From cd646ea89984f8b01e27cb7340a5eaa9e8b189a0 Mon Sep 17 00:00:00 2001 From: nobodysu Date: Mon, 5 Sep 2022 04:14:08 +0300 Subject: [PATCH] broader gdm --- apparmor.d/groups/bus/dbus-daemon | 4 ++-- apparmor.d/groups/bus/dbus-run-session | 4 ++-- apparmor.d/groups/bus/ibus-dconf | 11 +++++----- apparmor.d/groups/bus/ibus-engine-simple | 6 +++--- apparmor.d/groups/bus/ibus-extension-gtk3 | 4 ++-- apparmor.d/groups/bus/ibus-portal | 6 +++--- apparmor.d/groups/bus/ibus-x11 | 4 ++-- .../groups/freedesktop/at-spi-bus-launcher | 2 +- apparmor.d/groups/freedesktop/colord | 2 +- apparmor.d/groups/freedesktop/dconf-service | 6 +++--- .../groups/freedesktop/pipewire-media-session | 2 +- apparmor.d/groups/freedesktop/pipewire-pulse | 2 +- .../groups/freedesktop/xdg-user-dirs-update | 20 +++++++++---------- apparmor.d/groups/freedesktop/xkbcomp | 2 +- apparmor.d/groups/freedesktop/xorg | 6 +++--- apparmor.d/groups/gnome/gdm-runtime-config | 8 ++++---- apparmor.d/groups/gnome/gdm-session-worker | 2 +- apparmor.d/groups/gnome/gdm-wayland-session | 2 +- apparmor.d/groups/gnome/gdm-x-session | 8 ++++---- apparmor.d/groups/gnome/gdm-xsession | 6 +++--- apparmor.d/groups/gnome/gjs-console | 6 +++--- apparmor.d/groups/gnome/gsd-a11y-settings | 2 +- apparmor.d/groups/gnome/gsd-housekeeping | 2 +- apparmor.d/groups/gnome/gsd-media-keys | 8 ++++---- apparmor.d/groups/gnome/gsd-power | 6 +++--- apparmor.d/groups/gnome/gsd-sharing | 2 +- apparmor.d/groups/gnome/gsd-smartcard | 2 +- apparmor.d/groups/gnome/gsd-wacom | 2 +- apparmor.d/groups/gnome/gsd-xsettings | 2 +- apparmor.d/profiles-s-z/wireplumber | 4 ++-- 30 files changed, 71 insertions(+), 72 deletions(-) diff --git a/apparmor.d/groups/bus/dbus-daemon b/apparmor.d/groups/bus/dbus-daemon index ec863a5a3..dd48a3f17 100644 --- a/apparmor.d/groups/bus/dbus-daemon +++ b/apparmor.d/groups/bus/dbus-daemon @@ -54,8 +54,8 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) { /usr/share/defaults/**.conf r, # Extra rules for GDM - /var/lib/gdm/.local/share/icc/ r, - /var/lib/gdm/.local/share/icc/edid-*.icc r, + /var/lib/gdm{3,}/.local/share/icc/ r, + /var/lib/gdm{3,}/.local/share/icc/edid-*.icc r, # Extra rules for Flatpak /var/lib/flatpak/exports/share/dbus-1/{,**} r, diff --git a/apparmor.d/groups/bus/dbus-run-session b/apparmor.d/groups/bus/dbus-run-session index 4becf5e7e..b344e912f 100644 --- a/apparmor.d/groups/bus/dbus-run-session +++ b/apparmor.d/groups/bus/dbus-run-session @@ -26,8 +26,8 @@ profile dbus-run-session @{exec_path} { /usr/share/gdm/greeter-dconf-defaults r, /usr/share/dconf/profile/gdm r, - /var/lib/gdm/.config/dconf/user r, - /var/lib/gdm/.cache/dconf/ rw, + /var/lib/gdm{3,}/.config/dconf/user r, + /var/lib/gdm{3,}/.cache/dconf/ rw, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/groups/bus/ibus-dconf b/apparmor.d/groups/bus/ibus-dconf index 1ee1bdb07..208b11221 100644 --- a/apparmor.d/groups/bus/ibus-dconf +++ b/apparmor.d/groups/bus/ibus-dconf @@ -2,7 +2,6 @@ # Copyright (C) 2021 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -abi , include @@ -26,12 +25,12 @@ profile ibus-dconf @{exec_path} flags=(attach_disconnected) { owner @{user_config_dirs}/ibus/bus/{,@{hex}-unix-wayland-[0-9]*} r, owner @{user_config_dirs}/ibus/bus/@{hex}-unix-[0-9]* r, - /var/lib/gdm/.config/ibus/bus/{,@{hex}-unix-wayland-[0-9]*} r, - /var/lib/gdm/.config/ibus/bus/@{hex}-unix-[0-9]* r, + /var/lib/gdm{3,}/.config/ibus/bus/{,@{hex}-unix-wayland-[0-9]*} r, + /var/lib/gdm{3,}/.config/ibus/bus/@{hex}-unix-[0-9]* r, - /var/lib/gdm/.cache/dconf/ w, - /var/lib/gdm/.cache/dconf/user rw, - /var/lib/gdm/.config/dconf/user rw, + /var/lib/gdm{3,}/.cache/dconf/ w, + /var/lib/gdm{3,}/.cache/dconf/user rw, + /var/lib/gdm{3,}/.config/dconf/user rw, owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/bus/ibus-engine-simple b/apparmor.d/groups/bus/ibus-engine-simple index f03a11dc4..160a02b0e 100644 --- a/apparmor.d/groups/bus/ibus-engine-simple +++ b/apparmor.d/groups/bus/ibus-engine-simple @@ -19,10 +19,10 @@ profile ibus-engine-simple @{exec_path} flags=(attach_disconnected) { /etc/machine-id r, /var/lib/dbus/machine-id r, - /var/lib/gdm/.config/ibus/bus/{,@{hex}-unix-wayland-[0-9]} r, - /var/lib/gdm/.config/ibus/bus/@{hex}-unix-[0-9] r, + /var/lib/gdm{3,}/.config/ibus/bus/{,@{hex}-unix-wayland-[0-9]} r, + /var/lib/gdm{3,}/.config/ibus/bus/@{hex}-unix-[0-9] r, owner /dev/tty[0-9]* rw, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/bus/ibus-extension-gtk3 b/apparmor.d/groups/bus/ibus-extension-gtk3 index 893c7cf46..6f57deef4 100644 --- a/apparmor.d/groups/bus/ibus-extension-gtk3 +++ b/apparmor.d/groups/bus/ibus-extension-gtk3 @@ -38,7 +38,7 @@ profile ibus-extension-gtk3 @{exec_path} { owner @{run}/user/@{uid}/gdm/Xauthority r, owner @{run}/user/@{uid}/wayland-[0-9] rw, - /var/lib/gdm/.config/dconf/user r, + /var/lib/gdm{3,}/.config/dconf/user r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/bus/ibus-portal b/apparmor.d/groups/bus/ibus-portal index c3d8437de..7c31da158 100644 --- a/apparmor.d/groups/bus/ibus-portal +++ b/apparmor.d/groups/bus/ibus-portal @@ -25,11 +25,11 @@ profile ibus-portal @{exec_path} flags=(attach_disconnected) { /etc/machine-id r, /var/lib/dbus/machine-id r, - /var/lib/gdm/.config/ibus/bus/ r, - /var/lib/gdm/.config/ibus/bus/@{hex}-unix-{,wayland-}[0-9] r, + /var/lib/gdm{3,}/.config/ibus/bus/ r, + /var/lib/gdm{3,}/.config/ibus/bus/@{hex}-unix-{,wayland-}[0-9] r, owner /dev/tty[0-9]* rw, /dev/null rw, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/bus/ibus-x11 b/apparmor.d/groups/bus/ibus-x11 index b9e927d20..7cef8bf1f 100644 --- a/apparmor.d/groups/bus/ibus-x11 +++ b/apparmor.d/groups/bus/ibus-x11 @@ -23,7 +23,7 @@ profile ibus-x11 @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - /var/lib/gdm/.config/ibus/bus/{,@{hex}-unix-wayland-[0-9]} r, + /var/lib/gdm{3,}/.config/ibus/bus/{,@{hex}-unix-wayland-[0-9]} r, owner @{user_config_dirs}/ibus/bus/{,@{hex}-unix-wayland-[0-9]} r, owner @{user_config_dirs}/ibus/bus/@{hex}-unix-[0-9] r, @@ -34,4 +34,4 @@ profile ibus-x11 @{exec_path} flags=(attach_disconnected) { owner /dev/tty[0-9]* rw, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/freedesktop/at-spi-bus-launcher b/apparmor.d/groups/freedesktop/at-spi-bus-launcher index c663b6669..62e8f12e8 100644 --- a/apparmor.d/groups/freedesktop/at-spi-bus-launcher +++ b/apparmor.d/groups/freedesktop/at-spi-bus-launcher @@ -38,7 +38,7 @@ profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/gdm/Xauthority r, /var/lib/lightdm/.Xauthority r, - /var/lib/gdm/.config/dconf/user r, + /var/lib/gdm{3,}/.config/dconf/user r, /var/log/lightdm/seat[0-9]*-greeter.log w, diff --git a/apparmor.d/groups/freedesktop/colord b/apparmor.d/groups/freedesktop/colord index 444e83c85..f1cd38b75 100644 --- a/apparmor.d/groups/freedesktop/colord +++ b/apparmor.d/groups/freedesktop/colord @@ -52,7 +52,7 @@ profile colord @{exec_path} flags=(attach_disconnected) { owner /var/lib/colord/{mapping,storage}.db{,-journal} rwk, /var/lib/flatpak/exports/share/mime/mime.cache r, - /var/lib/gdm/.local/share/icc/edid-*.icc r, + /var/lib/gdm{3,}/.local/share/icc/edid-*.icc r, @{user_share_dirs}/icc/edid-*.icc r, diff --git a/apparmor.d/groups/freedesktop/dconf-service b/apparmor.d/groups/freedesktop/dconf-service index a0a3e09d2..ebcf010d4 100644 --- a/apparmor.d/groups/freedesktop/dconf-service +++ b/apparmor.d/groups/freedesktop/dconf-service @@ -23,9 +23,9 @@ profile dconf-service @{exec_path} flags=(attach_disconnected) { owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/dconf/ rw, owner @{user_cache_dirs}/dconf/user rw, - /var/lib/gdm/.config/dconf/ rw, - /var/lib/gdm/.config/dconf/user rw, - /var/lib/gdm/.config/dconf/user.* rw, + /var/lib/gdm{3,}/.config/dconf/ rw, + /var/lib/gdm{3,}/.config/dconf/user rw, + /var/lib/gdm{3,}/.config/dconf/user.* rw, @{PROC}/cmdline r, diff --git a/apparmor.d/groups/freedesktop/pipewire-media-session b/apparmor.d/groups/freedesktop/pipewire-media-session index 4e49fe8a7..d70f8362e 100644 --- a/apparmor.d/groups/freedesktop/pipewire-media-session +++ b/apparmor.d/groups/freedesktop/pipewire-media-session @@ -41,7 +41,7 @@ profile pipewire-media-session @{exec_path} { /etc/pipewire/*.conf r, /etc/pipewire/media-session.d/*.conf r, - /var/lib/gdm/.local/state/pipewire/media-session.d/* rw, + /var/lib/gdm{3,}/.local/state/pipewire/media-session.d/* rw, owner @{HOME}/.local/state/ rw, owner @{HOME}/.local/state/pipewire/{,**} rw, diff --git a/apparmor.d/groups/freedesktop/pipewire-pulse b/apparmor.d/groups/freedesktop/pipewire-pulse index 283747734..af39a1a92 100644 --- a/apparmor.d/groups/freedesktop/pipewire-pulse +++ b/apparmor.d/groups/freedesktop/pipewire-pulse @@ -30,7 +30,7 @@ profile pipewire-pulse @{exec_path} flags=(attach_disconnected) { /usr/share/pipewire/client.conf r, /usr/share/pipewire/pipewire-pulse.conf