From 8e075d25fa468546fcf7412945e827b685cf9360 Mon Sep 17 00:00:00 2001 From: Mikhail Morfikov Date: Sun, 10 Jan 2021 16:35:07 +0100 Subject: [PATCH] update apparmor profiles --- apparmor.d/abstractions/X | 6 +- apparmor.d/abstractions/app-launcher-root | 2 +- apparmor.d/abstractions/app-launcher-user | 2 +- apparmor.d/abstractions/apt-common | 2 +- apparmor.d/abstractions/deny-dconf | 2 +- apparmor.d/abstractions/deny-root-dir-access | 2 +- apparmor.d/abstractions/disks-read | 2 +- apparmor.d/abstractions/disks-write | 2 +- apparmor.d/abstractions/file-browsing-strict | 2 +- apparmor.d/abstractions/flatpak-snap | 2 +- apparmor.d/abstractions/fontconfig-cache-read | 2 +- .../abstractions/fontconfig-cache-write | 2 +- apparmor.d/abstractions/fonts | 2 + apparmor.d/abstractions/fzf | 2 +- apparmor.d/abstractions/gtk | 2 +- apparmor.d/abstractions/kde4 | 2 +- apparmor.d/abstractions/kde5-plasma5 | 2 +- apparmor.d/abstractions/mesa | 13 +- apparmor.d/abstractions/mesa-cache-write | 31 ---- apparmor.d/abstractions/nameservice-strict | 2 +- apparmor.d/abstractions/systemd-common | 2 +- apparmor.d/abstractions/thumbnails-cache-read | 2 +- .../abstractions/thumbnails-cache-write | 2 +- apparmor.d/abstractions/trash | 2 +- apparmor.d/abstractions/user-download-strict | 2 +- apparmor.d/abstractions/vlc-art-cache-write | 2 +- apparmor.d/abstractions/wayland | 4 +- apparmor.d/abstractions/zsh | 2 +- apparmor.d/accounts-daemon | 2 +- apparmor.d/acpi | 2 +- apparmor.d/adduser | 2 +- apparmor.d/adequate | 2 +- apparmor.d/amarok | 2 +- apparmor.d/amixer | 2 +- apparmor.d/android-studio | 2 +- apparmor.d/anki | 2 +- apparmor.d/anyremote | 2 +- apparmor.d/aplay | 2 +- apparmor.d/appstreamcli | 2 +- apparmor.d/apt | 7 +- apparmor.d/apt-cache | 5 +- apparmor.d/apt-cdrom | 2 +- apparmor.d/apt-config | 2 +- apparmor.d/apt-extracttemplates | 2 +- apparmor.d/apt-file | 2 +- apparmor.d/apt-ftparchive | 2 +- apparmor.d/apt-get | 5 +- apparmor.d/apt-key | 2 +- apparmor.d/apt-listbugs | 2 +- apparmor.d/apt-listbugs-aptcleanup | 2 +- apparmor.d/apt-listbugs-migratepins | 2 +- apparmor.d/apt-listbugs-prefclean | 2 +- apparmor.d/apt-listchanges | 2 +- apparmor.d/apt-mark | 2 +- apparmor.d/apt-methods-cdrom | 2 +- apparmor.d/apt-methods-copy | 2 +- apparmor.d/apt-methods-file | 2 +- apparmor.d/apt-methods-ftp | 2 +- apparmor.d/apt-methods-gpgv | 2 +- apparmor.d/apt-methods-http | 2 +- apparmor.d/apt-methods-mirror | 2 +- apparmor.d/apt-methods-rred | 2 +- apparmor.d/apt-methods-rsh | 2 +- apparmor.d/apt-methods-store | 2 +- apparmor.d/apt-show-versions | 5 +- apparmor.d/apt-sortpkgs | 2 +- apparmor.d/apt-systemd-daily | 2 +- apparmor.d/aptitude | 5 +- apparmor.d/aptitude-changelog-parser | 2 +- apparmor.d/aptitude-create-state-bundle | 2 +- apparmor.d/aptitude-run-state-bundle | 2 +- apparmor.d/arandr | 2 +- apparmor.d/arduino | 151 ++++++++++++++++++ apparmor.d/at-spi-bus-launcher | 2 +- apparmor.d/at-spi2-registryd | 2 +- apparmor.d/atftpd | 2 +- apparmor.d/atom | 2 +- apparmor.d/badblocks | 2 +- apparmor.d/bin.netstat | 2 +- apparmor.d/bin.ping | 2 +- apparmor.d/biosdecode | 2 +- apparmor.d/birdtray | 2 +- apparmor.d/blkid | 2 +- apparmor.d/blockdev | 2 +- apparmor.d/bmon | 2 +- apparmor.d/borg | 2 +- apparmor.d/brave | 2 +- apparmor.d/brave-browser | 2 +- apparmor.d/brave-sandbox | 2 +- apparmor.d/btrfs | 2 +- apparmor.d/btrfs-convert | 2 +- apparmor.d/btrfs-find-root | 2 +- apparmor.d/btrfs-image | 2 +- apparmor.d/btrfs-map-logical | 2 +- apparmor.d/btrfs-select-super | 2 +- apparmor.d/btrfstune | 2 +- apparmor.d/calibre | 2 +- apparmor.d/cawbird | 2 +- apparmor.d/ccze | 2 +- apparmor.d/cfdisk | 2 +- apparmor.d/cgdisk | 2 +- apparmor.d/cgrulesengd | 2 +- apparmor.d/chage | 2 +- apparmor.d/changestool | 2 +- apparmor.d/check-bios-nx | 2 +- apparmor.d/check-support-status | 2 +- apparmor.d/check-support-status-hook | 2 +- apparmor.d/chfn | 2 +- apparmor.d/child-dpkg | 2 +- apparmor.d/child-dpkg-divert | 2 +- apparmor.d/child-lsb_release | 2 +- apparmor.d/child-pager | 2 +- apparmor.d/child-systemctl | 2 +- apparmor.d/chromium | 2 +- apparmor.d/chromium-chrome-sandbox | 2 +- apparmor.d/chromium-chromium | 2 +- apparmor.d/chsh | 2 +- apparmor.d/claws-mail | 2 +- apparmor.d/code | 2 +- apparmor.d/colord | 2 +- apparmor.d/colord-sane | 2 +- apparmor.d/colord-session | 2 +- apparmor.d/command-not-found | 2 +- apparmor.d/compton | 2 +- apparmor.d/convertall | 2 +- apparmor.d/cppw-cpgr | 2 +- apparmor.d/cpuid | 2 +- apparmor.d/cpupower | 2 +- apparmor.d/crda | 2 +- apparmor.d/cron | 58 +++---- apparmor.d/cron-apt | 2 +- apparmor.d/cron-apt-compat | 35 ++++ apparmor.d/cron-apt-listbugs | 4 +- apparmor.d/cron-apt-show-versions | 4 +- apparmor.d/cron-apt-xapian-index | 4 +- apparmor.d/cron-aptitude | 4 +- apparmor.d/cron-debsums | 4 +- apparmor.d/cron-debtags | 26 +++ apparmor.d/cron-dlocate | 4 +- apparmor.d/cron-exim4-base | 43 +++++ apparmor.d/cron-ipset-autoban-save | 4 +- apparmor.d/cron-logrotate | 4 +- apparmor.d/cron-man-db | 44 +++++ apparmor.d/cron-mlocate | 4 +- apparmor.d/cron-popularity-contest | 4 +- apparmor.d/crontab | 2 +- apparmor.d/curl | 3 +- apparmor.d/dbus-daemon | 2 +- apparmor.d/dconf-editor | 2 +- apparmor.d/dconf-service | 2 +- apparmor.d/ddclient | 2 +- apparmor.d/debconf-apt-progress | 2 +- apparmor.d/debconf-show | 2 +- apparmor.d/deborphan | 2 +- apparmor.d/debsecan | 2 +- apparmor.d/debsign | 2 +- apparmor.d/debsums | 2 +- apparmor.d/debtags | 5 +- apparmor.d/deluser | 2 +- apparmor.d/df | 4 +- apparmor.d/dfc | 2 +- apparmor.d/dhclient | 2 +- apparmor.d/dhclient-script | 2 +- apparmor.d/dig | 2 +- apparmor.d/dirmngr | 2 +- apparmor.d/discord | 2 +- apparmor.d/discord-chrome-sandbox | 2 +- apparmor.d/dkms | 2 +- apparmor.d/dkms-autoinstaller | 2 +- apparmor.d/dlocate | 2 +- apparmor.d/dmcrypt-get-device | 2 +- apparmor.d/dmesg | 2 +- apparmor.d/dmidecode | 2 +- apparmor.d/dnscrypt-proxy | 2 +- apparmor.d/dpkg | 2 +- apparmor.d/dpkg-architecture | 2 +- apparmor.d/dpkg-buildflags | 2 +- apparmor.d/dpkg-checkbuilddeps | 2 +- apparmor.d/dpkg-deb | 2 +- apparmor.d/dpkg-divert | 2 +- apparmor.d/dpkg-genbuildinfo | 2 +- apparmor.d/dpkg-genchanges | 2 +- apparmor.d/dpkg-preconfigure | 2 +- apparmor.d/dpkg-query | 2 +- apparmor.d/dpkg-split | 2 +- apparmor.d/dpkg-trigger | 2 +- apparmor.d/dpkg-vendor | 2 +- apparmor.d/dumpcap | 3 +- apparmor.d/dumpe2fs | 2 +- apparmor.d/e2fsck | 2 +- apparmor.d/e2image | 2 +- apparmor.d/edid-decode | 2 +- apparmor.d/eject | 2 +- apparmor.d/engrampa | 2 +- apparmor.d/execute-dcut | 2 +- apparmor.d/execute-dput | 2 +- apparmor.d/exim4 | 2 +- apparmor.d/exo-compose-mail | 2 +- apparmor.d/exo-helper | 2 +- apparmor.d/exo-open | 2 +- apparmor.d/f3brew | 2 +- apparmor.d/f3fix | 2 +- apparmor.d/f3probe | 2 +- apparmor.d/f3read | 2 +- apparmor.d/f3write | 2 +- apparmor.d/fatlabel | 2 +- apparmor.d/fatresize | 2 +- apparmor.d/fc-list | 2 +- apparmor.d/fdisk | 2 +- apparmor.d/ffmpeg | 2 +- apparmor.d/ffplay | 2 +- apparmor.d/ffprobe | 2 +- apparmor.d/filecap | 2 +- apparmor.d/filezilla | 2 +- apparmor.d/firefox | 13 +- apparmor.d/firefox-crashreporter | 18 ++- apparmor.d/firefox-minidump-analyzer | 3 +- apparmor.d/firefox-pingsender | 2 +- apparmor.d/firefox-plugin-container | 2 +- apparmor.d/flameshot | 2 +- apparmor.d/fping | 2 +- apparmor.d/freetube | 2 +- apparmor.d/freetube-chrome-sandbox | 2 +- apparmor.d/frontend | 7 +- apparmor.d/fsck | 2 +- apparmor.d/fsck-btrfs | 2 +- apparmor.d/fsck-fat | 2 +- apparmor.d/fuseiso | 2 +- apparmor.d/fusermount | 2 +- apparmor.d/fwupd | 2 +- apparmor.d/fwupdmgr | 2 +- apparmor.d/fzsftp | 2 +- apparmor.d/games-wesnoth | 2 +- apparmor.d/games-wesnoth-sh | 2 +- apparmor.d/ganyremote | 2 +- apparmor.d/gconfd | 2 +- apparmor.d/gdisk | 2 +- apparmor.d/geany | 5 +- apparmor.d/gio-launch-desktop | 2 +- apparmor.d/git | 2 +- apparmor.d/globaltime | 2 +- apparmor.d/glxgears | 2 +- apparmor.d/glxinfo | 2 +- apparmor.d/gnome-keyring-daemon | 2 +- apparmor.d/google-chrome-chrome | 2 +- apparmor.d/google-chrome-chrome-sandbox | 2 +- apparmor.d/google-chrome-google-chrome | 2 +- apparmor.d/gpa | 2 +- apparmor.d/gparted | 2 +- apparmor.d/gpartedbin | 2 +- apparmor.d/gpasswd | 2 +- apparmor.d/gpg | 2 +- apparmor.d/gpg-agent | 2 +- apparmor.d/gpg-connect-agent | 2 +- apparmor.d/gpgconf | 2 +- apparmor.d/gpgsm | 2 +- apparmor.d/gpo | 2 +- apparmor.d/gpodder | 2 +- apparmor.d/gpodder-migrate2tres | 2 +- apparmor.d/groupadd | 2 +- apparmor.d/groupdel | 2 +- apparmor.d/groupmod | 2 +- apparmor.d/groups | 2 +- apparmor.d/grpck | 2 +- apparmor.d/gsimplecal | 2 +- apparmor.d/gsmartcontrol | 2 +- apparmor.d/gsmartcontrol-root | 2 +- apparmor.d/gtk-update-icon-cache | 2 +- apparmor.d/gtk-youtube-viewer | 2 +- apparmor.d/hardinfo | 2 +- apparmor.d/hciconfig | 2 +- apparmor.d/hddtemp | 2 +- apparmor.d/hdparm | 2 +- apparmor.d/hexchat | 2 +- apparmor.d/hostname | 2 +- apparmor.d/htop | 2 +- apparmor.d/hugeadm | 2 +- apparmor.d/hugo | 2 +- apparmor.d/hw-probe | 2 +- apparmor.d/hwinfo | 2 +- apparmor.d/hypnotix | 98 ++++++++++++ apparmor.d/i2cdetect | 2 +- apparmor.d/i3lock | 2 +- apparmor.d/i3lock-fancy | 2 +- apparmor.d/ifconfig | 2 +- apparmor.d/ifup | 2 +- apparmor.d/initd-kexec | 2 +- apparmor.d/initd-kexec-load | 2 +- apparmor.d/initd-kmod | 2 +- apparmor.d/install-printerdriver | 2 +- apparmor.d/inxi | 2 +- apparmor.d/ioping | 2 +- apparmor.d/iotop | 2 +- apparmor.d/ip | 2 +- apparmor.d/ipcalc | 2 +- apparmor.d/iw | 2 +- apparmor.d/iwconfig | 2 +- apparmor.d/iwlist | 2 +- apparmor.d/jdownloader | 2 +- apparmor.d/jdownloader-install | 2 +- apparmor.d/jekyll | 2 +- apparmor.d/jgmenu | 2 +- apparmor.d/kanyremote | 2 +- apparmor.d/kcheckpass | 2 +- apparmor.d/kconfig-hardened-check | 2 +- apparmor.d/keepassxc | 2 +- apparmor.d/keepassxc-cli | 2 +- apparmor.d/keepassxc-proxy | 5 +- apparmor.d/kernel-install | 2 +- apparmor.d/kerneloops | 2 +- apparmor.d/kerneloops-applet | 2 +- apparmor.d/kexec | 2 +- apparmor.d/kmod | 2 +- apparmor.d/kodi | 7 +- apparmor.d/kodi-xrandr | 2 +- apparmor.d/kscreenlocker-greet | 4 +- apparmor.d/kvm-ok | 2 +- apparmor.d/kwalletd5 | 2 +- apparmor.d/kwalletmanager5 | 2 +- apparmor.d/labwc | 84 ++++++++++ apparmor.d/light | 2 +- apparmor.d/light-locker | 2 +- apparmor.d/light-locker-command | 2 +- apparmor.d/lightdm | 2 +- apparmor.d/lightdm-gtk-greeter | 2 +- apparmor.d/lightworks | 2 +- apparmor.d/lightworks-ntcardvt | 2 +- apparmor.d/linssid | 2 +- apparmor.d/linux-check-removal | 2 +- apparmor.d/linux-version | 2 +- apparmor.d/localepurge | 2 +- apparmor.d/logrotate | 2 +- apparmor.d/lsblk | 2 +- apparmor.d/lscpu | 2 +- apparmor.d/lsinitramfs | 2 +- apparmor.d/lspci | 2 +- apparmor.d/lsusb | 2 +- apparmor.d/lxappearance | 2 +- apparmor.d/lynx | 2 +- apparmor.d/macchanger | 2 +- apparmor.d/mandb | 38 +++++ apparmor.d/mediainfo | 2 +- apparmor.d/memtester | 2 +- apparmor.d/mimetype | 2 +- apparmor.d/mke2fs | 2 +- apparmor.d/mkfs-btrfs | 2 +- apparmor.d/mkfs-fat | 2 +- apparmor.d/mkinitramfs | 2 +- apparmor.d/mkntfs | 2 +- apparmor.d/mkswap | 2 +- apparmor.d/mkvmerge | 2 +- apparmor.d/mkvtoolnix-gui | 2 +- apparmor.d/mlocate | 2 +- apparmor.d/mount | 2 +- apparmor.d/mount.cifs | 5 +- apparmor.d/mpsyt | 2 +- apparmor.d/mpv | 6 +- apparmor.d/mtools | 2 +- apparmor.d/mumble | 2 +- apparmor.d/mumble-overlay | 2 +- apparmor.d/netcap | 2 +- apparmor.d/nethogs | 2 +- apparmor.d/networkctl | 2 +- apparmor.d/newgrp | 2 +- apparmor.d/nft | 2 +- apparmor.d/nmap | 2 +- apparmor.d/ntfs-3g | 2 +- apparmor.d/ntfs-3g-probe | 2 +- apparmor.d/ntfscat | 2 +- apparmor.d/ntfsclone | 2 +- apparmor.d/ntfscluster | 2 +- apparmor.d/ntfscmp | 2 +- apparmor.d/ntfscp | 2 +- apparmor.d/ntfsdecrypt | 2 +- apparmor.d/ntfsfallocate | 2 +- apparmor.d/ntfsfix | 2 +- apparmor.d/ntfsinfo | 2 +- apparmor.d/ntfslabel | 2 +- apparmor.d/ntfsls | 2 +- apparmor.d/ntfsmove | 2 +- apparmor.d/ntfsrecover | 2 +- apparmor.d/ntfsresize | 2 +- apparmor.d/ntfssecaudit | 2 +- apparmor.d/ntfstruncate | 2 +- apparmor.d/ntfsundelete | 2 +- apparmor.d/ntfsusermap | 2 +- apparmor.d/ntfswipe | 2 +- apparmor.d/numlockx | 2 +- apparmor.d/obamenu | 2 +- apparmor.d/obconf | 2 +- apparmor.d/obxprop | 2 +- apparmor.d/okular | 2 +- apparmor.d/on-ac-power | 2 +- apparmor.d/openbox | 8 +- apparmor.d/openbox-session | 2 +- apparmor.d/openvpn | 2 +- apparmor.d/opera | 2 +- apparmor.d/opera-crashreporter | 2 +- apparmor.d/opera-sandbox | 2 +- apparmor.d/orage | 2 +- apparmor.d/pacmd | 2 +- apparmor.d/pactl | 2 +- apparmor.d/pagesize | 2 +- apparmor.d/pam-auth-update | 2 +- apparmor.d/pam/mappings | 2 +- apparmor.d/pam_roles | 2 +- apparmor.d/parted | 2 +- apparmor.d/partprobe | 2 +- apparmor.d/passwd | 2 +- apparmor.d/pavucontrol | 2 +- apparmor.d/picom | 4 +- apparmor.d/pinentry-gtk-2 | 2 +- apparmor.d/pinentry-kwallet | 2 +- apparmor.d/pinentry-qt | 2 +- apparmor.d/pkexec | 2 +- apparmor.d/polipo | 2 +- apparmor.d/polkit-agent-helper | 2 +- apparmor.d/polkit-kde-authentication-agent | 2 +- apparmor.d/polkit-mate-authentication-agent | 7 +- apparmor.d/polkitd | 2 +- apparmor.d/popcon-largest-unused | 2 +- apparmor.d/popularity-contest | 2 +- apparmor.d/ps | 2 +- apparmor.d/ps-mem | 2 +- apparmor.d/pscap | 2 +- apparmor.d/psi-plus | 2 +- apparmor.d/pulseaudio | 2 +- apparmor.d/qbittorrent | 2 + apparmor.d/qnapi | 2 +- apparmor.d/qpdfview | 2 +- apparmor.d/qt5ct | 2 +- apparmor.d/qtchooser | 2 +- apparmor.d/querybts | 2 +- apparmor.d/quiterss | 2 +- apparmor.d/rdmsr | 2 +- apparmor.d/redshift | 3 +- apparmor.d/repo | 2 +- apparmor.d/reportbug | 7 +- apparmor.d/reprepro | 2 +- apparmor.d/resize2fs | 2 +- apparmor.d/rfkill | 2 +- apparmor.d/rpi-imager | 2 +- apparmor.d/rredtool | 2 +- apparmor.d/rsyslogd | 2 +- apparmor.d/rtkit-daemon | 2 +- apparmor.d/rtkitctl | 2 +- apparmor.d/run-parts | 2 +- apparmor.d/runuser | 4 +- apparmor.d/scdaemon | 2 +- apparmor.d/scrot | 2 +- apparmor.d/sddm | 2 +- apparmor.d/sddm-greeter | 2 +- apparmor.d/sddm-xsession | 2 +- apparmor.d/sensors-detect | 2 +- apparmor.d/setpci | 2 +- apparmor.d/setpriv | 2 +- apparmor.d/sfdisk | 2 +- apparmor.d/sgdisk | 2 +- apparmor.d/signal-desktop | 2 +- apparmor.d/signal-desktop-chrome-sandbox | 2 +- apparmor.d/smartctl | 2 +- apparmor.d/smartd | 2 +- apparmor.d/smplayer | 2 +- apparmor.d/smtube | 2 +- apparmor.d/spacefm | 2 +- apparmor.d/spacefm-auth | 2 +- apparmor.d/spectre-meltdown-checker | 2 +- apparmor.d/speedtest | 2 +- apparmor.d/spflashtool | 2 +- apparmor.d/spotify | 2 +- apparmor.d/ssh-agent | 2 +- apparmor.d/startx | 2 +- apparmor.d/strawberry | 2 +- apparmor.d/strawberry-tagreader | 2 +- apparmor.d/su | 2 +- apparmor.d/sudo | 2 +- apparmor.d/suid3num | 2 +- apparmor.d/swaplabel | 2 +- apparmor.d/swapoff | 2 +- apparmor.d/swapon | 2 +- apparmor.d/synaptic | 14 +- apparmor.d/syncthing | 2 +- apparmor.d/system-config-printer | 2 +- apparmor.d/system-config-printer-applet | 2 +- apparmor.d/systemd-ac-power | 2 +- apparmor.d/systemd-analyze | 2 +- apparmor.d/systemd-backlight | 2 +- apparmor.d/systemd-detect-virt | 3 +- apparmor.d/systemd-fsck | 2 +- apparmor.d/systemd-fsckd | 2 +- apparmor.d/systemd-hostnamed | 2 +- apparmor.d/systemd-journalctl | 2 +- apparmor.d/systemd-journald | 2 +- apparmor.d/systemd-localed | 2 +- apparmor.d/systemd-modules-load | 2 +- apparmor.d/systemd-networkd | 2 +- apparmor.d/systemd-networkd-wait-online | 2 +- apparmor.d/systemd-rfkill | 2 +- apparmor.d/systemd-shutdown | 2 +- apparmor.d/systemd-sysctl | 2 +- apparmor.d/systemd-timedated | 2 +- apparmor.d/systemd-timesyncd | 2 +- apparmor.d/tasksel | 2 +- apparmor.d/telegram-desktop | 2 +- apparmor.d/tftp | 2 +- apparmor.d/thinkfan | 2 +- apparmor.d/tint2 | 2 +- apparmor.d/tint2conf | 2 +- apparmor.d/top | 2 +- apparmor.d/torify | 2 +- apparmor.d/torsocks | 2 +- apparmor.d/tpacpi-bat | 2 +- apparmor.d/tune2fs | 2 +- apparmor.d/ucf | 2 +- apparmor.d/udevadm | 2 +- apparmor.d/udiskie | 2 +- apparmor.d/udiskie-info | 2 +- apparmor.d/udiskie-mount | 2 +- apparmor.d/udiskie-umount | 2 +- apparmor.d/udisksctl | 2 +- apparmor.d/udisksd | 3 +- apparmor.d/umount | 2 +- apparmor.d/uname | 2 +- apparmor.d/unhide-linux | 2 +- apparmor.d/unhide-posix | 2 +- apparmor.d/unhide-rb | 2 +- apparmor.d/unhide-tcp | 2 +- apparmor.d/unix-chkpwd | 2 +- apparmor.d/unmkinitramfs | 2 +- apparmor.d/update-alternatives | 2 +- apparmor.d/update-apt-xapian-index | 5 +- apparmor.d/update-ca-certificates | 11 +- apparmor.d/update-command-not-found | 2 +- apparmor.d/update-desktop-database | 2 +- apparmor.d/update-dlocatedb | 2 +- apparmor.d/update-initramfs | 2 +- apparmor.d/update-pciids | 2 +- apparmor.d/update-smart-drivedb | 2 +- apparmor.d/updatedb-mlocate | 2 +- apparmor.d/upower | 2 +- apparmor.d/upowerd | 2 +- apparmor.d/uptime | 2 +- apparmor.d/usb-devices | 2 +- apparmor.d/usbguard | 2 +- apparmor.d/usbguard-applet-qt | 2 +- apparmor.d/usbguard-daemon | 2 +- apparmor.d/usbguard-dbus | 2 +- apparmor.d/uscan | 2 +- apparmor.d/useradd | 2 +- apparmor.d/userdel | 2 +- apparmor.d/usermod | 2 +- apparmor.d/usr.bin.totem | 23 +-- apparmor.d/usr.sbin.dnsmasq | 2 - apparmor.d/usr.sbin.nscd | 2 +- apparmor.d/uupdate | 2 +- apparmor.d/vcsi | 2 +- apparmor.d/vidcutter | 2 +- apparmor.d/vipw-vigr | 2 +- apparmor.d/virt-manager | 11 +- apparmor.d/vlc | 6 +- apparmor.d/vnstatd | 2 +- apparmor.d/vsftpd | 2 +- apparmor.d/wavemon | 2 +- apparmor.d/wget | 2 +- apparmor.d/whdd | 2 +- apparmor.d/whiptail | 2 +- apparmor.d/who | 3 +- apparmor.d/wireshark | 2 +- apparmor.d/wmctrl | 2 +- apparmor.d/wpa-gui | 2 +- apparmor.d/wpa-supplicant | 2 +- apparmor.d/wpa_cli | 2 +- apparmor.d/wrmsr | 2 +- apparmor.d/x11-xsession | 2 +- apparmor.d/xarchiver | 2 +- apparmor.d/xauth | 2 +- apparmor.d/xautolock | 2 +- apparmor.d/xbacklight | 2 +- apparmor.d/xdg-desktop-menu | 2 +- apparmor.d/xdg-email | 2 +- apparmor.d/xdg-icon-resource | 2 +- apparmor.d/xdg-mime | 2 +- apparmor.d/xdg-open | 2 +- apparmor.d/xdg-screensaver | 2 +- apparmor.d/xdg-settings | 2 +- apparmor.d/xdpyinfo | 2 +- apparmor.d/xfce4-notifyd | 2 +- apparmor.d/xfconfd | 2 +- apparmor.d/xhost | 2 +- apparmor.d/xinit | 2 +- apparmor.d/xinput | 2 +- apparmor.d/xkbcomp | 2 +- apparmor.d/xorg | 11 +- apparmor.d/xprop | 2 +- apparmor.d/xrandr | 2 +- apparmor.d/xrdb | 2 +- apparmor.d/xsel | 2 +- apparmor.d/xset | 2 +- apparmor.d/xsetroot | 2 +- apparmor.d/youtube-dl | 4 +- apparmor.d/youtube-viewer | 2 +- apparmor.d/ytdl | 4 +- apparmor.d/zenmap | 2 +- 603 files changed, 1280 insertions(+), 723 deletions(-) delete mode 100644 apparmor.d/abstractions/mesa-cache-write create mode 100644 apparmor.d/arduino create mode 100644 apparmor.d/cron-apt-compat create mode 100644 apparmor.d/cron-debtags create mode 100644 apparmor.d/cron-exim4-base create mode 100644 apparmor.d/cron-man-db create mode 100644 apparmor.d/hypnotix create mode 100644 apparmor.d/labwc create mode 100644 apparmor.d/mandb diff --git a/apparmor.d/abstractions/X b/apparmor.d/abstractions/X index 1ae3fa2ce..a695d75b6 100644 --- a/apparmor.d/abstractions/X +++ b/apparmor.d/abstractions/X @@ -3,7 +3,7 @@ # # Copyright (C) 2002-2009 Novell/SUSE # Copyright (C) 2009-2011 Canonical Ltd. -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -31,7 +31,7 @@ owner @{run}/user/*/xauth_* r, # the unix socket to use to connect to the display - /tmp/.X11-unix/* r, + /tmp/.X11-unix/* rw, unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"), @@ -53,6 +53,8 @@ # Xcompose owner @{HOME}/.XCompose r, + /var/cache/libx11/compose/* r, + deny /var/cache/libx11/compose/* wlk, # mouse themes /etc/X11/cursors/ r, diff --git a/apparmor.d/abstractions/app-launcher-root b/apparmor.d/abstractions/app-launcher-root index ba6618210..9b05c016b 100644 --- a/apparmor.d/abstractions/app-launcher-root +++ b/apparmor.d/abstractions/app-launcher-root @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/app-launcher-user b/apparmor.d/abstractions/app-launcher-user index 123f5565b..b4471a490 100644 --- a/apparmor.d/abstractions/app-launcher-user +++ b/apparmor.d/abstractions/app-launcher-user @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/apt-common b/apparmor.d/abstractions/apt-common index c7e0290fc..42a07df21 100644 --- a/apparmor.d/abstractions/apt-common +++ b/apparmor.d/abstractions/apt-common @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/deny-dconf b/apparmor.d/abstractions/deny-dconf index 0567f3a97..df1697a32 100644 --- a/apparmor.d/abstractions/deny-dconf +++ b/apparmor.d/abstractions/deny-dconf @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/deny-root-dir-access b/apparmor.d/abstractions/deny-root-dir-access index 19fb6d664..88d2094ea 100644 --- a/apparmor.d/abstractions/deny-root-dir-access +++ b/apparmor.d/abstractions/deny-root-dir-access @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/disks-read b/apparmor.d/abstractions/disks-read index bcda24e6e..6a0ca0a7a 100644 --- a/apparmor.d/abstractions/disks-read +++ b/apparmor.d/abstractions/disks-read @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/disks-write b/apparmor.d/abstractions/disks-write index d44b7f952..f8af57e0d 100644 --- a/apparmor.d/abstractions/disks-write +++ b/apparmor.d/abstractions/disks-write @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/file-browsing-strict b/apparmor.d/abstractions/file-browsing-strict index dff7f17c8..977472e4c 100644 --- a/apparmor.d/abstractions/file-browsing-strict +++ b/apparmor.d/abstractions/file-browsing-strict @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/flatpak-snap b/apparmor.d/abstractions/flatpak-snap index f2259f4a8..6bdd2a3f6 100644 --- a/apparmor.d/abstractions/flatpak-snap +++ b/apparmor.d/abstractions/flatpak-snap @@ -3,7 +3,7 @@ # ------------------------------------------------------------------ # # Copyright (C) 2018 Nibaldo Gonzalez -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/fontconfig-cache-read b/apparmor.d/abstractions/fontconfig-cache-read index 6c5fefd53..7e57663a9 100644 --- a/apparmor.d/abstractions/fontconfig-cache-read +++ b/apparmor.d/abstractions/fontconfig-cache-read @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/fontconfig-cache-write b/apparmor.d/abstractions/fontconfig-cache-write index a57b7b610..7a358ca43 100644 --- a/apparmor.d/abstractions/fontconfig-cache-write +++ b/apparmor.d/abstractions/fontconfig-cache-write @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/fonts b/apparmor.d/abstractions/fonts index 402703d75..46324dbb5 100644 --- a/apparmor.d/abstractions/fonts +++ b/apparmor.d/abstractions/fonts @@ -52,6 +52,8 @@ owner @{HOME}/.fonts.conf.d/** r, owner @{HOME}/.config/fontconfig/ r, owner @{HOME}/.config/fontconfig/** r, + owner @{HOME}/.Fontmatrix/Activated/ r, + owner @{HOME}/.Fontmatrix/Activated/** r, /usr/local/share/fonts/ r, /usr/local/share/fonts/** r, diff --git a/apparmor.d/abstractions/fzf b/apparmor.d/abstractions/fzf index b9f3ceb3b..d1c69faae 100644 --- a/apparmor.d/abstractions/fzf +++ b/apparmor.d/abstractions/fzf @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/gtk b/apparmor.d/abstractions/gtk index 87c4fd5ab..60544ac90 100644 --- a/apparmor.d/abstractions/gtk +++ b/apparmor.d/abstractions/gtk @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/kde4 b/apparmor.d/abstractions/kde4 index 104a338cd..12c8c33db 100644 --- a/apparmor.d/abstractions/kde4 +++ b/apparmor.d/abstractions/kde4 @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/kde5-plasma5 b/apparmor.d/abstractions/kde5-plasma5 index d8954a2f4..f2eceba04 100644 --- a/apparmor.d/abstractions/kde5-plasma5 +++ b/apparmor.d/abstractions/kde5-plasma5 @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/mesa b/apparmor.d/abstractions/mesa index 01609ff92..11cb40d02 100644 --- a/apparmor.d/abstractions/mesa +++ b/apparmor.d/abstractions/mesa @@ -12,11 +12,18 @@ # User files owner @{HOME}/.cache/ w, # if user clears all caches - owner @{HOME}/.cache/mesa_shader_cache/ w, + owner @{HOME}/.cache/mesa_shader_cache/ rw, owner @{HOME}/.cache/mesa_shader_cache/index rw, - owner @{HOME}/.cache/mesa_shader_cache/??/ w, - owner @{HOME}/.cache/mesa_shader_cache/??/* rwk, + owner @{HOME}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/ rw, + owner @{HOME}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]* rw, + owner @{HOME}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]*.tmp rwk, + # Fallback location when @{HOME}/.cache is not available + owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/ rw, + owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/index rw, + owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/[a-f0-9][a-f0-9]/ rw, + owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]* rw, + owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]*.tmp rwk, # Include additions to the abstraction include if exists diff --git a/apparmor.d/abstractions/mesa-cache-write b/apparmor.d/abstractions/mesa-cache-write deleted file mode 100644 index ae016a0fd..000000000 --- a/apparmor.d/abstractions/mesa-cache-write +++ /dev/null @@ -1,31 +0,0 @@ -# vim:syntax=apparmor -# ------------------------------------------------------------------ -# -# Copyright (C) 2018-2020 Mikhail Morfikov -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of version 2 of the GNU General Public -# License published by the Free Software Foundation. -# -# ------------------------------------------------------------------ - - abi , - - # System files - /dev/dri/ r, # libGLX_mesa.so calls drmGetDevice2() - - # Mesa cache (since mesa v18.1.1) - owner @{HOME}/.cache/mesa_shader_cache/ rw, - owner @{HOME}/.cache/mesa_shader_cache/index rw, - owner @{HOME}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/ rw, - owner @{HOME}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]* rw, - owner @{HOME}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]*.tmp rwk, - - # If the dir in @{HOME}/.cache is not writable, it uses a dir in /tmp/ - owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/ rw, - owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/index rw, - owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/[a-f0-9][a-f0-9]/ rw, - owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]* rw, - owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]*.tmp rwk, - - diff --git a/apparmor.d/abstractions/nameservice-strict b/apparmor.d/abstractions/nameservice-strict index e1a9e7084..34eed1677 100644 --- a/apparmor.d/abstractions/nameservice-strict +++ b/apparmor.d/abstractions/nameservice-strict @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/systemd-common b/apparmor.d/abstractions/systemd-common index b29ff1846..630cb5eb6 100644 --- a/apparmor.d/abstractions/systemd-common +++ b/apparmor.d/abstractions/systemd-common @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/thumbnails-cache-read b/apparmor.d/abstractions/thumbnails-cache-read index 68c89d236..bcd49a3f1 100644 --- a/apparmor.d/abstractions/thumbnails-cache-read +++ b/apparmor.d/abstractions/thumbnails-cache-read @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/thumbnails-cache-write b/apparmor.d/abstractions/thumbnails-cache-write index 85c4cc23a..f7668c02a 100644 --- a/apparmor.d/abstractions/thumbnails-cache-write +++ b/apparmor.d/abstractions/thumbnails-cache-write @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/trash b/apparmor.d/abstractions/trash index 3c2a0d1ef..27b3cbda7 100644 --- a/apparmor.d/abstractions/trash +++ b/apparmor.d/abstractions/trash @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/user-download-strict b/apparmor.d/abstractions/user-download-strict index 5dd1c6d88..5cbf1b4c6 100644 --- a/apparmor.d/abstractions/user-download-strict +++ b/apparmor.d/abstractions/user-download-strict @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/vlc-art-cache-write b/apparmor.d/abstractions/vlc-art-cache-write index 1b5f1d041..26726291b 100644 --- a/apparmor.d/abstractions/vlc-art-cache-write +++ b/apparmor.d/abstractions/vlc-art-cache-write @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/abstractions/wayland b/apparmor.d/abstractions/wayland index 86ba0cffd..97fa0d76a 100644 --- a/apparmor.d/abstractions/wayland +++ b/apparmor.d/abstractions/wayland @@ -2,7 +2,7 @@ # ------------------------------------------------------------------ # # Copyright (C) 2016 intrigeri -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -15,5 +15,7 @@ owner @{run}/user/[0-9]*/wayland-[0-9]* rw, owner @{run}/user/[0-9]*/{mesa,mutter,sdl,wayland-cursor,weston,xwayland}-shared-* rw, + owner /dev/shm/wlroots-* rw, + # Include additions to the abstraction include if exists diff --git a/apparmor.d/abstractions/zsh b/apparmor.d/abstractions/zsh index fc70afdca..a0ca82ca6 100644 --- a/apparmor.d/abstractions/zsh +++ b/apparmor.d/abstractions/zsh @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/accounts-daemon b/apparmor.d/accounts-daemon index ddd191b64..5a658395c 100644 --- a/apparmor.d/accounts-daemon +++ b/apparmor.d/accounts-daemon @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/acpi b/apparmor.d/acpi index b1c44decf..3859ca388 100644 --- a/apparmor.d/acpi +++ b/apparmor.d/acpi @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/adduser b/apparmor.d/adduser index aeb782bac..b469be5f6 100644 --- a/apparmor.d/adduser +++ b/apparmor.d/adduser @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/adequate b/apparmor.d/adequate index d6bac274c..c54c4997a 100644 --- a/apparmor.d/adequate +++ b/apparmor.d/adequate @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/amarok b/apparmor.d/amarok index 3feb7986a..f8b3cc9c8 100644 --- a/apparmor.d/amarok +++ b/apparmor.d/amarok @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/amixer b/apparmor.d/amixer index 7d470380b..a806f901a 100644 --- a/apparmor.d/amixer +++ b/apparmor.d/amixer @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/android-studio b/apparmor.d/android-studio index 9ff291721..97d4dca74 100644 --- a/apparmor.d/android-studio +++ b/apparmor.d/android-studio @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/anki b/apparmor.d/anki index 08cbb8407..33f9b7e51 100644 --- a/apparmor.d/anki +++ b/apparmor.d/anki @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/anyremote b/apparmor.d/anyremote index 2f6e0de12..50647f804 100644 --- a/apparmor.d/anyremote +++ b/apparmor.d/anyremote @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/aplay b/apparmor.d/aplay index e69ac29dc..eb0ba9e61 100644 --- a/apparmor.d/aplay +++ b/apparmor.d/aplay @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/appstreamcli b/apparmor.d/appstreamcli index 343433a71..938d61eb1 100644 --- a/apparmor.d/appstreamcli +++ b/apparmor.d/appstreamcli @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt b/apparmor.d/apt index c6ff19b7b..b1fe0afb7 100644 --- a/apparmor.d/apt +++ b/apparmor.d/apt @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -111,6 +111,11 @@ profile apt @{exec_path} flags=(complain) { owner @{PROC}/@{pid}/fd/ r, + /dev/ptmx rw, + + /var/lib/dbus/machine-id r, + /etc/machine-id r, + /tmp/ r, owner /tmp/apt.conf.* rw, owner /tmp/apt.data.* rw, diff --git a/apparmor.d/apt-cache b/apparmor.d/apt-cache index 026bdcad6..b276be11d 100644 --- a/apparmor.d/apt-cache +++ b/apparmor.d/apt-cache @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -31,5 +31,8 @@ profile apt-cache @{exec_path} { /var/cache/apt/ r, /var/cache/apt/** rwk, + /var/lib/dbus/machine-id r, + /etc/machine-id r, + include if exists } diff --git a/apparmor.d/apt-cdrom b/apparmor.d/apt-cdrom index 373c755b1..9a1dc5548 100644 --- a/apparmor.d/apt-cdrom +++ b/apparmor.d/apt-cdrom @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-config b/apparmor.d/apt-config index 1171094d5..0c1f7c592 100644 --- a/apparmor.d/apt-config +++ b/apparmor.d/apt-config @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-extracttemplates b/apparmor.d/apt-extracttemplates index 65d7eac72..bcb1cf607 100644 --- a/apparmor.d/apt-extracttemplates +++ b/apparmor.d/apt-extracttemplates @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-file b/apparmor.d/apt-file index 2efaeb1e0..f3a44edd4 100644 --- a/apparmor.d/apt-file +++ b/apparmor.d/apt-file @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-ftparchive b/apparmor.d/apt-ftparchive index ef1357a88..4a2a9ad44 100644 --- a/apparmor.d/apt-ftparchive +++ b/apparmor.d/apt-ftparchive @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-get b/apparmor.d/apt-get index 0e81a445d..6b38f7427 100644 --- a/apparmor.d/apt-get +++ b/apparmor.d/apt-get @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -117,6 +117,9 @@ profile apt-get @{exec_path} flags=(complain) { /dev/ptmx rw, + /var/lib/dbus/machine-id r, + /etc/machine-id r, + /tmp/ r, owner /tmp/apt-tmp-index.* rw, owner /tmp/apt-dpkg-install-*/ rw, diff --git a/apparmor.d/apt-key b/apparmor.d/apt-key index 920839a90..ae1a6709a 100644 --- a/apparmor.d/apt-key +++ b/apparmor.d/apt-key @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-listbugs b/apparmor.d/apt-listbugs index 96cb4003c..681f43986 100644 --- a/apparmor.d/apt-listbugs +++ b/apparmor.d/apt-listbugs @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-listbugs-aptcleanup b/apparmor.d/apt-listbugs-aptcleanup index f3eef8168..0d320269c 100644 --- a/apparmor.d/apt-listbugs-aptcleanup +++ b/apparmor.d/apt-listbugs-aptcleanup @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-listbugs-migratepins b/apparmor.d/apt-listbugs-migratepins index 6e3ca525a..c7dd55e9a 100644 --- a/apparmor.d/apt-listbugs-migratepins +++ b/apparmor.d/apt-listbugs-migratepins @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-listbugs-prefclean b/apparmor.d/apt-listbugs-prefclean index 26004a99c..a1e124efb 100644 --- a/apparmor.d/apt-listbugs-prefclean +++ b/apparmor.d/apt-listbugs-prefclean @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-listchanges b/apparmor.d/apt-listchanges index c97a23ac2..b7d2b90ee 100644 --- a/apparmor.d/apt-listchanges +++ b/apparmor.d/apt-listchanges @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-mark b/apparmor.d/apt-mark index a39abfac5..5e621613c 100644 --- a/apparmor.d/apt-mark +++ b/apparmor.d/apt-mark @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-methods-cdrom b/apparmor.d/apt-methods-cdrom index b91b5ced8..bd563c028 100644 --- a/apparmor.d/apt-methods-cdrom +++ b/apparmor.d/apt-methods-cdrom @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-methods-copy b/apparmor.d/apt-methods-copy index 354184071..f13fdbcd9 100644 --- a/apparmor.d/apt-methods-copy +++ b/apparmor.d/apt-methods-copy @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-methods-file b/apparmor.d/apt-methods-file index 165941e34..4909d352d 100644 --- a/apparmor.d/apt-methods-file +++ b/apparmor.d/apt-methods-file @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-methods-ftp b/apparmor.d/apt-methods-ftp index 5c356d8a6..b0c269938 100644 --- a/apparmor.d/apt-methods-ftp +++ b/apparmor.d/apt-methods-ftp @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-methods-gpgv b/apparmor.d/apt-methods-gpgv index e3875e9ce..dbc5543f7 100644 --- a/apparmor.d/apt-methods-gpgv +++ b/apparmor.d/apt-methods-gpgv @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-methods-http b/apparmor.d/apt-methods-http index 0b352f0fc..090725080 100644 --- a/apparmor.d/apt-methods-http +++ b/apparmor.d/apt-methods-http @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-methods-mirror b/apparmor.d/apt-methods-mirror index c1e05b10c..c3eb884a0 100644 --- a/apparmor.d/apt-methods-mirror +++ b/apparmor.d/apt-methods-mirror @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-methods-rred b/apparmor.d/apt-methods-rred index 1149713b4..8765163dc 100644 --- a/apparmor.d/apt-methods-rred +++ b/apparmor.d/apt-methods-rred @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-methods-rsh b/apparmor.d/apt-methods-rsh index fd9d2084f..cc70410e2 100644 --- a/apparmor.d/apt-methods-rsh +++ b/apparmor.d/apt-methods-rsh @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-methods-store b/apparmor.d/apt-methods-store index 98f72658b..1657ae474 100644 --- a/apparmor.d/apt-methods-store +++ b/apparmor.d/apt-methods-store @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-show-versions b/apparmor.d/apt-show-versions index b39ac121e..a2e0c7c98 100644 --- a/apparmor.d/apt-show-versions +++ b/apparmor.d/apt-show-versions @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -33,6 +33,9 @@ profile apt-show-versions @{exec_path} { owner @{PROC}/@{pid}/fd/ r, + /var/lib/dbus/machine-id r, + /etc/machine-id r, + # file_inherit owner /dev/tty[0-9]* rw, owner /var/log/cron-apt/temp w, diff --git a/apparmor.d/apt-sortpkgs b/apparmor.d/apt-sortpkgs index 339484bb3..59baf3eac 100644 --- a/apparmor.d/apt-sortpkgs +++ b/apparmor.d/apt-sortpkgs @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/apt-systemd-daily b/apparmor.d/apt-systemd-daily index 2a4161ac5..76c218ddc 100644 --- a/apparmor.d/apt-systemd-daily +++ b/apparmor.d/apt-systemd-daily @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/aptitude b/apparmor.d/aptitude index f6af1c828..001f6d9b3 100644 --- a/apparmor.d/aptitude +++ b/apparmor.d/aptitude @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -165,6 +165,9 @@ profile aptitude @{exec_path} flags=(complain) { /dev/ptmx rw, + /var/lib/dbus/machine-id r, + /etc/machine-id r, + # For package building @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, diff --git a/apparmor.d/aptitude-changelog-parser b/apparmor.d/aptitude-changelog-parser index f32450084..2f320e5db 100644 --- a/apparmor.d/aptitude-changelog-parser +++ b/apparmor.d/aptitude-changelog-parser @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/aptitude-create-state-bundle b/apparmor.d/aptitude-create-state-bundle index fb514aa98..4692603e5 100644 --- a/apparmor.d/aptitude-create-state-bundle +++ b/apparmor.d/aptitude-create-state-bundle @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/aptitude-run-state-bundle b/apparmor.d/aptitude-run-state-bundle index 0c9fff183..8ebdad39e 100644 --- a/apparmor.d/aptitude-run-state-bundle +++ b/apparmor.d/aptitude-run-state-bundle @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/arandr b/apparmor.d/arandr index 926442f96..6940244a6 100644 --- a/apparmor.d/arandr +++ b/apparmor.d/arandr @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/arduino b/apparmor.d/arduino new file mode 100644 index 000000000..3de6e9a90 --- /dev/null +++ b/apparmor.d/arduino @@ -0,0 +1,151 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2020-2021 Mikhail Morfikov +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +abi , + +include + +@{exec_path} = /{usr/,}bin/arduino +profile arduino @{exec_path} { + include + include + include + include + include + include + include + include + + network inet dgram, + network inet6 dgram, + network inet stream, + network inet6 stream, + network netlink raw, + + @{exec_path} mr, + + /{usr/,}bin/id rix, + /{usr/,}bin/{,e}grep rix, + /{usr/,}bin/groups rix, + + /{usr/,}bin/avr-g++ rix, + /{usr/,}bin/avr-gcc rix, + /{usr/,}bin/avr-size rix, + /{usr/,}bin/avrdude rix, + /{usr/,}lib/gcc/avr/*/cc1plus rix, + /{usr/,}lib/gcc/avr/*/cc1 rix, + /{usr/,}lib/gcc/avr/*/collect2 rix, + /{usr/,}lib/avr/bin/as rix, + /{usr/,}lib/avr/bin/ar rix, + /{usr/,}lib/avr/bin/ld rix, + /{usr/,}lib/avr/bin/objcopy rix, + + /{usr/,}bin/xdg-open rCx -> open, + + /{usr/,}lib/jvm/java-[0-9]*-openjdk-*/bin/java rix, + /{usr/,}lib/jvm/java-[0-9]*-openjdk-*/lib/server/classes.jsa mr, + /usr/share/java/*.jar r, + /etc/java-[0-9]*-openjdk/** r, + owner @{HOME}/.java/fonts/*/fcinfo[0-9]*.tmp rw, + owner @{HOME}/.java/fonts/*/fcinfo-*.properties rw, + + /usr/share/arduino/ r, + /usr/share/arduino/** r, + + /usr/share/doc/arduino-core/ r, + /usr/share/doc/arduino-core/** r, + + owner @{HOME}/ r, + owner @{HOME}/.arduino/ rw, + owner @{HOME}/.arduino/preferences.txt rw, + + owner @{HOME}/sketchbook/ rw, + owner @{HOME}/sketchbook/** rw, + + owner @{HOME}/.Xauthority r, + + /tmp/ r, + owner /tmp/cc*.s rw, + owner /tmp/cc*.res rw, + owner /tmp/cc*.c rw, + owner /tmp/cc*.o rw, + owner /tmp/cc*.ld rw, + owner /tmp/cc*.le rw, + owner /tmp/hsperfdata_*/ rw, + owner /tmp/hsperfdata_*/@{pid} rw, + owner /tmp/untitled[0-9]*.tmp rw, + owner /tmp/untitled[0-9]*.tmp/ rw, + owner /tmp/untitled[0-9]*.tmp/sketch_*/ rw, + owner /tmp/untitled[0-9]*.tmp/sketch_*/sketch_*.ino rw, + owner /tmp/untitled[0-9]*.tmp/sketch_*/sketch_*.ino[0-9]*.tmp rw, + owner /tmp/console[0-9]*.tmp rw, + owner /tmp/console[0-9]*.tmp/ rw, + owner /tmp/console[0-9]*.tmp/stdout.txt rw, + owner /tmp/console[0-9]*.tmp/stderr.txt rw, + owner /tmp/build[0-9]*.tmp rw, + owner /tmp/build[0-9]*.tmp/ rw, + owner /tmp/build[0-9]*.tmp/* rw, + + owner @{run}/lock/tmp* rw, + owner @{run}/lock/LCK..ttyS[0-9]* rw, + + /usr/share/glib-2.0/schemas/gschemas.compiled