chrome{,-beta,-unstable}/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json rw, - owner @{HOME}/.config/chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json rw, - owner @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev}/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json rw, + owner @{user_config_dirs}/google-chrome{,-beta,-unstable}/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json rw, + owner @{user_config_dirs}/chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json rw, + owner @{user_config_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json rw, owner @{HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json rw, owner @{run}/user/[0-9]*/.[a-zA-Z]*/{,s} rw, owner @{run}/user/[0-9]*/kpxc_server rw, diff --git a/apparmor.d/profiles-a-l/keepassxc-proxy b/apparmor.d/profiles-a-l/keepassxc-proxy index 5c52f4f95..a02133b8a 100644 --- a/apparmor.d/profiles-a-l/keepassxc-proxy +++ b/apparmor.d/profiles-a-l/keepassxc-proxy @@ -34,8 +34,8 @@ profile keepassxc-proxy @{exec_path} { deny owner /tmp/firefox*/.parentlock rw, deny owner /tmp/tmp-*.xpi rw, deny owner /tmp/tmpaddon r, - deny owner @{HOME}/.config/google-chrome/** rw, - deny owner @{HOME}/.config/chromium/** rw, + deny owner @{user_config_dirs}/google-chrome/** rw, + deny owner @{user_config_dirs}/chromium/** rw, # /usr/share/icons/*/index.theme r, # diff --git a/apparmor.d/profiles-a-l/kscreenlocker-greet b/apparmor.d/profiles-a-l/kscreenlocker-greet index b5ed17d01..00839aff2 100644 --- a/apparmor.d/profiles-a-l/kscreenlocker-greet +++ b/apparmor.d/profiles-a-l/kscreenlocker-greet @@ -34,10 +34,10 @@ profile kscreenlocker-greet @{exec_path} { owner @{HOME}/.Xauthority r, - owner @{HOME}/.config/kdeglobals r, - owner @{HOME}/.config/kscreenlockerrc r, + owner @{user_config_dirs}/kdeglobals r, + owner @{user_config_dirs}/kscreenlockerrc r, - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, owner @{user_cache_dirs}/ rw, diff --git a/apparmor.d/profiles-a-l/kwalletd5 b/apparmor.d/profiles-a-l/kwalletd5 index 16d0b769e..9144b32e9 100644 --- a/apparmor.d/profiles-a-l/kwalletd5 +++ b/apparmor.d/profiles-a-l/kwalletd5 @@ -27,9 +27,9 @@ profile kwalletd5 @{exec_path} { /{usr/,}lib/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemX11Plugin.so mr, - owner @{HOME}/.config/kwalletrc r, + owner @{user_config_dirs}/kwalletrc r, - owner @{HOME}/.config/kdeglobals r, + owner @{user_config_dirs}/kdeglobals r, owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{HOME}/.local/share/kwalletd/ rw, @@ -39,7 +39,7 @@ profile kwalletd5 @{exec_path} { owner @{HOME}/.local/share/kwalletd/*.kwl.* rwl -> @{HOME}/.local/share/kwalletd/#[0-9]*[0-9], # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, /var/lib/dbus/machine-id r, diff --git a/apparmor.d/profiles-a-l/kwalletmanager5 b/apparmor.d/profiles-a-l/kwalletmanager5 index 02c7e60a3..a416f1407 100644 --- a/apparmor.d/profiles-a-l/kwalletmanager5 +++ b/apparmor.d/profiles-a-l/kwalletmanager5 @@ -33,22 +33,22 @@ profile kwalletmanager5 @{exec_path} { /usr/share/kxmlgui5/kwalletmanager5/kwalletmanager.rc r, - owner @{HOME}/.config/#[0-9]*[0-9] rw, - owner @{HOME}/.config/kwalletrc rw, - owner @{HOME}/.config/kwalletrc.lock rwk, - owner @{HOME}/.config/kwalletrc.* rwl -> @{HOME}/.config/#[0-9]*[0-9], - owner @{HOME}/.config/kwalletmanager5rc rw, - owner @{HOME}/.config/kwalletmanager5rc.lock rwk, - owner @{HOME}/.config/kwalletmanager5rc.* rwl -> @{HOME}/.config/#[0-9]*[0-9], - owner @{HOME}/.config/session/#[0-9]*[0-9] rw, - owner @{HOME}/.config/session/kwalletmanager5_* rwl -> @{HOME}/.config/session/#[0-9]*[0-9], - owner @{HOME}/.config/session/kwalletmanager5_*.lock rwk, + owner @{user_config_dirs}/#[0-9]*[0-9] rw, + owner @{user_config_dirs}/kwalletrc rw, + owner @{user_config_dirs}/kwalletrc.lock rwk, + owner @{user_config_dirs}/kwalletrc.* rwl -> @{user_config_dirs}/#[0-9]*[0-9], + owner @{user_config_dirs}/kwalletmanager5rc rw, + owner @{user_config_dirs}/kwalletmanager5rc.lock rwk, + owner @{user_config_dirs}/kwalletmanager5rc.* rwl -> @{user_config_dirs}/#[0-9]*[0-9], + owner @{user_config_dirs}/session/#[0-9]*[0-9] rw, + owner @{user_config_dirs}/session/kwalletmanager5_* rwl -> @{user_config_dirs}/session/#[0-9]*[0-9], + owner @{user_config_dirs}/session/kwalletmanager5_*.lock rwk, - owner @{HOME}/.config/kdeglobals r, + owner @{user_config_dirs}/kdeglobals r, owner @{user_cache_dirs}/icon-cache.kcache rw, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, deny owner @{PROC}/@{pid}/cmdline r, diff --git a/apparmor.d/profiles-a-l/labwc b/apparmor.d/profiles-a-l/labwc index 367de5717..76ae9721b 100644 --- a/apparmor.d/profiles-a-l/labwc +++ b/apparmor.d/profiles-a-l/labwc @@ -31,8 +31,8 @@ profile labwc @{exec_path} flags=(attach_disconnected) { /{usr/,}bin/* rPUx, /usr/libexec/* rPUx, - owner @{HOME}/.config/labwc/ r, - owner @{HOME}/.config/labwc/* r, + owner @{user_config_dirs}/labwc/ r, + owner @{user_config_dirs}/labwc/* r, /usr/share/libinput/ r, /usr/share/libinput/*.quirks r, diff --git a/apparmor.d/profiles-a-l/light b/apparmor.d/profiles-a-l/light index 5108c4df6..d3105f2db 100644 --- a/apparmor.d/profiles-a-l/light +++ b/apparmor.d/profiles-a-l/light @@ -18,8 +18,8 @@ profile