From c4edf2a6c71bbe325eb018f6c2ca547ee8c43bc9 Mon Sep 17 00:00:00 2001 From: nobody43 Date: Sat, 25 Feb 2023 22:45:21 +0000 Subject: [PATCH] cleanup --- apparmor.d/groups/apps/android-studio | 1 - apparmor.d/groups/apps/atom | 1 - apparmor.d/groups/apps/code | 1 - apparmor.d/groups/apps/discord | 4 ---- apparmor.d/groups/apps/freetube | 1 - apparmor.d/groups/apps/signal-desktop | 1 - apparmor.d/groups/apps/telegram-desktop | 2 -- apparmor.d/groups/apps/thunderbird | 2 -- apparmor.d/groups/apt/synaptic | 1 - apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor | 1 - apparmor.d/groups/gvfs/gvfsd-ftp | 1 - apparmor.d/groups/gvfs/gvfsd-http | 1 - apparmor.d/groups/gvfs/gvfsd-mtp | 1 - apparmor.d/groups/gvfs/gvfsd-smb | 1 - apparmor.d/profiles-a-f/arduino | 1 - apparmor.d/profiles-a-f/atril | 1 - apparmor.d/profiles-a-f/cawbird | 1 - apparmor.d/profiles-a-f/czkawka-gui | 1 - apparmor.d/profiles-a-f/deltachat-desktop | 1 - apparmor.d/profiles-a-f/dino-im | 1 - apparmor.d/profiles-a-f/engrampa | 2 -- apparmor.d/profiles-a-f/exo-helper | 1 - apparmor.d/profiles-a-f/font-manager | 1 - apparmor.d/profiles-g-l/gajim | 1 - apparmor.d/profiles-g-l/ganyremote | 1 - apparmor.d/profiles-g-l/gpartedbin | 1 - apparmor.d/profiles-g-l/gpodder | 1 - apparmor.d/profiles-g-l/gsmartcontrol | 1 - apparmor.d/profiles-g-l/hypnotix | 1 - apparmor.d/profiles-g-l/jami-gnome | 1 - apparmor.d/profiles-g-l/light-locker | 1 - apparmor.d/profiles-m-r/mediainfo-gui | 1 - apparmor.d/profiles-m-r/obconf | 1 - apparmor.d/profiles-m-r/pulseeffects | 1 - apparmor.d/profiles-s-z/udiskie | 2 -- apparmor.d/profiles-s-z/utox | 1 - apparmor.d/profiles-s-z/volumeicon | 1 - apparmor.d/profiles-s-z/wireshark | 1 - apparmor.d/profiles-s-z/xarchiver | 1 - 39 files changed, 46 deletions(-) diff --git a/apparmor.d/groups/apps/android-studio b/apparmor.d/groups/apps/android-studio index 5d542009a..14a7700d4 100644 --- a/apparmor.d/groups/apps/android-studio +++ b/apparmor.d/groups/apps/android-studio @@ -209,7 +209,6 @@ profile android-studio @{exec_path} { /usr/share/hwdata/pnp.ids r, - /var/lib/dbus/machine-id r, /etc/machine-id r, diff --git a/apparmor.d/groups/apps/atom b/apparmor.d/groups/apps/atom index def040323..5a0cfabfa 100644 --- a/apparmor.d/groups/apps/atom +++ b/apparmor.d/groups/apps/atom @@ -95,7 +95,6 @@ profile atom @{exec_path} { /etc/fstab r, - # Needed or atom gets crash with the following error: # FATAL:proc_util.cc(36)] : Permission denied (13) @{PROC}/ r, diff --git a/apparmor.d/groups/apps/code b/apparmor.d/groups/apps/code index a432df3db..3970df3b1 100644 --- a/apparmor.d/groups/apps/code +++ b/apparmor.d/groups/apps/code @@ -69,7 +69,6 @@ profile code @{exec_path} { /etc/fstab r, - # Needed or code gets crash with the following error: # FATAL:proc_util.cc(36)] : Permission denied (13) @{PROC}/ r, diff --git a/apparmor.d/groups/apps/discord b/apparmor.d/groups/apps/discord index 76147a625..0234d7a63 100644 --- a/apparmor.d/groups/apps/discord +++ b/apparmor.d/groups/apps/discord @@ -89,10 +89,6 @@ profile discord @{exec_path} { /etc/fstab r, - # To avoid the following error: - # kernel: traps: Discord[] trap int3 ip:7fa5b7541885 sp:7ffff5539c40 