r, + + owner @{PROC}/@{pid}/fd/ r, + owner @{PROC}/@{pid}/coredump_filter rw, + owner @{PROC}/@{pid}/mountinfo r, + owner @{PROC}/@{pid}/cgroup r, + owner @{PROC}/@{pid}/stat r, + owner @{PROC}/@{pid}/cmdline r, + @{PROC}/@{pid}/net/if_inet6 r, + @{PROC}/@{pid}/net/ipv6_route r, + + /etc/fstab r, + + /etc/avrdude.conf r, + + @{sys}/fs/cgroup/** r, + + /dev/ r, + /dev/ttyS[0-9]* rw, + /dev/bus/usb/ r, + /dev/bus/usb/[0-9]*/ r, + /dev/bus/usb/[0-9]*/[0-9]* rw, + + # Silencer + deny /usr/share/arduino/** w, + + + profile open { + include + include + + /{usr/,}bin/xdg-open mr, + + /{usr/,}bin/gawk rix, + /{usr/,}bin/readlink rix, + /{usr/,}bin/basename rix, + + owner @{HOME}/ r, + + owner @{run}/user/[0-9]*/ r, + + # Allowed apps to open + /{usr/,}lib/firefox/firefox rPUx, + /{usr/,}bin/spacefm rPUx, + + # file_inherit + owner @{HOME}/.xsession-errors w, + + } + + include if exists +} diff --git a/apparmor.d/at-spi-bus-launcher b/apparmor.d/at-spi-bus-launcher index f46ab640c..34fae1b00 100644 --- a/apparmor.d/at-spi-bus-launcher +++ b/apparmor.d/at-spi-bus-launcher @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/at-spi2-registryd b/apparmor.d/at-spi2-registryd index 468dba129..dd7f43fc5 100644 --- a/apparmor.d/at-spi2-registryd +++ b/apparmor.d/at-spi2-registryd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/atftpd b/apparmor.d/atftpd index 562e484ce..a0778998a 100644 --- a/apparmor.d/atftpd +++ b/apparmor.d/atftpd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/atom b/apparmor.d/atom index 547e8763b..29aa7041b 100644 --- a/apparmor.d/atom +++ b/apparmor.d/atom @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/badblocks b/apparmor.d/badblocks index 000aea5e1..b5dfc4643 100644 --- a/apparmor.d/badblocks +++ b/apparmor.d/badblocks @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/bin.netstat b/apparmor.d/bin.netstat index 977f76c7c..223a8eb98 100644 --- a/apparmor.d/bin.netstat +++ b/apparmor.d/bin.netstat @@ -3,7 +3,7 @@ # # Copyright (C) 2002-2005 Novell/SUSE # Copyright (C) 2017 Christian Boltz -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/bin.ping b/apparmor.d/bin.ping index dddeb71eb..684510afb 100644 --- a/apparmor.d/bin.ping +++ b/apparmor.d/bin.ping @@ -2,7 +2,7 @@ # # Copyright (C) 2002-2009 Novell/SUSE # Copyright (C) 2010 Canonical Ltd. -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/biosdecode b/apparmor.d/biosdecode index 907fa9f68..fed3b762a 100644 --- a/apparmor.d/biosdecode +++ b/apparmor.d/biosdecode @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/birdtray b/apparmor.d/birdtray index c6198a7d3..f36668e6d 100644 --- a/apparmor.d/birdtray +++ b/apparmor.d/birdtray @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/blkid b/apparmor.d/blkid index 13ee01028..07c85af47 100644 --- a/apparmor.d/blkid +++ b/apparmor.d/blkid @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/blockdev b/apparmor.d/blockdev index c4c96ecb1..b18f9d6e7 100644 --- a/apparmor.d/blockdev +++ b/apparmor.d/blockdev @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/bmon b/apparmor.d/bmon index a4cfba00a..f11732615 100644 --- a/apparmor.d/bmon +++ b/apparmor.d/bmon @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/borg b/apparmor.d/borg index 537039ea2..6367b7189 100644 --- a/apparmor.d/borg +++ b/apparmor.d/borg @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/brave b/apparmor.d/brave index 76b104015..ef2b18ceb 100644 --- a/apparmor.d/brave +++ b/apparmor.d/brave @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/brave-browser b/apparmor.d/brave-browser index c47bb3ab2..862f89ecd 100644 --- a/apparmor.d/brave-browser +++ b/apparmor.d/brave-browser @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/brave-sandbox b/apparmor.d/brave-sandbox index 1a4a1f435..a6ea2dd94 100644 --- a/apparmor.d/brave-sandbox +++ b/apparmor.d/brave-sandbox @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/btrfs b/apparmor.d/btrfs index 2bca2e10b..28238e826 100644 --- a/apparmor.d/btrfs +++ b/apparmor.d/btrfs @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/btrfs-convert b/apparmor.d/btrfs-convert index 923138f5a..cdfec45df 100644 --- a/apparmor.d/btrfs-convert +++ b/apparmor.d/btrfs-convert @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/btrfs-find-root b/apparmor.d/btrfs-find-root index c4f85c4d4..9ab8bc583 100644 --- a/apparmor.d/btrfs-find-root +++ b/apparmor.d/btrfs-find-root @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/btrfs-image b/apparmor.d/btrfs-image index f18b07102..76fc847e4 100644 --- a/apparmor.d/btrfs-image +++ b/apparmor.d/btrfs-image @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/btrfs-map-logical b/apparmor.d/btrfs-map-logical index 4c9c935d0..bc422a85e 100644 --- a/apparmor.d/btrfs-map-logical +++ b/apparmor.d/btrfs-map-logical @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/btrfs-select-super b/apparmor.d/btrfs-select-super index 9f0fa81fa..3b56db67e 100644 --- a/apparmor.d/btrfs-select-super +++ b/apparmor.d/btrfs-select-super @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/btrfstune b/apparmor.d/btrfstune index b27352dc1..2f9f8371e 100644 --- a/apparmor.d/btrfstune +++ b/apparmor.d/btrfstune @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/calibre b/apparmor.d/calibre index 175a0c338..fd807fc9a 100644 --- a/apparmor.d/calibre +++ b/apparmor.d/calibre @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/cawbird b/apparmor.d/cawbird index 5dd850c8c..3d10ce748 100644 --- a/apparmor.d/cawbird +++ b/apparmor.d/cawbird @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ccze b/apparmor.d/ccze index 0b21202a3..428c59366 100644 --- a/apparmor.d/ccze +++ b/apparmor.d/ccze @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/cfdisk b/apparmor.d/cfdisk index 612898d57..8d206c5d2 100644 --- a/apparmor.d/cfdisk +++ b/apparmor.d/cfdisk @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/cgdisk b/apparmor.d/cgdisk index 61a1b3ed8..3ddafc0d8 100644 --- a/apparmor.d/cgdisk +++ b/apparmor.d/cgdisk @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/cgrulesengd b/apparmor.d/cgrulesengd index d834c5efe..8cfcd27ed 100644 --- a/apparmor.d/cgrulesengd +++ b/apparmor.d/cgrulesengd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/chage b/apparmor.d/chage index 817a5baf2..14617da4e 100644 --- a/apparmor.d/chage +++ b/apparmor.d/chage @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/changestool b/apparmor.d/changestool index 991b8aeb5..439ce265a 100644 --- a/apparmor.d/changestool +++ b/apparmor.d/changestool @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/check-bios-nx b/apparmor.d/check-bios-nx index 43d7468d5..16e8caa1d 100644 --- a/apparmor.d/check-bios-nx +++ b/apparmor.d/check-bios-nx @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/check-support-status b/apparmor.d/check-support-status index 30637c4c2..9d7597899 100644 --- a/apparmor.d/check-support-status +++ b/apparmor.d/check-support-status @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/check-support-status-hook b/apparmor.d/check-support-status-hook index 9e7447b11..f6589f150 100644 --- a/apparmor.d/check-support-status-hook +++ b/apparmor.d/check-support-status-hook @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/chfn b/apparmor.d/chfn index 9ea56e023..4105146f6 100644 --- a/apparmor.d/chfn +++ b/apparmor.d/chfn @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/child-dpkg b/apparmor.d/child-dpkg index 4c9d422ad..5d4d2f055 100644 --- a/apparmor.d/child-dpkg +++ b/apparmor.d/child-dpkg @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/child-dpkg-divert b/apparmor.d/child-dpkg-divert index b69b435a4..970d119a6 100644 --- a/apparmor.d/child-dpkg-divert +++ b/apparmor.d/child-dpkg-divert @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/child-lsb_release b/apparmor.d/child-lsb_release index 9031c148c..09906b4ac 100644 --- a/apparmor.d/child-lsb_release +++ b/apparmor.d/child-lsb_release @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/child-pager b/apparmor.d/child-pager index 94eb4903e..6701549ce 100644 --- a/apparmor.d/child-pager +++ b/apparmor.d/child-pager @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/child-systemctl b/apparmor.d/child-systemctl index f207d787c..a8a3b9fc7 100644 --- a/apparmor.d/child-systemctl +++ b/apparmor.d/child-systemctl @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/chromium b/apparmor.d/chromium index 702e503a5..311a64b8b 100644 --- a/apparmor.d/chromium +++ b/apparmor.d/chromium @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/chromium-chrome-sandbox b/apparmor.d/chromium-chrome-sandbox index 79aa8f993..a84aea1d4 100644 --- a/apparmor.d/chromium-chrome-sandbox +++ b/apparmor.d/chromium-chrome-sandbox @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/chromium-chromium b/apparmor.d/chromium-chromium index e475d8b9f..e12e24d73 100644 --- a/apparmor.d/chromium-chromium +++ b/apparmor.d/chromium-chromium @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/chsh b/apparmor.d/chsh index 78547ba41..cba0bbb33 100644 --- a/apparmor.d/chsh +++ b/apparmor.d/chsh @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/claws-mail b/apparmor.d/claws-mail index fa0c0098d..3b0a95d62 100644 --- a/apparmor.d/claws-mail +++ b/apparmor.d/claws-mail @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/code b/apparmor.d/code index 86d599514..61cf3acc9 100644 --- a/apparmor.d/code +++ b/apparmor.d/code @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/colord b/apparmor.d/colord index 661779a66..234bd5fac 100644 --- a/apparmor.d/colord +++ b/apparmor.d/colord @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/colord-sane b/apparmor.d/colord-sane index d8c767f8c..8d2c041e8 100644 --- a/apparmor.d/colord-sane +++ b/apparmor.d/colord-sane @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/colord-session b/apparmor.d/colord-session index 46b33c4d1..1278cf965 100644 --- a/apparmor.d/colord-session +++ b/apparmor.d/colord-session @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/command-not-found b/apparmor.d/command-not-found index e2088009b..d70863573 100644 --- a/apparmor.d/command-not-found +++ b/apparmor.d/command-not-found @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/compton b/apparmor.d/compton index 4fdc93bb5..fb7da2ea7 100644 --- a/apparmor.d/compton +++ b/apparmor.d/compton @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/convertall b/apparmor.d/convertall index 9e1980a71..8cb9fd8aa 100644 --- a/apparmor.d/convertall +++ b/apparmor.d/convertall @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/cppw-cpgr b/apparmor.d/cppw-cpgr index 9992b69bc..9362ed108 100644 --- a/apparmor.d/cppw-cpgr +++ b/apparmor.d/cppw-cpgr @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/cpuid b/apparmor.d/cpuid index e57352b4f..1d5c4e541 100644 --- a/apparmor.d/cpuid +++ b/apparmor.d/cpuid @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/cpupower b/apparmor.d/cpupower index 7a4da3eef..5b22d35e7 100644 --- a/apparmor.d/cpupower +++ b/apparmor.d/cpupower @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/crda b/apparmor.d/crda index 86c16a5af..31e3b6c56 100644 --- a/apparmor.d/crda +++ b/apparmor.d/crda @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/cron b/apparmor.d/cron index 91679ca5b..87ae5f1d9 100644 --- a/apparmor.d/cron +++ b/apparmor.d/cron @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -43,7 +43,6 @@ profile cron @{exec_path} { /{usr/,}lib/@{multiarch}/e2fsprogs/e2scrub_all_cron rPUx, /{usr/,}sbin/e2scrub_all rPUx, /etc/cron.daily/popularity-contest rPx, - /usr/local/bin/update-blacklist.sh rPUx, /{usr/,}lib/sysstat/debian-sa1 rPUx, # All stuff that is executed via the user crontab files @@ -83,43 +82,34 @@ profile cron @{exec_path} { /{usr/,}bin/run-parts mr, - /etc/cron.hourly/ r, + /etc/cron.{hourly,daily,weekly,monthly}/ r, + /etc/cron.{hourly,daily,weekly,monthly}/apt-listbugs rPx, + /etc/cron.{hourly,daily,weekly,monthly}/apt-show-versions rPx, + /etc/cron.{hourly,daily,weekly,monthly}/bsdmainutils rPUx, + /etc/cron.{hourly,daily,weekly,monthly}/debtags rPx, + /etc/cron.{hourly,daily,weekly,monthly}/exim4-base rPx, + /etc/cron.{hourly,daily,weekly,monthly}/logrotate rPx, + /etc/cron.{hourly,daily,weekly,monthly}/mlocate rPx, + /etc/cron.{hourly,daily,weekly,monthly}/dlocate rPx, + /etc/cron.{hourly,daily,weekly,monthly}/passwd rPUx, + /etc/cron.{hourly,daily,weekly,monthly}/apt-compat rPx, + /etc/cron.{hourly,daily,weekly,monthly}/aptitude rPx, + /etc/cron.{hourly,daily,weekly,monthly}/debsums rPx, + /etc/cron.{hourly,daily,weekly,monthly}/dpkg rPUx, + /etc/cron.{hourly,daily,weekly,monthly}/man-db rPx, + /etc/cron.{hourly,daily,weekly,monthly}/popularity-contest rPx, + /etc/cron.{hourly,daily,weekly,monthly}/sysstat rPx, + /etc/cron.{hourly,daily,weekly,monthly}/spamassassin rPUx, + /etc/cron.{hourly,daily,weekly,monthly}/vrms rPUx, + /etc/cron.{hourly,daily,weekly,monthly}/apt-xapian-index rPx, + /etc/cron.{hourly,daily,weekly,monthly}/tor rPUx, - /etc/cron.daily/ r, - /etc/cron.daily/apt-listbugs rPx, - /etc/cron.daily/apt-show-versions rPx, - /etc/cron.daily/bsdmainutils rPUx, - /etc/cron.daily/debtags rPUx, - /etc/cron.daily/exim4-base rPUx, - /etc/cron.daily/logrotate rPx, - /etc/cron.daily/mlocate rPx, - /etc/cron.daily/dlocate rPx, - /etc/cron.daily/passwd rPUx, - /etc/cron.daily/apt-compat rPUx, - /etc/cron.daily/aptitude rPx, - /etc/cron.daily/debsums rPx, - /etc/cron.daily/dpkg rPUx, - /etc/cron.daily/man-db rPUx, - /etc/cron.daily/popularity-contest rPx, - /etc/cron.daily/sysstat rPx, - /etc/cron.daily/spamassassin rPUx, - - #/etc/cron.daily/opera-browser rPUx, - #/etc/cron.daily/google-chrome{,-beta,-unstable} rPUx, + #/etc/cron.{hourly,daily,weekly,monthly}/opera-browser rPUx, + #/etc/cron.{hourly,daily,weekly,monthly}/google-chrome{,-beta,-unstable} rPUx, #/opt/google/chrome{,-beta,-unstable}/cron/google-chrome{,-beta,-unstable} rPUx, #/opt/brave.com/brave/cron/brave-browser{,-beta,-dev} rPUx, #/opt/brave.com/brave{,-beta,-dev}/cron/brave-browser{,-beta,-dev} rPUx, - /etc/cron.monthly/ r, - /etc/cron.monthly/debsums rPx, - /etc/cron.monthly/vrms rPUx, - - /etc/cron.weekly/ r, - /etc/cron.weekly/apt-xapian-index rPx, - /etc/cron.weekly/debsums rPx, - /etc/cron.weekly/man-db rPUx, - /etc/cron.weekly/tor rPUx, - # file_inherit owner /tmp/#[0-9]*[0-9] rw, diff --git a/apparmor.d/cron-apt b/apparmor.d/cron-apt index ac45526cd..f2895a573 100644 --- a/apparmor.d/cron-apt +++ b/apparmor.d/cron-apt @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/cron-apt-compat b/apparmor.d/cron-apt-compat new file mode 100644 index 000000000..11a60c906 --- /dev/null +++ b/apparmor.d/cron-apt-compat @@ -0,0 +1,35 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2020-2021 Mikhail Morfikov +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +abi , + +include + +@{exec_path} = /etc/cron.{hourly,daily,weekly,monthly}/apt-compat +profile cron-apt-compat @{exec_path} flags=(complain) { + include + + @{exec_path} r, + /{usr/,}bin/{,ba,da}sh rix, + + /{usr/,}sbin/on_ac_power rPx, + + /{usr/,}bin/apt-config rPx, + /{usr/,}lib/apt/apt.systemd.daily rPx, + + /{usr/,}bin/dd rix, + /{usr/,}bin/cksum rix, + /{usr/,}bin/cut rix, + /{usr/,}bin/which rix, + /{usr/,}bin/sleep rix, + + include if exists +} diff --git a/apparmor.d/cron-apt-listbugs b/apparmor.d/cron-apt-listbugs index 2d6885ccb..82ad36dab 100644 --- a/apparmor.d/cron-apt-listbugs +++ b/apparmor.d/cron-apt-listbugs @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -13,7 +13,7 @@ abi , include -@{exec_path} = /etc/cron.daily/apt-listbugs +@{exec_path} = /etc/cron.{hourly,daily,weekly,monthly}/apt-listbugs profile cron-apt-listbugs @{exec_path} { include diff --git a/apparmor.d/cron-apt-show-versions b/apparmor.d/cron-apt-show-versions index 9fd7598be..8622ecadb 100644 --- a/apparmor.d/cron-apt-show-versions +++ b/apparmor.d/cron-apt-show-versions @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -13,7 +13,7 @@ abi , include -@{exec_path} = /etc/cron.daily/apt-show-versions +@{exec_path} = /etc/cron.{hourly,daily,weekly,monthly}/apt-show-versions profile cron-apt-show-versions @{exec_path} { include diff --git a/apparmor.d/cron-apt-xapian-index b/apparmor.d/cron-apt-xapian-index index 9f2d3e2d9..f5fc02c9d 100644 --- a/apparmor.d/cron-apt-xapian-index +++ b/apparmor.d/cron-apt-xapian-index @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -13,7 +13,7 @@ abi , include -@{exec_path} = /etc/cron.weekly/apt-xapian-index +@{exec_path} = /etc/cron.{hourly,daily,weekly,monthly}/apt-xapian-index profile cron-apt-xapian-index @{exec_path} { include diff --git a/apparmor.d/cron-aptitude b/apparmor.d/cron-aptitude index a586ed379..f32dd5720 100644 --- a/apparmor.d/cron-aptitude +++ b/apparmor.d/cron-aptitude @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -13,7 +13,7 @@ abi , include -@{exec_path} = /etc/cron.daily/aptitude +@{exec_path} = /etc/cron.{hourly,daily,weekly,monthly}/aptitude profile cron-aptitude @{exec_path} { include diff --git a/apparmor.d/cron-debsums b/apparmor.d/cron-debsums index 42de1e9eb..0caa85a6f 100644 --- a/apparmor.d/cron-debsums +++ b/apparmor.d/cron-debsums @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -13,7 +13,7 @@ abi , include -@{exec_path} = /etc/cron.{daily,weekly,monthly}/debsums +@{exec_path} = /etc/cron.{hourly,daily,weekly,monthly}/debsums profile cron-debsums @{exec_path} { include diff --git a/apparmor.d/cron-debtags b/apparmor.d/cron-debtags new file mode 100644 index 000000000..1c2fb135c --- /dev/null +++ b/apparmor.d/cron-debtags @@ -0,0 +1,26 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2020-2021 Mikhail Morfikov +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +abi , + +include + +@{exec_path} = /etc/cron.{hourly,daily,weekly,monthly}/debtags +profile cron-debtags @{exec_path} flags=(complain) { + include + + @{exec_path} r, + /{usr/,}bin/{,ba,da}sh rix, + + /usr/bin/debtags rPx, + + include if exists +} diff --git a/apparmor.d/cron-dlocate b/apparmor.d/cron-dlocate index d7d72ee24..426ecd291 100644 --- a/apparmor.d/cron-dlocate +++ b/apparmor.d/cron-dlocate @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -13,7 +13,7 @@ abi , include -@{exec_path} = /etc/cron.daily/dlocate +@{exec_path} = /etc/cron.{hourly,daily,weekly,monthly}/dlocate profile cron-dlocate @{exec_path} { include diff --git a/apparmor.d/cron-exim4-base b/apparmor.d/cron-exim4-base new file mode 100644 index 000000000..0a6f999ba --- /dev/null +++ b/apparmor.d/cron-exim4-base @@ -0,0 +1,43 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2020-2021 Mikhail Morfikov +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +abi , + +include + +@{exec_path} = /etc/cron.daily/exim4-base +profile cron-exim4-base @{exec_path} flags=(complain) { + include + + capability dac_read_search, + + @{exec_path} r, + /{usr/,}bin/{,ba,da}sh rix, + + /{usr/,}bin/sed rix, + /{usr/,}bin/{,e}grep rix, + /{usr/,}bin/logger rix, + /{usr/,}bin/mail rix, + /{usr/,}bin/hostname rix, + /{usr/,}bin/xargs rix, + /{usr/,}bin/find rix, + /{usr/,}sbin/eximstats rix, + + /{usr/,}sbin/exim4 rPx, + + /etc/default/exim4 r, + + /var/spool/exim4/db/ r, + + owner @{PROC}/@{pid}/fd/ r, + + include if exists +} diff --git a/apparmor.d/cron-ipset-autoban-save b/apparmor.d/cron-ipset-autoban-save index fe46a4970..7d1bb2447 100644 --- a/apparmor.d/cron-ipset-autoban-save +++ b/apparmor.d/cron-ipset-autoban-save @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -13,7 +13,7 @@ abi , include -@{exec_path} = /etc/cron.hourly/ipset_autoban_save +@{exec_path} = /etc/cron.{hourly,daily,weekly,monthly}/ipset_autoban_save profile cron-ipset-autoban-save @{exec_path} { include include diff --git a/apparmor.d/cron-logrotate b/apparmor.d/cron-logrotate index 149a82239..a069ecc40 100644 --- a/apparmor.d/cron-logrotate +++ b/apparmor.d/cron-logrotate @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -13,7 +13,7 @@ abi , include -@{exec_path} = /etc/cron.daily/logrotate +@{exec_path} = /etc/cron.{hourly,daily,weekly,monthly}/logrotate profile cron-logrotate @{exec_path} { include diff --git a/apparmor.d/cron-man-db b/apparmor.d/cron-man-db new file mode 100644 index 000000000..e886ccad6 --- /dev/null +++ b/apparmor.d/cron-man-db @@ -0,0 +1,44 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2020-2021 Mikhail Morfikov +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +abi , + +include + +@{exec_path} = /etc/cron.