r, - /var/lib/gdm/.config/pulse/cookie rwk, + /var/lib/gdm{3,}/.config/pulse/cookie rwk, owner @{run}/user/@{uid}/pulse/pid w, diff --git a/apparmor.d/groups/freedesktop/xdg-user-dirs-update b/apparmor.d/groups/freedesktop/xdg-user-dirs-update index f72c075f1..21d5c2ae0 100644 --- a/apparmor.d/groups/freedesktop/xdg-user-dirs-update +++ b/apparmor.d/groups/freedesktop/xdg-user-dirs-update @@ -15,16 +15,16 @@ profile xdg-user-dirs-update @{exec_path} { /etc/xdg/user-dirs.conf r, /etc/xdg/user-dirs.defaults r, - /var/lib/gdm/.config/user-dirs.dirs{,*} rw, - /var/lib/gdm/.config/user-dirs.locale rw, - /var/lib/gdm/@{XDG_DESKTOP_DIR}/ rw, - /var/lib/gdm/@{XDG_DOCUMENTS_DIR}/ rw, - /var/lib/gdm/@{XDG_DOWNLOAD_DIR}/ rw, - /var/lib/gdm/@{XDG_MUSIC_DIR}/ rw, - /var/lib/gdm/@{XDG_PICTURES_DIR}/ rw, - /var/lib/gdm/@{XDG_PUBLICSHARE_DIR}/ rw, - /var/lib/gdm/@{XDG_TEMPLATES_DIR}/ rw, - /var/lib/gdm/@{XDG_VIDEOS_DIR}/ rw, + /var/lib/gdm{3,}/.config/user-dirs.dirs{,*} rw, + /var/lib/gdm{3,}/.config/user-dirs.locale rw, + /var/lib/gdm{3,}/@{XDG_DESKTOP_DIR}/ rw, + /var/lib/gdm{3,}/@{XDG_DOCUMENTS_DIR}/ rw, + /var/lib/gdm{3,}/@{XDG_DOWNLOAD_DIR}/ rw, + /var/lib/gdm{3,}/@{XDG_MUSIC_DIR}/ rw, + /var/lib/gdm{3,}/@{XDG_PICTURES_DIR}/ rw, + /var/lib/gdm{3,}/@{XDG_PUBLICSHARE_DIR}/ rw, + /var/lib/gdm{3,}/@{XDG_TEMPLATES_DIR}/ rw, + /var/lib/gdm{3,}/@{XDG_VIDEOS_DIR}/ rw, owner @{user_config_dirs}/user-dirs.dirs r, diff --git a/apparmor.d/groups/freedesktop/xkbcomp b/apparmor.d/groups/freedesktop/xkbcomp index 5143346a0..35e3af296 100644 --- a/apparmor.d/groups/freedesktop/xkbcomp +++ b/apparmor.d/groups/freedesktop/xkbcomp @@ -26,7 +26,7 @@ profile xkbcomp @{exec_path} flags=(attach_disconnected) { owner @{user_share_dirs}/xorg/Xorg.[0-9].log w, - /var/lib/gdm/.local/share/xorg/Xorg.[0-9].log w, + /var/lib/gdm{3,}/.local/share/xorg/Xorg.[0-9].log w, owner /var/log/lightdm/x-[0-9]*.log w, owner /tmp/server-[0-9]*.xkm rwk, diff --git a/apparmor.d/groups/freedesktop/xorg b/apparmor.d/groups/freedesktop/xorg index 090e2ee81..ca7533d82 100644 --- a/apparmor.d/groups/freedesktop/xorg +++ b/apparmor.d/groups/freedesktop/xorg @@ -11,7 +11,7 @@ include @{exec_path} += /{usr/,}bin/Xorg @{exec_path} += /{usr/,}lib/Xorg{,.wrap} @{exec_path} += /{usr/,}lib/xorg/Xorg{,.wrap} -profile xorg @{exec_path} flags=(attach_disconnected) { +profile xorg @{exec_path} flags=(attach_disconnected complain) { include include include @@ -79,8 +79,8 @@ profile xorg @{exec_path} flags=(attach_disconnected) { owner /var/log/Xorg.[0-9].log{,.old} rw, owner /var/log/Xorg.pid-@{pid}.log{,.old} rw, - /var/lib/gdm/.local/share/xorg/Xorg.[0-9].log{,.old} rw, - /var/lib/gdm/.local/share/xorg/Xorg.pid-@{pid}.log{,.old} rw, + /var/lib/gdm{3,}/.local/share/xorg/Xorg.