From 81b7ab0b6f939a6291884d53675ebf5d692496ea Mon Sep 17 00:00:00 2001 From: nobody43 Date: Sat, 12 Aug 2023 17:10:53 +0000 Subject: [PATCH] dbus temp tails --- apparmor.d/abstractions/dbus-session-strict.d/complete | 8 ++++---- apparmor.d/abstractions/ibus.d/complete | 8 ++++---- apparmor.d/groups/bus/dbus-daemon | 2 -- apparmor.d/groups/bus/ibus-daemon | 6 +++--- apparmor.d/groups/bus/ibus-dconf | 4 ++-- apparmor.d/groups/bus/ibus-engine-simple | 2 +- apparmor.d/groups/gnome/gnome-control-center | 2 +- apparmor.d/groups/gnome/gnome-session-ctl | 2 +- apparmor.d/groups/gnome/gnome-shell | 2 +- apparmor.d/profiles-g-l/gsettings | 4 ++-- apparmor.d/profiles-m-r/qbittorrent | 2 -- 11 files changed, 19 insertions(+), 23 deletions(-) diff --git a/apparmor.d/abstractions/dbus-session-strict.d/complete b/apparmor.d/abstractions/dbus-session-strict.d/complete index ab2da5eee..c6f5f0f60 100644 --- a/apparmor.d/abstractions/dbus-session-strict.d/complete +++ b/apparmor.d/abstractions/dbus-session-strict.d/complete @@ -2,12 +2,12 @@ # Copyright (C) 2022 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only - unix (connect, send, receive, accept) type=stream addr="@/tmp/dbus-*", - unix (bind, listen) type=stream addr="@/tmp/dbus-*", + unix (connect, send, receive, accept) type=stream addr="@/tmp/dbus-????????", + unix (bind, listen) type=stream addr="@/tmp/dbus-????????", - unix (connect, receive, send, accept) type=stream peer=(addr="@/tmp/dbus-*"), + unix (connect, send, receive, accept) type=stream peer=(addr="@/tmp/dbus-????????"), owner @{run}/user/@{uid}/at-spi/ rw, owner @{run}/user/@{uid}/at-spi/bus{,_[0-9]*} rw, - owner /tmp/dbus-[0-9a-zA-Z]* rw, + owner /tmp/dbus-@{rand8} rw, diff --git a/apparmor.d/abstractions/ibus.d/complete b/apparmor.d/abstractions/ibus.d/complete index 103ac89ad..7a22a6b01 100644 --- a/apparmor.d/abstractions/ibus.d/complete +++ b/apparmor.d/abstractions/ibus.d/complete @@ -6,17 +6,17 @@ # abstract path in ibus < 1.5.22 uses /tmp unix (connect, receive, send) type=stream - peer=(addr="@/tmp/ibus/dbus-*"), + peer=(addr="@/tmp/ibus/dbus-????????"), # abstract path in ibus >= 1.5.22 uses $XDG_CACHE_HOME (ie, @{user_cache_dirs}) # This should use this, but due to LP: #1856738 we cannot #unix (connect, receive, send) # type=stream - # peer=(addr="@@{user_cache_dirs}/ibus/dbus-*"), + # peer=(addr="@@{user_cache_dirs}/ibus/dbus-????????"), unix (connect, receive, send) type=stream - peer=(addr="@/home/*/.cache/ibus/dbus-*"), + peer=(addr="@/home/*/.cache/ibus/dbus-????????"), unix (connect, send, receive, accept, bind, listen) type=stream - addr="@/home/*/.cache/ibus/dbus-*", + addr="@/home/*/.cache/ibus/dbus-????????", diff --git a/apparmor.d/groups/bus/dbus-daemon b/apparmor.d/groups/bus/dbus-daemon index af6ab9a37..0c217a2a1 100644 --- a/apparmor.d/groups/bus/dbus-daemon +++ b/apparmor.d/groups/bus/dbus-daemon @@ -77,8 +77,6 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) { owner @{user_share_dirs}/dbus-1/{,**} r, @{user_share_dirs}/icc/{,edid-*} r, - owner /tmp/dbus-[0-9a-zA-Z]* rw, - owner @{run}/user/@{uid}/dbus-1/ rw, owner @{run}/user/@{uid}/dbus-1/services/ rw, @{run}/systemd/inhibit/[0-9]*.ref rw, diff --git a/apparmor.d/groups/bus/ibus-daemon b/apparmor.d/groups/bus/ibus-daemon index 593ac6d4a..645d64b57 100644 --- a/apparmor.d/groups/bus/ibus-daemon +++ b/apparmor.d/groups/bus/ibus-daemon @@ -16,9 +16,9 @@ profile ibus-daemon @{exec_path} flags=(attach_disconnected) { signal (receive) set=(usr1) peer=gnome-shell, signal (send) set=(term) peer=ibus*, - unix (bind, listen) type=stream addr=@/var/lib/gdm{3,}/.cache/ibus/dbus-*, - unix (send, receive, accept) type=stream addr=@/var/lib/gdm{3,}/.cache/ibus/dbus-* peer=(label=ibus-*), - unix (send, receive, accept) type=stream addr=@/var/lib/gdm{3,}/.cache/ibus/dbus-* peer=(label=gnome-shell), + unix (bind, listen) type=stream addr="@/var/lib/gdm{3,}/.cache/ibus/dbus-????????", + unix (send, receive, accept) type=stream addr="@/var/lib/gdm{3,}/.cache/ibus/dbus-????????" peer=(label=ibus-*), + unix (send, receive, accept) type=stream addr="@/var/lib/gdm{3,}/.cache/ibus/dbus-????????" peer=(label=gnome-shell), dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/groups/bus/ibus-dconf