light @{exec_path} { /etc/light/**/ rw, /etc/light/targets/sysfs/backlight/auto/save rw, - owner @{HOME}/.config/light/ rw, - owner @{HOME}/.config/light/** rw, + owner @{user_config_dirs}/light/ rw, + owner @{user_config_dirs}/light/** rw, @{sys}/class/backlight/ r, @{sys}/class/leds/ r, diff --git a/apparmor.d/profiles-a-l/linssid b/apparmor.d/profiles-a-l/linssid index 3bc56524e..292baf13a 100644 --- a/apparmor.d/profiles-a-l/linssid +++ b/apparmor.d/profiles-a-l/linssid @@ -56,7 +56,7 @@ profile linssid @{exec_path} { /usr/share/hwdata/pnp.ids r, - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/profiles-a-l/lxappearance b/apparmor.d/profiles-a-l/lxappearance index 2e0f05d0c..3c03b63fd 100644 --- a/apparmor.d/profiles-a-l/lxappearance +++ b/apparmor.d/profiles-a-l/lxappearance @@ -33,7 +33,7 @@ profile lxappearance @{exec_path} { owner @{HOME}/.icons/{,**} rw, owner @{HOME}/.gtkrc-2.0{,.*} rw, - owner @{HOME}/.config/gtk-3.0/settings.ini{,.*} rw, + owner @{user_config_dirs}/gtk-3.0/settings.ini{,.*} rw, /etc/X11/cursors/*.theme r, diff --git a/apparmor.d/profiles-m-z/megasync b/apparmor.d/profiles-m-z/megasync index 6ec7be210..48f316eb8 100644 --- a/apparmor.d/profiles-m-z/megasync +++ b/apparmor.d/profiles-m-z/megasync @@ -50,10 +50,10 @@ profile megasync @{exec_path} { owner "@{HOME}/.local/share/data/Mega Limited/**" rwkl -> "@{HOME}/.local/share/data/Mega Limited/MEGAsync/#[0-9]*[0-9]", # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, - owner @{HOME}/.config/QtProject.conf r, + owner @{user_config_dirs}/QtProject.conf r, # Sync folder #/ r, @@ -71,8 +71,8 @@ profile megasync @{exec_path} { /etc/fstab r, # Autostart - owner @{HOME}/.config/autostart/#[0-9]*[0-9] rw, - owner @{HOME}/.config/autostart/megasync.desktop rwl -> @{HOME}/.config/autostart/#[0-9]*[0-9], + owner @{user_config_dirs}/autostart/#[0-9]*[0-9] rw, + owner @{user_config_dirs}/autostart/megasync.desktop rwl -> @{user_config_dirs}/autostart/#[0-9]*[0-9], /dev/shm/#[0-9]*[0-9] rw, diff --git a/apparmor.d/profiles-m-z/minitube b/apparmor.d/profiles-m-z/minitube index 51f9b14f2..303a799b7 100644 --- a/apparmor.d/profiles-m-z/minitube +++ b/apparmor.d/profiles-m-z/minitube @@ -35,8 +35,8 @@ profile minitube @{exec_path} { @{exec_path} mr, # Minitube home files - owner "@{HOME}/.config/Flavio Tordini/" rw, - owner "@{HOME}/.config/Flavio Tordini/*" rwkl -> "@{HOME}/.config/Flavio Tordini/#[0-9]*[0-9]", + owner "@{user_config_dirs}/Flavio Tordini/" rw, + owner "@{user_config_dirs}/Flavio Tordini/*" rwkl -> "@{user_config_dirs}/Flavio Tordini/#[0-9]*[0-9]", owner "@{HOME}/.local/share/Flavio Tordini/" rw, owner "@{HOME}/.local/share/Flavio Tordini/Minitube/" rw, owner "@{HOME}/.local/share/Flavio Tordini/Minitube/*" rwk, @@ -66,7 +66,7 @@ profile minitube @{exec_path} { owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9], # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, deny /dev/ r, diff --git a/apparmor.d/profiles-m-z/mkvtoolnix-gui b/apparmor.d/profiles-m-z/mkvtoolnix-gui index d0955f95a..9cdd19e27 100644 --- a/apparmor.d/profiles-m-z/mkvtoolnix-gui +++ b/apparmor.d/profiles-m-z/mkvtoolnix-gui @@ -70,9 +70,9 @@ profile mkvtoolnix-gui @{exec_path} { owner /media/**/ r, owner /{home,media}/**.@{mkvtoolnix_ext} rw, - owner @{HOME}/.config/bunkus.org/ rw, - owner @{HOME}/.config/bunkus.org/mkvtoolnix-gui/ rw, - owner @{HOME}/.config/bunkus.org/mkvtoolnix-gui/** rwkl -> @{HOME}/.config/bunkus.org/mkvtoolnix-gui/#[0-9]*[0-9], + owner @{user_config_dirs}/bunkus.org/ rw, + owner @{user_config_dirs}/bunkus.org/mkvtoolnix-gui/ rw, + owner @{user_config_dirs}/bunkus.org/mkvtoolnix-gui/** rwkl -> @{user_config_dirs}/bunkus.org/mkvtoolnix-gui/#[0-9]*[0-9], owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/bunkus.org/ rw, @@ -80,7 +80,7 @@ profile mkvtoolnix-gui @{exec_path} { owner @{user_cache_dirs}/bunkus.org/mkvtoolnix-gui/**/ rw, owner @{user_cache_dirs}/bunkus.org/mkvtoolnix-gui/**/[0-9a-f]* rw, - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, owner /tmp/#[0-9]*[0-9] rw, diff --git a/apparmor.d/profiles-m-z/mpsyt b/apparmor.d/profiles-m-z/mpsyt index f10569799..531ab2d24 100644 --- a/apparmor.d/profiles-m-z/mpsyt +++ b/apparmor.d/profiles-m-z/mpsyt @@ -38,10 +38,10 @@ profile mpsyt @{exec_path} { # MPV config files /etc/mpv/* r, - owner @{HOME}/.config/mpv/* r, + owner @{user_config_dirs}/mpv/* r, # mps-yt config files - owner @{HOME}/.config/mps-youtube/{,**} rw, + owner @{user_config_dirs}/mps-youtube/{,**} rw, # Cache files owner @{user_cache_dirs}/youtube-dl/youtube-sigfuncs/js_*.json{,.