[0-9].log{,.old} rw, + /var/lib/gdm{3,}/.local/share/xorg/Xorg.pid-@{pid}.log{,.old} rw, @{run}/nvidia-xdriver-* rw, @{run}/sddm/{,**} rw, diff --git a/apparmor.d/groups/gnome/gdm-runtime-config b/apparmor.d/groups/gnome/gdm-runtime-config index eb15b149a..db0c90a59 100644 --- a/apparmor.d/groups/gnome/gdm-runtime-config +++ b/apparmor.d/groups/gnome/gdm-runtime-config @@ -7,13 +7,13 @@ abi , include @{exec_path} = @{libexec}/gdm-runtime-config -profile gdm-runtime-config @{exec_path} { +profile gdm-runtime-config @{exec_path} flags=(complain) { include @{exec_path} mr, - @{run}/gdm/ rw, - @{run}/gdm/custom.conf* rw, + @{run}/gdm{3,}/ rw, + @{run}/gdm{3,}/custom.conf* rw, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/gnome/gdm-session-worker b/apparmor.d/groups/gnome/gdm-session-worker index 548b699f8..0da648cba 100644 --- a/apparmor.d/groups/gnome/gdm-session-worker +++ b/apparmor.d/groups/gnome/gdm-session-worker @@ -73,7 +73,7 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/keyring/control rw, @{run}/faillock/[a-zA-z0-9]* rwk, - @{run}/gdm/custom.conf r, + @{run}/gdm{3,}/custom.conf r, @{run}/systemd/sessions/* r, @{run}/systemd/sessions/*.ref rw, @{run}/systemd/users/@{uid} r, diff --git a/apparmor.d/groups/gnome/gdm-wayland-session b/apparmor.d/groups/gnome/gdm-wayland-session index dbcca15d8..2bcfe250d 100644 --- a/apparmor.d/groups/gnome/gdm-wayland-session +++ b/apparmor.d/groups/gnome/gdm-wayland-session @@ -61,7 +61,7 @@ profile gdm-wayland-session @{exec_path} { /usr/share/gdm/gdm.schemas r, /usr/share/glib-2.0/schemas/gschemas.compiled r, - @{run}/gdm/custom.conf r, + @{run}/gdm{3,}/custom.conf r, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/loginuid r, diff --git a/apparmor.d/groups/gnome/gdm-x-session b/apparmor.d/groups/gnome/gdm-x-session index dfddfb6c7..7b34526cd 100644 --- a/apparmor.d/groups/gnome/gdm-x-session +++ b/apparmor.d/groups/gnome/gdm-x-session @@ -7,7 +7,7 @@ abi , include @{exec_path} = @{libexec}/gdm-x-session -profile gdm-x-session @{exec_path} flags=(attach_disconnected) { +profile gdm-x-session @{exec_path} flags=(attach_disconnected complain) { include include include @@ -28,12 +28,12 @@ profile gdm-x-session @{exec_path} flags=(attach_disconnected) { /etc/gdm{3,}/custom.conf r, /usr/share/gdm/gdm.schemas r, - /var/lib/gdm/.cache/gdm/Xauthority rw, - /var/lib/gdm/.cache/gdm/ rw, + /var/lib/gdm{3,}/.cache/gdm/Xauthority rw, + /var/lib/gdm{3,}/.cache/gdm/ rw, owner @{run}/user/@{uid}/gdm/ w, owner @{run}/user/@{uid}/gdm/Xauthority rw, - @{run}/gdm/custom.conf r, + @{run}/gdm{3,}/custom.conf r, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/groups/gnome/gdm-xsession b/apparmor.d/groups/gnome/gdm-xsession index 5f3e7745d..4a7ab81d1 100644 --- a/apparmor.d/groups/gnome/gdm-xsession +++ b/apparmor.d/groups/gnome/gdm-xsession @@ -6,8 +6,8 @@ abi , include -@{exec_path} = /etc/gdm/Xsession -profile gdm-xsession @{exec_path} { +@{exec_path} = /etc/gdm{3,}/Xsession +profile gdm-xsession @{exec_path} flags=(complain) { include include include @@ -37,7 +37,7 @@ profile gdm-xsession @{exec_path} { # file_inherit /dev/tty[0-9]* rw, - profile dbus { + profile dbus