{hourly,daily,weekly,monthly}/man-db +profile cron-man-db @{exec_path} flags=(complain) { + include + include + + # For start-stop-daemon + capability setgid, + capability setuid, + + @{exec_path} r, + /{usr/,}bin/{,ba,da}sh rix, + + /{usr/,}bin/{,e}grep rix, + /{usr/,}sbin/start-stop-daemon rix, + /{usr/,}bin/xargs rix, + /{usr/,}bin/find rix, + + /{usr/,}bin/mandb rPx, + + owner @{PROC}/@{pid}/fd/ r, + + /var/cache/man/ r, + /var/cache/man/** r, + + # For shell pwd + / r, + + include if exists +} diff --git a/apparmor.d/cron-mlocate b/apparmor.d/cron-mlocate index bac4455b2..93ea54cd3 100644 --- a/apparmor.d/cron-mlocate +++ b/apparmor.d/cron-mlocate @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -13,7 +13,7 @@ abi , include -@{exec_path} = /etc/cron.daily/mlocate +@{exec_path} = /etc/cron.{hourly,daily,weekly,monthly}/mlocate profile cron-mlocate @{exec_path} { include include diff --git a/apparmor.d/cron-popularity-contest b/apparmor.d/cron-popularity-contest index 5c09663db..3f94d4898 100644 --- a/apparmor.d/cron-popularity-contest +++ b/apparmor.d/cron-popularity-contest @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -13,7 +13,7 @@ abi , include -@{exec_path} = /etc/cron.daily/popularity-contest +@{exec_path} = /etc/cron.{hourly,daily,weekly,monthly}/popularity-contest profile cron-popularity-contest @{exec_path} { include diff --git a/apparmor.d/crontab b/apparmor.d/crontab index 20956a82f..99b89e059 100644 --- a/apparmor.d/crontab +++ b/apparmor.d/crontab @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/curl b/apparmor.d/curl index 18de592f2..423e8424f 100644 --- a/apparmor.d/curl +++ b/apparmor.d/curl @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -26,6 +26,7 @@ profile curl @{exec_path} { network inet6 dgram, network inet stream, network inet6 stream, + network netlink raw, @{exec_path} mr, diff --git a/apparmor.d/dbus-daemon b/apparmor.d/dbus-daemon index 665724006..1af982cc8 100644 --- a/apparmor.d/dbus-daemon +++ b/apparmor.d/dbus-daemon @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dconf-editor b/apparmor.d/dconf-editor index 038c773c3..e22549b3b 100644 --- a/apparmor.d/dconf-editor +++ b/apparmor.d/dconf-editor @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dconf-service b/apparmor.d/dconf-service index 54b0b1f61..fd60484b6 100644 --- a/apparmor.d/dconf-service +++ b/apparmor.d/dconf-service @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ddclient b/apparmor.d/ddclient index 04f5fcb8b..a231261d0 100644 --- a/apparmor.d/ddclient +++ b/apparmor.d/ddclient @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/debconf-apt-progress b/apparmor.d/debconf-apt-progress index 6cfbb1a51..bb38d1f7b 100644 --- a/apparmor.d/debconf-apt-progress +++ b/apparmor.d/debconf-apt-progress @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/debconf-show b/apparmor.d/debconf-show index 1c8e29416..f62b9fc9f 100644 --- a/apparmor.d/debconf-show +++ b/apparmor.d/debconf-show @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/deborphan b/apparmor.d/deborphan index 16006b331..f961cf1fb 100644 --- a/apparmor.d/deborphan +++ b/apparmor.d/deborphan @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/debsecan b/apparmor.d/debsecan index fca624067..e94d0a2b6 100644 --- a/apparmor.d/debsecan +++ b/apparmor.d/debsecan @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/debsign b/apparmor.d/debsign index b57a96bad..4155b969f 100644 --- a/apparmor.d/debsign +++ b/apparmor.d/debsign @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/debsums b/apparmor.d/debsums index 6eaaeef04..4c898b7e1 100644 --- a/apparmor.d/debsums +++ b/apparmor.d/debsums @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/debtags b/apparmor.d/debtags index b73cba2ef..bbd6d3b1d 100644 --- a/apparmor.d/debtags +++ b/apparmor.d/debtags @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -38,6 +38,9 @@ profile debtags @{exec_path} { /var/cache/apt/ r, /var/cache/apt/** rwk, + /var/lib/dbus/machine-id r, + /etc/machine-id r, + # file_inherit /var/log/cron-apt/temp w , diff --git a/apparmor.d/deluser b/apparmor.d/deluser index 52e071ff0..7e83bf6c2 100644 --- a/apparmor.d/deluser +++ b/apparmor.d/deluser @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/df b/apparmor.d/df index 7e7256fab..23bbd240c 100644 --- a/apparmor.d/df +++ b/apparmor.d/df @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -23,6 +23,8 @@ profile df @{exec_path} { owner @{PROC}/@{pid}/mountinfo r, + /usr/share/icons/*/index.theme r, + # For dir stats / r, /**/ r, diff --git a/apparmor.d/dfc b/apparmor.d/dfc index e52e0999d..c60f603d5 100644 --- a/apparmor.d/dfc +++ b/apparmor.d/dfc @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dhclient b/apparmor.d/dhclient index 134c16cd6..5b3bb3024 100644 --- a/apparmor.d/dhclient +++ b/apparmor.d/dhclient @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dhclient-script b/apparmor.d/dhclient-script index 3e69842b4..270c6a6a3 100644 --- a/apparmor.d/dhclient-script +++ b/apparmor.d/dhclient-script @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dig b/apparmor.d/dig index 85c84bfba..0d0c5621d 100644 --- a/apparmor.d/dig +++ b/apparmor.d/dig @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dirmngr b/apparmor.d/dirmngr index 000504a80..465f31b3f 100644 --- a/apparmor.d/dirmngr +++ b/apparmor.d/dirmngr @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/discord b/apparmor.d/discord index 878d4f113..27bb01ace 100644 --- a/apparmor.d/discord +++ b/apparmor.d/discord @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/discord-chrome-sandbox b/apparmor.d/discord-chrome-sandbox index 5a3cb9724..aa6dcc01f 100644 --- a/apparmor.d/discord-chrome-sandbox +++ b/apparmor.d/discord-chrome-sandbox @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dkms b/apparmor.d/dkms index 967753633..b665442a3 100644 --- a/apparmor.d/dkms +++ b/apparmor.d/dkms @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dkms-autoinstaller b/apparmor.d/dkms-autoinstaller index a65dbbd92..c4c8a54ca 100644 --- a/apparmor.d/dkms-autoinstaller +++ b/apparmor.d/dkms-autoinstaller @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dlocate b/apparmor.d/dlocate index 4f5fbe9cf..3ed26f320 100644 --- a/apparmor.d/dlocate +++ b/apparmor.d/dlocate @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dmcrypt-get-device b/apparmor.d/dmcrypt-get-device index ce86e8fb8..19830315d 100644 --- a/apparmor.d/dmcrypt-get-device +++ b/apparmor.d/dmcrypt-get-device @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dmesg b/apparmor.d/dmesg index d36b5d770..e7bb90a13 100644 --- a/apparmor.d/dmesg +++ b/apparmor.d/dmesg @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dmidecode b/apparmor.d/dmidecode index 9833adb24..d8db86ecf 100644 --- a/apparmor.d/dmidecode +++ b/apparmor.d/dmidecode @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dnscrypt-proxy b/apparmor.d/dnscrypt-proxy index 56b95e82c..736eb912b 100644 --- a/apparmor.d/dnscrypt-proxy +++ b/apparmor.d/dnscrypt-proxy @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dpkg b/apparmor.d/dpkg index ee55b789f..5be5e4ef6 100644 --- a/apparmor.d/dpkg +++ b/apparmor.d/dpkg @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dpkg-architecture b/apparmor.d/dpkg-architecture index 2a1936222..172669bd2 100644 --- a/apparmor.d/dpkg-architecture +++ b/apparmor.d/dpkg-architecture @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dpkg-buildflags b/apparmor.d/dpkg-buildflags index 0d0c5656f..79bd39437 100644 --- a/apparmor.d/dpkg-buildflags +++ b/apparmor.d/dpkg-buildflags @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dpkg-checkbuilddeps b/apparmor.d/dpkg-checkbuilddeps index b7dbf3907..3d7b2ff1a 100644 --- a/apparmor.d/dpkg-checkbuilddeps +++ b/apparmor.d/dpkg-checkbuilddeps @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dpkg-deb b/apparmor.d/dpkg-deb index b89baef59..49233b712 100644 --- a/apparmor.d/dpkg-deb +++ b/apparmor.d/dpkg-deb @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dpkg-divert b/apparmor.d/dpkg-divert index 714c6ca6d..0052be655 100644 --- a/apparmor.d/dpkg-divert +++ b/apparmor.d/dpkg-divert @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dpkg-genbuildinfo b/apparmor.d/dpkg-genbuildinfo index 67a2959c2..18d198330 100644 --- a/apparmor.d/dpkg-genbuildinfo +++ b/apparmor.d/dpkg-genbuildinfo @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dpkg-genchanges b/apparmor.d/dpkg-genchanges index a96c49719..6cf0a11ea 100644 --- a/apparmor.d/dpkg-genchanges +++ b/apparmor.d/dpkg-genchanges @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dpkg-preconfigure b/apparmor.d/dpkg-preconfigure index 35686aeb6..d25c805e5 100644 --- a/apparmor.d/dpkg-preconfigure +++ b/apparmor.d/dpkg-preconfigure @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dpkg-query b/apparmor.d/dpkg-query index 8b77827b8..52b469c53 100644 --- a/apparmor.d/dpkg-query +++ b/apparmor.d/dpkg-query @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dpkg-split b/apparmor.d/dpkg-split index 539672b3c..fbb55ff48 100644 --- a/apparmor.d/dpkg-split +++ b/apparmor.d/dpkg-split @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dpkg-trigger b/apparmor.d/dpkg-trigger index ce4de7535..e441874be 100644 --- a/apparmor.d/dpkg-trigger +++ b/apparmor.d/dpkg-trigger @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dpkg-vendor b/apparmor.d/dpkg-vendor index 5060d6f59..f0421a54a 100644 --- a/apparmor.d/dpkg-vendor +++ b/apparmor.d/dpkg-vendor @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/dumpcap b/apparmor.d/dumpcap index 86fcd69b0..2cee83abe 100644 --- a/apparmor.d/dumpcap +++ b/apparmor.d/dumpcap @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -36,6 +36,7 @@ profile dumpcap @{exec_path} { @{sys}/bus/usb/devices/ r, @{sys}/devices/virtual/net/*/type r, @{sys}/devices/pci[0-9]*/**/net/*/type r, + @{sys}/devices/virtual/net/*/statistics/* r, @{PROC}/@{pid}/net/dev r, @{PROC}/@{pid}/net/psched r, diff --git a/apparmor.d/dumpe2fs b/apparmor.d/dumpe2fs index 91cc5c63d..e88b3107d 100644 --- a/apparmor.d/dumpe2fs +++ b/apparmor.d/dumpe2fs @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/e2fsck b/apparmor.d/e2fsck index 5e713e505..0f30105bb 100644 --- a/apparmor.d/e2fsck +++ b/apparmor.d/e2fsck @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/e2image b/apparmor.d/e2image index 55684bc6d..8bba4eca2 100644 --- a/apparmor.d/e2image +++ b/apparmor.d/e2image @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/edid-decode b/apparmor.d/edid-decode index 02a75aaba..ddb0b460b 100644 --- a/apparmor.d/edid-decode +++ b/apparmor.d/edid-decode @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/eject b/apparmor.d/eject index 15259941b..96643451e 100644 --- a/apparmor.d/eject +++ b/apparmor.d/eject @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/engrampa b/apparmor.d/engrampa index 5d92e1709..5800063b6 100644 --- a/apparmor.d/engrampa +++ b/apparmor.d/engrampa @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/execute-dcut b/apparmor.d/execute-dcut index 8596db4d9..334dcf71b 100644 --- a/apparmor.d/execute-dcut +++ b/apparmor.d/execute-dcut @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/execute-dput b/apparmor.d/execute-dput index d65c5a17f..51b39da45 100644 --- a/apparmor.d/execute-dput +++ b/apparmor.d/execute-dput @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/exim4 b/apparmor.d/exim4 index fdc86fad6..fabd38f39 100644 --- a/apparmor.d/exim4 +++ b/apparmor.d/exim4 @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/exo-compose-mail b/apparmor.d/exo-compose-mail index fde8fc5e4..4964a95f6 100644 --- a/apparmor.d/exo-compose-mail +++ b/apparmor.d/exo-compose-mail @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/exo-helper b/apparmor.d/exo-helper index cb5c3468c..164f411a9 100644 --- a/apparmor.d/exo-helper +++ b/apparmor.d/exo-helper @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/exo-open b/apparmor.d/exo-open index 13482a262..9d76cf305 100644 --- a/apparmor.d/exo-open +++ b/apparmor.d/exo-open @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/f3brew b/apparmor.d/f3brew index db18ff2d2..55b7b747d 100644 --- a/apparmor.d/f3brew +++ b/apparmor.d/f3brew @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/f3fix b/apparmor.d/f3fix index f07abc2e8..498d50f08 100644 --- a/apparmor.d/f3fix +++ b/apparmor.d/f3fix @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/f3probe b/apparmor.d/f3probe index c9f5d15e6..e2a37d457 100644 --- a/apparmor.d/f3probe +++ b/apparmor.d/f3probe @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/f3read b/apparmor.d/f3read index f135264a3..9710073dc 100644 --- a/apparmor.d/f3read +++ b/apparmor.d/f3read @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/f3write b/apparmor.d/f3write index 0ca7c0dd0..c7eb9b0d8 100644 --- a/apparmor.d/f3write +++ b/apparmor.d/f3write @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/fatlabel b/apparmor.d/fatlabel index 7ae626c78..9c51e2759 100644 --- a/apparmor.d/fatlabel +++ b/apparmor.d/fatlabel @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/fatresize b/apparmor.d/fatresize index c9a5fa37d..4edfb0412 100644 --- a/apparmor.d/fatresize +++ b/apparmor.d/fatresize @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/fc-list b/apparmor.d/fc-list index b710467bf..dea3329ae 100644 --- a/apparmor.d/fc-list +++ b/apparmor.d/fc-list @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/fdisk b/apparmor.d/fdisk index e8bcad458..2e8448a47 100644 --- a/apparmor.d/fdisk +++ b/apparmor.d/fdisk @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ffmpeg b/apparmor.d/ffmpeg index 1f714b0d4..87da62b18 100644 --- a/apparmor.d/ffmpeg +++ b/apparmor.d/ffmpeg @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ffplay b/apparmor.d/ffplay index 4dfb053a2..e40cef417 100644 --- a/apparmor.d/ffplay +++ b/apparmor.d/ffplay @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ffprobe b/apparmor.d/ffprobe index 3194bb251..f3e01a7fc 100644 --- a/apparmor.d/ffprobe +++ b/apparmor.d/ffprobe @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/filecap b/apparmor.d/filecap index e452321cc..4a968f853 100644 --- a/apparmor.d/filecap +++ b/apparmor.d/filecap @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/filezilla b/apparmor.d/filezilla index a86b89cfb..0881187d6 100644 --- a/apparmor.d/filezilla +++ b/apparmor.d/filezilla @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/firefox b/apparmor.d/firefox index 91c2d55ed..9cc63a49a 100644 --- a/apparmor.d/firefox +++ b/apparmor.d/firefox @@ -20,12 +20,14 @@ include @{exec_path} = @{MOZ_LIBDIR}/firefox{,-bin,-esr} profile firefox @{exec_path} { include + include include + include include include include include - include + include include include include @@ -56,15 +58,15 @@ profile firefox @{exec_path} { owner @{PROC}/@{pid}/gid_map w, owner @{PROC}/@{pid}/uid_map w, - /{usr/,}bin/{,ba,da}sh rix, + /{usr/,}bin/{,ba,da}sh rix, # Firefox files @{MOZ_LIBDIR}/{,**} r, @{MOZ_LIBDIR}/*.so mr, @{MOZ_LIBDIR}/crashreporter rPx, @{MOZ_LIBDIR}/minidump-analyzer rPx, - #@{MOZ_LIBDIR}/pingsender rPx, - #@{MOZ_LIBDIR}/plugin-container rPx, + #@{MOZ_LIBDIR}/pingsender rPx, + #@{MOZ_LIBDIR}/plugin-container rPx, /usr/share/firefox/{,**} r, /etc/firefox/{,**} r, @@ -135,6 +137,9 @@ profile firefox @{exec_path} { /usr/share/xul-ext/kwallet5/* r, /etc/xul-ext/kwallet5.js r, + # For wayland + owner /dev/shm/wayland.mozilla.ipc.[0-9]* rw, + /usr/share/glib-2.0/schemas/gschemas.compiled r, /var/lib/dbus/machine-id r, diff --git a/apparmor.d/firefox-crashreporter b/apparmor.d/firefox-crashreporter index ae02c44e1..cc47845cf 100644 --- a/apparmor.d/firefox-crashreporter +++ b/apparmor.d/firefox-crashreporter @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -20,14 +20,23 @@ include @{exec_path} = @{MOZ_LIBDIR}/crashreporter profile firefox-crashreporter @{exec_path} { include + include + include include include include include + include include + include signal (receive) set=(term, kill) peer=firefox, + network inet dgram, + network inet6 dgram, + network inet stream, + network inet6 stream, + @{exec_path} mr, @{MOZ_LIBDIR}/minidump-analyzer rPx, @@ -51,14 +60,17 @@ profile firefox-crashreporter @{exec_path} { owner /tmp/firefox/.parentlock w, /var/tmp/ r, - /etc/passwd r, - owner /dev/shm/org.mozilla.ipc.[0-9]*.[0-9]* r, + /usr/share/glib-2.0/schemas/gschemas.compiled r, + + /usr/share/X11/xkb/** r, + # file_inherit owner @{MOZ_CACHEDIR}/firefox/*.*/** r, owner @{MOZ_HOMEDIR}/firefox/*.*/extensions/*.xpi r, owner @{HOME}/.xsession-errors w, + /dev/dri/renderD128 rw, include if exists } diff --git a/apparmor.d/firefox-minidump-analyzer b/apparmor.d/firefox-minidump-analyzer index b1b16516f..44f9cfea6 100644 --- a/apparmor.d/firefox-minidump-analyzer +++ b/apparmor.d/firefox-minidump-analyzer @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -42,6 +42,7 @@ profile firefox-minidump-analyzer @{exec_path} { owner @{MOZ_CACHEDIR}/firefox/*.*/startupCache/*Cache* r, owner @{HOME}/.xsession-errors w, owner @{HOME}/.mozilla/firefox/m-oyw579q8.default/extensions/*.xpi r, + /dev/dri/renderD128 rw, include if exists } diff --git a/apparmor.d/firefox-pingsender b/apparmor.d/firefox-pingsender index 84fab49ea..c7d06fb36 100644 --- a/apparmor.d/firefox-pingsender +++ b/apparmor.d/firefox-pingsender @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/firefox-plugin-container b/apparmor.d/firefox-plugin-container index 2b256b142..00dd7b3f2 100644 --- a/apparmor.d/firefox-plugin-container +++ b/apparmor.d/firefox-plugin-container @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/flameshot b/apparmor.d/flameshot index 22116b8fb..3f34d6c9f 100644 --- a/apparmor.d/flameshot +++ b/apparmor.d/flameshot @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/fping b/apparmor.d/fping index 3250d284e..f40fd2744 100644 --- a/apparmor.d/fping +++ b/apparmor.d/fping @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/freetube b/apparmor.d/freetube index 0c344c85f..ced88c823 100644 --- a/apparmor.d/freetube +++ b/apparmor.d/freetube @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/freetube-chrome-sandbox b/apparmor.d/freetube-chrome-sandbox index abd3704d8..fa8d65339 100644 --- a/apparmor.d/freetube-chrome-sandbox +++ b/apparmor.d/freetube-chrome-sandbox @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/frontend b/apparmor.d/frontend index d845967d0..6d41c8dd0 100644 --- a/apparmor.d/frontend +++ b/apparmor.d/frontend @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -110,9 +110,12 @@ profile frontend @{exec_path} flags=(complain) { /{usr/,}lib/ r, /{usr/,}lib/** rPUx, - /usr/share/** r, + /usr/share/ r, /usr/share/** rPUx, + /etc/init.d/ r, + /etc/init.d/* rPUx, + /etc/ r, /etc/** rw, /var/ r, diff --git a/apparmor.d/fsck b/apparmor.d/fsck index 4d2837133..f077d07dc 100644 --- a/apparmor.d/fsck +++ b/apparmor.d/fsck @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/fsck-btrfs b/apparmor.d/fsck-btrfs index 1802923d3..0f028140a 100644 --- a/apparmor.d/fsck-btrfs +++ b/apparmor.d/fsck-btrfs @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/fsck-fat b/apparmor.d/fsck-fat index 53b552464..379577436 100644 --- a/apparmor.d/fsck-fat +++ b/apparmor.d/fsck-fat @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/fuseiso b/apparmor.d/fuseiso index 12abbed14..1f8b967be 100644 --- a/apparmor.d/fuseiso +++ b/apparmor.d/fuseiso @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/fusermount b/apparmor.d/fusermount index 457a89f78..6fb3af15f 100644 --- a/apparmor.d/fusermount +++ b/apparmor.d/fusermount @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/fwupd b/apparmor.d/fwupd index 758309f36..36f9ff38d 100644 --- a/apparmor.d/fwupd +++ b/apparmor.d/fwupd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/fwupdmgr b/apparmor.d/fwupdmgr index 7d2616618..3fea59c89 100644 --- a/apparmor.d/fwupdmgr +++ b/apparmor.d/fwupdmgr @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/fzsftp b/apparmor.d/fzsftp index 2277cdeba..a857957ee 100644 --- a/apparmor.d/fzsftp +++ b/apparmor.d/fzsftp @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/games-wesnoth b/apparmor.d/games-wesnoth index 88a035a0f..0f5735bcb 