diff --git a/apparmor.d/abstractions/gstreamer b/apparmor.d/abstractions/gstreamer index f39bcab01..2b3afac8e 100644 --- a/apparmor.d/abstractions/gstreamer +++ b/apparmor.d/abstractions/gstreamer @@ -13,7 +13,7 @@ /etc/openni2/OpenNI.ini r, owner @{HOME}/{.cache/,.}gstreamer-[0-9]*/ rw, - owner @{HOME}/{.cache/,.}gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, + owner @{HOME}/{.cache/,.}gstreamer-[0-9]*/registry.*.bin{,.tmp@{rand6}} rw, /tmp/ r, /var/tmp/ r, @@ -46,4 +46,4 @@ /dev/bus/usb/ r, /dev/dri/ r, - include if exists \ No newline at end of file + include if exists diff --git a/apparmor.d/groups/apps/calibre b/apparmor.d/groups/apps/calibre index 6f8fe7836..aee551210 100644 --- a/apparmor.d/groups/apps/calibre +++ b/apparmor.d/groups/apps/calibre @@ -135,7 +135,7 @@ profile calibre @{exec_path} { owner @{user_cache_dirs}/qtshadercache/#@{int} rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw, - owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, + owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp@{rand6}} rw, owner @{user_config_dirs}/qt5ct/{,**} r, diff --git a/apparmor.d/groups/apt/apt-extracttemplates b/apparmor.d/groups/apt/apt-extracttemplates index 3d718d03f..0e0b99dd2 100644 --- a/apparmor.d/groups/apt/apt-extracttemplates +++ b/apparmor.d/groups/apt/apt-extracttemplates @@ -25,7 +25,7 @@ profile apt-extracttemplates @{exec_path} { owner /var/log/unattended-upgrades/unattended-upgrades-dpkg.log rw, - owner /tmp/*.{config,template}.?????? rw, + owner /tmp/*.{config,template}.@{rand6} rw, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/groups/browsers/chromium-wrapper b/apparmor.d/groups/browsers/chromium-wrapper index 77fcd3cda..5660b4501 100644 --- a/apparmor.d/groups/browsers/chromium-wrapper +++ b/apparmor.d/groups/browsers/chromium-wrapper @@ -38,7 +38,7 @@ profile chromium-wrapper @{exec_path} { owner @{HOME}/.xsession-errors w, - owner /tmp/chromiumargs.?????? rw, + owner /tmp/chromiumargs.@{rand6} rw, owner /tmp/tmp.*/ rw, owner /tmp/tmp.*/** rwk, diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox index e69934ede..34032a32c 100644 --- a/apparmor.d/groups/browsers/firefox +++ b/apparmor.d/groups/browsers/firefox @@ -191,10 +191,10 @@ profile firefox @{exec_path} flags=(attach_disconnected) { owner @{user_config_dirs}/gtk-{3,4}.0/assets/*.svg r, owner @{user_config_dirs}/ibus/bus/ r, owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, - owner @{user_config_dirs}/mimeapps.list{,.*} rw, + owner @{user_config_dirs}/mimeapps.list{,.@{rand6}} rw, owner @{user_share_dirs}/ r, - owner @{user_share_dirs}/applications/userapp-Firefox-??????.desktop{,.??????} rw, + owner @{user_share_dirs}/applications/userapp-Firefox-@{rand6}.desktop{,.@{rand6}} rw, owner @{user_share_dirs}/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml rw, owner @{user_share_dirs}/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml.* rw, diff --git a/apparmor.d/groups/browsers/firefox-glxtest b/apparmor.d/groups/browsers/firefox-glxtest index 56ba181b6..f7ecf266e 100644 --- a/apparmor.d/groups/browsers/firefox-glxtest +++ b/apparmor.d/groups/browsers/firefox-glxtest @@ -26,7 +26,7 @@ profile firefox-glxtest @{exec_path} { owner /tmp/firefox/.parentlock rw, - owner @{run}/user/@{uid}/xauth_?????? r, + owner @{run}/user/@{uid}/xauth_@{rand6} r, @{sys}/bus/pci/devices/ r, @{sys}/devices/pci[0-9]*/**/class r, diff --git a/apparmor.d/groups/browsers/firefox-kmozillahelper b/apparmor.d/groups/browsers/firefox-kmozillahelper index 9447cc2e8..c1e256950 100644 --- a/apparmor.d/groups/browsers/firefox-kmozillahelper +++ b/apparmor.d/groups/browsers/firefox-kmozillahelper @@ -40,11 +40,11 @@ profile firefox-kmozillahelper @{exec_path} { owner @{user_config_dirs}/kmozillahelperrc r, owner @{user_config_dirs}/kwinrc r, - owner @{run}/user/@{uid}/xauth_* rl, + owner @{run}/user/@{uid}/xauth_@{rand6} rl, @{PROC}/sys/kernel/core_pattern r, /dev/tty r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/freedesktop/accounts-daemon b/apparmor.d/groups/freedesktop/accounts-daemon index 7958a4860..b9719066b 100644 --- a/apparmor.d/groups/freedesktop/accounts-daemon +++ b/apparmor.d/groups/freedesktop/accounts-daemon @@ -60,8 +60,8 @@ profile accounts-daemon @{exec_path} flags=(attach_disconnected) { /etc/default/locale r, /etc/gdm{3,}/ r, - /etc/gdm{3,}/custom.conf{,.??????} rw, - /etc/gdm{3,}/daemon.conf{,.??????} rw, + /etc/gdm{3,}/custom.conf{,.@{rand6}} rw, + /etc/gdm{3,}/daemon.conf{,.@{rand6}} rw, /etc/machine-id r, /etc/shadow r, /etc/shells r, @@ -84,7 +84,7 @@ profile accounts-daemon @{exec_path} flags=(attach_disconnected) { # wtmp.d ? /var/log/wtmp r, - owner /tmp/gnome-control-center-user-icon-?????? rw, + owner /tmp/gnome-control-center-user-icon-@{rand6} rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/at-spi-bus-launcher b/apparmor.d/groups/freedesktop/at-spi-bus-launcher index a1a82e4ba..3513a4213 100644 --- a/apparmor.d/groups/freedesktop/at-spi-bus-launcher +++ b/apparmor.d/groups/freedesktop/at-spi-bus-launcher @@ -39,10 +39,10 @@ profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) { owner @{HOME}/.Xauthority r, owner @{HOME}/.xsession-errors w, - owner /tmp/runtime-*/xauth_?????? r, + owner /tmp/runtime-*/xauth_@{rand6} r, owner @{run}/user/@{uid}/gdm/Xauthority r, - owner @{run}/user/@{uid}/xauth_?????? r, + owner @{run}/user/@{uid}/xauth_@{rand6} r, /var/lib/lightdm/.Xauthority r, /var/lib/gdm{3,}/.config/dconf/user r, diff --git a/apparmor.d/groups/freedesktop/at-spi2-registryd b/apparmor.d/groups/freedesktop/at-spi2-registryd index 12045871d..e72c0f89d 100644 --- a/apparmor.d/groups/freedesktop/at-spi2-registryd +++ b/apparmor.d/groups/freedesktop/at-spi2-registryd @@ -89,10 +89,10 @@ profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) { owner @{HOME}/.Xauthority r, owner @{HOME}/.xsession-errors w, - owner /tmp/runtime-*/xauth_?????? r, + owner /tmp/runtime-*/xauth_@{rand6} r, owner @{run}/user/@{uid}/gdm/Xauthority r, - owner @{run}/user/@{uid}/xauth_?????? r, + owner @{run}/user/@{uid}/xauth_@{rand6} r, owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/freedesktop/dconf b/apparmor.d/groups/freedesktop/dconf index 0577fc231..32d705112 100644 --- a/apparmor.d/groups/freedesktop/dconf +++ b/apparmor.d/groups/freedesktop/dconf @@ -22,7 +22,7 @@ profile dconf @{exec_path} flags=(attach_disconnected) { /usr/share/gdm/dconf/{,**} r, /var/lib/gdm{3,}/ r, - /var/lib/gdm{3,}/greeter-dconf-defaults{,.??????} rw, + /var/lib/gdm{3,}/greeter-dconf-defaults{,.@{rand6}} rw, owner @{user_config_dirs}/dconf/ rw, owner @{user_config_dirs}/dconf/user{,.*} rw, diff --git a/apparmor.d/groups/freedesktop/pulseaudio b/apparmor.d/groups/freedesktop/pulseaudio index fc5b27021..f9ff5a996 100644 --- a/apparmor.d/groups/freedesktop/pulseaudio +++ b/apparmor.d/groups/freedesktop/pulseaudio @@ -159,7 +159,7 @@ profile pulseaudio @{exec_path} { owner /var/lib/lightdm/.config/pulse/cookie k, /var/lib/gdm{3,}/.cache/gstreamer-1.0/ rw, - /var/lib/gdm{3,}/.cache/gstreamer-1.0/registry.*.bin{,.tmp*} rw, + /var/lib/gdm{3,}/.cache/gstreamer-1.0/registry.*.bin{,.tmp@{rand6}} rw, owner @{user_config_dirs}/ w, owner @{user_config_dirs}/pulse/{,**} rw, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk index 90d637913..50c9503db 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk @@ -164,10 +164,10 @@ profile xdg-desktop-portal-gtk @{exec_path} { owner @{HOME}/.icons/{,**} r, owner @{HOME}/@{XDG_DATA_HOME}/ r, - owner /tmp/runtime-*/xauth_?????? r, + owner /tmp/runtime-*/xauth_@{rand6} r, @{run}/mount/utab r, - @{run}/user/@{uid}/xauth_* rl, + @{run}/user/@{uid}/xauth_@{rand6} rl, owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} rw, owner @{run}/user/@{uid}/gdm/Xauthority r, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde index 30cafbd2f..8f30f5aa2 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde @@ -45,7 +45,7 @@ profile xdg-desktop-portal-kde @{exec_path} { owner @{user_config_dirs}/kwinrc r, owner @{user_config_dirs}/xdg-desktop-portal-kderc r, - @{run}/user/@{uid}/xauth_* rl, + @{run}/user/@{uid}/xauth_@{rand6} rl, @{PROC}/sys/kernel/core_pattern r, diff --git a/apparmor.d/groups/freedesktop/xdg-user-dirs-update b/apparmor.d/groups/freedesktop/xdg-user-dirs-update index b3749ca70..0dd4238f7 100644 --- a/apparmor.d/groups/freedesktop/xdg-user-dirs-update +++ b/apparmor.d/groups/freedesktop/xdg-user-dirs-update @@ -50,7 +50,7 @@ profile xdg-user-dirs-update @{exec_path} { owner @{HOME}/@{XDG_VIDEOS_DIR}/ w, owner @{user_config_dirs}/user-dirs.dirs rw, - owner @{user_config_dirs}/user-dirs.dirs?????? rw, + owner @{user_config_dirs}/user-dirs.dirs@{rand6} rw, owner @{user_config_dirs}/user-dirs.locale rw, include if exists diff --git a/apparmor.d/groups/freedesktop/xprop b/apparmor.d/groups/freedesktop/xprop index 23c1dadbb..9931b69e0 100644 --- a/apparmor.d/groups/freedesktop/xprop +++ b/apparmor.d/groups/freedesktop/xprop @@ -19,8 +19,8 @@ profile xprop @{exec_path} { owner @{HOME}/.Xauthority r, owner @{HOME}/.icons/default/index.theme r, - owner /tmp/runtime-*/xauth_?????? r, - owner @{run}/user/@{uid}/xauth_* rl, + owner /tmp/runtime-*/xauth_@{rand6} r, + owner @{run}/user/@{uid}/xauth_@{rand6} rl, # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/freedesktop/xrdb b/apparmor.d/groups/freedesktop/xrdb index fa6a86db0..2a70d5808 100644 --- a/apparmor.d/groups/freedesktop/xrdb +++ b/apparmor.d/groups/freedesktop/xrdb @@ -35,8 +35,8 @@ profile xrdb @{exec_path} { owner /tmp/kcminit.* r, owner /tmp/plasma-apply-lookandfeel.* r, - owner /tmp/runtime-*/xauth_?????? r, - owner /tmp/startplasma-x11.?????? r, + owner /tmp/runtime-*/xauth_@{rand6} r, + owner /tmp/startplasma-x11.@{rand6} r, owner /tmp/xauth-[0-9]*-_[0-9] r, @{run}/sddm/\{@{uuid}\} r, diff --git a/apparmor.d/groups/freedesktop/xsetroot b/apparmor.d/groups/freedesktop/xsetroot index 599aa865e..85c168bbc 100644 --- a/apparmor.d/groups/freedesktop/xsetroot +++ b/apparmor.d/groups/freedesktop/xsetroot @@ -24,8 +24,8 @@ profile xsetroot @{exec_path} { owner @{user_share_dirs}/sddm/xorg-session.log w, @{run}/sddm/\{@{uuid}\} r, - @{run}/user/@{uid}/xauth_* rl, - @{run}/sddm/xauth_?????? r, + @{run}/user/@{uid}/xauth_@{rand6} rl, + @{run}/sddm/xauth_@{rand6} r, include if exists } diff --git a/apparmor.d/groups/freedesktop/xwayland b/apparmor.d/groups/freedesktop/xwayland index eb50fb7aa..6d3598711 100644 --- a/apparmor.d/groups/freedesktop/xwayland +++ b/apparmor.d/groups/freedesktop/xwayland @@ -38,7 +38,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) { owner /tmp/server-[0-9]*.xkm rwk, owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} rw, - owner @{run}/user/@{uid}/xwayland-shared-?????? rw, + owner @{run}/user/@{uid}/xwayland-shared-@{rand6} rw, @{sys}/bus/pci/devices/ r, diff --git a/apparmor.d/groups/gnome/gdm-runtime-config b/apparmor.d/groups/gnome/gdm-runtime-config index 58628f7e8..f3715b3e8 100644 --- a/apparmor.d/groups/gnome/gdm-runtime-config +++ b/apparmor.d/groups/gnome/gdm-runtime-config @@ -13,7 +13,7 @@ profile gdm-runtime-config @{exec_path} { @{exec_path} mr, @{run}/gdm{3,}/ rw, - @{run}/gdm{3,}/custom.conf* rw, + @{run}/gdm{3,}/custom.conf{,@{rand6}} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gdm-xsession b/apparmor.d/groups/gnome/gdm-xsession index ba51cf064..412df8905 100644 --- a/apparmor.d/groups/gnome/gdm-xsession +++ b/apparmor.d/groups/gnome/gdm-xsession @@ -54,7 +54,7 @@ profile gdm-xsession @{exec_path} { /etc/default/im-config r, /etc/X11/{,**} r, - owner /tmp/gdm{3,}-config-err-?????? rw, + owner /tmp/gdm{3,}-config-err-@{rand6} rw, # file_inherit /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/gnome/gjs-console b/apparmor.d/groups/gnome/gjs-console index 60595f1ce..2958a0640 100644 --- a/apparmor.d/groups/gnome/gjs-console +++ b/apparmor.d/groups/gnome/gjs-console @@ -89,7 +89,7 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r, /var/lib/gdm{3,}/.cache/gstreamer-1.0/ rw, - /var/lib/gdm{3,}/.cache/gstreamer-1.0/registry.