broader gdm

2022-09-05 04:14:08 +03:00 · 2022-09-05 04:14:08 +03:00 · cd646ea899
commit cd646ea899
parent d6d7dacb9e
30 changed files with 71 additions and 72 deletions
--- a/apparmor.d/groups/gnome/gdm-runtime-config
+++ b/apparmor.d/groups/gnome/gdm-runtime-config
@ -7,13 +7,13 @@ abi <abi/3.0>,
 include <tunables/global>

@{exec_path} =  @{libexec}/gdm-runtime-config
-profile gdm-runtime-config @{exec_path} {
+profile gdm-runtime-config @{exec_path} flags=(complain) {
  include <abstractions/base>

  @{exec_path} mr,

-  @{run}/gdm/ rw,
-  @{run}/gdm/custom.conf* rw,
+  @{run}/gdm{3,}/ rw,
+  @{run}/gdm{3,}/custom.conf* rw,

  include if exists <local/gdm-runtime-config>
-}
+}
--- a/apparmor.d/groups/gnome/gdm-session-worker
+++ b/apparmor.d/groups/gnome/gdm-session-worker
@ -73,7 +73,7 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
  owner @{run}/user/@{uid}/keyring/control rw,

  @{run}/faillock/[a-zA-z0-9]* rwk,
-  @{run}/gdm/custom.conf r,
+  @{run}/gdm{3,}/custom.conf r,
  @{run}/systemd/sessions/* r,
  @{run}/systemd/sessions/*.ref rw,
  @{run}/systemd/users/@{uid} r,
--- a/apparmor.d/groups/gnome/gdm-wayland-session
+++ b/apparmor.d/groups/gnome/gdm-wayland-session
@ -61,7 +61,7 @@ profile gdm-wayland-session @{exec_path} {
  /usr/share/gdm/gdm.schemas r,
  /usr/share/glib-2.0/schemas/gschemas.compiled r,

-  @{run}/gdm/custom.conf r,
+  @{run}/gdm{3,}/custom.conf r,

  owner @{PROC}/@{pid}/fd/ r,
  owner @{PROC}/@{pid}/loginuid r,
--- a/apparmor.d/groups/gnome/gdm-x-session
+++ b/apparmor.d/groups/gnome/gdm-x-session
@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>

@{exec_path} = @{libexec}/gdm-x-session
-profile gdm-x-session @{exec_path} flags=(attach_disconnected) {
+profile gdm-x-session @{exec_path}  flags=(attach_disconnected complain) {
  include <abstractions/base>
  include <abstractions/dbus-session-strict>
  include <abstractions/dbus-strict>
@ -28,12 +28,12 @@ profile gdm-x-session @{exec_path} flags=(attach_disconnected) {
  /etc/gdm{3,}/custom.conf r,
  /usr/share/gdm/gdm.schemas r,

-  /var/lib/gdm/.cache/gdm/Xauthority rw,
-  /var/lib/gdm/.cache/gdm/ rw,
+  /var/lib/gdm{3,}/.cache/gdm/Xauthority rw,
+  /var/lib/gdm{3,}/.cache/gdm/ rw,
  
  owner @{run}/user/@{uid}/gdm/ w,
  owner @{run}/user/@{uid}/gdm/Xauthority rw,
-        @{run}/gdm/custom.conf r,
+        @{run}/gdm{3,}/custom.conf r,

  owner @{PROC}/@{pid}/fd/ r,

--- a/apparmor.d/groups/gnome/gdm-xsession
+++ b/apparmor.d/groups/gnome/gdm-xsession
@ -6,8 +6,8 @@ abi <abi/3.0>,

 include <tunables/global>

-@{exec_path} = /etc/gdm/Xsession
-profile gdm-xsession @{exec_path} {
+@{exec_path} = /etc/gdm{3,}/Xsession
+profile gdm-xsession @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/bash>
  include <abstractions/consoles>
@ -37,7 +37,7 @@ profile gdm-xsession @{exec_path} {
  # file_inherit
  /dev/tty[0-9]* rw,

-  profile dbus {
+  profile dbus flags=(complain) {
    include <abstractions/base>

    /{usr/,}bin/dbus-update-activation-environment mr,
--- a/apparmor.d/groups/gnome/gjs-console
+++ b/apparmor.d/groups/gnome/gjs-console
@ -38,9 +38,9 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
  /usr/share/gnome-shell/{,**} r,
  /usr/share/X11/xkb/** r,

-  /var/lib/gdm/.config/dconf/user r,
-  /var/lib/gdm/.cache/gstreamer-1.0/ rw,
-  /var/lib/gdm/.cache/gstreamer-1.0/registry.*.bin{,.tmp*} rw,
+  /var/lib/gdm{3,}/.config/dconf/user r,
+  /var/lib/gdm{3,}/.cache/gstreamer-1.0/ rw,
+  /var/lib/gdm{3,}/.cache/gstreamer-1.0/registry.*.bin{,.tmp*} rw,

  owner @{user_share_dirs}/gnome-shell/extensions/{,**} r,
  owner @{user_cache_dirs}/gstreamer-1.0/ rw,
--- a/apparmor.d/groups/gnome/gsd-a11y-settings
+++ b/apparmor.d/groups/gnome/gsd-a11y-settings
@ -20,7 +20,7 @@ profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) {
  /usr/share/gdm/greeter-dconf-defaults r,
  /usr/share/glib-2.0/schemas/gschemas.compiled r,