100644 --- a/apparmor.d/games-wesnoth +++ b/apparmor.d/games-wesnoth @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/games-wesnoth-sh b/apparmor.d/games-wesnoth-sh index 5028d0d4d..edac49d01 100644 --- a/apparmor.d/games-wesnoth-sh +++ b/apparmor.d/games-wesnoth-sh @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ganyremote b/apparmor.d/ganyremote index 838994875..6f1f2a8d0 100644 --- a/apparmor.d/ganyremote +++ b/apparmor.d/ganyremote @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/gconfd b/apparmor.d/gconfd index 23e7a3edf..934fa9554 100644 --- a/apparmor.d/gconfd +++ b/apparmor.d/gconfd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/gdisk b/apparmor.d/gdisk index 8e01c4d9f..3022f535f 100644 --- a/apparmor.d/gdisk +++ b/apparmor.d/gdisk @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/geany b/apparmor.d/geany index bbbe36f75..b70a7e9c0 100644 --- a/apparmor.d/geany +++ b/apparmor.d/geany @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -29,6 +29,9 @@ profile geany @{exec_path} { deny capability sys_nice, +# network inet stream, +# network inet6 stream, + @{exec_path} mr, # For the sorting feature diff --git a/apparmor.d/gio-launch-desktop b/apparmor.d/gio-launch-desktop index f68025b83..148440e3d 100644 --- a/apparmor.d/gio-launch-desktop +++ b/apparmor.d/gio-launch-desktop @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/git b/apparmor.d/git index 6be71c633..d03f128f8 100644 --- a/apparmor.d/git +++ b/apparmor.d/git @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/globaltime b/apparmor.d/globaltime index 49a576265..0f59fce1f 100644 --- a/apparmor.d/globaltime +++ b/apparmor.d/globaltime @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/glxgears b/apparmor.d/glxgears index 16172760d..a5c2c0fcd 100644 --- a/apparmor.d/glxgears +++ b/apparmor.d/glxgears @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/glxinfo b/apparmor.d/glxinfo index 9aa0ca31e..a466b0b72 100644 --- a/apparmor.d/glxinfo +++ b/apparmor.d/glxinfo @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/gnome-keyring-daemon b/apparmor.d/gnome-keyring-daemon index 569cb8bd2..1a4dba8eb 100644 --- a/apparmor.d/gnome-keyring-daemon +++ b/apparmor.d/gnome-keyring-daemon @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/google-chrome-chrome b/apparmor.d/google-chrome-chrome index 2eb294f35..609c2dc61 100644 --- a/apparmor.d/google-chrome-chrome +++ b/apparmor.d/google-chrome-chrome @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/google-chrome-chrome-sandbox b/apparmor.d/google-chrome-chrome-sandbox index f6c216816..25732ca40 100644 --- a/apparmor.d/google-chrome-chrome-sandbox +++ b/apparmor.d/google-chrome-chrome-sandbox @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/google-chrome-google-chrome b/apparmor.d/google-chrome-google-chrome index 5d09959e3..a1a02af31 100644 --- a/apparmor.d/google-chrome-google-chrome +++ b/apparmor.d/google-chrome-google-chrome @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/gpa b/apparmor.d/gpa index e0adc9feb..04d2e5ff5 100644 --- a/apparmor.d/gpa +++ b/apparmor.d/gpa @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/gparted b/apparmor.d/gparted index cddf907e1..c47973fa4 100644 --- a/apparmor.d/gparted +++ b/apparmor.d/gparted @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/gpartedbin b/apparmor.d/gpartedbin index 9b29c0d2c..98fdb1f56 100644 --- a/apparmor.d/gpartedbin +++ b/apparmor.d/gpartedbin @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/gpasswd b/apparmor.d/gpasswd index 106e0f58f..7519f89dc 100644 --- a/apparmor.d/gpasswd +++ b/apparmor.d/gpasswd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/gpg b/apparmor.d/gpg index 642dc3a23..82b932227 100644 --- a/apparmor.d/gpg +++ b/apparmor.d/gpg @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/gpg-agent b/apparmor.d/gpg-agent index 8dc0d2b68..e8c770989 100644 --- a/apparmor.d/gpg-agent +++ b/apparmor.d/gpg-agent @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/gpg-connect-agent b/apparmor.d/gpg-connect-agent index cf1da8f21..f8342639b 100644 --- a/apparmor.d/gpg-connect-agent +++ b/apparmor.d/gpg-connect-agent @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/gpgconf b/apparmor.d/gpgconf index d1393f9e5..eec6e57b6 100644 --- a/apparmor.d/gpgconf +++ b/apparmor.d/gpgconf @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/gpgsm b/apparmor.d/gpgsm index 1ab2716f2..dc7fa3e13 100644 --- a/apparmor.d/gpgsm +++ b/apparmor.d/gpgsm @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/gpo b/apparmor.d/gpo index fe9d1fc08..1f1635444 100644 --- a/apparmor.d/gpo +++ b/apparmor.d/gpo @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/gpodder b/apparmor.d/gpodder index 7622d444f..6dd62c799 100644 --- a/apparmor.d/gpodder +++ b/apparmor.d/gpodder @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/gpodder-migrate2tres b/apparmor.d/gpodder-migrate2tres index b134396e3..e139dd915 100644 --- a/apparmor.d/gpodder-migrate2tres +++ b/apparmor.d/gpodder-migrate2tres @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/groupadd b/apparmor.d/groupadd index bed46fb84..cd2f3cb01 100644 --- a/apparmor.d/groupadd +++ b/apparmor.d/groupadd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/groupdel b/apparmor.d/groupdel index 88578b6e2..ff3239045 100644 --- a/apparmor.d/groupdel +++ b/apparmor.d/groupdel @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/groupmod b/apparmor.d/groupmod index 10c7e77bb..9776dc810 100644 --- a/apparmor.d/groupmod +++ b/apparmor.d/groupmod @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/groups b/apparmor.d/groups index 2be493cd4..67b11ea70 100644 --- a/apparmor.d/groups +++ b/apparmor.d/groups @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/grpck b/apparmor.d/grpck index 1a65eb927..7bfd0ecd0 100644 --- a/apparmor.d/grpck +++ b/apparmor.d/grpck @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/gsimplecal b/apparmor.d/gsimplecal index da2d77c15..c7c9e37e8 100644 --- a/apparmor.d/gsimplecal +++ b/apparmor.d/gsimplecal @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/gsmartcontrol b/apparmor.d/gsmartcontrol index 822174ffa..60a4fe773 100644 --- a/apparmor.d/gsmartcontrol +++ b/apparmor.d/gsmartcontrol @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/gsmartcontrol-root b/apparmor.d/gsmartcontrol-root index 9ef8cc9c7..41321434b 100644 --- a/apparmor.d/gsmartcontrol-root +++ b/apparmor.d/gsmartcontrol-root @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/gtk-update-icon-cache b/apparmor.d/gtk-update-icon-cache index 938edbac9..94edc1c62 100644 --- a/apparmor.d/gtk-update-icon-cache +++ b/apparmor.d/gtk-update-icon-cache @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/gtk-youtube-viewer b/apparmor.d/gtk-youtube-viewer index 77c82ef1d..fe2ca205c 100644 --- a/apparmor.d/gtk-youtube-viewer +++ b/apparmor.d/gtk-youtube-viewer @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/hardinfo b/apparmor.d/hardinfo index c0ebd7446..1532e7a32 100644 --- a/apparmor.d/hardinfo +++ b/apparmor.d/hardinfo @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/hciconfig b/apparmor.d/hciconfig index e88af380a..709624c14 100644 --- a/apparmor.d/hciconfig +++ b/apparmor.d/hciconfig @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/hddtemp b/apparmor.d/hddtemp index 65d49489d..29d0b9e31 100644 --- a/apparmor.d/hddtemp +++ b/apparmor.d/hddtemp @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/hdparm b/apparmor.d/hdparm index 5cf7e42a5..3af008ce7 100644 --- a/apparmor.d/hdparm +++ b/apparmor.d/hdparm @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/hexchat b/apparmor.d/hexchat index 26e0f0ab9..be0ba87da 100644 --- a/apparmor.d/hexchat +++ b/apparmor.d/hexchat @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/hostname b/apparmor.d/hostname index 2f56d302a..82abd922b 100644 --- a/apparmor.d/hostname +++ b/apparmor.d/hostname @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/htop b/apparmor.d/htop index bf8acf867..df7f9ef55 100644 --- a/apparmor.d/htop +++ b/apparmor.d/htop @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/hugeadm b/apparmor.d/hugeadm index 7af2a321c..b7dc0434f 100644 --- a/apparmor.d/hugeadm +++ b/apparmor.d/hugeadm @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/hugo b/apparmor.d/hugo index 07812f0ee..b92eb3f63 100644 --- a/apparmor.d/hugo +++ b/apparmor.d/hugo @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/hw-probe b/apparmor.d/hw-probe index 36c4c42d5..19ce485d6 100644 --- a/apparmor.d/hw-probe +++ b/apparmor.d/hw-probe @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/hwinfo b/apparmor.d/hwinfo index e27b4e393..3db1d78b0 100644 --- a/apparmor.d/hwinfo +++ b/apparmor.d/hwinfo @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/hypnotix b/apparmor.d/hypnotix new file mode 100644 index 000000000..4a09583ea --- /dev/null +++ b/apparmor.d/hypnotix @@ -0,0 +1,98 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2021 Mikhail Morfikov +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +abi , + +include + +# Playlist extensions: +# m3u, m3u8, pls +@{hypnotix_ext} = [mM]3[uU]{,8} +@{hypnotix_ext} += [pP][lL][sS] + +@{exec_path} = /{usr/,}bin/hypnotix +@{exec_path} += /{usr/,}lib/hypnotix/hypnotix.py +profile hypnotix @{exec_path} { + include + include + include + include + include + include + include + include + include + include + include + include + include + include + + signal (send) set=(term, kill) peer=youtube-dl, + + network inet dgram, + network inet6 dgram, + network inet stream, + network inet6 stream, + network netlink raw, + + @{exec_path} rix, + /{usr/,}bin/python3.[0-9]* r, + + /{usr/,}bin/{,ba,da}sh rix, + + /{usr/,}sbin/ldconfig rix, + /{usr/,}bin/mkdir rix, + + /{usr/,}bin/xdg-screensaver rPx, + /{usr/,}bin/youtube-dl rPx, + + /{usr/,}lib/firefox/firefox rPUx, + + # Which files hypnotix should be able to open + / r, + /home/ r, + owner @{HOME}/ r, + owner @{HOME}/**/ r, + /media/ r, + owner /media/**/ r, + owner /{home,media}/**.@{hypnotix_ext} r, + + # To be able to store settings + include + owner @{run}/user/[0-9]*/dconf/ rw, + owner @{run}/user/[0-9]*/dconf/user rw, + + /usr/share/hypnotix/{,**} r, + + owner @{HOME}/.hypnotix/ rw, + owner @{HOME}/.hypnotix/** rw, + + owner @{PROC}/@{pid}/fd/ r, + owner @{PROC}/@{pid}/mounts r, + deny owner @{PROC}/@{pid}/cmdline r, + + @{sys}/devices/pci[0-9]*/**/drm/ r, + + /dev/ r, + + /usr/share/glib-2.0/schemas/gschemas.compiled r, + + /etc/vdpau_wrapper.cfg r, + + /var/lib/dbus/machine-id r, + /etc/machine-id r, + + # Silencer + /{usr/,}lib/hypnotix/** w, + + include if exists +} diff --git a/apparmor.d/i2cdetect b/apparmor.d/i2cdetect index 2a8c051e4..462a545c2 100644 --- a/apparmor.d/i2cdetect +++ b/apparmor.d/i2cdetect @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/i3lock b/apparmor.d/i3lock index 65fdda5af..c03233f1e 100644 --- a/apparmor.d/i3lock +++ b/apparmor.d/i3lock @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/i3lock-fancy b/apparmor.d/i3lock-fancy index bc44fa3ed..28ab2083a 100644 --- a/apparmor.d/i3lock-fancy +++ b/apparmor.d/i3lock-fancy @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ifconfig b/apparmor.d/ifconfig index ed0f727a6..c9eb5d779 100644 --- a/apparmor.d/ifconfig +++ b/apparmor.d/ifconfig @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ifup b/apparmor.d/ifup index 60df93c2f..b116be6d6 100644 --- a/apparmor.d/ifup +++ b/apparmor.d/ifup @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/initd-kexec b/apparmor.d/initd-kexec index 5e0ec791e..c36a606d7 100644 --- a/apparmor.d/initd-kexec +++ b/apparmor.d/initd-kexec @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/initd-kexec-load b/apparmor.d/initd-kexec-load index 6ffc56e89..f7d76e8c5 100644 --- a/apparmor.d/initd-kexec-load +++ b/apparmor.d/initd-kexec-load @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/initd-kmod b/apparmor.d/initd-kmod index db2ddefa8..8acb4bd93 100644 --- a/apparmor.d/initd-kmod +++ b/apparmor.d/initd-kmod @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/install-printerdriver b/apparmor.d/install-printerdriver index 5d8f8e1ac..f8d8052dc 100644 --- a/apparmor.d/install-printerdriver +++ b/apparmor.d/install-printerdriver @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/inxi b/apparmor.d/inxi index e6da6f4b0..1dc7bdd84 100644 --- a/apparmor.d/inxi +++ b/apparmor.d/inxi @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ioping b/apparmor.d/ioping index 64db88c05..4d0d41273 100644 --- a/apparmor.d/ioping +++ b/apparmor.d/ioping @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/iotop b/apparmor.d/iotop index 63920f72e..3e9cc7456 100644 --- a/apparmor.d/iotop +++ b/apparmor.d/iotop @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ip b/apparmor.d/ip index 56f39c0b0..5199b2d4e 100644 --- a/apparmor.d/ip +++ b/apparmor.d/ip @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ipcalc b/apparmor.d/ipcalc index 84d0311b5..4673a8da2 100644 --- a/apparmor.d/ipcalc +++ b/apparmor.d/ipcalc @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/iw b/apparmor.d/iw index 2442d34cc..dcc72c1e5 100644 --- a/apparmor.d/iw +++ b/apparmor.d/iw @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/iwconfig b/apparmor.d/iwconfig index 049f98b28..12ba3b533 100644 --- a/apparmor.d/iwconfig +++ b/apparmor.d/iwconfig @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/iwlist b/apparmor.d/iwlist index c9c919b5d..4220c7e92 100644 --- a/apparmor.d/iwlist +++ b/apparmor.d/iwlist @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/jdownloader b/apparmor.d/jdownloader index ed7ccc50f..7f82eb3e9 100644 --- a/apparmor.d/jdownloader +++ b/apparmor.d/jdownloader @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/jdownloader-install b/apparmor.d/jdownloader-install index 7428013df..6b19f41d7 100644 --- a/apparmor.d/jdownloader-install +++ b/apparmor.d/jdownloader-install @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/jekyll b/apparmor.d/jekyll index ad0d2adf3..6dd98106e 100644 --- a/apparmor.d/jekyll +++ b/apparmor.d/jekyll @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/jgmenu b/apparmor.d/jgmenu index 7193043b7..ed0c105b8 100644 --- a/apparmor.d/jgmenu +++ b/apparmor.d/jgmenu @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/kanyremote b/apparmor.d/kanyremote index 35599cd0a..1bf720793 100644 --- a/apparmor.d/kanyremote +++ b/apparmor.d/kanyremote @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/kcheckpass b/apparmor.d/kcheckpass index 0c70cfe5b..d8677b324 100644 --- a/apparmor.d/kcheckpass +++ b/apparmor.d/kcheckpass @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/kconfig-hardened-check b/apparmor.d/kconfig-hardened-check index 9f417de95..f085dddf5 100644 --- a/apparmor.d/kconfig-hardened-check +++ b/apparmor.d/kconfig-hardened-check @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/keepassxc b/apparmor.d/keepassxc index 840c4cdbe..bb4ddac2f 100644 --- a/apparmor.d/keepassxc +++ b/apparmor.d/keepassxc @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/keepassxc-cli b/apparmor.d/keepassxc-cli index 76d4c81c1..9231414de 100644 --- a/apparmor.d/keepassxc-cli +++ b/apparmor.d/keepassxc-cli @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/keepassxc-proxy b/apparmor.d/keepassxc-proxy index d2a53d122..199ce6c72 100644 --- a/apparmor.d/keepassxc-proxy +++ b/apparmor.d/keepassxc-proxy @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -44,7 +44,10 @@ profile keepassxc-proxy @{exec_path} { deny owner @{HOME}/.config/google-chrome/** rw, deny owner @{HOME}/.config/chromium/** rw, # + /usr/share/icons/*/index.theme r, + # owner @{HOME}/.xsession-errors w, + /dev/dri/renderD128 rw, include if exists } diff --git a/apparmor.d/kernel-install b/apparmor.d/kernel-install index 8751059a7..32ed72f94 100644 --- a/apparmor.d/kernel-install +++ b/apparmor.d/kernel-install @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/kerneloops b/apparmor.d/kerneloops index 1952e019b..f9a81fc94 100644 --- a/apparmor.d/kerneloops +++ b/apparmor.d/kerneloops @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/kerneloops-applet b/apparmor.d/kerneloops-applet index cb5f6dd32..7846e3cf9 100644 --- a/apparmor.d/kerneloops-applet +++ b/apparmor.d/kerneloops-applet @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/kexec b/apparmor.d/kexec index 38ea385ad..982fc14fb 100644 --- a/apparmor.d/kexec +++ b/apparmor.d/kexec @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/kmod b/apparmor.d/kmod index cc137c404..c700f0c44 100644 --- a/apparmor.d/kmod +++ b/apparmor.d/kmod @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/kodi b/apparmor.d/kodi index 24b5f2153..46786b1bf 100644 --- a/apparmor.d/kodi +++ b/apparmor.d/kodi @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -17,6 +17,7 @@ include profile kodi @{exec_path} { include include + include include include include @@ -69,10 +70,6 @@ profile kodi @{exec_path} { /etc/timezone r, /etc/fstab r, - /etc/glvnd/egl_vendor.d/ r, - /usr/share/glvnd/egl_vendor.d/ r, - /usr/share/glvnd/egl_vendor.d/[0-9][0-9]_*.json r, - owner @{PROC}/@{pid}/mounts r, @{PROC}/@{pid}/net/dev r, @{PROC}/sys/kernel/core_pattern r, diff --git a/apparmor.d/kodi-xrandr b/apparmor.d/kodi-xrandr index bfbcb4a0c..af6e71822 100644 --- a/apparmor.d/kodi-xrandr +++ b/apparmor.d/kodi-xrandr @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/kscreenlocker-greet b/apparmor.d/kscreenlocker-greet index 76cf6917c..e0ae1b748 100644 --- a/apparmor.d/kscreenlocker-greet +++ b/apparmor.d/kscreenlocker-greet @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -16,10 +16,10 @@ include @{exec_path} = /{usr/,}lib/@{multiarch}/libexec/kscreenlocker_greet profile kscreenlocker-greet @{exec_path} { include + include include include include - include include include include diff --git a/apparmor.d/kvm-ok b/apparmor.d/kvm-ok index 95932a236..2cb0e3156 100644 --- a/apparmor.d/kvm-ok +++ b/apparmor.d/kvm-ok @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/kwalletd5 b/apparmor.d/kwalletd5 index c62ea6e5d..fcbf6ad0a 100644 --- a/apparmor.d/kwalletd5 +++ b/apparmor.d/kwalletd5 @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/kwalletmanager5 b/apparmor.d/kwalletmanager5 index 0ec301c3f..86182000b 100644 --- a/apparmor.d/kwalletmanager5 +++ b/apparmor.d/kwalletmanager5 @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/labwc b/apparmor.d/labwc new file mode 100644 index 000000000..dd7d95af2 --- /dev/null +++ b/apparmor.d/labwc @@ -0,0 +1,84 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2020-2021 Mikhail Morfikov +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +abi , + +include + +@{exec_path} = /{usr/,}bin/labwc +profile labwc @{exec_path} flags=(attach_disconnected) { + include + include + include + include + include + include + include + include + include + include + include + include + + network netlink raw, + + @{exec_path} mr, + + # Apps allowed to run + /{usr/,}sbin/* rPUx, + /{usr/,}bin/* rPUx, + /usr/libexec/* rPUx, + + owner @{HOME}/.config/labwc/ r, + owner @{HOME}/.config/labwc/* r, + + /usr/share/libinput/ r, + /usr/share/libinput/*.quirks r, + + /usr/share/themes/**/themerc r, + + /usr/share/X11/xkb/** r, + + owner /dev/shm/wayland.mozilla.ipc.