feat(abs): minor improvement & cosmetic.

2025-06-01 15:48:38 +02:00 · 2025-06-01 15:48:38 +02:00 · 8452eb44f1
commit 8452eb44f1
parent af82a9caa6
11 changed files with 22 additions and 9 deletions
--- a/apparmor.d/abstractions/app/kmod
+++ b/apparmor.d/abstractions/app/kmod
@ -7,9 +7,9 @@
  include <abstractions/consoles>
  @{bin}/kmod       mr,
  @{sbin}/depmod    mr,
  @{sbin}/insmod    mr,
  @{bin}/kmod       mr,
  @{sbin}/lsmod     mr,
  @{sbin}/modinfo   mr,
  @{sbin}/modprobe  mr,
--- a/apparmor.d/abstractions/app/pager
+++ b/apparmor.d/abstractions/app/pager
@ -12,7 +12,7 @@
  capability dac_override,
  capability dac_read_search,
-  signal (receive) set=(stop, cont, term, kill),
+  signal receive set=(stop, cont, term, kill),
  @{bin}/       r,
  @{pager_path} mrix,
--- a/apparmor.d/abstractions/app/sudo
+++ b/apparmor.d/abstractions/app/sudo
@ -3,7 +3,7 @@
 # SPDX-License-Identifier: GPL-2.0-only
 # LOGPROF-SUGGEST: no
-# Minimal set of rules for sudo. Interactive sudo need more rules.
+# Minimal set of rules for sudo.
  abi <abi/4.0>,
@ -24,6 +24,8 @@
  network netlink raw,   # PAM
  unix type=stream addr=@@{udbus}/bus/sudo/system,
  #aa:dbus talk bus=system name=org.freedesktop.home1 label="@{p_systemd_homed}"
  #aa:dbus talk bus=system name=org.freedesktop.login1 label="@{p_systemd_logind}"
--- a/apparmor.d/abstractions/base.d/complete
+++ b/apparmor.d/abstractions/base.d/complete
@ -3,14 +3,16 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
  # Systemd: allow to receive any signal from the systemd profiles stack
  signal receive                           peer=@{p_systemd},
  signal receive                           peer=@{p_systemd_user},
  # Allow to receive some signals from new well-known profiles
  signal (receive)                           peer=btop,
  signal (receive)                           peer=htop,
  signal (receive)                           peer=sudo,
  signal (receive)                           peer=top,
  signal (receive) set=(cont,term,kill,stop) peer=systemd-shutdown,
  signal (receive) set=(cont,term)           peer=@{p_systemd_user},
  signal (receive) set=(cont,term)           peer=@{p_systemd},
  signal (receive) set=(hup term)            peer=login,
  signal (receive) set=(hup)                 peer=xinit,
  signal (receive) set=(term,kill)           peer=gnome-shell,
--- a/apparmor.d/abstractions/bus/org.freedesktop.Avahi
+++ b/apparmor.d/abstractions/bus/org.freedesktop.Avahi
@ -9,7 +9,7 @@
  dbus send bus=system path=/
       interface=org.freedesktop.DBus.Peer
       member=Ping
-       peer=(name=org.freedesktop.Avahi, label="@{p_avahi_daemon}"),
+       peer=(name=org.freedesktop.Avahi),
  dbus send bus=system path=/
       interface=org.freedesktop.Avahi.Server
--- a/apparmor.d/abstractions/consoles.d/complete
+++ b/apparmor.d/abstractions/consoles.d/complete
@ -0,0 +1,7 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
  /dev/tty@{u8} rw,
 # vim:syntax=apparmor
--- a/apparmor.d/abstractions/vulkan.d/complete
+++ b/apparmor.d/abstractions/vulkan.d/complete
@ -1,4 +1,5 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
  /etc/glvnd/egl_vendor.d/{,*.json} r,
--- a/apparmor.d/abstractions/webkit
+++ b/apparmor.d/abstractions/webkit
@ -2,7 +2,7 @@
 # Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
-# Minimal set of rules for webkit UI.
+# Minimal set of rules for webkit GTK UI.
  abi <abi/4.0>,
--- a/apparmor.d/abstractions/zsh
+++ b/apparmor.d/abstractions/zsh
@ -12,6 +12,7 @@
  /usr/local/share/zsh/{,**} r,
  /usr/share/oh-my-zsh/{,**} r,
  /usr/share/zsh-theme-*/{,**} r,
  /usr/share/zsh/{,**} r,
  /etc/zsh/* r,