error:0 - # in libglib-2.0.so.0.6000.6[7fa5b7508000+80000] - deny @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r, deny @{sys}/devices/virtual/tty/tty[0-9]/active r, # To remove the following error: diff --git a/apparmor.d/groups/apps/freetube b/apparmor.d/groups/apps/freetube index 8a10f4086..2290a8a50 100644 --- a/apparmor.d/groups/apps/freetube +++ b/apparmor.d/groups/apps/freetube @@ -68,7 +68,6 @@ profile freetube @{exec_path} { /etc/fstab r, - owner @{user_share_dirs} r, deny @{sys}/devices/virtual/tty/tty0/active r, diff --git a/apparmor.d/groups/apps/signal-desktop b/apparmor.d/groups/apps/signal-desktop index cf0ff5a32..5f8d5e793 100644 --- a/apparmor.d/groups/apps/signal-desktop +++ b/apparmor.d/groups/apps/signal-desktop @@ -75,7 +75,6 @@ profile signal-desktop @{exec_path} { /var/lib/dbus/machine-id r, /etc/machine-id r, - # No new privs /{usr/,}bin/xdg-settings rPx, diff --git a/apparmor.d/groups/apps/telegram-desktop b/apparmor.d/groups/apps/telegram-desktop index 73966ecc7..738f39b75 100644 --- a/apparmor.d/groups/apps/telegram-desktop +++ b/apparmor.d/groups/apps/telegram-desktop @@ -75,8 +75,6 @@ profile telegram-desktop @{exec_path} { /var/lib/dbus/machine-id r, /etc/machine-id r, - # Needed when saving files as, or otherwise the app crashes - /usr/share/hwdata/pnp.ids r, owner @{HOME}/.config/qt5ct/{,**} r, diff --git a/apparmor.d/groups/apps/thunderbird b/apparmor.d/groups/apps/thunderbird index b24ca3ad3..cafc7a93f 100644 --- a/apparmor.d/groups/apps/thunderbird +++ b/apparmor.d/groups/apps/thunderbird @@ -145,8 +145,6 @@ profile thunderbird @{exec_path} { owner @{HOME}/Mail/** rwl -> @{HOME}/Mail/**, owner @{user_share_dirs}/ r, - # Fix error in libglib while saving files as - # Spellcheck /{usr/,}bin/locale rix, diff --git a/apparmor.d/groups/apt/synaptic b/apparmor.d/groups/apt/synaptic index a04ed89ed..b9acd1ea6 100644 --- a/apparmor.d/groups/apt/synaptic +++ b/apparmor.d/groups/apt/synaptic @@ -147,7 +147,6 @@ profile synaptic @{exec_path} { # errorcode: 2 /dev/ptmx rw, - /etc/fstab r, # Synaptic is a GUI app started by root, so without "owner" diff --git a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor index 336aeda9b..d690dfbd7 100644 --- a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor @@ -62,7 +62,6 @@ profile gvfs-udisks2-volume-monitor @{exec_path} flags=(attach_disconnected) { /{usr/,}bin/mount rPx, /{usr/,}bin/umount rPx, - /var/lib/gdm{3,}/.config/dconf/user r, / r, diff --git a/apparmor.d/groups/gvfs/gvfsd-ftp b/apparmor.d/groups/gvfs/gvfsd-ftp index 63cf75dff..adb65c6b8 100644 --- a/apparmor.d/groups/gvfs/gvfsd-ftp +++ b/apparmor.d/groups/gvfs/gvfsd-ftp @@ -22,6 +22,5 @@ profile gvfsd-ftp @{exec_path} { @{exec_path} mr, - include if exists } diff --git a/apparmor.d/groups/gvfs/gvfsd-http b/apparmor.d/groups/gvfs/gvfsd-http index 5362997eb..f5b03db89 100644 --- a/apparmor.d/groups/gvfs/gvfsd-http +++ b/apparmor.d/groups/gvfs/gvfsd-http @@ -24,7 +24,6 @@ profile gvfsd-http @{exec_path} { @{exec_path} mr, - owner @{run}/user/@{uid}/gvfsd/socket-* rw, include if exists diff --git a/apparmor.d/groups/gvfs/gvfsd-mtp b/apparmor.d/groups/gvfs/gvfsd-mtp index