[0-9]* rw, + + @{sys}/bus/ r, + @{sys}/class/ r, + @{sys}/class/drm/ r, + @{sys}/class/input/ r, + @{sys}/devices/pci[0-9]*/**/boot_vga r, + @{sys}/devices/**/uevent r, + + @{run}/udev/data/+input* r, # for mouse, keyboard, touchpad + @{run}/udev/data/+platform* r, # for ? + @{run}/udev/data/+drm:card[0-9]-* r, # for screen outputs + @{run}/udev/data/+acpi* r, # for ? + @{run}/udev/data/+hid* r, # for HID-Compliant Keyboard + @{run}/udev/data/+pci* r, # for VGA compatible controller + @{run}/udev/data/+usb* r, # for USB mouse and keyboard + @{run}/udev/data/+sound:card* r, # for sound + @{run}/udev/data/+serio* r, # for touchpad? + @{run}/udev/data/c13:[0-9]* r, # for /dev/input/* + @{run}/udev/data/c189:[0-9]* r, # for /dev/bus/usb/** + @{run}/udev/data/c226:[0-9]* r, # for /dev/dri/card* + + @{run}/systemd/sessions/[0-9]* r, + @{run}/systemd/seats/seat[0-9]* r, + + @{run}/user/[0-9]*/wayland-[0-9].lock k, + + owner @{PROC}/@{pid}/fd/ r, + + owner /tmp/.X[0-9]*-lock rw, + owner /tmp/.X11-unix/ rw, + owner /tmp/.X11-unix/X[0-9]* rw, + + include if exists +} diff --git a/apparmor.d/light b/apparmor.d/light index 916339eed..ff070c8e9 100644 --- a/apparmor.d/light +++ b/apparmor.d/light @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/light-locker b/apparmor.d/light-locker index c197b7a1a..617bcbb82 100644 --- a/apparmor.d/light-locker +++ b/apparmor.d/light-locker @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/light-locker-command b/apparmor.d/light-locker-command index 9cb6c7eea..a8b31aee9 100644 --- a/apparmor.d/light-locker-command +++ b/apparmor.d/light-locker-command @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/lightdm b/apparmor.d/lightdm index 070fbc8f4..034b2d3dd 100644 --- a/apparmor.d/lightdm +++ b/apparmor.d/lightdm @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/lightdm-gtk-greeter b/apparmor.d/lightdm-gtk-greeter index dd8c16e96..550239d23 100644 --- a/apparmor.d/lightdm-gtk-greeter +++ b/apparmor.d/lightdm-gtk-greeter @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/lightworks b/apparmor.d/lightworks index 7582c4e3d..7dcaea4f1 100644 --- a/apparmor.d/lightworks +++ b/apparmor.d/lightworks @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/lightworks-ntcardvt b/apparmor.d/lightworks-ntcardvt index b6ea584d1..e4de888d5 100644 --- a/apparmor.d/lightworks-ntcardvt +++ b/apparmor.d/lightworks-ntcardvt @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/linssid b/apparmor.d/linssid index 3b65f31ca..95a36257a 100644 --- a/apparmor.d/linssid +++ b/apparmor.d/linssid @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/linux-check-removal b/apparmor.d/linux-check-removal index 7650b92f9..9707db937 100644 --- a/apparmor.d/linux-check-removal +++ b/apparmor.d/linux-check-removal @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/linux-version b/apparmor.d/linux-version index fc5827a84..727588556 100644 --- a/apparmor.d/linux-version +++ b/apparmor.d/linux-version @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/localepurge b/apparmor.d/localepurge index e78df2474..28c49fdd2 100644 --- a/apparmor.d/localepurge +++ b/apparmor.d/localepurge @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/logrotate b/apparmor.d/logrotate index d416746e1..06bfc8fcf 100644 --- a/apparmor.d/logrotate +++ b/apparmor.d/logrotate @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/lsblk b/apparmor.d/lsblk index 9fb89a27b..498f861eb 100644 --- a/apparmor.d/lsblk +++ b/apparmor.d/lsblk @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/lscpu b/apparmor.d/lscpu index 0b73db40e..1dd2c9521 100644 --- a/apparmor.d/lscpu +++ b/apparmor.d/lscpu @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/lsinitramfs b/apparmor.d/lsinitramfs index 1dbe085c3..8a2b1c9f5 100644 --- a/apparmor.d/lsinitramfs +++ b/apparmor.d/lsinitramfs @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/lspci b/apparmor.d/lspci index f93032c3b..08c699800 100644 --- a/apparmor.d/lspci +++ b/apparmor.d/lspci @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/lsusb b/apparmor.d/lsusb index 9aaba704c..053f6ff90 100644 --- a/apparmor.d/lsusb +++ b/apparmor.d/lsusb @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/lxappearance b/apparmor.d/lxappearance index f580d2a52..544a8d406 100644 --- a/apparmor.d/lxappearance +++ b/apparmor.d/lxappearance @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/lynx b/apparmor.d/lynx index 0c88208a3..5fc0f17d2 100644 --- a/apparmor.d/lynx +++ b/apparmor.d/lynx @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/macchanger b/apparmor.d/macchanger index 4e905df80..5f67d8ba9 100644 --- a/apparmor.d/macchanger +++ b/apparmor.d/macchanger @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/mandb b/apparmor.d/mandb new file mode 100644 index 000000000..3e31e6241 --- /dev/null +++ b/apparmor.d/mandb @@ -0,0 +1,38 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2020-2021 Mikhail Morfikov +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public +# License published by the Free Software Foundation. +# +# ------------------------------------------------------------------ + +abi , + +include + +@{exec_path} = /{usr/,}bin/mandb +profile mandb @{exec_path} flags=(complain) { + include + include + include + + @{exec_path} mr, + + /etc/manpath.config r, + + /var/cache/man/ r, + /var/cache/man/** rwk, + + /usr/share/man/ r, + /usr/share/man/** r, + + /usr/share/*/man/man[0-9]*/*.[0-9]*.gz r, + + /usr/local/share/man/ r, + /usr/local/share/man/** r, + + include if exists +} diff --git a/apparmor.d/mediainfo b/apparmor.d/mediainfo index 1109abde2..9b1e21178 100644 --- a/apparmor.d/mediainfo +++ b/apparmor.d/mediainfo @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/memtester b/apparmor.d/memtester index 913a079fa..f0e522909 100644 --- a/apparmor.d/memtester +++ b/apparmor.d/memtester @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/mimetype b/apparmor.d/mimetype index 1a1f1ee96..5774d496d 100644 --- a/apparmor.d/mimetype +++ b/apparmor.d/mimetype @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/mke2fs b/apparmor.d/mke2fs index 6d6b84579..e886f6aca 100644 --- a/apparmor.d/mke2fs +++ b/apparmor.d/mke2fs @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/mkfs-btrfs b/apparmor.d/mkfs-btrfs index 03d6c3567..3d9ec19f9 100644 --- a/apparmor.d/mkfs-btrfs +++ b/apparmor.d/mkfs-btrfs @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/mkfs-fat b/apparmor.d/mkfs-fat index b0c20d7ad..f9a756f9d 100644 --- a/apparmor.d/mkfs-fat +++ b/apparmor.d/mkfs-fat @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/mkinitramfs b/apparmor.d/mkinitramfs index b640d4dcc..6c6de4ea6 100644 --- a/apparmor.d/mkinitramfs +++ b/apparmor.d/mkinitramfs @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/mkntfs b/apparmor.d/mkntfs index 00690f35b..502fba384 100644 --- a/apparmor.d/mkntfs +++ b/apparmor.d/mkntfs @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/mkswap b/apparmor.d/mkswap index 0ee6b2f19..d78fe6211 100644 --- a/apparmor.d/mkswap +++ b/apparmor.d/mkswap @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/mkvmerge b/apparmor.d/mkvmerge index 428f3ca2b..d65634ea6 100644 --- a/apparmor.d/mkvmerge +++ b/apparmor.d/mkvmerge @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/mkvtoolnix-gui b/apparmor.d/mkvtoolnix-gui index 587578172..147776084 100644 --- a/apparmor.d/mkvtoolnix-gui +++ b/apparmor.d/mkvtoolnix-gui @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/mlocate b/apparmor.d/mlocate index 6517b562d..e239d1bb5 100644 --- a/apparmor.d/mlocate +++ b/apparmor.d/mlocate @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/mount b/apparmor.d/mount index 7c320556b..c968920e6 100644 --- a/apparmor.d/mount +++ b/apparmor.d/mount @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/mount.cifs b/apparmor.d/mount.cifs index e56991585..eafeeb859 100644 --- a/apparmor.d/mount.cifs +++ b/apparmor.d/mount.cifs @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -16,6 +16,7 @@ include @{exec_path} = /{usr/,}sbin/mount.cifs profile mount.cifs @{exec_path} flags=(complain) { include + include # To mount anything. capability sys_admin, @@ -29,6 +30,8 @@ profile mount.cifs @{exec_path} flags=(complain) { @{exec_path} mr, + /{usr/,}bin/systemd-ask-password rPUx, + /etc/fstab r, owner @{HOME}/.smbcredentials r, diff --git a/apparmor.d/mpsyt b/apparmor.d/mpsyt index 9e236b54c..9009cc1f3 100644 --- a/apparmor.d/mpsyt +++ b/apparmor.d/mpsyt @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/mpv b/apparmor.d/mpv index bbbff32eb..d82c2d133 100644 --- a/apparmor.d/mpv +++ b/apparmor.d/mpv @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -126,10 +126,6 @@ profile mpv @{exec_path} { ##include /etc/vdpau_wrapper.cfg r, - /etc/glvnd/egl_vendor.d/ r, - /usr/share/glvnd/egl_vendor.d/ r, - /usr/share/glvnd/egl_vendor.d/[0-9][0-9]_*.json r, - # What's this for? (since v0.30.0) @{sys}/bus/ r, @{sys}/class/ r, diff --git a/apparmor.d/mtools b/apparmor.d/mtools index 59b838e85..2c1c2d1b4 100644 --- a/apparmor.d/mtools +++ b/apparmor.d/mtools @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/mumble b/apparmor.d/mumble index e9689280a..5c665d520 100644 --- a/apparmor.d/mumble +++ b/apparmor.d/mumble @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/mumble-overlay b/apparmor.d/mumble-overlay index d8dcd69c9..c4ff50136 100644 --- a/apparmor.d/mumble-overlay +++ b/apparmor.d/mumble-overlay @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/netcap b/apparmor.d/netcap index 908819fa4..24b6738c0 100644 --- a/apparmor.d/netcap +++ b/apparmor.d/netcap @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/nethogs b/apparmor.d/nethogs index 1d4b80ea7..9c8614fdf 100644 --- a/apparmor.d/nethogs +++ b/apparmor.d/nethogs @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/networkctl b/apparmor.d/networkctl index 48c967a4e..08831f5d3 100644 --- a/apparmor.d/networkctl +++ b/apparmor.d/networkctl @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/newgrp b/apparmor.d/newgrp index b0f3cec88..533d9e821 100644 --- a/apparmor.d/newgrp +++ b/apparmor.d/newgrp @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/nft b/apparmor.d/nft index 8690a2aad..ec4bd926b 100644 --- a/apparmor.d/nft +++ b/apparmor.d/nft @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/nmap b/apparmor.d/nmap index a69f30f0d..1fb440710 100644 --- a/apparmor.d/nmap +++ b/apparmor.d/nmap @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfs-3g b/apparmor.d/ntfs-3g index b9670b3bd..365b083a8 100644 --- a/apparmor.d/ntfs-3g +++ b/apparmor.d/ntfs-3g @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfs-3g-probe b/apparmor.d/ntfs-3g-probe index 01efa8fdd..b6943981f 100644 --- a/apparmor.d/ntfs-3g-probe +++ b/apparmor.d/ntfs-3g-probe @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfscat b/apparmor.d/ntfscat index 20064e025..78032709b 100644 --- a/apparmor.d/ntfscat +++ b/apparmor.d/ntfscat @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfsclone b/apparmor.d/ntfsclone index 65718aa08..61f1ebb16 100644 --- a/apparmor.d/ntfsclone +++ b/apparmor.d/ntfsclone @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfscluster b/apparmor.d/ntfscluster index 53a7fe923..bc1399542 100644 --- a/apparmor.d/ntfscluster +++ b/apparmor.d/ntfscluster @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfscmp b/apparmor.d/ntfscmp index f7178f285..291cff08c 100644 --- a/apparmor.d/ntfscmp +++ b/apparmor.d/ntfscmp @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfscp b/apparmor.d/ntfscp index f8eb3825b..a1ca2f879 100644 --- a/apparmor.d/ntfscp +++ b/apparmor.d/ntfscp @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfsdecrypt b/apparmor.d/ntfsdecrypt index 286bb16ab..fef838458 100644 --- a/apparmor.d/ntfsdecrypt +++ b/apparmor.d/ntfsdecrypt @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfsfallocate b/apparmor.d/ntfsfallocate index 236aeba3c..a2afe47ce 100644 --- a/apparmor.d/ntfsfallocate +++ b/apparmor.d/ntfsfallocate @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfsfix b/apparmor.d/ntfsfix index e01deb50f..cfe850f66 100644 --- a/apparmor.d/ntfsfix +++ b/apparmor.d/ntfsfix @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfsinfo b/apparmor.d/ntfsinfo index 39fe58d6e..7cda71b33 100644 --- a/apparmor.d/ntfsinfo +++ b/apparmor.d/ntfsinfo @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfslabel b/apparmor.d/ntfslabel index f086ce411..207668b26 100644 --- a/apparmor.d/ntfslabel +++ b/apparmor.d/ntfslabel @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfsls b/apparmor.d/ntfsls index 93487fc57..04780f7c7 100644 --- a/apparmor.d/ntfsls +++ b/apparmor.d/ntfsls @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfsmove b/apparmor.d/ntfsmove index 68a73af44..357eb54f0 100644 --- a/apparmor.d/ntfsmove +++ b/apparmor.d/ntfsmove @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfsrecover b/apparmor.d/ntfsrecover index 73ba2548e..cba33f0b8 100644 --- a/apparmor.d/ntfsrecover +++ b/apparmor.d/ntfsrecover @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfsresize b/apparmor.d/ntfsresize index 3f7194c50..1c02932c6 100644 --- a/apparmor.d/ntfsresize +++ b/apparmor.d/ntfsresize @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfssecaudit b/apparmor.d/ntfssecaudit index 30a8c6370..d45ae4e64 100644 --- a/apparmor.d/ntfssecaudit +++ b/apparmor.d/ntfssecaudit @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfstruncate b/apparmor.d/ntfstruncate index 083bfd2ec..3d994012f 100644 --- a/apparmor.d/ntfstruncate +++ b/apparmor.d/ntfstruncate @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfsundelete b/apparmor.d/ntfsundelete index d3a8ad888..b4787c9c6 100644 --- a/apparmor.d/ntfsundelete +++ b/apparmor.d/ntfsundelete @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfsusermap b/apparmor.d/ntfsusermap index f638e6475..5426cf6b3 100644 --- a/apparmor.d/ntfsusermap +++ b/apparmor.d/ntfsusermap @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ntfswipe b/apparmor.d/ntfswipe index c2679826c..e176757fa 100644 --- a/apparmor.d/ntfswipe +++ b/apparmor.d/ntfswipe @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/numlockx b/apparmor.d/numlockx index f20662032..de666b673 100644 --- a/apparmor.d/numlockx +++ b/apparmor.d/numlockx @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/obamenu b/apparmor.d/obamenu index de90ad41f..7d399f341 100644 --- a/apparmor.d/obamenu +++ b/apparmor.d/obamenu @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/obconf b/apparmor.d/obconf index b1452d395..d057ce657 100644 --- a/apparmor.d/obconf +++ b/apparmor.d/obconf @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/obxprop b/apparmor.d/obxprop index f1497232d..fd8f3352e 100644 --- a/apparmor.d/obxprop +++ b/apparmor.d/obxprop @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/okular b/apparmor.d/okular index aec594de6..a5ad5dac7 100644 --- a/apparmor.d/okular +++ b/apparmor.d/okular @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/on-ac-power b/apparmor.d/on-ac-power index 7a42dee53..6fdeb242e 100644 --- a/apparmor.d/on-ac-power +++ b/apparmor.d/on-ac-power @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/openbox b/apparmor.d/openbox index affffaf39..9d7f102ba 100644 --- a/apparmor.d/openbox +++ b/apparmor.d/openbox @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -68,8 +68,7 @@ profile openbox @{exec_path} { # Apps allowed to run /{usr/,}bin/* rPUx, /usr/libexec/* rPUx, - /{usr/,}lib/@{multiarch}/xfce4/*/* rPUx, - /{usr/,}lib/@{multiarch}/polkit-mate/polkit-mate-authentication-agent-1 rPUx, + /{usr/,}lib/@{multiarch}/*/** rPUx, /usr/local/lib/python*/dist-packages/ r, @@ -79,6 +78,9 @@ profile openbox @{exec_path} { /etc/xdg/openbox/autostart r, /etc/xdg/autostart/{,*} r, + # Silencer + /{usr/,}lib/python3/** w, + # file_inherit owner @{HOME}/.xsession-errors w, owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/openbox-session b/apparmor.d/openbox-session index a1a169a4c..25ebf1136 100644 --- a/apparmor.d/openbox-session +++ b/apparmor.d/openbox-session @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/openvpn b/apparmor.d/openvpn index f6ded7c08..a31a7e387 100644 --- a/apparmor.d/openvpn +++ b/apparmor.d/openvpn @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/opera b/apparmor.d/opera index 9a446a7ba..7d9c1e3b3 100644 --- a/apparmor.d/opera +++ b/apparmor.d/opera @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/opera-crashreporter b/apparmor.d/opera-crashreporter index 2cd96ca80..f2c38285e 100644 --- a/apparmor.d/opera-crashreporter +++ b/apparmor.d/opera-crashreporter @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/opera-sandbox b/apparmor.d/opera-sandbox index e80e0c79b..b409cee14 100644 --- a/apparmor.d/opera-sandbox +++ b/apparmor.d/opera-sandbox @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/orage b/apparmor.d/orage index fb1cd2d77..bd806269b 100644 --- a/apparmor.d/orage +++ b/apparmor.d/orage @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/pacmd b/apparmor.d/pacmd index 9ea3b9e3b..42cd164f2 100644 --- a/apparmor.d/pacmd +++ b/apparmor.d/pacmd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/pactl b/apparmor.d/pactl index c504ff60f..82d91ee20 100644 --- a/apparmor.d/pactl +++ b/apparmor.d/pactl @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/pagesize b/apparmor.d/pagesize index caa6fe496..e053394a0 100644 --- a/apparmor.d/pagesize +++ b/apparmor.d/pagesize @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/pam-auth-update b/apparmor.d/pam-auth-update index 104bf6019..46b8acf93 100644 --- a/apparmor.d/pam-auth-update +++ b/apparmor.d/pam-auth-update @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/pam/mappings b/apparmor.d/pam/mappings index 99a473209..d3282ca2e 100644 --- a/apparmor.d/pam/mappings +++ b/apparmor.d/pam/mappings @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/pam_roles b/apparmor.d/pam_roles index 7d82ce70a..c036ec962 100644 --- a/apparmor.d/pam_roles +++ b/apparmor.d/pam_roles @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/parted b/apparmor.d/parted index 0eadca5bc..495dc034e 100644 --- a/apparmor.d/parted +++ b/apparmor.d/parted @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/partprobe b/apparmor.d/partprobe index 8380fd28a..a84522c35 100644 --- a/apparmor.d/partprobe +++ b/apparmor.d/partprobe @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/passwd b/apparmor.d/passwd index b8bcb0550..b148678c8 100644 --- a/apparmor.d/passwd +++ b/apparmor.d/passwd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/pavucontrol b/apparmor.d/pavucontrol index e3f67730e..bb9b9d330 100644 --- a/apparmor.d/pavucontrol +++ b/apparmor.d/pavucontrol @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/picom b/apparmor.d/picom index 6ccaaacab..4ccedd484 100644 --- a/apparmor.d/picom +++ b/apparmor.d/picom @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -18,7 +18,7 @@ profile picom @{exec_path} { include include include - include + include include @{exec_path} mr, diff --git a/apparmor.d/pinentry-gtk-2 b/apparmor.d/pinentry-gtk-2 index 374d89f3b..5428eb45b 100644 --- a/apparmor.d/pinentry-gtk-2 +++ b/apparmor.d/pinentry-gtk-2 @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/pinentry-kwallet b/apparmor.d/pinentry-kwallet index f5cc11988..51231e439 100644 --- a/apparmor.d/pinentry-kwallet +++ b/apparmor.d/pinentry-kwallet @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/pinentry-qt b/apparmor.d/pinentry-qt index 219a094e6..f637822e2 100644 --- a/apparmor.d/pinentry-qt +++ b/apparmor.d/pinentry-qt @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/pkexec b/apparmor.d/pkexec index 82b2f4a47..5a36dde8e 100644 --- a/apparmor.d/pkexec +++ b/apparmor.d/pkexec @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/polipo b/apparmor.d/polipo index 1edc884b7..6d68ed551 100644 --- a/apparmor.d/polipo +++ b/apparmor.d/polipo @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/polkit-agent-helper b/apparmor.d/polkit-agent-helper index 9c6955a33..650abcf23 100644 --- a/apparmor.d/polkit-agent-helper +++ b/apparmor.d/polkit-agent-helper @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/polkit-kde-authentication-agent b/apparmor.d/polkit-kde-authentication-agent index 1d264b393..cfab0743e 100644 --- a/apparmor.d/polkit-kde-authentication-agent +++ b/apparmor.d/polkit-kde-authentication-agent @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/polkit-mate-authentication-agent b/apparmor.d/polkit-mate-authentication-agent index 279b16540..ad74c34d9 100644 --- a/apparmor.d/polkit-mate-authentication-agent +++ b/apparmor.d/polkit-mate-authentication-agent @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -25,6 +25,7 @@ profile polkit-mate-authentication-agent @{exec_path} { include include include + include signal (send) set=(term, kill) peer=polkit-agent-helper, @@ -41,6 +42,10 @@ profile polkit-mate-authentication-agent @{exec_path} { owner @{HOME}/.Xauthority r, + /usr/share/glib-2.0/schemas/gschemas.compiled r, + + /usr/share/X11/xkb/** r, + # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/polkitd b/apparmor.d/polkitd index 54a782773..1b1f8eb70 100644 --- a/apparmor.d/polkitd +++ b/apparmor.d/polkitd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/popcon-largest-unused b/apparmor.d/popcon-largest-unused index a4a195d93..987db6611 100644 --- a/apparmor.d/popcon-largest-unused +++ b/apparmor.d/popcon-largest-unused @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/popularity-contest b/apparmor.d/popularity-contest index 456d6d358..681c9594d 100644 --- a/apparmor.d/popularity-contest +++ b/apparmor.d/popularity-contest @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ps b/apparmor.d/ps index d9ab3d20d..7bdccc51b 100644 --- a/apparmor.d/ps +++ b/apparmor.d/ps @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ps-mem b/apparmor.d/ps-mem index 418f3a19c..4d51fbc1c 100644 --- a/apparmor.d/ps-mem +++ b/apparmor.d/ps-mem @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/pscap b/apparmor.d/pscap index c4b2f3834..6ef40d1dc 100644 --- a/apparmor.d/pscap +++ b/apparmor.d/pscap @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/psi-plus b/apparmor.d/psi-plus index 08a6d5938..c8cafe804 100644 --- a/apparmor.d/psi-plus +++ b/apparmor.d/psi-plus @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/pulseaudio b/apparmor.d/pulseaudio index aa07d128f..ed35f158e 100644 --- a/apparmor.d/pulseaudio +++ b/apparmor.d/pulseaudio @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/qbittorrent b/apparmor.d/qbittorrent index 702101eee..af7e31a78 100644 --- a/apparmor.d/qbittorrent +++ b/apparmor.d/qbittorrent @@ -130,6 +130,8 @@ profile qbittorrent @{exec_path} { network inet dgram, network inet6 dgram, + network inet stream, + network inet6 stream, network netlink raw, /{usr/,}bin/python3.