feat(abs): general update

2025-07-02 23:22:12 +02:00 · 2025-07-02 23:22:12 +02:00 · 9cb74ff384
commit 9cb74ff384
parent 0366543c39
5 changed files with 16 additions and 4 deletions
--- a/apparmor.d/abstractions/app-open
+++ b/apparmor.d/abstractions/app-open
@ -39,7 +39,7 @@
  @{bin}/extension-manager      Px,
  @{bin}/filezilla              Px,
  @{bin}/flameshot              Px,
-  @{bin}/gimp{,3}               Px,
+  @{bin}/gimp{,-3.0}            Px,
  @{bin}/gnome-calculator       Px,
  @{bin}/gnome-disk-image-mounter Px,
  @{bin}/gnome-disks            Px,
--- a/apparmor.d/abstractions/app/firefox
+++ b/apparmor.d/abstractions/app/firefox
@ -99,7 +99,8 @@
  owner @{tmp}/@{name}/* rwk,
  owner @{tmp}/firefox/ rw,
  owner @{tmp}/firefox/* rwk,
-  owner @{tmp}/remote-settings-startup-bundle- w,
+  owner @{tmp}/remote-settings-startup-bundle- rw,
+  owner @{tmp}/remote-settings-startup-bundle-.tmp rw,
  owner @{tmp}/Temp-@{uuid}/ rw,
  owner @{tmp}/Temp-@{uuid}/* rwk,
  owner @{tmp}/tmp-*.xpi rw,
--- a/apparmor.d/abstractions/bus-session
+++ b/apparmor.d/abstractions/bus-session
@ -6,7 +6,7 @@

  unix bind type=stream addr=@@{udbus}/bus/@{profile_name}/session,

-  dbus send bus=session path=/org/freedesktop/DBus
+  dbus send bus=session path=/org/freedesktop/{dbus,DBus}
       interface=org.freedesktop.DBus
       member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
       peer=(name=org.freedesktop.DBus, label="@{p_dbus_session}"),
--- a/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager
+++ b/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager
@ -8,7 +8,7 @@

  dbus send bus=system path=/org/freedesktop
       interface=org.freedesktop.DBus.ObjectManager
-       member=GetManagedObjects
+       member={GetManagedObjects,InterfacesRemoved}
       peer=(name="{@{busname},org.freedesktop.NetworkManager}", label=NetworkManager),

  dbus send bus=system path=/org/freedesktop/NetworkManager
@ -51,6 +51,11 @@
       member=Updated
       peer=(name="{@{busname},org.freedesktop.NetworkManager}", label=NetworkManager),

+  dbus receive bus=system path=/org/freedesktop/NetworkManager/ActiveConnection/@{int}
+       interface=org.freedesktop.NetworkManager.Connection.Active
+       member=StateChanged
+       peer=(name=@{busname}, label=NetworkManager),
+
  include if exists <abstractions/bus/org.freedesktop.NetworkManager.d>

 # vim:syntax=apparmor
--- a/apparmor.d/abstractions/disks-read
+++ b/apparmor.d/abstractions/disks-read
@ -44,6 +44,12 @@
  @{sys}/devices/virtual/block/loop@{int}/ r,
  @{sys}/devices/virtual/block/loop@{int}/** r,

+  # Xen PVH devices
+  @{sys}/devices/vbd-@{int}/block/** r,
+
+  # Channel subsystem for IBM Z
+  @{sys}/devices/css@{int}/** r,
+
  # LUKS/LVM (device-mapper) devices
  /dev/dm-@{int} rk,
  /dev/mapper/{,*} r,