flags=(complain) { include /{usr/,}bin/dbus-update-activation-environment mr, diff --git a/apparmor.d/groups/gnome/gjs-console b/apparmor.d/groups/gnome/gjs-console index fc30ca94d..c11907e7d 100644 --- a/apparmor.d/groups/gnome/gjs-console +++ b/apparmor.d/groups/gnome/gjs-console @@ -38,9 +38,9 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) { /usr/share/gnome-shell/{,**} r, /usr/share/X11/xkb/** r, - /var/lib/gdm/.config/dconf/user r, - /var/lib/gdm/.cache/gstreamer-1.0/ rw, - /var/lib/gdm/.cache/gstreamer-1.0/registry.*.bin{,.tmp*} rw, + /var/lib/gdm{3,}/.config/dconf/user r, + /var/lib/gdm{3,}/.cache/gstreamer-1.0/ rw, + /var/lib/gdm{3,}/.cache/gstreamer-1.0/registry.*.bin{,.tmp*} rw, owner @{user_share_dirs}/gnome-shell/extensions/{,**} r, owner @{user_cache_dirs}/gstreamer-1.0/ rw, diff --git a/apparmor.d/groups/gnome/gsd-a11y-settings b/apparmor.d/groups/gnome/gsd-a11y-settings index b6a01c296..2c7c85504 100644 --- a/apparmor.d/groups/gnome/gsd-a11y-settings +++ b/apparmor.d/groups/gnome/gsd-a11y-settings @@ -20,7 +20,7 @@ profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) { /usr/share/gdm/greeter-dconf-defaults r, /usr/share/glib-2.0/schemas/gschemas.compiled r, - /var/lib/gdm/.config/dconf/user r, + /var/lib/gdm{3,}/.config/dconf/user r, owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/gnome/gsd-housekeeping b/apparmor.d/groups/gnome/gsd-housekeeping index c1508ef70..9e0146319 100644 --- a/apparmor.d/groups/gnome/gsd-housekeeping +++ b/apparmor.d/groups/gnome/gsd-housekeeping @@ -28,7 +28,7 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) { owner @{user_cache_dirs}/thumbnails/{,**} rw, owner @{user_share_dirs}/applications/ rw, - /var/lib/gdm/.config/dconf/user r, + /var/lib/gdm{3,}/.config/dconf/user r, owner @{PROC}/@{pids}/mountinfo r, diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys index 1af3f9853..2c3c082f5 100644 --- a/apparmor.d/groups/gnome/gsd-media-keys +++ b/apparmor.d/groups/gnome/gsd-media-keys @@ -7,7 +7,7 @@ abi , include @{exec_path} = @{libexec}/gsd-media-keys -profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { +profile gsd-media-keys @{exec_path} flags=(attach_disconnected complain) { include include include @@ -65,9 +65,9 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { owner @{user_share_dirs}/event-sound-cache.tdb.* rwk, owner @{user_share_dirs}/recently-used.xbel{,.*} rw, - /var/lib/gdm/.config/dconf/user r, - /var/lib/gdm/.config/pulse/client.conf r, - /var/lib/gdm/.config/pulse/cookie rk, + /var/lib/gdm{3,}/.config/dconf/user r, + /var/lib/gdm{3,}/.config/pulse/client.conf r, + /var/lib/gdm{3,}/.config/pulse/cookie rk, owner @{run}/user/@{uid}/gdm/Xauthority r, owner @{run}/user/@{uid}/wayland-[0-9]* rw, diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power index 557146a9b..1cf7670f9 100644 --- a/apparmor.d/groups/gnome/gsd-power +++ b/apparmor.d/groups/gnome/gsd-power @@ -64,9 +64,9 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { /usr/share/icons/{,**} r, /usr/share/X11/xkb/** r, - /var/lib/gdm/.cache/event-sound-cache.tdb.