[0-9]* r, diff --git a/apparmor.d/qnapi b/apparmor.d/qnapi index de3e4db1c..486792778 100644 --- a/apparmor.d/qnapi +++ b/apparmor.d/qnapi @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/qpdfview b/apparmor.d/qpdfview index e533ec20a..99131d940 100644 --- a/apparmor.d/qpdfview +++ b/apparmor.d/qpdfview @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/qt5ct b/apparmor.d/qt5ct index 392539de4..232c436fc 100644 --- a/apparmor.d/qt5ct +++ b/apparmor.d/qt5ct @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/qtchooser b/apparmor.d/qtchooser index 5d8971d86..764de5f06 100644 --- a/apparmor.d/qtchooser +++ b/apparmor.d/qtchooser @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/querybts b/apparmor.d/querybts index e5e634b04..12cf76504 100644 --- a/apparmor.d/querybts +++ b/apparmor.d/querybts @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/quiterss b/apparmor.d/quiterss index 080d05bb4..5422f93f8 100644 --- a/apparmor.d/quiterss +++ b/apparmor.d/quiterss @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/rdmsr b/apparmor.d/rdmsr index 8fa618585..e0d51e53f 100644 --- a/apparmor.d/rdmsr +++ b/apparmor.d/rdmsr @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/redshift b/apparmor.d/redshift index c933ab672..9ca5632a6 100644 --- a/apparmor.d/redshift +++ b/apparmor.d/redshift @@ -2,7 +2,7 @@ # ------------------------------------------------------------------ # # Copyright (C) 2015 Cameron Norman -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -18,6 +18,7 @@ include profile redshift @{exec_path} { include include + include include @{exec_path} mr, diff --git a/apparmor.d/repo b/apparmor.d/repo index 7ff5112a6..6f22d9e74 100644 --- a/apparmor.d/repo +++ b/apparmor.d/repo @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/reportbug b/apparmor.d/reportbug index e30196fe3..d24669ed0 100644 --- a/apparmor.d/reportbug +++ b/apparmor.d/reportbug @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -16,6 +16,7 @@ include @{exec_path} = /{usr/,}bin/reportbug profile reportbug @{exec_path} { include + include include include include @@ -26,6 +27,7 @@ profile reportbug @{exec_path} { include include include + include network inet dgram, network inet6 dgram, @@ -79,6 +81,9 @@ profile reportbug @{exec_path} { /usr/share/bug/*/{control,presubj} r, /usr/share/bug/* rPUx, + /usr/share/glib-2.0/schemas/gschemas.compiled r, + /usr/share/X11/xkb/** r, + /{usr/,}lib/python3/dist-packages/pylocales/locales.db rk, @{PROC}/1/cgroup r, diff --git a/apparmor.d/reprepro b/apparmor.d/reprepro index 092166927..233a649de 100644 --- a/apparmor.d/reprepro +++ b/apparmor.d/reprepro @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/resize2fs b/apparmor.d/resize2fs index 718c98085..ae3a49677 100644 --- a/apparmor.d/resize2fs +++ b/apparmor.d/resize2fs @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/rfkill b/apparmor.d/rfkill index 75154b1fc..b06ee614b 100644 --- a/apparmor.d/rfkill +++ b/apparmor.d/rfkill @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/rpi-imager b/apparmor.d/rpi-imager index bbfd3a1aa..22c7e7a40 100644 --- a/apparmor.d/rpi-imager +++ b/apparmor.d/rpi-imager @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/rredtool b/apparmor.d/rredtool index f1688539c..1fa566f4e 100644 --- a/apparmor.d/rredtool +++ b/apparmor.d/rredtool @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/rsyslogd b/apparmor.d/rsyslogd index f99170c07..3a07368e8 100644 --- a/apparmor.d/rsyslogd +++ b/apparmor.d/rsyslogd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/rtkit-daemon b/apparmor.d/rtkit-daemon index eac84366d..d19c8d1ee 100644 --- a/apparmor.d/rtkit-daemon +++ b/apparmor.d/rtkit-daemon @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/rtkitctl b/apparmor.d/rtkitctl index 3014abaee..17216344b 100644 --- a/apparmor.d/rtkitctl +++ b/apparmor.d/rtkitctl @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/run-parts b/apparmor.d/run-parts index 21130cc9f..e2ab20fc5 100644 --- a/apparmor.d/run-parts +++ b/apparmor.d/run-parts @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/runuser b/apparmor.d/runuser index 77f300fad..f98d1e01a 100644 --- a/apparmor.d/runuser +++ b/apparmor.d/runuser @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -35,6 +35,8 @@ profile runuser @{exec_path} { # Needed? (#FIXME#) capability sys_resource, + network netlink raw, + @{exec_path} mr, # Shells to use diff --git a/apparmor.d/scdaemon b/apparmor.d/scdaemon index ea03bfcc3..a18eee3f0 100644 --- a/apparmor.d/scdaemon +++ b/apparmor.d/scdaemon @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/scrot b/apparmor.d/scrot index 9ce34a17e..d30b9d725 100644 --- a/apparmor.d/scrot +++ b/apparmor.d/scrot @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/sddm b/apparmor.d/sddm index 46b097154..7be2df2dd 100644 --- a/apparmor.d/sddm +++ b/apparmor.d/sddm @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/sddm-greeter b/apparmor.d/sddm-greeter index 6530b76fc..85a43868a 100644 --- a/apparmor.d/sddm-greeter +++ b/apparmor.d/sddm-greeter @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/sddm-xsession b/apparmor.d/sddm-xsession index 147ef66a8..423981b0a 100644 --- a/apparmor.d/sddm-xsession +++ b/apparmor.d/sddm-xsession @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/sensors-detect b/apparmor.d/sensors-detect index 9bb179cd1..0cf41c449 100644 --- a/apparmor.d/sensors-detect +++ b/apparmor.d/sensors-detect @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/setpci b/apparmor.d/setpci index 49e864b72..a2e09c431 100644 --- a/apparmor.d/setpci +++ b/apparmor.d/setpci @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/setpriv b/apparmor.d/setpriv index 3f3b3c0cf..53de65d0b 100644 --- a/apparmor.d/setpriv +++ b/apparmor.d/setpriv @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/sfdisk b/apparmor.d/sfdisk index bf0dad47f..9d651a0a4 100644 --- a/apparmor.d/sfdisk +++ b/apparmor.d/sfdisk @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/sgdisk b/apparmor.d/sgdisk index 37e976fb6..5f14a3640 100644 --- a/apparmor.d/sgdisk +++ b/apparmor.d/sgdisk @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/signal-desktop b/apparmor.d/signal-desktop index c7e1f91d3..e3dc8629e 100644 --- a/apparmor.d/signal-desktop +++ b/apparmor.d/signal-desktop @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/signal-desktop-chrome-sandbox b/apparmor.d/signal-desktop-chrome-sandbox index 604707166..9bb7136d9 100644 --- a/apparmor.d/signal-desktop-chrome-sandbox +++ b/apparmor.d/signal-desktop-chrome-sandbox @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/smartctl b/apparmor.d/smartctl index 74a2154ad..e642075ce 100644 --- a/apparmor.d/smartctl +++ b/apparmor.d/smartctl @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/smartd b/apparmor.d/smartd index 4fc97959b..fe65336d1 100644 --- a/apparmor.d/smartd +++ b/apparmor.d/smartd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/smplayer b/apparmor.d/smplayer index f1cf3d920..002d2735c 100644 --- a/apparmor.d/smplayer +++ b/apparmor.d/smplayer @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/smtube b/apparmor.d/smtube index 85df3f236..728f07304 100644 --- a/apparmor.d/smtube +++ b/apparmor.d/smtube @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/spacefm b/apparmor.d/spacefm index 240a6f234..15bbb12fd 100644 --- a/apparmor.d/spacefm +++ b/apparmor.d/spacefm @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/spacefm-auth b/apparmor.d/spacefm-auth index 9a0618331..7a95aa1df 100644 --- a/apparmor.d/spacefm-auth +++ b/apparmor.d/spacefm-auth @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/spectre-meltdown-checker b/apparmor.d/spectre-meltdown-checker index 3569d84f1..cdaccf338 100644 --- a/apparmor.d/spectre-meltdown-checker +++ b/apparmor.d/spectre-meltdown-checker @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/speedtest b/apparmor.d/speedtest index c95013a75..0a414ca2e 100644 --- a/apparmor.d/speedtest +++ b/apparmor.d/speedtest @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/spflashtool b/apparmor.d/spflashtool index a4f680eea..4b4af08f9 100644 --- a/apparmor.d/spflashtool +++ b/apparmor.d/spflashtool @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/spotify b/apparmor.d/spotify index 904e58b4b..c1d6c9160 100644 --- a/apparmor.d/spotify +++ b/apparmor.d/spotify @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ssh-agent b/apparmor.d/ssh-agent index 6f8ed02b4..099a9ed94 100644 --- a/apparmor.d/ssh-agent +++ b/apparmor.d/ssh-agent @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/startx b/apparmor.d/startx index a8e44df24..72d3c6564 100644 --- a/apparmor.d/startx +++ b/apparmor.d/startx @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/strawberry b/apparmor.d/strawberry index 0bfcef51a..e035d4a87 100644 --- a/apparmor.d/strawberry +++ b/apparmor.d/strawberry @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/strawberry-tagreader b/apparmor.d/strawberry-tagreader index c7d19457a..63763ded2 100644 --- a/apparmor.d/strawberry-tagreader +++ b/apparmor.d/strawberry-tagreader @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/su b/apparmor.d/su index fff527adc..916c9c92b 100644 --- a/apparmor.d/su +++ b/apparmor.d/su @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/sudo b/apparmor.d/sudo index 427128d21..ae5e32de6 100644 --- a/apparmor.d/sudo +++ b/apparmor.d/sudo @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/suid3num b/apparmor.d/suid3num index 6761e4f6a..aa00e26e6 100644 --- a/apparmor.d/suid3num +++ b/apparmor.d/suid3num @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/swaplabel b/apparmor.d/swaplabel index 98bdad2c0..fe34680fc 100644 --- a/apparmor.d/swaplabel +++ b/apparmor.d/swaplabel @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/swapoff b/apparmor.d/swapoff index 7ea8882be..aa0fc6d43 100644 --- a/apparmor.d/swapoff +++ b/apparmor.d/swapoff @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/swapon b/apparmor.d/swapon index 659e4aabe..046feb58f 100644 --- a/apparmor.d/swapon +++ b/apparmor.d/swapon @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/synaptic b/apparmor.d/synaptic index 33275668a..19a093e35 100644 --- a/apparmor.d/synaptic +++ b/apparmor.d/synaptic @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -66,6 +66,7 @@ profile synaptic @{exec_path} { # Needed? (##FIXME##) capability kill, capability fsetid, + deny capability net_admin, deny capability sys_nice, signal (send) peer=apt-methods-*, @@ -133,6 +134,9 @@ profile synaptic @{exec_path} { /var/lib/dpkg/** r, /var/lib/dpkg/lock{,-frontend} rwk, + /var/lib/dbus/machine-id r, + /etc/machine-id r, + /tmp/ r, owner /tmp/apt-dpkg-install-*/ rw, owner /tmp/apt-dpkg-install-*/[0-9]*-*.deb w, @@ -148,13 +152,15 @@ profile synaptic @{exec_path} { owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mountinfo r, + # To remove the following error: + # Internal Error: impossible to fork children. Synaptics is going to stop. Please report. + # errorcode: 2 + /dev/ptmx rw, + /usr/share/glib-2.0/schemas/gschemas.compiled r, /etc/fstab r, - /var/lib/dbus/machine-id r, - /etc/machine-id r, - # Synaptic is a GUI app started by root, so without "owner" @{HOME}/.Xauthority r, diff --git a/apparmor.d/syncthing b/apparmor.d/syncthing index a548125ff..242ad2a6d 100644 --- a/apparmor.d/syncthing +++ b/apparmor.d/syncthing @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/system-config-printer b/apparmor.d/system-config-printer index a2781cae6..584db5fe5 100644 --- a/apparmor.d/system-config-printer +++ b/apparmor.d/system-config-printer @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/system-config-printer-applet b/apparmor.d/system-config-printer-applet index a50db5b4e..92bbad106 100644 --- a/apparmor.d/system-config-printer-applet +++ b/apparmor.d/system-config-printer-applet @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/systemd-ac-power b/apparmor.d/systemd-ac-power index 80a4ac1bb..c66702cf3 100644 --- a/apparmor.d/systemd-ac-power +++ b/apparmor.d/systemd-ac-power @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/systemd-analyze b/apparmor.d/systemd-analyze index 724eaf364..6366103df 100644 --- a/apparmor.d/systemd-analyze +++ b/apparmor.d/systemd-analyze @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/systemd-backlight b/apparmor.d/systemd-backlight index 1108981d6..10ffa558a 100644 --- a/apparmor.d/systemd-backlight +++ b/apparmor.d/systemd-backlight @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/systemd-detect-virt b/apparmor.d/systemd-detect-virt index 353a0cb8b..ce05e3732 100644 --- a/apparmor.d/systemd-detect-virt +++ b/apparmor.d/systemd-detect-virt @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -16,6 +16,7 @@ include @{exec_path} = /{usr/,}bin/systemd-detect-virt profile systemd-detect-virt @{exec_path} { include + include include @{exec_path} mr, diff --git a/apparmor.d/systemd-fsck b/apparmor.d/systemd-fsck index c4f30820f..e838680c7 100644 --- a/apparmor.d/systemd-fsck +++ b/apparmor.d/systemd-fsck @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/systemd-fsckd b/apparmor.d/systemd-fsckd index 91593c3c3..61953eeaf 100644 --- a/apparmor.d/systemd-fsckd +++ b/apparmor.d/systemd-fsckd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/systemd-hostnamed b/apparmor.d/systemd-hostnamed index 5a09fc103..564b3f77d 100644 --- a/apparmor.d/systemd-hostnamed +++ b/apparmor.d/systemd-hostnamed @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/systemd-journalctl b/apparmor.d/systemd-journalctl index 48522feb7..2dd17dada 100644 --- a/apparmor.d/systemd-journalctl +++ b/apparmor.d/systemd-journalctl @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/systemd-journald b/apparmor.d/systemd-journald index 71931f46c..8ec0ee19f 100644 --- a/apparmor.d/systemd-journald +++ b/apparmor.d/systemd-journald @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/systemd-localed b/apparmor.d/systemd-localed index 5cb58fcde..b86a2a2dc 100644 --- a/apparmor.d/systemd-localed +++ b/apparmor.d/systemd-localed @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/systemd-modules-load b/apparmor.d/systemd-modules-load index 84881bf6e..05e3e9795 100644 --- a/apparmor.d/systemd-modules-load +++ b/apparmor.d/systemd-modules-load @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/systemd-networkd b/apparmor.d/systemd-networkd index d4a4145df..6d83e3fc2 100644 --- a/apparmor.d/systemd-networkd +++ b/apparmor.d/systemd-networkd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/systemd-networkd-wait-online b/apparmor.d/systemd-networkd-wait-online index 4bf673cb4..2b4b50f32 100644 --- a/apparmor.d/systemd-networkd-wait-online +++ b/apparmor.d/systemd-networkd-wait-online @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/systemd-rfkill b/apparmor.d/systemd-rfkill index cbde70e19..c517ae590 100644 --- a/apparmor.d/systemd-rfkill +++ b/apparmor.d/systemd-rfkill @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/systemd-shutdown b/apparmor.d/systemd-shutdown index 81fcdfef3..9a24b669f 100644 --- a/apparmor.d/systemd-shutdown +++ b/apparmor.d/systemd-shutdown @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/systemd-sysctl b/apparmor.d/systemd-sysctl index 8879c6e68..3b94bbe35 100644 --- a/apparmor.d/systemd-sysctl +++ b/apparmor.d/systemd-sysctl @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/systemd-timedated b/apparmor.d/systemd-timedated index 22c08d5be..72a401985 100644 --- a/apparmor.d/systemd-timedated +++ b/apparmor.d/systemd-timedated @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/systemd-timesyncd b/apparmor.d/systemd-timesyncd index 2a7cfeed5..e2be9cd2e 100644 --- a/apparmor.d/systemd-timesyncd +++ b/apparmor.d/systemd-timesyncd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/tasksel b/apparmor.d/tasksel index 458480ace..fbef98ac1 100644 --- a/apparmor.d/tasksel +++ b/apparmor.d/tasksel @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/telegram-desktop b/apparmor.d/telegram-desktop index 9c3fa1b34..73b3c1a1b 100644 --- a/apparmor.d/telegram-desktop +++ b/apparmor.d/telegram-desktop @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/tftp b/apparmor.d/tftp index 0aa03ab50..cc3938037 100644 --- a/apparmor.d/tftp +++ b/apparmor.d/tftp @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/thinkfan b/apparmor.d/thinkfan index 8a1a0a7d9..c1d9d0bb4 100644 --- a/apparmor.d/thinkfan +++ b/apparmor.d/thinkfan @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/tint2 b/apparmor.d/tint2 index ad1ef41aa..0716394b8 100644 --- a/apparmor.d/tint2 +++ b/apparmor.d/tint2 @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/tint2conf b/apparmor.d/tint2conf index 6c05ec138..43f9719fe 100644 --- a/apparmor.d/tint2conf +++ b/apparmor.d/tint2conf @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/top b/apparmor.d/top index 3c159049e..79d64bbf0 100644 --- a/apparmor.d/top +++ b/apparmor.d/top @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/torify b/apparmor.d/torify index d15583776..e886c00a9 100644 --- a/apparmor.d/torify +++ b/apparmor.d/torify @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/torsocks b/apparmor.d/torsocks index e5119281f..c7fcbe0e4 100644 --- a/apparmor.d/torsocks +++ b/apparmor.d/torsocks @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/tpacpi-bat b/apparmor.d/tpacpi-bat index ca4cc9d89..4e42dd6a8 100644 --- a/apparmor.d/tpacpi-bat +++ b/apparmor.d/tpacpi-bat @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/tune2fs b/apparmor.d/tune2fs index 33333e075..d0fec5d63 100644 --- a/apparmor.d/tune2fs +++ b/apparmor.d/tune2fs @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ucf b/apparmor.d/ucf index 3b90c5db2..08518c8ef 100644 --- a/apparmor.d/ucf +++ b/apparmor.d/ucf @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/udevadm b/apparmor.d/udevadm index 18f48320b..6b9794db7 100644 --- a/apparmor.d/udevadm +++ b/apparmor.d/udevadm @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/udiskie b/apparmor.d/udiskie index e1c0d092c..5503adacb 100644 --- a/apparmor.d/udiskie +++ b/apparmor.d/udiskie @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/udiskie-info b/apparmor.d/udiskie-info index afb06a459..a99b487b0 100644 --- a/apparmor.d/udiskie-info +++ b/apparmor.d/udiskie-info @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/udiskie-mount b/apparmor.d/udiskie-mount index eee23302c..130917b35 100644 --- a/apparmor.d/udiskie-mount +++ b/apparmor.d/udiskie-mount @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/udiskie-umount b/apparmor.d/udiskie-umount index ffe1affe3..ca67591c5 100644 --- a/apparmor.d/udiskie-umount +++ b/apparmor.d/udiskie-umount @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/udisksctl b/apparmor.d/udisksctl index d96df14d6..7a14dc756 100644 --- a/apparmor.d/udisksctl +++ b/apparmor.d/udisksctl @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/udisksd b/apparmor.d/udisksd index 25d609bd5..9b8f1038d 100644 --- a/apparmor.d/udisksd +++ b/apparmor.d/udisksd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -122,6 +122,7 @@ profile udisksd @{exec_path} { # Info on mounted devices @{run}/mount/utab{,.