*.bin{,.tmp*} rw, + /var/lib/gdm{3,}/.cache/gstreamer-1.0/registry.*.bin{,.tmp@{rand6}} rw, /var/lib/gdm{3,}/.config/dconf/user r, /var/lib/gdm{3,}/greeter-dconf-defaults r, @@ -98,7 +98,7 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) { owner @{user_share_dirs}/gnome-shell/extensions/{,**} r, owner @{user_cache_dirs}/gstreamer-1.0/ rw, - owner @{user_cache_dirs}/gstreamer-1.0/registry.*.bin{,.tmp*} rw, + owner @{user_cache_dirs}/gstreamer-1.0/registry.*.bin{,.tmp@{rand6}} rw, owner @{run}/user/@{uid}/gdm/Xauthority r, diff --git a/apparmor.d/groups/gnome/gnome-control-center b/apparmor.d/groups/gnome/gnome-control-center index cb0cd819d..7f5f70ef7 100644 --- a/apparmor.d/groups/gnome/gnome-control-center +++ b/apparmor.d/groups/gnome/gnome-control-center @@ -137,8 +137,8 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) { owner @{user_config_dirs}/gnome-control-center/{,**} rw, owner @{user_config_dirs}/ibus/bus/ r, owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, - owner @{user_config_dirs}/mimeapps.list* rw, - owner @{user_config_dirs}/rygel.conf{,.??????} rw, + owner @{user_config_dirs}/mimeapps.list{,.@{rand6}} rw, + owner @{user_config_dirs}/rygel.conf{,.@{rand6}} rw, owner @{user_share_dirs}/backgrounds/{,**} rw, owner @{user_share_dirs}/icc/{,edid-*} r, owner @{user_share_dirs}/sounds/__custom/{,*} rw, @@ -146,7 +146,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) { owner @{user_share_dirs}/webkitgtk/databases/indexeddb/* rw, owner @{user_share_dirs}/webkitgtk/localstorage/{,**} rwk, owner @{user_share_dirs}/gnome-remote-desktop/ w, - owner @{user_share_dirs}/gnome-remote-desktop/rdp-tls.{crt,key}{.??????,} rw, + owner @{user_share_dirs}/gnome-remote-desktop/rdp-tls.{crt,key}{,.@{rand6}} rw, owner @{run}/user/@{uid}/gnome-shell-disable-extensions w, owner @{run}/user/@{uid}/gnome-control-center-region-needs-restart w, diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary index cdb406521..aa14e53ed 100644 --- a/apparmor.d/groups/gnome/gnome-session-binary +++ b/apparmor.d/groups/gnome/gnome-session-binary @@ -214,7 +214,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { /var/lib/flatpak/exports/share/mime/mime.cache r, /var/lib/snapd/desktop/applications/{,mimeinfo.cache} r, - owner /tmp/dirs-?????? rw, + owner /tmp/dirs-@{rand6} rw, owner @{user_config_dirs}/autostart/{,*.desktop} r, owner @{user_config_dirs}/gnome-session/ rw, diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index 201622859..cf21a68bd 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -517,7 +517,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.cache/event-sound-cache.tdb.