b/apparmor.d/groups/bus/ibus-dconf index 16fc32304..4b797c50b 100644 --- a/apparmor.d/groups/bus/ibus-dconf +++ b/apparmor.d/groups/bus/ibus-dconf @@ -17,8 +17,8 @@ profile ibus-dconf @{exec_path} flags=(attach_disconnected) { signal (receive) set=term peer=ibus-daemon, - unix (send, receive, connect) type=stream peer=(addr="@/home/*/.cache/ibus/dbus-*", label=ibus-daemon), - unix (send, receive, connect) type=stream peer=(addr="@/var/lib/gdm{3,}/.cache/ibus/dbus-*", label=ibus-daemon), + unix (send, receive, connect) type=stream peer=(addr="@/home/*/.cache/ibus/dbus-????????", label=ibus-daemon), + unix (send, receive, connect) type=stream peer=(addr="@/var/lib/gdm{3,}/.cache/ibus/dbus-????????", label=ibus-daemon), dbus receive bus=session path=/ interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/bus/ibus-engine-simple b/apparmor.d/groups/bus/ibus-engine-simple index 6eade0525..60f0bcbe4 100644 --- a/apparmor.d/groups/bus/ibus-engine-simple +++ b/apparmor.d/groups/bus/ibus-engine-simple @@ -14,7 +14,7 @@ profile ibus-engine-simple @{exec_path} flags=(attach_disconnected) { signal (receive) set=term peer=ibus-daemon, - unix (send, receive, connect) type=stream peer=(addr="@/var/lib/gdm{3,}/.cache/ibus/dbus-*", label=ibus-daemon), + unix (send, receive, connect) type=stream peer=(addr="@/var/lib/gdm{3,}/.cache/ibus/dbus-????????", label=ibus-daemon), @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gnome-control-center b/apparmor.d/groups/gnome/gnome-control-center index 00254ddce..a9480a498 100644 --- a/apparmor.d/groups/gnome/gnome-control-center +++ b/apparmor.d/groups/gnome/gnome-control-center @@ -35,7 +35,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) { signal (send) set=(kill) peer=unconfined, signal (send) set=(kill) peer=passwd, - unix (send, receive, connect) type=stream peer=(addr="@/home/*/.cache/ibus/dbus-*", label=ibus-daemon), + unix (send, receive, connect) type=stream peer=(addr="@/home/*/.cache/ibus/dbus-????????", label=ibus-daemon), dbus send bus=accessibility path=/org/a11y/atspi/accessible/root interface=org.a11y.atspi.Socket diff --git a/apparmor.d/groups/gnome/gnome-session-ctl b/apparmor.d/groups/gnome/gnome-session-ctl index e6457817b..b5ffa063f 100644 --- a/apparmor.d/groups/gnome/gnome-session-ctl +++ b/apparmor.d/groups/gnome/gnome-session-ctl @@ -21,7 +21,7 @@ profile gnome-session-ctl @{exec_path} { member=Initialized peer=(name=org.gnome.SessionManager, label=gnome-session-binary), - unix (send, receive, connect) type=stream peer=(addr=@/tmp/dbus-*, label=dbus-daemon), + unix (send, receive, connect) type=stream peer=(addr=@/tmp/dbus-????????, label=dbus-daemon), @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index cf21a68bd..ee432e943 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -52,7 +52,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { unix (send,receive) type=stream addr=none peer=(label=gnome-extension-ding), unix (send,receive) type=stream addr=none peer=(label=xkbcomp), unix (send,receive) type=stream addr=none peer=(label=xwayland), - unix (send, receive, connect) type=stream peer=(addr="@/var/lib/gdm{3,}/.cache/ibus/dbus-*", label=ibus-daemon), + unix (send, receive, connect) type=stream peer=(addr="@/var/lib/gdm{3,}/.cache/ibus/dbus-????????", label=ibus-daemon), dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/profiles-g-l/gsettings b/apparmor.d/profiles-g-l/gsettings index 78174cc29..fba7f30c4 100644 --- a/apparmor.d/profiles-g-l/gsettings +++ b/apparmor.d/profiles-g-l/gsettings @@ -11,7 +11,7 @@ profile gsettings @{exec_path} { include include - unix (connect, receive, send) type=stream peer=(addr="@/tmp/dbus-*"), + unix (connect, receive, send) type=stream peer=(addr="@/tmp/dbus-????????"), @{exec_path} mr, @@ -27,4 +27,4 @@ profile gsettings @{exec_path} { owner @{run}/user/@{uid}/bus rw, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/profiles-m-r/qbittorrent b/apparmor.d/profiles-m-r/qbittorrent index f8907ed54..0f4717aa4 100644 --- a/apparmor.d/profiles-m-r/qbittorrent +++ b/apparmor.d/profiles-m-r/qbittorrent @@ -106,8 +106,6 @@ profile qbittorrent @{exec_path} { dbus bind bus=session name=org.kde.StatusNotifierItem-*, - owner /tmp/dbus-[0-9a-zA-Z]* rw, - @{exec_path} mr, # For "search engine"