f0a23385b..34fa565bf 100644 --- a/apparmor.d/groups/gvfs/gvfsd-mtp +++ b/apparmor.d/groups/gvfs/gvfsd-mtp @@ -20,7 +20,6 @@ profile gvfsd-mtp @{exec_path} { @{exec_path} mr, - owner @{HOME}/{,**} rw, owner @{MOUNTS}/{,**} rw, diff --git a/apparmor.d/groups/gvfs/gvfsd-smb b/apparmor.d/groups/gvfs/gvfsd-smb index 238bfc081..b7356c556 100644 --- a/apparmor.d/groups/gvfs/gvfsd-smb +++ b/apparmor.d/groups/gvfs/gvfsd-smb @@ -21,7 +21,6 @@ profile gvfsd-smb @{exec_path} { @{exec_path} mr, - /etc/samba/smb.conf r, owner @{run}/user/@{uid}/gvfsd/socket-[a-zA-z0-9]* rw, diff --git a/apparmor.d/profiles-a-f/arduino b/apparmor.d/profiles-a-f/arduino index 5640871fe..a82604b5b 100644 --- a/apparmor.d/profiles-a-f/arduino +++ b/apparmor.d/profiles-a-f/arduino @@ -82,7 +82,6 @@ profile arduino @{exec_path} { owner @{run}/lock/tmp* rw, owner @{run}/lock/LCK..ttyS[0-9]* rw, - owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/coredump_filter rw, owner @{PROC}/@{pid}/mountinfo r, diff --git a/apparmor.d/profiles-a-f/atril b/apparmor.d/profiles-a-f/atril index 27eaea40a..67976e578 100644 --- a/apparmor.d/profiles-a-f/atril +++ b/apparmor.d/profiles-a-f/atril @@ -51,7 +51,6 @@ profile atril @{exec_path} { /usr/share/atril/{,**} r, - owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-a-f/cawbird b/apparmor.d/profiles-a-f/cawbird index 149ea3473..cc69661b0 100644 --- a/apparmor.d/profiles-a-f/cawbird +++ b/apparmor.d/profiles-a-f/cawbird @@ -39,7 +39,6 @@ profile cawbird @{exec_path} { owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/cawbird-* rw, - /usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r, /var/lib/dbus/machine-id r, diff --git a/apparmor.d/profiles-a-f/czkawka-gui b/apparmor.d/profiles-a-f/czkawka-gui index 87ef4b269..62ee47c93 100644 --- a/apparmor.d/profiles-a-f/czkawka-gui +++ b/apparmor.d/profiles-a-f/czkawka-gui @@ -37,7 +37,6 @@ profile czkawka-gui @{exec_path} { @{sys}/fs/cgroup/{,**} r, - profile open { include include diff --git a/apparmor.d/profiles-a-f/deltachat-desktop b/apparmor.d/profiles-a-f/deltachat-desktop index e89a5b1e0..eeae7bce8 100644 --- a/apparmor.d/profiles-a-f/deltachat-desktop +++ b/apparmor.d/profiles-a-f/deltachat-desktop @@ -47,7 +47,6 @@ profile deltachat-desktop @{exec_path} { owner @{HOME}/.config/DeltaChat/ rw, owner @{HOME}/.config/DeltaChat/** rwk, - owner /tmp/@{hex}/ rw, owner /tmp/@{hex}/db.sqlite-blobs/ rw, owner /tmp/@{hex}/db.sqlite rwk, diff --git a/apparmor.d/profiles-a-f/dino-im b/apparmor.d/profiles-a-f/dino-im index 9e1546b85..c29d92e05 100644 --- a/apparmor.d/profiles-a-f/dino-im +++ b/apparmor.d/profiles-a-f/dino-im @@ -31,7 +31,6 @@ profile dino-im @{exec_path} { /{usr/,}bin/gpgconf rCx -> gpg, /{usr/,}bin/gpgsm rCx -> gpg, - owner @{user_share_dirs}/dino/ rw, owner @{user_share_dirs}/dino/** rwk, diff --git a/apparmor.d/profiles-a-f/engrampa b/apparmor.d/profiles-a-f/engrampa index 738abcf47..f02ddccaa 100644 --- a/apparmor.d/profiles-a-f/engrampa +++ b/apparmor.d/profiles-a-f/engrampa @@ -121,11 +121,9 @@ profile engrampa @{exec_path} { /usr/share/engrampa/{,**} r, /usr/share/**.desktop r, - /usr/share/**/icons/**.png r, /etc/magic r, - # gnome-tiny @{run}/mount/utab r, diff --git a/apparmor.d/profiles-a-f/exo-helper b/apparmor.d/profiles-a-f/exo-helper index 6a4742fb9..9c24b544b 100644 --- a/apparmor.d/profiles-a-f/exo-helper +++ b/apparmor.d/profiles-a-f/exo-helper @@ -47,7 +47,6 @@ profile exo-helper @{exec_path} { /etc/fstab r, - # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/profiles-a-f/font-manager b/apparmor.d/profiles-a-f/font-manager index 1dde790c4..2375871fe 100644 --- a/apparmor.d/profiles-a-f/font-manager +++ b/apparmor.d/profiles-a-f/font-manager @@ -29,7 +29,6 @@ profile font-manager @{exec_path} { /{usr/,}lib/@{multiarch}/webkit*gtk-*/WebKitWebProcess rix, /{usr/,}lib/@{multiarch}/webkit*gtk-*/WebKitNetworkProcess rix, - owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/font-manager/ rw, owner @{user_cache_dirs}/font-manager/* rwk, diff --git a/apparmor.d/profiles-g-l/gajim b/apparmor.d/profiles-g-l/gajim index 202626a5a..63701b8e5 100644 --- a/apparmor.d/profiles-g-l/gajim +++ b/apparmor.d/profiles-g-l/gajim @@ -84,7 +84,6 @@ profile gajim @{exec_path} { /etc/fstab r, - /usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r, # TMP files locations (first in /tmp/ , /var/tmp/ and @{HOME}/) diff --git a/apparmor.d/profiles-g-l/ganyremote b/apparmor.d/profiles-g-l/ganyremote index 105df6324..4d7890d30 100644 --- a/apparmor.d/profiles-g-l/ganyremote +++ b/apparmor.d/profiles-g-l/ganyremote @@ -62,7 +62,6 @@ profile ganyremote @{exec_path} { /etc/fstab r, - # Doc dirs deny /usr/local/share/ r, deny /usr/share/ r, diff --git a/apparmor.d/profiles-g-l/gpartedbin b/apparmor.d/profiles-g-l/gpartedbin index 1c248da8e..614cd4553 100644 --- a/apparmor.d/profiles-g-l/gpartedbin +++ b/apparmor.d/profiles-g-l/gpartedbin @@ -131,7 +131,6 @@ profile gpartedbin @{exec_path} { /var/lib/dbus/machine-id r, /etc/machine-id r, - @{run}/mount/utab r, # For fsck of the btrfs filesystem diff --git a/apparmor.d/profiles-g-l/gpodder b/apparmor.d/profiles-g-l/gpodder index 5d9320bbc..a276ab3aa 100644 --- a/apparmor.d/profiles-g-l/gpodder +++ b/apparmor.d/profiles-g-l/gpodder @@ -44,7 +44,6 @@ profile gpodder @{exec_path} { /etc/fstab r, - owner /var/tmp/etilqs_@{hex} rw, /etc/mime.types r, diff --git a/apparmor.d/profiles-g-l/gsmartcontrol b/apparmor.d/profiles-g-l/gsmartcontrol index a2c1a7b16..dd10f2bec 100644 --- a/apparmor.d/profiles-g-l/gsmartcontrol +++ b/apparmor.d/profiles-g-l/gsmartcontrol @@ -56,7 +56,6 @@ profile gsmartcontrol @{exec_path} { /etc/fstab r, - /var/lib/dbus/machine-id r, /etc/machine-id r, diff --git a/apparmor.d/profiles-g-l/hypnotix b/apparmor.d/profiles-g-l/hypnotix index 0d24d9799..2f5de1eb8 100644 --- a/apparmor.d/profiles-g-l/hypnotix +++ b/apparmor.d/profiles-g-l/hypnotix @@ -76,7 +76,6 @@ profile hypnotix @{exec_path} { /dev/ r, - /etc/vdpau_wrapper.cfg r, /var/lib/dbus/machine-id r, diff --git a/apparmor.d/profiles-g-l/jami-gnome b/apparmor.d/profiles-g-l/jami-gnome index 451136c79..e47d18b97 100644 --- a/apparmor.d/profiles-g-l/jami-gnome +++ b/apparmor.d/profiles-g-l/jami-gnome @@ -41,7 +41,6 @@ profile jami-gnome @{exec_path} { /{usr/,}lib/@{multiarch}/webkit2gtk-4.0/WebKitNetworkProcess rix, /{usr/,}lib/@{multiarch}/webkit2gtk-4.0/WebKitWebProcess