@{md5}.x86_64-pc-linux-gnu rwk, /var/lib/gdm{3,}/.cache/fontconfig/{,*} rwl, /var/lib/gdm{3,}/.cache/gstreamer-[0-9]*/ rw, - /var/lib/gdm{3,}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, + /var/lib/gdm{3,}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp@{rand6}} rw, /var/lib/gdm{3,}/.cache/libgweather/ r, /var/lib/gdm{3,}/.cache/mesa_shader_cache/ rw, /var/lib/gdm{3,}/.cache/mesa_shader_cache/@{h}@{h}/ rw, diff --git a/apparmor.d/groups/gnome/tracker-extract b/apparmor.d/groups/gnome/tracker-extract index 07b909f83..d2150a5b3 100644 --- a/apparmor.d/groups/gnome/tracker-extract +++ b/apparmor.d/groups/gnome/tracker-extract @@ -83,10 +83,10 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.cache/ rw, /var/lib/gdm{3,}/.cache/tracker3/{,**} rw, /var/lib/gdm{3,}/.cache/gstreamer-1.0/ rw, - /var/lib/gdm{3,}/.cache/gstreamer-1.0/registry.*.bin{,.tmp*} rw, + /var/lib/gdm{3,}/.cache/gstreamer-1.0/registry.*.bin{,.tmp@{rand6}} rw, /var/lib/gdm{3,}/greeter-dconf-defaults r, - /var/lib/lightdm/.cache/gstreamer-1.0/registry.*.bin{,.tmp??????} r, + /var/lib/lightdm/.cache/gstreamer-1.0/registry.*.bin{,.tmp@{rand6}} r, /var/lib/flatpak/exports/share/applications/mimeinfo.cache r, /var/lib/flatpak/exports/share/mime/mime.cache r, diff --git a/apparmor.d/groups/gnome/tracker-miner b/apparmor.d/groups/gnome/tracker-miner index ea6e8e796..ece36469d 100644 --- a/apparmor.d/groups/gnome/tracker-miner +++ b/apparmor.d/groups/gnome/tracker-miner @@ -88,7 +88,7 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) { /var/lib/lightdm/.config/dconf/user r, /var/lib/lightdm/.cache/tracker3/files/meta.db{,-wal} rwk, - /var/lib/lightdm/.cache/tracker3/files/no-need-mtime-check.txt{,.??????} rw, + /var/lib/lightdm/.cache/tracker3/files/no-need-mtime-check.txt{,.@{rand6}} rw, owner /var/tmp/etilqs_@{hex} rw, diff --git a/apparmor.d/groups/kde/drkonqi b/apparmor.d/groups/kde/drkonqi index 87adf94a0..6cb02196a 100644 --- a/apparmor.d/groups/kde/drkonqi +++ b/apparmor.d/groups/kde/drkonqi @@ -22,9 +22,9 @@ profile drkonqi @{exec_path} { /usr/share/drkonqi/{,**} r, /usr/share/icu/[0-9]*.[0-9]*/*.dat r, - @{run}/user/@{uid}/xauth_* rl, + @{run}/user/@{uid}/xauth_@{rand6} rl, /dev/tty r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/kde/gmenudbusmenuproxy b/apparmor.d/groups/kde/gmenudbusmenuproxy index b88ed47d3..659642fb2 100644 --- a/apparmor.d/groups/kde/gmenudbusmenuproxy +++ b/apparmor.d/groups/kde/gmenudbusmenuproxy @@ -24,7 +24,7 @@ profile gmenudbusmenuproxy @{exec_path} { owner @{HOME}/.gtkrc-2.0 rw, owner @{user_config_dirs}/gtk-{2,3}.0/#@{int} rw, - owner @{user_config_dirs}/gtk-{2,3}.0/settings.ini{,.??????} rwl, + owner @{user_config_dirs}/gtk-{2,3}.0/settings.ini{,.@{rand6}} rwl, owner @{user_config_dirs}/gtk-{2,3}.0/settings.ini.lock rwk, @{PROC}/sys/kernel/random/boot_id r, diff --git a/apparmor.d/groups/kde/kaccess b/apparmor.d/groups/kde/kaccess index 62ec459c3..6cc4856de 100644 --- a/apparmor.d/groups/kde/kaccess +++ b/apparmor.d/groups/kde/kaccess @@ -38,7 +38,7 @@ profile kaccess @{exec_path} { owner @{user_share_dirs}/mime/generic-icons r, - owner @{run}/user/@{uid}/xauth_?????? r, + owner @{run}/user/@{uid}/xauth_@{rand6} r, @{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r, diff --git a/apparmor.d/groups/kde/kalendarac b/apparmor.d/groups/kde/kalendarac index 594f025cf..7caaa0d64 100644 --- a/apparmor.d/groups/kde/kalendarac +++ b/apparmor.d/groups/kde/kalendarac @@ -37,13 +37,13 @@ profile kalendarac @{exec_path} { owner @{user_config_dirs}/emaildefaults r, owner @{user_config_dirs}/emailidentities r, owner @{user_config_dirs}/kalendaracrc rw, - owner @{user_config_dirs}/kalendaracrc.?????? rwl, + owner @{user_config_dirs}/kalendaracrc.