*.tmp} rw, diff --git a/apparmor.d/profiles-m-z/mpv b/apparmor.d/profiles-m-z/mpv index bc78a0a39..60c111d3d 100644 --- a/apparmor.d/profiles-m-z/mpv +++ b/apparmor.d/profiles-m-z/mpv @@ -84,8 +84,8 @@ profile mpv @{exec_path} { # MPV config files /etc/mpv/* r, - owner @{HOME}/.config/mpv/ rw, - owner @{HOME}/.config/mpv/* rw, + owner @{user_config_dirs}/mpv/ rw, + owner @{user_config_dirs}/mpv/* rw, # Which files MPV should be able to open / r, diff --git a/apparmor.d/profiles-m-z/mumble b/apparmor.d/profiles-m-z/mumble index ff0c4abb0..121c7b9f4 100644 --- a/apparmor.d/profiles-m-z/mumble +++ b/apparmor.d/profiles-m-z/mumble @@ -40,8 +40,8 @@ profile mumble @{exec_path} { # Mumble home files owner @{HOME}/ r, - owner @{HOME}/.config/Mumble/ rw, - owner @{HOME}/.config/Mumble/** rwkl -> @{HOME}/.config/Mumble/#[0-9]*[0-9], + owner @{user_config_dirs}/Mumble/ rw, + owner @{user_config_dirs}/Mumble/** rwkl -> @{user_config_dirs}/Mumble/#[0-9]*[0-9], owner @{HOME}/.local/share/Mumble/ rw, owner @{HOME}/.local/share/Mumble/** rwk, owner @{HOME}/.MumbleOverlayPipe rw, @@ -66,7 +66,7 @@ profile mumble @{exec_path} { /etc/fstab r, - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, /usr/share/hwdata/pnp.ids r, diff --git a/apparmor.d/profiles-m-z/obconf b/apparmor.d/profiles-m-z/obconf index 887d84a27..9da1201e4 100644 --- a/apparmor.d/profiles-m-z/obconf +++ b/apparmor.d/profiles-m-z/obconf @@ -24,7 +24,7 @@ profile obconf @{exec_path} { /etc/xdg/openbox/rc.xml r, - owner @{HOME}/.config/openbox/rc.xml rw, + owner @{user_config_dirs}/openbox/rc.xml rw, owner @{HOME}/.themes/{,**} r, diff --git a/apparmor.d/profiles-m-z/openbox b/apparmor.d/profiles-m-z/openbox index b5e21a0c9..37243b17d 100644 --- a/apparmor.d/profiles-m-z/openbox +++ b/apparmor.d/profiles-m-z/openbox @@ -31,10 +31,10 @@ profile openbox @{exec_path} { /etc/xdg/openbox/* r, owner @{HOME}/ r, - owner @{HOME}/.config/openbox/ r, - owner @{HOME}/.config/openbox/* r, + owner @{user_config_dirs}/openbox/ r, + owner @{user_config_dirs}/openbox/* r, - owner @{HOME}/.config/obmenu-generator/icons/[0-9a-f]*.png r, + owner @{user_config_dirs}/obmenu-generator/icons/[0-9a-f]*.png r, owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/openbox/ rw, @@ -67,8 +67,8 @@ profile openbox @{exec_path} { /usr/local/lib/python*/dist-packages/ r, owner @{HOME}/ r, - owner @{HOME}/.config/openbox/autostart r, - owner @{HOME}/.config/autostart/{,*} r, + owner @{user_config_dirs}/openbox/autostart r, + owner @{user_config_dirs}/autostart/{,*} r, /etc/xdg/openbox/autostart r, /etc/xdg/autostart/{,*} r, diff --git a/apparmor.d/profiles-m-z/openbox-session b/apparmor.d/profiles-m-z/openbox-session index 530acadc2..f901de077 100644 --- a/apparmor.d/profiles-m-z/openbox-session +++ b/apparmor.d/profiles-m-z/openbox-session @@ -18,7 +18,7 @@ profile openbox-session @{exec_path} { /{usr/,}bin/openbox rPx, /etc/xdg/openbox/environment r, - owner @{HOME}/.config/openbox/environment r, + owner @{user_config_dirs}/openbox/environment r, # file_inherit owner @{HOME}/.xsession-errors w, diff --git a/apparmor.d/profiles-m-z/orage b/apparmor.d/profiles-m-z/orage index f1e8e103e..2f52101bf 100644 --- a/apparmor.d/profiles-m-z/orage +++ b/apparmor.d/profiles-m-z/orage @@ -25,8 +25,8 @@ profile orage @{exec_path} { /{usr/,}bin/exo-open rCx -> open, /{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rCx -> open, - owner @{HOME}/.config/orage/ rw, - owner @{HOME}/.config/orage/* rw, + owner @{user_config_dirs}/orage/ rw, + owner @{user_config_dirs}/orage/* rw, owner @{HOME}/.local/share/orage/ rw, owner @{HOME}/.local/share/orage/* rwk, diff --git a/apparmor.d/profiles-m-z/pactl b/apparmor.d/profiles-m-z/pactl index 062c9db2a..7b73933b7 100644 --- a/apparmor.d/profiles-m-z/pactl +++ b/apparmor.d/profiles-m-z/pactl @@ -20,7 +20,7 @@ profile pactl @{exec_path} { /var/lib/dbus/machine-id r, /etc/machine-id r, - owner @{HOME}/.config/pulse/ rw, + owner @{user_config_dirs}/pulse/ rw, # file_inherit owner @{HOME}/.xsession-errors w, diff --git a/apparmor.d/profiles-m-z/pavucontrol b/apparmor.d/profiles-m-z/pavucontrol index 5304a2a93..cf1a08b55 100644 --- a/apparmor.d/profiles-m-z/pavucontrol +++ b/apparmor.d/profiles-m-z/pavucontrol @@ -22,8 +22,8 @@ profile pavucontrol @{exec_path} { /usr/share/pavucontrol/pavucontrol.glade r, # Pavucontrol config files - owner @{HOME}/.config/ r, - owner @{HOME}/.config/pavucontrol.ini* rw, + owner @{user_config_dirs}/ r, + owner @{user_config_dirs}/pavucontrol.ini* rw, /var/lib/dbus/machine-id r, /etc/machine-id r, diff --git a/apparmor.d/profiles-m-z/picom b/apparmor.d/profiles-m-z/picom index 770cfd49d..51d01a107 100644 --- a/apparmor.d/profiles-m-z/picom +++ b/apparmor.d/profiles-m-z/picom @@ -22,9 +22,9 @@ profile picom @{exec_path} { /{usr/,}bin/echo rix, # For migrating from compton. - owner @{HOME}/.config/compton.conf r, + owner @{user_config_dirs}/compton.conf r, - owner @{HOME}/.config/picom.conf r, + owner @{user_config_dirs}/picom.conf r, owner @{HOME}/.Xauthority r, diff --git a/apparmor.d/profiles-m-z/pinentry-kwallet b/apparmor.d/profiles-m-z/pinentry-kwallet index 00150d1e7..9138e41ba 100644 --- a/apparmor.d/profiles-m-z/pinentry-kwallet +++ b/apparmor.d/profiles-m-z/pinentry-kwallet @@ -38,8 +38,8 @@ profile pinentry-kwallet @{exec_path} { /{usr/,}bin/kwalletcli mr, - owner @{HOME}/.config/kdeglobals r, - owner @{HOME}/.config/kwalletrc r, + owner @{user_config_dirs}/kdeglobals r, + owner @{user_config_dirs}/kwalletrc r, /{usr/,}lib/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemKWaylandPlugin.so mr, /{usr/,}lib/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemX11Plugin.so mr, diff --git a/apparmor.d/profiles-m-z/pinentry-qt b/apparmor.d/profiles-m-z/pinentry-qt index 608025e9f..0bcb9e96b 100644 --- a/apparmor.d/profiles-m-z/pinentry-qt +++ b/apparmor.d/profiles-m-z/pinentry-qt @@ -25,7 +25,7 @@ profile pinentry-qt @{exec_path} { owner @{PROC}/@{pid}/cmdline r, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, owner @{user_cache_dirs}/#[0-9]*[0-9] rw, diff --git a/apparmor.d/profiles-m-z/polkit-kde-authentication-agent b/apparmor.d/profiles-m-z/polkit-kde-authentication-agent index 6c56f4a7d..6a3b12f22 100644 --- a/apparmor.d/profiles-m-z/polkit-kde-authentication-agent +++ b/apparmor.d/profiles-m-z/polkit-kde-authentication-agent @@ -38,12 +38,12 @@ profile polkit-kde-authentication-agent @{exec_path} { /var/lib/dbus/machine-id r, /etc/machine-id r, - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, /usr/share/hwdata/pnp.ids r, - owner @{HOME}/.config/kdeglobals r, + owner @{user_config_dirs}/kdeglobals r, owner @{user_cache_dirs}/icon-cache.kcache rw, /dev/shm/#[0-9]*[0-9] rw, diff --git a/apparmor.d/profiles-m-z/psi-plus b/apparmor.d/profiles-m-z/psi-plus index 831c923d1..4da212e0e 100644 --- a/apparmor.d/profiles-m-z/psi-plus +++ b/apparmor.d/profiles-m-z/psi-plus @@ -51,14 +51,14 @@ profile psi-plus @{exec_path} { # PSI config files owner @{HOME}/ r, - owner @{HOME}/.config/psi+/ rw, - owner @{HOME}/.config/psi+/** rwkl -> @{HOME}/.config/psi+/#[0-9]*[0-9], + owner @{user_config_dirs}/psi+/ rw, + owner @{user_config_dirs}/psi+/** rwkl -> @{user_config_dirs}/psi+/#[0-9]*[0-9], owner @{HOME}/.local/share/psi+/ rw, owner @{HOME}/.local/share/psi+/** rwk, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, # Cache files @@ -70,7 +70,7 @@ profile psi-plus @{exec_path} { /etc/machine-id r, # Autostart - owner @{HOME}/.config/autostart/psi-plus.desktop rw, + owner @{user_config_dirs}/autostart/psi-plus.desktop rw, /etc/debian_version r, diff --git a/apparmor.d/profiles-m-z/pulseaudio b/apparmor.d/profiles-m-z/pulseaudio index a695fa49e..ae804fc2a 100644 --- a/apparmor.d/profiles-m-z/pulseaudio +++ b/apparmor.d/profiles-m-z/pulseaudio @@ -34,7 +34,7 @@ profile pulseaudio @{exec_path} { /{usr/,}lib/pulse-*/modules/*.so mr, # PulseAudio home config files - owner @{HOME}/.config/pulse/{,**} rw, + owner @{user_config_dirs}/pulse/{,**} rw, # Needed when PulseAudio is started via the start-pulseaudio-x11 script owner @{HOME}/.Xauthority r, diff --git a/apparmor.d/profiles-m-z/qbittorrent b/apparmor.d/profiles-m-z/qbittorrent index db6b49bb5..d90044b32 100644 --- a/apparmor.d/profiles-m-z/qbittorrent +++ b/apparmor.d/profiles-m-z/qbittorrent @@ -43,8 +43,8 @@ profile qbittorrent @{exec_path} { /{usr/,}bin/python3.[0-9]* rCx -> python3, # Qbittorrent home dirs - owner @{HOME}/.config/qBittorrent/ rw, - owner @{HOME}/.config/qBittorrent/** rwkl -> @{HOME}/.config/qBittorrent/#[0-9]*[0-9], + owner @{user_config_dirs}/qBittorrent/ rw, + owner @{user_config_dirs}/qBittorrent/** rwkl -> @{user_config_dirs}/qBittorrent/#[0-9]*[0-9], owner @{HOME}/.local/share/data/qBittorrent/ rw, owner @{HOME}/.local/share/data/qBittorrent/** rwl -> @{HOME}/.local/share/data/qBittorrent/**/#[0-9]*[0-9], @@ -54,7 +54,7 @@ profile qbittorrent @{exec_path} { owner @{user_cache_dirs}/qBittorrent/{,**} rw, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, # Torrent files diff --git a/apparmor.d/profiles-m-z/qbittorrent-nox b/apparmor.d/profiles-m-z/qbittorrent-nox index a0d795c22..585bfd7b6 100644 --- a/apparmor.d/profiles-m-z/qbittorrent-nox +++ b/apparmor.d/profiles-m-z/qbittorrent-nox @@ -26,8 +26,8 @@ profile qbittorrent-nox @{exec_path} { @{exec_path} mr, # Qbittorrent home dirs - owner @{HOME}/.config/qBittorrent/ rw, - owner @{HOME}/.config/qBittorrent/** rwkl -> @{HOME}/.config/qBittorrent/#[0-9]*[0-9], + owner @{user_config_dirs}/qBittorrent/ rw, + owner @{user_config_dirs}/qBittorrent/** rwkl -> @{user_config_dirs}/qBittorrent/#[0-9]*[0-9], owner @{HOME}/.local/share/data/qBittorrent/ rw, owner @{HOME}/.local/share/data/qBittorrent/** rwl -> @{HOME}/.local/share/data/qBittorrent/**/#[0-9]*[0-9], diff --git a/apparmor.d/profiles-m-z/qnapi b/apparmor.d/profiles-m-z/qnapi index 4cd398857..6f35e0bb7 100644 --- a/apparmor.d/profiles-m-z/qnapi +++ b/apparmor.d/profiles-m-z/qnapi @@ -81,12 +81,12 @@ profile qnapi @{exec_path} { owner /media/*/**.@{qnapi_txt_ext} rwl -> /media/*/**/#[0-9]*[0-9], owner @{HOME}/ r, - owner @{HOME}/.config/qnapi.ini rw, - owner @{HOME}/.config/qnapi.ini.lock rwk, - owner @{HOME}/.config/qnapi.ini.* rwl -> @{HOME}/.config/#[0-9]*[0-9], - owner @{HOME}/.config/qnapi.ini.mlXXXY rwl -> @{HOME}/.config/#[0-9]*[0-9], + owner @{user_config_dirs}/qnapi.ini rw, + owner @{user_config_dirs}/qnapi.ini.lock rwk, + owner @{user_config_dirs}/qnapi.ini.* rwl -> @{user_config_dirs}/#[0-9]*[0-9], + owner @{user_config_dirs}/qnapi.ini.mlXXXY rwl -> @{user_config_dirs}/#[0-9]*[0-9], - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, owner @{user_cache_dirs}/ rw, diff --git a/apparmor.d/profiles-m-z/qpdfview b/apparmor.d/profiles-m-z/qpdfview index 3e4ae1e8f..018e8efee 100644 --- a/apparmor.d/profiles-m-z/qpdfview +++ b/apparmor.d/profiles-m-z/qpdfview @@ -49,13 +49,13 @@ profile qpdfview @{exec_path} { /tmp/mozilla_*/ r, owner /{home,media,tmp,tmp/mozilla_*}/**.