rix, - /usr/share/ring/{,**} r, /usr/share/sounds/jami-gnome/{,**} r, diff --git a/apparmor.d/profiles-g-l/light-locker b/apparmor.d/profiles-g-l/light-locker index 5bef2a17d..106597369 100644 --- a/apparmor.d/profiles-g-l/light-locker +++ b/apparmor.d/profiles-g-l/light-locker @@ -20,7 +20,6 @@ profile light-locker @{exec_path} { @{exec_path} mr, - @{PROC}/1/cgroup r, owner @{PROC}/@{pid}/cgroup r, diff --git a/apparmor.d/profiles-m-r/mediainfo-gui b/apparmor.d/profiles-m-r/mediainfo-gui index cce025e30..c73b838c4 100644 --- a/apparmor.d/profiles-m-r/mediainfo-gui +++ b/apparmor.d/profiles-m-r/mediainfo-gui @@ -55,7 +55,6 @@ profile mediainfo-gui @{exec_path} { owner @{MOUNTS}/**/ r, owner /{home,media}/**.@{mediainfo_ext} r, - profile open { include include diff --git a/apparmor.d/profiles-m-r/obconf b/apparmor.d/profiles-m-r/obconf index 3327893a8..db56ea931 100644 --- a/apparmor.d/profiles-m-r/obconf +++ b/apparmor.d/profiles-m-r/obconf @@ -32,7 +32,6 @@ profile obconf @{exec_path} { /etc/fstab r, - # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/profiles-m-r/pulseeffects b/apparmor.d/profiles-m-r/pulseeffects index 91ed6256a..8c4beab4c 100644 --- a/apparmor.d/profiles-m-r/pulseeffects +++ b/apparmor.d/profiles-m-r/pulseeffects @@ -32,7 +32,6 @@ profile pulseeffects @{exec_path} { owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/fd/ r, - # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/profiles-s-z/udiskie b/apparmor.d/profiles-s-z/udiskie index 3730931a1..ce7f1a550 100644 --- a/apparmor.d/profiles-s-z/udiskie +++ b/apparmor.d/profiles-s-z/udiskie @@ -36,14 +36,12 @@ profile udiskie @{exec_path} { /etc/fstab r, - # Allowed apps to open /{usr/,}bin/spacefm rPx, # Silencer deny /{usr/,}lib/** w, - profile open { include include diff --git a/apparmor.d/profiles-s-z/utox b/apparmor.d/profiles-s-z/utox index 8d7cb8f6c..22d2969a8 100644 --- a/apparmor.d/profiles-s-z/utox +++ b/apparmor.d/profiles-s-z/utox @@ -38,7 +38,6 @@ profile utox @{exec_path} { deny owner @{PROC}/@{pid}/cmdline r, - profile open { include include diff --git a/apparmor.d/profiles-s-z/volumeicon b/apparmor.d/profiles-s-z/volumeicon index 2bf98c03c..07e5f2627 100644 --- a/apparmor.d/profiles-s-z/volumeicon +++ b/apparmor.d/profiles-s-z/volumeicon @@ -32,7 +32,6 @@ profile volumeicon @{exec_path} { /var/lib/dbus/machine-id r, /etc/machine-id r, - # Start the PulseAudio sound mixer /{usr/,}bin/{,ba,da}sh rix, /{usr/,}bin/pavucontrol rPUx, diff --git a/apparmor.d/profiles-s-z/wireshark b/apparmor.d/profiles-s-z/wireshark index f88fc8e38..9a7bd8269 100644 --- a/apparmor.d/profiles-s-z/wireshark +++ b/apparmor.d/profiles-s-z/wireshark @@ -72,7 +72,6 @@ profile wireshark @{exec_path} { /etc/fstab r, - /usr/share/hwdata/pnp.ids r, /usr/share/GeoIP/{,**} r, diff --git a/apparmor.d/profiles-s-z/xarchiver b/apparmor.d/profiles-s-z/xarchiver index 1dcabd964..0931fce2f 100644 --- a/apparmor.d/profiles-s-z/xarchiver +++ b/apparmor.d/profiles-s-z/xarchiver @@ -57,7 +57,6 @@ profile xarchiver @{exec_path} { /tmp/ r, owner /tmp/** rw, - owner @{PROC}/@{pid}/fd/ r, @{PROC}/@{pid}/mountinfo r, @{PROC}/@{pid}/mounts r,