* rwk, - /var/lib/gdm/.config/dconf/user r, - /var/lib/gdm/.config/pulse/client.conf r, + /var/lib/gdm{3,}/.cache/event-sound-cache.tdb.* rwk, + /var/lib/gdm{3,}/.config/dconf/user r, + /var/lib/gdm{3,}/.config/pulse/client.conf r, owner @{run}/user/@{uid}/gdm/Xauthority r, owner @{run}/user/@{uid}/wayland-[0-9] rw, diff --git a/apparmor.d/groups/gnome/gsd-sharing b/apparmor.d/groups/gnome/gsd-sharing index 2268b138e..0973a395b 100644 --- a/apparmor.d/groups/gnome/gsd-sharing +++ b/apparmor.d/groups/gnome/gsd-sharing @@ -42,7 +42,7 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) { /usr/share/gdm/greeter-dconf-defaults r, /usr/share/glib-2.0/schemas/gschemas.compiled r, - /var/lib/gdm/.config/dconf/user r, + /var/lib/gdm{3,}/.config/dconf/user r, owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/gnome/gsd-smartcard b/apparmor.d/groups/gnome/gsd-smartcard index c542accb7..09a91c681 100644 --- a/apparmor.d/groups/gnome/gsd-smartcard +++ b/apparmor.d/groups/gnome/gsd-smartcard @@ -21,7 +21,7 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) { /usr/share/gdm/greeter-dconf-defaults r, /usr/share/glib-2.0/schemas/gschemas.compiled r, - /var/lib/gdm/.config/dconf/user r, + /var/lib/gdm{3,}/.config/dconf/user r, /var/lib/gdm{3,}/greeter-dconf-defaults r, owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/gnome/gsd-wacom b/apparmor.d/groups/gnome/gsd-wacom index 3bb701c7c..43c58791e 100644 --- a/apparmor.d/groups/gnome/gsd-wacom +++ b/apparmor.d/groups/gnome/gsd-wacom @@ -32,7 +32,7 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/gdm/Xauthority r, owner @{run}/user/@{uid}/wayland-[0-9] rw, - /var/lib/gdm/.config/dconf/user r, + /var/lib/gdm{3,}/.config/dconf/user r, owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/gnome/gsd-xsettings b/apparmor.d/groups/gnome/gsd-xsettings index 2192ebaef..56a5614ed 100644 --- a/apparmor.d/groups/gnome/gsd-xsettings +++ b/apparmor.d/groups/gnome/gsd-xsettings @@ -58,7 +58,7 @@ profile gsd-xsettings @{exec_path} { /etc/xdg/Xwayland-session.d/ r, /etc/xdg/Xwayland-session.d/* rix, - /var/lib/gdm/.config/dconf/user r, + /var/lib/gdm{3,}/.config/dconf/user r, owner @{user_cache_dirs}/mesa_shader_cache/index rw, diff --git a/apparmor.d/profiles-s-z/wireplumber b/apparmor.d/profiles-s-z/wireplumber index dd2ef0dd0..0d7ccd5bb 100644 --- a/apparmor.d/profiles-s-z/wireplumber +++ b/apparmor.d/profiles-s-z/wireplumber @@ -26,7 +26,7 @@ profile wireplumber @{exec_path} { /usr/share/spa-*/bluez[0-9]*/{,*} r, /usr/share/wireplumber/{,**} r, - /var/lib/gdm/.local/state/wireplumber/{,**} rw, + /var/lib/gdm{3,}/.local/state/wireplumber/{,**} rw, owner @{HOME}/.local/state/ w, owner @{HOME}/.local/state/wireplumber/{,**} rw, @@ -52,4 +52,4 @@ profile wireplumber @{exec_path} { /dev/video[0-9]* rw, include if exists -} \ No newline at end of file +}