@{qpdfview_ext} rw, - owner @{HOME}/.config/qpdfview/ rw, - owner @{HOME}/.config/qpdfview/* rwkl -> @{HOME}/.config/qpdfview/#[0-9]*[0-9], + owner @{user_config_dirs}/qpdfview/ rw, + owner @{user_config_dirs}/qpdfview/* rwkl -> @{user_config_dirs}/qpdfview/#[0-9]*[0-9], owner @{HOME}/.local/share/qpdfview/ rw, owner @{HOME}/.local/share/qpdfview/** rwk, - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, /var/lib/dbus/machine-id r, diff --git a/apparmor.d/profiles-m-z/qt5ct b/apparmor.d/profiles-m-z/qt5ct index a80ea9ec1..bc1319e0d 100644 --- a/apparmor.d/profiles-m-z/qt5ct +++ b/apparmor.d/profiles-m-z/qt5ct @@ -22,14 +22,14 @@ profile qt5ct @{exec_path} { @{exec_path} mr, - owner @{HOME}/.config/qt5ct/ rw, - owner @{HOME}/.config/qt5ct/** rwkl -> @{HOME}/.config/qt5ct/#[0-9]*[0-9], + owner @{user_config_dirs}/qt5ct/ rw, + owner @{user_config_dirs}/qt5ct/** rwkl -> @{user_config_dirs}/qt5ct/#[0-9]*[0-9], - owner @{HOME}/.config/fontconfig/ rw, - owner @{HOME}/.config/fontconfig/** rw, - owner @{HOME}/.config/fontconfig/fonts.conf.back rwl -> @{HOME}/.config/fontconfig/#[0-9]*[0-9], + owner @{user_config_dirs}/fontconfig/ rw, + owner @{user_config_dirs}/fontconfig/** rw, + owner @{user_config_dirs}/fontconfig/fonts.conf.back rwl -> @{user_config_dirs}/fontconfig/#[0-9]*[0-9], - owner @{HOME}/.config/kdeglobals r, + owner @{user_config_dirs}/kdeglobals r, owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/icon-cache.kcache rw, diff --git a/apparmor.d/profiles-m-z/quiterss b/apparmor.d/profiles-m-z/quiterss index aee1b75f4..8bf048267 100644 --- a/apparmor.d/profiles-m-z/quiterss +++ b/apparmor.d/profiles-m-z/quiterss @@ -42,12 +42,12 @@ profile quiterss @{exec_path} { /{usr/,}lib/@{multiarch}/gstreamer[0-9]*.[0-9]*/gstreamer-[0-9]*.[0-9]*/gst-plugin-scanner rPUx, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, /usr/share/quiterss/** r, - owner @{HOME}/.config/QuiteRss/ rw, - owner @{HOME}/.config/QuiteRss/** rwkl -> @{HOME}/.config/QuiteRss/**, + owner @{user_config_dirs}/QuiteRss/ rw, + owner @{user_config_dirs}/QuiteRss/** rwkl -> @{user_config_dirs}/QuiteRss/**, owner @{HOME}/.local/share/QuiteRss/ rw, owner @{HOME}/.local/share/QuiteRss/** rwkl -> @{HOME}/.local/share/QuiteRss/QuiteRss/**, owner @{user_cache_dirs}/QuiteRss/ rw, diff --git a/apparmor.d/profiles-m-z/redshift b/apparmor.d/profiles-m-z/redshift index 2d5095763..7f93ca27a 100644 --- a/apparmor.d/profiles-m-z/redshift +++ b/apparmor.d/profiles-m-z/redshift @@ -28,8 +28,8 @@ profile redshift @{exec_path} { audit dbus bus=system, # Redshift config files - owner @{HOME}/.config/redshift/{,**} rw, - owner @{HOME}/.config/redshift.conf rw, + owner @{user_config_dirs}/redshift/{,**} rw, + owner @{user_config_dirs}/redshift.conf rw, owner @{run}/user/[0-9]*/redshift-shared-* rw, diff --git a/apparmor.d/profiles-m-z/repo b/apparmor.d/profiles-m-z/repo index aab6a21ce..5292b6359 100644 --- a/apparmor.d/profiles-m-z/repo +++ b/apparmor.d/profiles-m-z/repo @@ -45,7 +45,7 @@ profile repo @{exec_path} { owner @{HOME}/.repoconfig/{,**} rw, owner @{HOME}/.repo_.gitconfig.json rw, - owner @{HOME}/.config/git/config r, + owner @{user_config_dirs}/git/config r, owner @{HOME}/.gitconfig r, /usr/share/git-core/{,**} r, diff --git a/apparmor.d/profiles-m-z/rpi-imager b/apparmor.d/profiles-m-z/rpi-imager index 9aabe2ee7..628d01d46 100644 --- a/apparmor.d/profiles-m-z/rpi-imager +++ b/apparmor.d/profiles-m-z/rpi-imager @@ -47,9 +47,9 @@ profile rpi-imager @{exec_path} { deny /{usr/,}bin/dbus-launch rx, deny /{usr/,}bin/dbus-send rx, - owner "@{HOME}/.config/Raspberry Pi/" rw, - owner "@{HOME}/.config/Raspberry Pi/Imager.conf" rw, - owner "@{HOME}/.config/Raspberry Pi/Imager.conf.lock" rwk, + owner "@{user_config_dirs}/Raspberry Pi/" rw, + owner "@{user_config_dirs}/Raspberry Pi/Imager.conf" rw, + owner "@{user_config_dirs}/Raspberry Pi/Imager.conf.lock" rwk, owner "@{user_cache_dirs}/Raspberry Pi/" rw, owner "@{user_cache_dirs}/Raspberry Pi/**" rwl -> "@{user_cache_dirs}/Raspberry Pi/**", @@ -62,10 +62,10 @@ profile rpi-imager @{exec_path} { owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9], # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, - owner @{HOME}/.config/QtProject.conf r, + owner @{user_config_dirs}/QtProject.conf r, /etc/machine-id r, /var/lib/dbus/machine-id r, diff --git a/apparmor.d/profiles-m-z/sddm-greeter b/apparmor.d/profiles-m-z/sddm-greeter index 5b9600cf4..dc42ef533 100644 --- a/apparmor.d/profiles-m-z/sddm-greeter +++ b/apparmor.d/profiles-m-z/sddm-greeter @@ -61,7 +61,7 @@ profile sddm-greeter @{exec_path} { owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9], - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, # If one is blocked, the others are probed. @@ -70,8 +70,8 @@ profile sddm-greeter @{exec_path} { # owner /tmp/#[0-9]*[0-9] mrw, # owner /tmp/.glvnd* mrw, - owner @{HOME}/.config/kdeglobals r, - owner @{HOME}/.config/plasmarc r, + owner @{user_config_dirs}/kdeglobals r, + owner @{user_config_dirs}/plasmarc r, owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_cache_dirs}/plasma_theme_*.kcache rw, owner @{user_cache_dirs}/plasma-svgelements-* rw, diff --git a/apparmor.d/profiles-m-z/smplayer b/apparmor.d/profiles-m-z/smplayer index 98df4a931..01db27d93 100644 --- a/apparmor.d/profiles-m-z/smplayer +++ b/apparmor.d/profiles-m-z/smplayer @@ -98,11 +98,11 @@ profile smplayer @{exec_path} { owner /{home,media,tmp/mozilla_*}/**.