feat(profile): general update.

2023-11-26 21:24:40 +00:00 · 2023-11-26 21:24:40 +00:00 · 8250e202a0
commit 8250e202a0
parent 4b61abf7ce
37 changed files with 67 additions and 53 deletions
--- a/apparmor.d/groups/gnome/evolution-addressbook-factory
+++ b/apparmor.d/groups/gnome/evolution-addressbook-factory
@ -49,6 +49,8 @@ profile evolution-addressbook-factory @{exec_path} {
  /usr/share/glib-2.0/schemas/gschemas.compiled r,
  /usr/share/icu/@{int}.@{int}/*.dat r,

+  /etc/gnutls/config r,
+
  owner @{user_share_dirs}/evolution/{,**} rwk,
  owner @{user_cache_dirs}/evolution/addressbook/{,**} rwk,

--- a/apparmor.d/groups/gnome/evolution-calendar-factory
+++ b/apparmor.d/groups/gnome/evolution-calendar-factory
@ -47,6 +47,8 @@ profile evolution-calendar-factory @{exec_path} {

  /usr/share/glib-2.0/schemas/gschemas.compiled r,

+  /etc/gnutls/config r,
+
  owner @{user_cache_dirs}/evolution/calendar/{,**} rwk,
  owner @{user_cache_dirs}/evolution/tasks/{,**} rwk,

--- a/apparmor.d/groups/gnome/evolution-source-registry
+++ b/apparmor.d/groups/gnome/evolution-source-registry
@ -50,6 +50,8 @@ profile evolution-source-registry @{exec_path} {

  /usr/share/glib-2.0/schemas/gschemas.compiled r,

+  /etc/gnutls/config r,
+
  owner @{user_cache_dirs}/evolution/{,**} rwk,
  owner @{user_config_dirs}/evolution/sources/{,*} rw,
  owner @{user_share_dirs}/evolution/{,**} r,
--- a/apparmor.d/groups/gnome/gdm-wayland-session
+++ b/apparmor.d/groups/gnome/gdm-wayland-session
@ -17,6 +17,7 @@ profile gdm-wayland-session @{exec_path} {
  include <abstractions/nameservice-strict>
  include <abstractions/zsh>

+  signal (receive) set=(hup) peer=@{systemd},
  signal (receive) set=term peer=gdm{,-session-worker},
  signal (send) set=(term) peer=dbus-run-session,  
  signal (send) set=(term) peer=dbus-daemon,
--- a/apparmor.d/groups/gnome/gnome-session-ctl
+++ b/apparmor.d/groups/gnome/gnome-session-ctl
@ -11,6 +11,10 @@ profile gnome-session-ctl @{exec_path} {
  include <abstractions/base>
  include <abstractions/dbus-session-strict>

+  signal (receive) set=(kill) peer=@{systemd},
+
+  unix (send, receive, connect) type=stream peer=(addr=@/tmp/dbus-????????, label=dbus-daemon),
+
  dbus send bus=session path=/org/freedesktop/systemd[0-9]*
       interface=org.freedesktop.systemd[0-9]*.Manager
       member={StartUnit,StopUnit}
@ -21,12 +25,10 @@ profile gnome-session-ctl @{exec_path} {
       member=Initialized
       peer=(name=org.gnome.SessionManager, label=gnome-session-binary),

-  unix (send, receive, connect) type=stream peer=(addr=@/tmp/dbus-????????, label=dbus-daemon),
-
  @{exec_path} mr,

-  owner @{run}/user/@{uid}/gnome-session-leader-fifo r,
        @{run}/user/@{uid}/systemd/notify  rw,
+  owner @{run}/user/@{uid}/gnome-session-leader-fifo r,

  include if exists <local/gnome-session-ctl>
 }
--- a/apparmor.d/groups/gnome/gnome-shell
+++ b/apparmor.d/groups/gnome/gnome-shell
@ -468,7 +468,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
  @{lib}/*                rPUx,
  @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rix,

-  /usr/share/gnome-shell/extensions/ding@rastersoft.com/ding.js rPx,
+  /usr/share/gnome-shell/extensions/ding@rastersoft.com/{,*/}ding.js rPx,

  /opt/*/**/*.png r,
  /snap/*/@{uid}/**.png r,
@ -500,6 +500,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {

  /.flatpak-info r,
  /etc/fstab r,
+  /etc/gnutls/config r,
  /etc/pipewire/client.conf.d/{,**} r,
  /etc/timezone r,
  /etc/udev/hwdb.bin r,
--- a/apparmor.d/groups/gnome/gnome-software
+++ b/apparmor.d/groups/gnome/gnome-software
@ -53,6 +53,7 @@ profile gnome-software @{exec_path} {

  /etc/appstream.conf r,
  /etc/flatpak/remotes.d/{,**} r,
+  /etc/gnutls/config r,
  /etc/PackageKit/Vendor.conf r,
  /etc/pulse/client.conf r,

--- a/apparmor.d/groups/gnome/goa-daemon
+++ b/apparmor.d/groups/gnome/goa-daemon
@ -65,6 +65,8 @@ profile goa-daemon @{exec_path} {

  /usr/share/glib-2.0/schemas/gschemas.compiled r,

+  /etc/gnutls/config r,
+
  /var/lib/gdm{3,}/.config/dconf/user r,

  owner @{user_config_dirs}/goa-1.0/ rw,
--- a/apparmor.d/groups/gnome/gsd-print-notifications
+++ b/apparmor.d/groups/gnome/gsd-print-notifications
@ -79,8 +79,9 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) {
  @{exec_path} mr,
  @{lib}/gsd-printer rPx,

-  /etc/machine-id r,
  /etc/cups/client.conf r,
+  /etc/gnutls/config r,
+  /etc/machine-id r,

  @{run}/cups/cups.sock rw,

--- a/apparmor.d/groups/gnome/gsd-printer
+++ b/apparmor.d/groups/gnome/gsd-printer
@ -52,6 +52,8 @@ profile gsd-printer @{exec_path} flags=(attach_disconnected) {

  @{exec_path} mr,

+  /etc/gnutls/config r,
+
  owner /tmp/[a-z0-9]* rw,

  owner @{PROC}/@{pid}/cgroup r,
--- a/apparmor.d/groups/gnome/mutter-x11-frames
+++ b/apparmor.d/groups/gnome/mutter-x11-frames
@ -27,6 +27,8 @@ profile mutter-x11-frames @{exec_path} {
  /usr/share/dconf/profile/gdm r,
  /usr/share/gdm/greeter-dconf-defaults r,

+  /etc/gnutls/config r,
+
  /var/lib/gdm{3,}/.config/dconf/user r,
  /var/lib/gdm{3,}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,

--- a/apparmor.d/groups/gnome/tracker-miner
+++ b/apparmor.d/groups/gnome/tracker-miner
@ -16,6 +16,7 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) {
  include <abstractions/deny-sensitive-home>
  include <abstractions/disks-read>
  include <abstractions/freedesktop.org>
+  include <abstractions/gstreamer>
  include <abstractions/nameservice-strict>
  include <abstractions/private-files-strict>
  include <abstractions/private-files>