-  /var/lib/gdm/.config/dconf/user r,
+  /var/lib/gdm{3,}/.config/dconf/user r,

  owner /dev/tty[0-9]* rw,

--- a/apparmor.d/groups/gnome/gsd-housekeeping
+++ b/apparmor.d/groups/gnome/gsd-housekeeping
@ -28,7 +28,7 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) {
  owner @{user_cache_dirs}/thumbnails/{,**} rw,
  owner @{user_share_dirs}/applications/ rw,

-  /var/lib/gdm/.config/dconf/user r,
+  /var/lib/gdm{3,}/.config/dconf/user r,

  owner @{PROC}/@{pids}/mountinfo r,

--- a/apparmor.d/groups/gnome/gsd-media-keys
+++ b/apparmor.d/groups/gnome/gsd-media-keys
@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>

@{exec_path} = @{libexec}/gsd-media-keys
-profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
+profile gsd-media-keys @{exec_path}  flags=(attach_disconnected complain) {
  include <abstractions/base>
  include <abstractions/audio>
  include <abstractions/dbus-session-strict>
@ -65,9 +65,9 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
  owner @{user_share_dirs}/event-sound-cache.tdb.* rwk,
  owner @{user_share_dirs}/recently-used.xbel{,.*} rw,

-  /var/lib/gdm/.config/dconf/user r,
-  /var/lib/gdm/.config/pulse/client.conf r,
-  /var/lib/gdm/.config/pulse/cookie rk,
+  /var/lib/gdm{3,}/.config/dconf/user r,
+  /var/lib/gdm{3,}/.config/pulse/client.conf r,
+  /var/lib/gdm{3,}/.config/pulse/cookie rk,

  owner @{run}/user/@{uid}/gdm/Xauthority r,
  owner @{run}/user/@{uid}/wayland-[0-9]* rw,
--- a/apparmor.d/groups/gnome/gsd-power
+++ b/apparmor.d/groups/gnome/gsd-power
@ -64,9 +64,9 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
  /usr/share/icons/{,**} r,
  /usr/share/X11/xkb/** r,

-  /var/lib/gdm/.cache/event-sound-cache.tdb.* rwk,
-  /var/lib/gdm/.config/dconf/user r,
-  /var/lib/gdm/.config/pulse/client.conf r,
+  /var/lib/gdm{3,}/.cache/event-sound-cache.tdb.* rwk,
+  /var/lib/gdm{3,}/.config/dconf/user r,
+  /var/lib/gdm{3,}/.config/pulse/client.conf r,

  owner @{run}/user/@{uid}/gdm/Xauthority r,
  owner @{run}/user/@{uid}/wayland-[0-9] rw,
--- a/apparmor.d/groups/gnome/gsd-sharing
+++ b/apparmor.d/groups/gnome/gsd-sharing
@ -42,7 +42,7 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) {
  /usr/share/gdm/greeter-dconf-defaults r,
  /usr/share/glib-2.0/schemas/gschemas.compiled r,

-  /var/lib/gdm/.config/dconf/user r,
+  /var/lib/gdm{3,}/.config/dconf/user r,

  owner /dev/tty[0-9]* rw,

--- a/apparmor.d/groups/gnome/gsd-smartcard
+++ b/apparmor.d/groups/gnome/gsd-smartcard
@ -21,7 +21,7 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) {
  /usr/share/gdm/greeter-dconf-defaults r,
  /usr/share/glib-2.0/schemas/gschemas.compiled r,

-  /var/lib/gdm/.config/dconf/user r,
+  /var/lib/gdm{3,}/.config/dconf/user r,
  /var/lib/gdm{3,}/greeter-dconf-defaults r,

  owner /dev/tty[0-9]* rw,
--- a/apparmor.d/groups/gnome/gsd-wacom
+++ b/apparmor.d/groups/gnome/gsd-wacom
@ -32,7 +32,7 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) {
  owner @{run}/user/@{uid}/gdm/Xauthority r,
  owner @{run}/user/@{uid}/wayland-[0-9] rw,

-  /var/lib/gdm/.config/dconf/user r,
+  /var/lib/gdm{3,}/.config/dconf/user r,

  owner /dev/tty[0-9]* rw,

--- a/apparmor.d/groups/gnome/gsd-xsettings
+++ b/apparmor.d/groups/gnome/gsd-xsettings
@ -58,7 +58,7 @@ profile gsd-xsettings @{exec_path} {
  /etc/xdg/Xwayland-session.d/ r,
  /etc/xdg/Xwayland-session.d/* rix,

-  /var/lib/gdm/.config/dconf/user r,
+  /var/lib/gdm{3,}/.config/dconf/user r,

  owner @{user_cache_dirs}/mesa_shader_cache/index rw,