*} rw, @{run}/mount/utab.lock rwk, + /var/lib/udisks2/ r, /var/lib/udisks2/mounted-fs{,*} rw, @{run}/udisks2/ rw, diff --git a/apparmor.d/umount b/apparmor.d/umount index f72b0166d..14766b88a 100644 --- a/apparmor.d/umount +++ b/apparmor.d/umount @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/uname b/apparmor.d/uname index edadf2230..85923f293 100644 --- a/apparmor.d/uname +++ b/apparmor.d/uname @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/unhide-linux b/apparmor.d/unhide-linux index 89548433d..2e1c32d20 100644 --- a/apparmor.d/unhide-linux +++ b/apparmor.d/unhide-linux @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/unhide-posix b/apparmor.d/unhide-posix index 07eaf0a3d..41fa2f663 100644 --- a/apparmor.d/unhide-posix +++ b/apparmor.d/unhide-posix @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/unhide-rb b/apparmor.d/unhide-rb index 984a1b979..0239f02f5 100644 --- a/apparmor.d/unhide-rb +++ b/apparmor.d/unhide-rb @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/unhide-tcp b/apparmor.d/unhide-tcp index 457744cfe..f9ab58731 100644 --- a/apparmor.d/unhide-tcp +++ b/apparmor.d/unhide-tcp @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/unix-chkpwd b/apparmor.d/unix-chkpwd index 57bf62c93..d42e7de5b 100644 --- a/apparmor.d/unix-chkpwd +++ b/apparmor.d/unix-chkpwd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/unmkinitramfs b/apparmor.d/unmkinitramfs index c4cc0f7f2..3f2da2791 100644 --- a/apparmor.d/unmkinitramfs +++ b/apparmor.d/unmkinitramfs @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/update-alternatives b/apparmor.d/update-alternatives index f1db00cec..71a87e472 100644 --- a/apparmor.d/update-alternatives +++ b/apparmor.d/update-alternatives @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/update-apt-xapian-index b/apparmor.d/update-apt-xapian-index index 65ec6a8f5..53c699fe6 100644 --- a/apparmor.d/update-apt-xapian-index +++ b/apparmor.d/update-apt-xapian-index @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -40,6 +40,9 @@ profile update-apt-xapian-index @{exec_path} { /var/lib/debtags/package-tags r, + /var/lib/dbus/machine-id r, + /etc/machine-id r, + # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/update-ca-certificates b/apparmor.d/update-ca-certificates index 8acedd0b0..cf89787a4 100644 --- a/apparmor.d/update-ca-certificates +++ b/apparmor.d/update-ca-certificates @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -75,6 +75,7 @@ profile update-ca-certificates @{exec_path} { profile jks-keystore { include + include include include @@ -104,13 +105,11 @@ profile update-ca-certificates @{exec_path} { owner @{PROC}/@{pid}/coredump rw, owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/mountinfo r, + @{sys}/fs/cgroup/** r, - owner /tmp/hsperfdata_root/ rw, - owner /tmp/hsperfdata_root/[0-9]*[0-9] rw, - - # file_inherit - owner /dev/pts/[0-9]* rw, + owner /tmp/hsperfdata_*/ rw, + owner /tmp/hsperfdata_*/@{pid} rw, } diff --git a/apparmor.d/update-command-not-found b/apparmor.d/update-command-not-found index 116262f98..2073a6331 100644 --- a/apparmor.d/update-command-not-found +++ b/apparmor.d/update-command-not-found @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/update-desktop-database b/apparmor.d/update-desktop-database index bfa10b1fa..af79e6f09 100644 --- a/apparmor.d/update-desktop-database +++ b/apparmor.d/update-desktop-database @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/update-dlocatedb b/apparmor.d/update-dlocatedb index c1d500f23..26c9ff6c4 100644 --- a/apparmor.d/update-dlocatedb +++ b/apparmor.d/update-dlocatedb @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/update-initramfs b/apparmor.d/update-initramfs index bcb5727f6..ddc76ba5d 100644 --- a/apparmor.d/update-initramfs +++ b/apparmor.d/update-initramfs @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/update-pciids b/apparmor.d/update-pciids index d10b58893..855aab53d 100644 --- a/apparmor.d/update-pciids +++ b/apparmor.d/update-pciids @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/update-smart-drivedb b/apparmor.d/update-smart-drivedb index 5e7439300..f35a136d4 100644 --- a/apparmor.d/update-smart-drivedb +++ b/apparmor.d/update-smart-drivedb @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/updatedb-mlocate b/apparmor.d/updatedb-mlocate index d50d19655..cc642260b 100644 --- a/apparmor.d/updatedb-mlocate +++ b/apparmor.d/updatedb-mlocate @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/upower b/apparmor.d/upower index ddc2a564f..85ac090bf 100644 --- a/apparmor.d/upower +++ b/apparmor.d/upower @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/upowerd b/apparmor.d/upowerd index 33808aace..1be954c07 100644 --- a/apparmor.d/upowerd +++ b/apparmor.d/upowerd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/uptime b/apparmor.d/uptime index 4fb083a9d..0cbbff244 100644 --- a/apparmor.d/uptime +++ b/apparmor.d/uptime @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/usb-devices b/apparmor.d/usb-devices index 6117a9ae7..1c213a78c 100644 --- a/apparmor.d/usb-devices +++ b/apparmor.d/usb-devices @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/usbguard b/apparmor.d/usbguard index 1010d7234..44f414f71 100644 --- a/apparmor.d/usbguard +++ b/apparmor.d/usbguard @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/usbguard-applet-qt b/apparmor.d/usbguard-applet-qt index c8ecc9f6c..282478059 100644 --- a/apparmor.d/usbguard-applet-qt +++ b/apparmor.d/usbguard-applet-qt @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/usbguard-daemon b/apparmor.d/usbguard-daemon index 282113b15..538da368e 100644 --- a/apparmor.d/usbguard-daemon +++ b/apparmor.d/usbguard-daemon @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/usbguard-dbus b/apparmor.d/usbguard-dbus index ebcd36b36..b144132ab 100644 --- a/apparmor.d/usbguard-dbus +++ b/apparmor.d/usbguard-dbus @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/uscan b/apparmor.d/uscan index 3d8be013c..922fe56c0 100644 --- a/apparmor.d/uscan +++ b/apparmor.d/uscan @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/useradd b/apparmor.d/useradd index bde29be8f..acb0c2681 100644 --- a/apparmor.d/useradd +++ b/apparmor.d/useradd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/userdel b/apparmor.d/userdel index 2a610f1f7..c6d19cb32 100644 --- a/apparmor.d/userdel +++ b/apparmor.d/userdel @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/usermod b/apparmor.d/usermod index 29ef512c1..a35913bb5 100644 --- a/apparmor.d/usermod +++ b/apparmor.d/usermod @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/usr.bin.totem b/apparmor.d/usr.bin.totem index 8701b89e7..f0e0d3f09 100644 --- a/apparmor.d/usr.bin.totem +++ b/apparmor.d/usr.bin.totem @@ -1,17 +1,17 @@ # vim:syntax=apparmor # Author: Jamie Strandboge -include +#include /usr/bin/totem { - include - include - include - include - include - include - include - include + #include + #include + #include + #include + #include + #include + #include + #include signal (send) set=("kill") peer=unconfined, @@ -22,6 +22,7 @@ include /usr/bin/totem-video-thumbnailer Pix, /usr/bin/bwrap PUx, /usr/lib/@{multiarch}/libtotem-plparser[0-9]*/totem-pl-parser/* ix, + /usr/{lib/@{multiarch},libexec}/totem-gallery-thumbnailer Pix, /dev/sr* r, # Help browser @@ -38,7 +39,7 @@ include # Allow read and write on almost anything in @{HOME}. Lenient, but # private-files-strict is in effect. - include + #include owner @{HOME}/[^.]* rw, owner @{HOME}/[^.]*/** rw, @@ -53,5 +54,5 @@ include /sys/devices/pci[0-9]*/**/{,subsystem_}{device,vendor} r, # Site-specific additions and overrides. See local/README for details. - include + #include } diff --git a/apparmor.d/usr.sbin.dnsmasq b/apparmor.d/usr.sbin.dnsmasq index d911b60de..7ae9a1480 100644 --- a/apparmor.d/usr.sbin.dnsmasq +++ b/apparmor.d/usr.sbin.dnsmasq @@ -70,8 +70,6 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) { # access to iface mtu needed for Router Advertisement messages in IPv6 # Neighbor Discovery protocol (RFC 2461) @{PROC}/sys/net/ipv6/conf/*/mtu r, - # closing superfluous file descriptors scans /proc/self/fd/ to find open ones - @{PROC}/@{pid}/fd/ r, # for the read-only TFTP server @{TFTP_DIR}/ r, diff --git a/apparmor.d/usr.sbin.nscd b/apparmor.d/usr.sbin.nscd index 0d2c4d143..b2cc6a721 100644 --- a/apparmor.d/usr.sbin.nscd +++ b/apparmor.d/usr.sbin.nscd @@ -30,7 +30,7 @@ profile nscd /usr/{bin,sbin}/nscd flags=(complain) { @{run}/nscd/ rw, @{run}/nscd/db* rwl, @{run}/nscd/socket wl, - /{var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw, + /{var/cache,var/db,var/lib,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw, @{run}/{nscd/,}nscd.pid rwl, /var/lib/libvirt/dnsmasq/ r, /var/lib/libvirt/dnsmasq/*.status r, diff --git a/apparmor.d/uupdate b/apparmor.d/uupdate index bafdbede5..158ae27fb 100644 --- a/apparmor.d/uupdate +++ b/apparmor.d/uupdate @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/vcsi b/apparmor.d/vcsi index c82ae6b84..64e1926df 100644 --- a/apparmor.d/vcsi +++ b/apparmor.d/vcsi @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/vidcutter b/apparmor.d/vidcutter index 8c19b886a..485688cb2 100644 --- a/apparmor.d/vidcutter +++ b/apparmor.d/vidcutter @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/vipw-vigr b/apparmor.d/vipw-vigr index c89532d5d..69718030c 100644 --- a/apparmor.d/vipw-vigr +++ b/apparmor.d/vipw-vigr @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/virt-manager b/apparmor.d/virt-manager index 68edd4e21..745094b38 100644 --- a/apparmor.d/virt-manager +++ b/apparmor.d/virt-manager @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -17,7 +17,8 @@ include @{exec_path} += /usr/share/virt-manager/virt-manager profile virt-manager @{exec_path} { include - include + include + include include include include @@ -27,10 +28,10 @@ profile virt-manager @{exec_path} { include include include - include include include include + include include network inet stream, @@ -118,10 +119,6 @@ profile virt-manager @{exec_path} { /var/lib/dbus/machine-id r, /etc/machine-id r, - /etc/glvnd/egl_vendor.d/ r, - /usr/share/glvnd/egl_vendor.d/ r, - /usr/share/glvnd/egl_vendor.d/[0-9][0-9]_*.json r, - # The orcexec.* file is JIT compiled code for various GStreamer elements. # If one is blocked the next is used instead. owner @{run}/user/[0-9]*/orcexec.* mrw, diff --git a/apparmor.d/vlc b/apparmor.d/vlc index 9bbfc5019..791b7b7e5 100644 --- a/apparmor.d/vlc +++ b/apparmor.d/vlc @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -144,10 +144,6 @@ profile vlc @{exec_path} { /etc/fstab r, - /etc/glvnd/egl_vendor.d/ r, - /usr/share/glvnd/egl_vendor.d/ r, - /usr/share/glvnd/egl_vendor.d/[0-9][0-9]_*.json r, - /usr/share/hwdata/pnp.ids r, # Be able to turn off the screensaver while playing movies diff --git a/apparmor.d/vnstatd b/apparmor.d/vnstatd index 57166e153..4d5c4b9b9 100644 --- a/apparmor.d/vnstatd +++ b/apparmor.d/vnstatd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/vsftpd b/apparmor.d/vsftpd index 3a994aebb..2d484153d 100644 --- a/apparmor.d/vsftpd +++ b/apparmor.d/vsftpd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/wavemon b/apparmor.d/wavemon index d8cfc0091..2044b9c9a 100644 --- a/apparmor.d/wavemon +++ b/apparmor.d/wavemon @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/wget b/apparmor.d/wget index 921d9a99f..505f4ede5 100644 --- a/apparmor.d/wget +++ b/apparmor.d/wget @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/whdd b/apparmor.d/whdd index d45ea8d9c..b14fa07d0 100644 --- a/apparmor.d/whdd +++ b/apparmor.d/whdd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/whiptail b/apparmor.d/whiptail index c947bb02f..8f4adebac 100644 --- a/apparmor.d/whiptail +++ b/apparmor.d/whiptail @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/who b/apparmor.d/who index adfe1ac99..f73ebca0f 100644 --- a/apparmor.d/who +++ b/apparmor.d/who @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -16,6 +16,7 @@ include @{exec_path} = /{usr/,}bin/who profile who @{exec_path} { include + include include include diff --git a/apparmor.d/wireshark b/apparmor.d/wireshark index 9999baa5e..82636c488 100644 --- a/apparmor.d/wireshark +++ b/apparmor.d/wireshark @@ -2,7 +2,7 @@ # ------------------------------------------------------------------ # # Copyright (C) 2002-2005 Novell/SUSE -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/wmctrl b/apparmor.d/wmctrl index 58da5bc1f..413301bfc 100644 --- a/apparmor.d/wmctrl +++ b/apparmor.d/wmctrl @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/wpa-gui b/apparmor.d/wpa-gui index fa2641f38..5f2932dd6 100644 --- a/apparmor.d/wpa-gui +++ b/apparmor.d/wpa-gui @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/wpa-supplicant b/apparmor.d/wpa-supplicant index 06cd2331d..4a96d521c 100644 --- a/apparmor.d/wpa-supplicant +++ b/apparmor.d/wpa-supplicant @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/wpa_cli b/apparmor.d/wpa_cli index 8f03fda05..0ac11ae54 100644 --- a/apparmor.d/wpa_cli +++ b/apparmor.d/wpa_cli @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/wrmsr b/apparmor.d/wrmsr index bcb4ab52c..27d788088 100644 --- a/apparmor.d/wrmsr +++ b/apparmor.d/wrmsr @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/x11-xsession b/apparmor.d/x11-xsession index 37efad088..568603a00 100644 --- a/apparmor.d/x11-xsession +++ b/apparmor.d/x11-xsession @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xarchiver b/apparmor.d/xarchiver index 0d41058d9..687a36b1e 100644 --- a/apparmor.d/xarchiver +++ b/apparmor.d/xarchiver @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xauth b/apparmor.d/xauth index 00193783d..19bfaf2be 100644 --- a/apparmor.d/xauth +++ b/apparmor.d/xauth @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xautolock b/apparmor.d/xautolock index 9ccb2d968..b86518853 100644 --- a/apparmor.d/xautolock +++ b/apparmor.d/xautolock @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2020 Mikhail Morfikov +# Copyright (C) 2020-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xbacklight b/apparmor.d/xbacklight index 973e2b971..84998092e 100644 --- a/apparmor.d/xbacklight +++ b/apparmor.d/xbacklight @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xdg-desktop-menu b/apparmor.d/xdg-desktop-menu index 68a5c3a58..5feeaf3c9 100644 --- a/apparmor.d/xdg-desktop-menu +++ b/apparmor.d/xdg-desktop-menu @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xdg-email b/apparmor.d/xdg-email index 76cfcd816..869b83a59 100644 --- a/apparmor.d/xdg-email +++ b/apparmor.d/xdg-email @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xdg-icon-resource b/apparmor.d/xdg-icon-resource index 03270d2a6..f0f35a5be 100644 --- a/apparmor.d/xdg-icon-resource +++ b/apparmor.d/xdg-icon-resource @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xdg-mime b/apparmor.d/xdg-mime index 677ab6d45..8f2ad2745 100644 --- a/apparmor.d/xdg-mime +++ b/apparmor.d/xdg-mime @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xdg-open b/apparmor.d/xdg-open index 36f940007..d2a128137 100644 --- a/apparmor.d/xdg-open +++ b/apparmor.d/xdg-open @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xdg-screensaver b/apparmor.d/xdg-screensaver index 327fb2d11..db50f6383 100644 --- a/apparmor.d/xdg-screensaver +++ b/apparmor.d/xdg-screensaver @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xdg-settings b/apparmor.d/xdg-settings index 7e008bff2..06b896289 100644 --- a/apparmor.d/xdg-settings +++ b/apparmor.d/xdg-settings @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xdpyinfo b/apparmor.d/xdpyinfo index b38cf4159..971d50986 100644 --- a/apparmor.d/xdpyinfo +++ b/apparmor.d/xdpyinfo @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xfce4-notifyd b/apparmor.d/xfce4-notifyd index 974a25b85..f8d0e721e 100644 --- a/apparmor.d/xfce4-notifyd +++ b/apparmor.d/xfce4-notifyd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xfconfd b/apparmor.d/xfconfd index 96a73c71b..f78a1b2e5 100644 --- a/apparmor.d/xfconfd +++ b/apparmor.d/xfconfd @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xhost b/apparmor.d/xhost index 4e234d0e6..5a25986b7 100644 --- a/apparmor.d/xhost +++ b/apparmor.d/xhost @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xinit b/apparmor.d/xinit index a0cbdb73d..67396d5e5 100644 --- a/apparmor.d/xinit +++ b/apparmor.d/xinit @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xinput b/apparmor.d/xinput index a634bc82b..96b9aeb4a 100644 --- a/apparmor.d/xinput +++ b/apparmor.d/xinput @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xkbcomp b/apparmor.d/xkbcomp index a2a95c4ec..9be713e76 100644 --- a/apparmor.d/xkbcomp +++ b/apparmor.d/xkbcomp @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xorg b/apparmor.d/xorg index 41b475976..df7131965 100644 --- a/apparmor.d/xorg +++ b/apparmor.d/xorg @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -25,12 +25,13 @@ include profile xorg @{exec_path} flags=(attach_disconnected) { include include + include include include include include include - ##include + include # When the Xserver is started via startx as a regular user, there's no need for any of the # following CAPs. When some DM is used instead, some of the CAPs are needed. @@ -56,7 +57,7 @@ profile xorg @{exec_path} flags=(attach_disconnected) { #deny capability sys_rawio, deny capability sys_nice, - # for KDE/SDDM + # For KDE/SDDM #capability sys_tty_config, signal (send) set=(usr1), @@ -155,9 +156,5 @@ profile xorg @{exec_path} flags=(attach_disconnected) { /dev/shm/shmfd-* rw, /dev/shm/#[0-9]*[0-9] rw, - /etc/glvnd/egl_vendor.d/ r, - /usr/share/glvnd/egl_vendor.d/ r, - /usr/share/glvnd/egl_vendor.d/[0-9][0-9]_*.json r, - include if exists } diff --git a/apparmor.d/xprop b/apparmor.d/xprop index 7ff5fcd93..662b11c35 100644 --- a/apparmor.d/xprop +++ b/apparmor.d/xprop @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xrandr b/apparmor.d/xrandr index 24952b6b7..31c2a3f4b 100644 --- a/apparmor.d/xrandr +++ b/apparmor.d/xrandr @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xrdb b/apparmor.d/xrdb index 1437614ae..ef56ce566 100644 --- a/apparmor.d/xrdb +++ b/apparmor.d/xrdb @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xsel b/apparmor.d/xsel index ead35e00c..9c42f87f0 100644 --- a/apparmor.d/xsel +++ b/apparmor.d/xsel @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xset b/apparmor.d/xset index abd0ee044..348737cf0 100644 --- a/apparmor.d/xset +++ b/apparmor.d/xset @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/xsetroot b/apparmor.d/xsetroot index 2d226a3a0..5a8a16f96 100644 --- a/apparmor.d/xsetroot +++ b/apparmor.d/xsetroot @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/youtube-dl b/apparmor.d/youtube-dl index 0bfbe2d9e..9c16b0806 100644 --- a/apparmor.d/youtube-dl +++ b/apparmor.d/youtube-dl @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2017-2020 Mikhail Morfikov +# Copyright (C) 2017-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -60,7 +60,7 @@ profile youtube-dl @{exec_path} { include include - signal (receive) set=(term, kill) peer=mpv, + signal (receive) set=(term, kill), network inet dgram, network inet6 dgram, diff --git a/apparmor.d/youtube-viewer b/apparmor.d/youtube-viewer index aab58fc62..386503dc5 100644 --- a/apparmor.d/youtube-viewer +++ b/apparmor.d/youtube-viewer @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public diff --git a/apparmor.d/ytdl b/apparmor.d/ytdl index fdd9d91e7..de669f7ed 100644 --- a/apparmor.d/ytdl +++ b/apparmor.d/ytdl @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2018-2020 Mikhail Morfikov +# Copyright (C) 2018-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -54,6 +54,8 @@ profile ytdl @{exec_path} { include include + signal (receive) set=(term, kill), + network inet dgram, network inet6 dgram, network inet stream, diff --git a/apparmor.d/zenmap b/apparmor.d/zenmap index 69c6ac58e..6151613a1 100644 --- a/apparmor.d/zenmap +++ b/apparmor.d/zenmap @@ -1,7 +1,7 @@ # vim:syntax=apparmor # ------------------------------------------------------------------ # -# Copyright (C) 2019-2020 Mikhail Morfikov +# Copyright (C) 2019-2021 Mikhail Morfikov # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public