freedesktop

2023-02-25 18:44:21 +00:00 · 2023-02-25 18:44:21 +00:00 · 8c0e0a9de1
commit 8c0e0a9de1
parent 491d2176a8
90 changed files with 48 additions and 137 deletions
--- a/apparmor.d/profiles-a-f/appstreamcli
+++ b/apparmor.d/profiles-a-f/appstreamcli
@ -23,10 +23,8 @@ profile appstreamcli @{exec_path} flags=(complain) {

  /usr/share/app-info/{,**} r,
  /usr/share/appdata/ r,
-  /usr/share/applications/{,*.desktop} r,
  /usr/share/metainfo/ r,
  /usr/share/metainfo/*.{metainfo,appdata}.xml r,
-  /usr/share/mime/mime.cache r,
  /usr/share/swcatalog/{,**} r,

  /etc/appstream.conf r,
@ -35,7 +33,6 @@ profile appstreamcli @{exec_path} flags=(complain) {
  owner @{user_cache_dirs}/appstream-cache-*.mdb rw,
  owner @{user_cache_dirs}/appstream/ rw,
  owner @{user_cache_dirs}/appstream/appcache-*.mdb rw,
-  owner @{user_share_dirs}/mime/mime.cache r,
  
  /var/lib/app-info/ w,
  /var/lib/app-info/yaml/ r,
@ -60,6 +57,11 @@ profile appstreamcli @{exec_path} flags=(complain) {

  owner @{PROC}/@{pid}/fd/ r,

+  # freedesktop.org-strict
+  /usr/share/applications/{,*.desktop} r,
+  /usr/share/mime/mime.cache r,
+  owner @{user_share_dirs}/mime/mime.cache r,
+
  profile curl {
    include <abstractions/base>
    include <abstractions/nameservice-strict>
--- a/apparmor.d/profiles-a-f/arduino
+++ b/apparmor.d/profiles-a-f/arduino
@ -82,7 +82,6 @@ profile arduino @{exec_path} {
  owner @{run}/lock/tmp* rw,
  owner @{run}/lock/LCK..ttyS[0-9]* rw,

-  /usr/share/glib-2.0/schemas/gschemas.compiled r,

  owner @{PROC}/@{pid}/fd/ r,
  owner @{PROC}/@{pid}/coredump_filter rw,
--- a/apparmor.d/profiles-a-f/atril
+++ b/apparmor.d/profiles-a-f/atril
@ -51,7 +51,6 @@ profile atril @{exec_path} {

  /usr/share/atril/{,**} r,

-  /usr/share/glib-2.0/schemas/gschemas.compiled r,

       owner @{PROC}/@{pid}/fd/ r,
       owner @{PROC}/@{pid}/mountinfo r,
--- a/apparmor.d/profiles-a-f/blueman
+++ b/apparmor.d/profiles-a-f/blueman
@ -36,7 +36,6 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
  /{usr/,}bin/xdg-open      rCx -> open,

  /usr/share/blueman/{,**} r,
-  /usr/share/glib-2.0/schemas/gschemas.compiled r,
  /usr/share/X11/xkb/{,**} r,

  /etc/machine-id r,
--- a/apparmor.d/profiles-a-f/cawbird
+++ b/apparmor.d/profiles-a-f/cawbird
@ -39,7 +39,6 @@ profile cawbird @{exec_path} {
  owner @{user_cache_dirs}/ rw,
  owner @{user_cache_dirs}/cawbird-* rw,

-  /usr/share/glib-2.0/schemas/gschemas.compiled r,

  /usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r,

--- a/apparmor.d/profiles-a-f/claws-mail
+++ b/apparmor.d/profiles-a-f/claws-mail
@ -34,7 +34,6 @@ profile claws-mail @{exec_path} flags=(complain) {
  /{usr/,}{s,}bin/exim4  rPUx,
  /{usr/,}bin/geany      rPUx,

-  /usr/share/glib-2.0/schemas/gschemas.compiled r,
  /usr/share/publicsuffix/*.dafsa r,
  /usr/share/sounds/freedesktop/stereo/*.oga r,