@{smplayer_ext} rw, # SMPlayer config files - owner @{HOME}/.config/smplayer/ rw, - owner @{HOME}/.config/smplayer/* rwkl -> @{HOME}/.config/smplayer/#[0-9]*[0-9], + owner @{user_config_dirs}/smplayer/ rw, + owner @{user_config_dirs}/smplayer/* rwkl -> @{user_config_dirs}/smplayer/#[0-9]*[0-9], # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, owner @{user_cache_dirs}/#[0-9]*[0-9] rw, diff --git a/apparmor.d/profiles-m-z/smtube b/apparmor.d/profiles-m-z/smtube index 45dfed01f..7c251a98b 100644 --- a/apparmor.d/profiles-m-z/smtube +++ b/apparmor.d/profiles-m-z/smtube @@ -34,19 +34,19 @@ profile smtube @{exec_path} { /{usr/,}lib/@{multiarch}/gstreamer[0-9]*.[0-9]*/gstreamer-[0-9]*.[0-9]*/gst-plugin-scanner rPUx, # SMTube config files - owner @{HOME}/.config/smtube/ rw, - owner @{HOME}/.config/smtube/* rwkl -> @{HOME}/.config/smtube/#[0-9]*[0-9], + owner @{user_config_dirs}/smtube/ rw, + owner @{user_config_dirs}/smtube/* rwkl -> @{user_config_dirs}/smtube/#[0-9]*[0-9], # Needed for updating YT code - owner @{HOME}/.config/smplayer/yt.js rw, + owner @{user_config_dirs}/smplayer/yt.js rw, - owner @{HOME}/.config/smplayer/#[0-9]*[0-9] rw, - owner @{HOME}/.config/smplayer/hdpi.ini rw, - owner @{HOME}/.config/smplayer/hdpi.ini.lock rwk, - owner @{HOME}/.config/smplayer/hdpi.ini.* rwl -> @{HOME}/.config/smplayer/#[0-9]*[0-9], + owner @{user_config_dirs}/smplayer/#[0-9]*[0-9] rw, + owner @{user_config_dirs}/smplayer/hdpi.ini rw, + owner @{user_config_dirs}/smplayer/hdpi.ini.lock rwk, + owner @{user_config_dirs}/smplayer/hdpi.ini.* rwl -> @{user_config_dirs}/smplayer/#[0-9]*[0-9], # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, # Cache diff --git a/apparmor.d/profiles-m-z/spflashtool b/apparmor.d/profiles-m-z/spflashtool index aa01a5dc3..af188baec 100644 --- a/apparmor.d/profiles-m-z/spflashtool +++ b/apparmor.d/profiles-m-z/spflashtool @@ -35,10 +35,10 @@ profile spflashtool @{exec_path} { # For reading the scatter.txt file owner /**/scatter.txt r, - owner @{HOME}/.config/Trolltech.conf rwk, + owner @{user_config_dirs}/Trolltech.conf rwk, - owner @{HOME}/.config/MTK/ rw, - owner @{HOME}/.config/MTK/Clipper.conf rwk, + owner @{user_config_dirs}/MTK/ rw, + owner @{user_config_dirs}/MTK/Clipper.conf rwk, /dev/ r, # For reading/writing from/to phone flash memory diff --git a/apparmor.d/profiles-m-z/strawberry b/apparmor.d/profiles-m-z/strawberry index a436d6fcf..d8ac3cb3d 100644 --- a/apparmor.d/profiles-m-z/strawberry +++ b/apparmor.d/profiles-m-z/strawberry @@ -58,8 +58,8 @@ profile strawberry @{exec_path} { owner @{HOME}/**.{M3U,XSPF,PLS,ASX,CUE,WPL} rw, owner @{HOME}/ r, - owner @{HOME}/.config/strawberry/ rw, - owner @{HOME}/.config/strawberry/* rwkl -> @{HOME}/.config/strawberry/#[0-9]*[0-9], + owner @{user_config_dirs}/strawberry/ rw, + owner @{user_config_dirs}/strawberry/* rwkl -> @{user_config_dirs}/strawberry/#[0-9]*[0-9], owner @{HOME}/.local/share/strawberry/ rw, owner @{HOME}/.local/share/strawberry/** rwk, @@ -74,7 +74,7 @@ profile strawberry @{exec_path} { owner @{user_cache_dirs}/xine-lib/ rw, owner @{user_cache_dirs}/xine-lib/plugins.cache{,.new} rw, - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, owner @{PROC}/@{pid}/mountinfo r, diff --git a/apparmor.d/profiles-m-z/syncthing b/apparmor.d/profiles-m-z/syncthing index f2616b020..133f7fd80 100644 --- a/apparmor.d/profiles-m-z/syncthing +++ b/apparmor.d/profiles-m-z/syncthing @@ -28,8 +28,8 @@ profile syncthing @{exec_path} { /{usr/,}bin/ip rix, owner @{HOME}/ r, - owner @{HOME}/.config/syncthing/ rw, - owner @{HOME}/.config/syncthing/** rwk, + owner @{user_config_dirs}/syncthing/ rw, + owner @{user_config_dirs}/syncthing/** rwk, @{SYNC_DIR}/{,**} rw, diff --git a/apparmor.d/profiles-m-z/tint2 b/apparmor.d/profiles-m-z/tint2 index a6bf254ae..14b813461 100644 --- a/apparmor.d/profiles-m-z/tint2 +++ b/apparmor.d/profiles-m-z/tint2 @@ -24,7 +24,7 @@ profile tint2 @{exec_path} { # Tint2 config files /etc/xdg/tint2/tint2rc r, - owner @{HOME}/.config/tint2/{,*} rw, + owner @{user_config_dirs}/tint2/{,*} rw, # Tint2 cache files owner @{user_cache_dirs}/ rw, @@ -33,8 +33,8 @@ profile tint2 @{exec_path} { owner @{user_cache_dirs}/tint2/icon.cache rwk, # Launcher config files - owner @{HOME}/.config/launchers/{,*.desktop} r, - owner @{HOME}/.config/launchers/icons/{,*.png} r, + owner @{user_config_dirs}/launchers/{,*.desktop} r, + owner @{user_config_dirs}/launchers/icons/{,*.png} r, /{usr/,}lib/@{multiarch}/imlib2/loaders/*.so mr, diff --git a/apparmor.d/profiles-m-z/tint2conf b/apparmor.d/profiles-m-z/tint2conf index d55ab1736..fdd674453 100644 --- a/apparmor.d/profiles-m-z/tint2conf +++ b/apparmor.d/profiles-m-z/tint2conf @@ -26,8 +26,8 @@ profile tint2conf @{exec_path} { /etc/xdg/tint2/ r, /etc/xdg/tint2/tint2rc r, - owner @{HOME}/.config/tint2/ r, - owner @{HOME}/.config/tint2/* rw, + owner @{user_config_dirs}/tint2/ r, + owner @{user_config_dirs}/tint2/* rw, owner @{user_cache_dirs}/tint2/[0-9a-f]*.png r, diff --git a/apparmor.d/profiles-m-z/top b/apparmor.d/profiles-m-z/top index 3056a4a29..5086c292f 100644 --- a/apparmor.d/profiles-m-z/top +++ b/apparmor.d/profiles-m-z/top @@ -66,8 +66,8 @@ profile top @{exec_path} flags=(attach_disconnected) { @{sys}/devices/system/node/node[0-9]*/meminfo r, @{sys}/devices/system/node/node[0-9]*/cpumap r, - owner @{HOME}/.config/procps/ rw, - owner @{HOME}/.config/procps/toprc rw, + owner @{user_config_dirs}/procps/ rw, + owner @{user_config_dirs}/procps/toprc rw, include if exists } diff --git a/apparmor.d/profiles-m-z/udiskie b/apparmor.d/profiles-m-z/udiskie index 83a46d848..0766cb3c2 100644 --- a/apparmor.d/profiles-m-z/udiskie +++ b/apparmor.d/profiles-m-z/udiskie @@ -28,8 +28,8 @@ profile udiskie @{exec_path} { /{usr/,}bin/ r, /{usr/,}bin/xdg-open rCx -> open, - owner @{HOME}/.config/udiskie/ r, - owner @{HOME}/.config/udiskie/config.yml r, + owner @{user_config_dirs}/udiskie/ r, + owner @{user_config_dirs}/udiskie/config.yml r, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-m-z/udiskie-info b/apparmor.d/profiles-m-z/udiskie-info index 612f854c9..3c3c709d1 100644 --- a/apparmor.d/profiles-m-z/udiskie-info +++ b/apparmor.d/profiles-m-z/udiskie-info @@ -16,8 +16,8 @@ profile udiskie-info @{exec_path} { /usr/bin/ r, - owner @{HOME}/.config/udiskie/ r, - owner @{HOME}/.config/udiskie/config.yml r, + owner @{user_config_dirs}/udiskie/ r, + owner @{user_config_dirs}/udiskie/config.yml r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-m-z/udiskie-mount b/apparmor.d/profiles-m-z/udiskie-mount index 97f166441..9ffbf6062 100644 --- a/apparmor.d/profiles-m-z/udiskie-mount +++ b/apparmor.d/profiles-m-z/udiskie-mount @@ -16,8 +16,8 @@ profile udiskie-mount @{exec_path} { /usr/bin/ r, - owner @{HOME}/.config/udiskie/ r, - owner @{HOME}/.config/udiskie/config.yml r, + owner @{user_config_dirs}/udiskie/ r, + owner @{user_config_dirs}/udiskie/config.yml r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-m-z/udiskie-umount b/apparmor.d/profiles-m-z/udiskie-umount index ec512b793..d7f142669 100644 --- a/apparmor.d/profiles-m-z/udiskie-umount +++ b/apparmor.d/profiles-m-z/udiskie-umount @@ -16,8 +16,8 @@ profile udiskie-umount @{exec_path} { /usr/bin/ r, - owner @{HOME}/.config/udiskie/ r, - owner @{HOME}/.config/udiskie/config.yml r, + owner @{user_config_dirs}/udiskie/ r, + owner @{user_config_dirs}/udiskie/config.yml r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-m-z/usbguard-applet-qt b/apparmor.d/profiles-m-z/usbguard-applet-qt index 0e43bc8a9..e3fd579b7 100644 --- a/apparmor.d/profiles-m-z/usbguard-applet-qt +++ b/apparmor.d/profiles-m-z/usbguard-applet-qt @@ -25,8 +25,8 @@ profile usbguard-applet-qt @{exec_path} { @{exec_path} mr, - owner @{HOME}/.config/USBGuard/ rw, - owner @{HOME}/.config/USBGuard/* rwkl -> @{HOME}/.config/USBGuard/#[0-9]*[0-9], + owner @{user_config_dirs}/USBGuard/ rw, + owner @{user_config_dirs}/USBGuard/* rwkl -> @{user_config_dirs}/USBGuard/#[0-9]*[0-9], /dev/shm/#[0-9]*[0-9] rw, /dev/shm/qb-usbguard-{request,response,event}-[0-9]*-[0-9]*-[0-9]*-{header,data} rw, @@ -41,7 +41,7 @@ profile usbguard-applet-qt @{exec_path} { /usr/share/hwdata/pnp.ids r, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, /var/lib/dbus/machine-id r, diff --git a/apparmor.d/profiles-m-z/usr.bin.pidgin b/apparmor.d/profiles-m-z/usr.bin.pidgin index 1f6eee540..b77a8bdec 100644 --- a/apparmor.d/profiles-m-z/usr.bin.pidgin +++ b/apparmor.d/profiles-m-z/usr.bin.pidgin @@ -41,8 +41,8 @@ include owner @{HOME}/.purple/ rw, owner @{HOME}/.purple/** rwk, owner @{HOME}/.purple/plugins/*.so m, - owner @{HOME}/.config/indicators/ rw, - owner @{HOME}/.config/indicators/** rw, + owner @{user_config_dirs}/indicators/ rw, + owner @{user_config_dirs}/indicators/** rw, owner @{HOME}/.local/share/applications/ r, # Uncomment the two following lines if you want to allow Pidgin to update diff --git a/apparmor.d/profiles-m-z/vidcutter b/apparmor.d/profiles-m-z/vidcutter index c05c5385a..0b3cc0762 100644 --- a/apparmor.d/profiles-m-z/vidcutter +++ b/apparmor.d/profiles-m-z/vidcutter @@ -75,8 +75,8 @@ profile vidcutter @{exec_path} { owner /{home,media}/**.@{vidcutter_ext} rw, owner @{HOME}/ r, - owner @{HOME}/.config/vidcutter/ rw, - owner @{HOME}/.config/vidcutter/* rwkl -> @{HOME}/.config/vidcutter/#[0-9]*[0-9], + owner @{user_config_dirs}/vidcutter/ rw, + owner @{user_config_dirs}/vidcutter/* rwkl -> @{user_config_dirs}/vidcutter/#[0-9]*[0-9], # If one is blocked, the others are probed. deny owner @{HOME}/#[0-9]*[0-9] mrw, @@ -91,7 +91,7 @@ profile vidcutter @{exec_path} { owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9], - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, deny owner @{PROC}/@{pid}/cmdline r, diff --git a/apparmor.d/profiles-m-z/volumeicon b/apparmor.d/profiles-m-z/volumeicon index a1fd0eeb6..a3404ed21 100644 --- a/apparmor.d/profiles-m-z/volumeicon +++ b/apparmor.d/profiles-m-z/volumeicon @@ -27,8 +27,8 @@ profile volumeicon @{exec_path} { /usr/share/volumeicon/** r, # Volumeicon config files - owner @{HOME}/.config/volumeicon/ rw, - owner @{HOME}/.config/volumeicon/volumeicon* rw, + owner @{user_config_dirs}/volumeicon/ rw, + owner @{user_config_dirs}/volumeicon/volumeicon* rw, /var/lib/dbus/machine-id r, /etc/machine-id r, diff --git a/apparmor.d/profiles-m-z/wireshark b/apparmor.d/profiles-m-z/wireshark index 724111518..a33e0fd36 100644 --- a/apparmor.d/profiles-m-z/wireshark +++ b/apparmor.d/profiles-m-z/wireshark @@ -51,10 +51,10 @@ profile wireshark @{exec_path} { # Wireshark home files owner @{HOME}/.wireshark/{,*} rw, - owner @{HOME}/.config/wireshark/{,*} rw, + owner @{user_config_dirs}/wireshark/{,*} rw, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, deny @{PROC}/sys/kernel/random/boot_id r, diff --git a/apparmor.d/profiles-m-z/wpa-gui b/apparmor.d/profiles-m-z/wpa-gui index a7c1f85a6..ff86e031d 100644 --- a/apparmor.d/profiles-m-z/wpa-gui +++ b/apparmor.d/profiles-m-z/wpa-gui @@ -30,7 +30,7 @@ profile wpa-gui @{exec_path} { owner @{PROC}/@{pid}/cmdline r, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, /usr/share/hwdata/pnp.ids r, diff --git a/apparmor.d/profiles-m-z/xarchiver b/apparmor.d/profiles-m-z/xarchiver index 594a54d34..73099067f 100644 --- a/apparmor.d/profiles-m-z/xarchiver +++ b/apparmor.d/profiles-m-z/xarchiver @@ -47,8 +47,8 @@ profile xarchiver @{exec_path} { owner @{run}/user/[0-9]*/dconf/ rw, owner @{run}/user/[0-9]*/dconf/user rw, - owner @{HOME}/.config/xarchiver/ rw, - owner @{HOME}/.config/xarchiver/xarchiverrc{,.*} rw, + owner @{user_config_dirs}/xarchiver/ rw, + owner @{user_config_dirs}/xarchiver/xarchiverrc{,.*} rw, owner @{HOME}/.bz2 rw, diff --git a/apparmor.d/profiles-m-z/xdg-desktop-menu b/apparmor.d/profiles-m-z/xdg-desktop-menu index e36a86e8c..c8518e255 100644 --- a/apparmor.d/profiles-m-z/xdg-desktop-menu +++ b/apparmor.d/profiles-m-z/xdg-desktop-menu @@ -32,7 +32,7 @@ profile xdg-desktop-menu @{exec_path} flags=(complain) { /{usr/,}bin/update-desktop-database rPx, - owner @{HOME}/.config/menus/applications-merged/xdg-desktop-menu-dummy.menu rw, + owner @{user_config_dirs}/menus/applications-merged/xdg-desktop-menu-dummy.menu rw, owner @{HOME}/.local/share/applications/chrome-*.desktop rw, owner @{HOME}/.gnome/apps/chrome-*.desktop rw, diff --git a/apparmor.d/profiles-m-z/xdg-mime b/apparmor.d/profiles-m-z/xdg-mime index 29eb6fcca..e6529be85 100644 --- a/apparmor.d/profiles-m-z/xdg-mime +++ b/apparmor.d/profiles-m-z/xdg-mime @@ -40,7 +40,7 @@ profile xdg-mime @{exec_path} { deny /{usr/,}bin/dbus-launch rx, deny /{usr/,}bin/dbus-send rx, - owner @{HOME}/.config/mimeapps.list{,.new} rw, + owner @{user_config_dirs}/mimeapps.list{,.new} rw, owner @{HOME}/.Xauthority r, diff --git a/apparmor.d/profiles-m-z/xdg-settings b/apparmor.d/profiles-m-z/xdg-settings index c44402e25..d6f0c4b63 100644 --- a/apparmor.d/profiles-m-z/xdg-settings +++ b/apparmor.d/profiles-m-z/xdg-settings @@ -44,7 +44,7 @@ profile xdg-settings @{exec_path} { owner @{PROC}/@{pid}/fd/ r, /etc/xdg/xfce4/helpers.rc r, - owner @{HOME}/.config/xfce4/helpers.rc{,.*} rw, + owner @{user_config_dirs}/xfce4/helpers.rc{,.*} rw, owner @{HOME}/.Xauthority r, diff --git a/apparmor.d/profiles-m-z/xfce4-notifyd b/apparmor.d/profiles-m-z/xfce4-notifyd index a253d020f..d769a25a9 100644 --- a/apparmor.d/profiles-m-z/xfce4-notifyd +++ b/apparmor.d/profiles-m-z/xfce4-notifyd @@ -26,7 +26,7 @@ profile xfce4-notifyd @{exec_path} { owner /tmp/.org.chromium.Chromium.* rw, # For calibre notifications - owner @{HOME}/.config/calibre/resources/images/*.png r, + owner @{user_config_dirs}/calibre/resources/images/*.png r, # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/profiles-m-z/xfconfd b/apparmor.d/profiles-m-z/xfconfd index 61c441104..0e1ef20c0 100644 --- a/apparmor.d/profiles-m-z/xfconfd +++ b/apparmor.d/profiles-m-z/xfconfd @@ -15,7 +15,7 @@ profile xfconfd @{exec_path} { /etc/xdg/xfce4/xfconf/*/*.xml r, - owner @{HOME}/.config/xfce4/xfconf/*/*.xml{,.new} rw, + owner @{user_config_dirs}/xfce4/xfconf/*/*.xml{,.new} rw, # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/profiles-m-z/xrdb b/apparmor.d/profiles-m-z/xrdb index 043b1b9fa..9dea8aa03 100644 --- a/apparmor.d/profiles-m-z/xrdb +++ b/apparmor.d/profiles-m-z/xrdb @@ -24,10 +24,10 @@ profile xrdb @{exec_path} { # The location of the .Xresources file owner @{HOME}/.Xresources r, - owner @{HOME}/.config/.Xresources r, - owner @{HOME}/.config/Xresources/.Xresources r, + owner @{user_config_dirs}/.Xresources r, + owner @{user_config_dirs}/Xresources/.Xresources r, # If the .Xresources file includes some additional files - owner @{HOME}/.config/Xresources/* r, + owner @{user_config_dirs}/Xresources/* r, owner /tmp/xauth-[0-9]*-_[0-9] r, owner /tmp/kcminit.* r, diff --git a/apparmor.d/profiles-m-z/youtube-dl b/apparmor.d/profiles-m-z/youtube-dl index 2a644ef29..806e4ae93 100644 --- a/apparmor.d/profiles-m-z/youtube-dl +++ b/apparmor.d/profiles-m-z/youtube-dl @@ -85,7 +85,7 @@ profile youtube-dl @{exec_path} { owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/youtube-dl/{,**} rw, - owner @{HOME}/.config/git/config r, + owner @{user_config_dirs}/git/config r, # External apps /{usr/,}bin/ffmpeg rPUx, diff --git a/apparmor.d/profiles-m-z/youtube-viewer b/apparmor.d/profiles-m-z/youtube-viewer index 03877a908..b3be33435 100644 --- a/apparmor.d/profiles-m-z/youtube-viewer +++ b/apparmor.d/profiles-m-z/youtube-viewer @@ -33,7 +33,7 @@ profile youtube-viewer @{exec_path} { /{usr/,}bin/wget rCx -> wget, - owner @{HOME}/.config/youtube-viewer/{,*} rw, + owner @{user_config_dirs}/youtube-viewer/{,*} rw, owner @{user_cache_dirs}/youtube-viewer/{,*} rw, owner @{HOME}/Downloads/youtube-viewer/{,*} rw,