--- a/apparmor.d/profiles-a-f/czkawka-gui
+++ b/apparmor.d/profiles-a-f/czkawka-gui
@ -37,7 +37,6 @@ profile czkawka-gui @{exec_path} {

  @{sys}/fs/cgroup/{,**} r,

-  /usr/share/glib-2.0/schemas/gschemas.compiled r,

  profile open {
    include <abstractions/base>
--- a/apparmor.d/profiles-a-f/deltachat-desktop
+++ b/apparmor.d/profiles-a-f/deltachat-desktop
@ -47,7 +47,6 @@ profile deltachat-desktop @{exec_path} {
  owner @{HOME}/.config/DeltaChat/ rw,
  owner @{HOME}/.config/DeltaChat/** rwk,

-  /usr/share/glib-2.0/schemas/gschemas.compiled r,

  owner /tmp/@{hex}/ rw,
  owner /tmp/@{hex}/db.sqlite-blobs/ rw,
--- a/apparmor.d/profiles-a-f/dino-im
+++ b/apparmor.d/profiles-a-f/dino-im
@ -31,7 +31,6 @@ profile dino-im @{exec_path} {
  /{usr/,}bin/gpgconf         rCx -> gpg,
  /{usr/,}bin/gpgsm           rCx -> gpg,

-  /usr/share/glib-2.0/schemas/gschemas.compiled r,

  owner @{user_share_dirs}/dino/ rw,
  owner @{user_share_dirs}/dino/** rwk,
--- a/apparmor.d/profiles-a-f/engrampa
+++ b/apparmor.d/profiles-a-f/engrampa
@ -125,7 +125,6 @@ profile engrampa @{exec_path} {

  /etc/magic r,

-  /usr/share/glib-2.0/schemas/gschemas.compiled r,

  # gnome-tiny
  @{run}/mount/utab r,
--- a/apparmor.d/profiles-a-f/exo-helper
+++ b/apparmor.d/profiles-a-f/exo-helper
@ -47,7 +47,6 @@ profile exo-helper @{exec_path} {

  /etc/fstab r,

-  /usr/share/glib-2.0/schemas/gschemas.compiled r,

  # file_inherit
  owner /dev/tty[0-9]* rw,
--- a/apparmor.d/profiles-a-f/file-roller
+++ b/apparmor.d/profiles-a-f/file-roller
@ -19,7 +19,6 @@ profile file-roller @{exec_path} {

  /{usr/,}bin/unzip  rix,

-  /usr/share/glib-2.0/schemas/gschemas.compiled r,
  /usr/share/themes/{,**} r,
  /usr/share/X11/xkb/{,**} r,

--- a/apparmor.d/profiles-a-f/firecfg
+++ b/apparmor.d/profiles-a-f/firecfg
@ -28,10 +28,11 @@ profile firecfg @{exec_path} flags=(attach_disconnected) {
  /usr/local/bin/ r,
  /usr/local/bin/* rw,

+  # freedesktop.org-strict
  /usr/share/applications/ r,
  /usr/share/applications/*.desktop r,
-
  @{user_share_dirs}/applications/ r,
+
  @{user_share_dirs}/applications/*.desktop rw,

  /dev/tty rw,
@ -39,4 +40,4 @@ profile firecfg @{exec_path} flags=(attach_disconnected) {
  deny /apparmor/.null rw,

  include if exists <local/firecfg>
-}
+}
--- a/apparmor.d/profiles-a-f/font-manager
+++ b/apparmor.d/profiles-a-f/font-manager
@ -29,7 +29,6 @@ profile font-manager @{exec_path} {
  /{usr/,}lib/@{multiarch}/webkit*gtk-*/WebKitWebProcess     rix,
  /{usr/,}lib/@{multiarch}/webkit*gtk-*/WebKitNetworkProcess rix,

-  /usr/share/glib-2.0/schemas/gschemas.compiled r,

  owner @{user_cache_dirs}/ rw,
  owner @{user_cache_dirs}/font-manager/ rw,