@{rand6} rwl, owner @{user_config_dirs}/kalendaracrc.lock rwk, owner @{user_config_dirs}/kdedefaults/kdeglobals r, owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kmail2rc r, - @{run}/user/@{uid}/xauth_* rl, + @{run}/user/@{uid}/xauth_@{rand6} rl, @{PROC}/sys/kernel/core_pattern r, diff --git a/apparmor.d/groups/kde/kcminit b/apparmor.d/groups/kde/kcminit index 9ed371c9a..b233ae1ff 100644 --- a/apparmor.d/groups/kde/kcminit +++ b/apparmor.d/groups/kde/kcminit @@ -28,8 +28,8 @@ profile kcminit @{exec_path} { owner @{HOME}/.Xdefaults r, owner @{user_config_dirs}/#@{int} rw, - owner @{user_config_dirs}/gtkrc-2.0{,.??????} rwl, - owner @{user_config_dirs}/gtkrc{,.??????} rwl, + owner @{user_config_dirs}/gtkrc-2.0{,.@{rand6}} rwl, + owner @{user_config_dirs}/gtkrc{,.@{rand6}} rwl, owner @{user_config_dirs}/kcminputrc r, owner @{user_config_dirs}/kdedefaults/kcminputrc r, owner @{user_config_dirs}/kdedefaults/kdeglobals r, @@ -39,12 +39,12 @@ profile kcminit @{exec_path} { owner @{user_config_dirs}/kwinrc r, owner @{user_config_dirs}/touchpadrc r, owner @{user_config_dirs}/Trolltech.conf.lock rwk, - owner @{user_config_dirs}/Trolltech.conf{,.??????} rwl, + owner @{user_config_dirs}/Trolltech.conf{,.@{rand6}} rwl, - owner /tmp/kcminit.?????? rwl, + owner /tmp/kcminit.@{rand6} rwl, owner /tmp/#@{int} rw, - @{run}/user/@{uid}/xauth_* rl, + @{run}/user/@{uid}/xauth_@{rand6} rl, @{PROC}/sys/kernel/random/boot_id r, diff --git a/apparmor.d/groups/kde/kconf_update b/apparmor.d/groups/kde/kconf_update index 522b0b8c1..663ae746c 100644 --- a/apparmor.d/groups/kde/kconf_update +++ b/apparmor.d/groups/kde/kconf_update @@ -39,7 +39,7 @@ profile kconf_update @{exec_path} { owner @{user_config_dirs}/kdeglobals* rwl, owner /tmp/#@{int} rw, - owner /tmp/kconf_update.?????? rw, + owner /tmp/kconf_update.@{rand6} rw, include if exists } diff --git a/apparmor.d/groups/kde/kded5 b/apparmor.d/groups/kde/kded5 index dae61f09a..8d95e16e4 100644 --- a/apparmor.d/groups/kde/kded5 +++ b/apparmor.d/groups/kde/kded5 @@ -98,7 +98,7 @@ profile kded5 @{exec_path} { owner @{run}/user/@{uid}/#@{int} rw, owner @{run}/user/@{uid}/kded5*kioworker.socket rwl, - owner /tmp/plasma-csd-generator.??????/{,**} rw, + owner /tmp/plasma-csd-generator.@{rand6}/{,**} rw, @{PROC}/@{pids}/cmdline/ r, @{PROC}/@{pids}/fd/ r, diff --git a/apparmor.d/groups/kde/kioslave5 b/apparmor.d/groups/kde/kioslave5 index 6d1df7ac9..266bbfa56 100644 --- a/apparmor.d/groups/kde/kioslave5 +++ b/apparmor.d/groups/kde/kioslave5 @@ -59,7 +59,7 @@ profile kioslave5 @{exec_path} { owner @{run}/user/@{uid}/#@{int} rw, owner @{run}/user/@{uid}/kio_desktop*kioworker.socket rwl, - owner @{run}/user/@{uid}/xauth_* rl, + owner @{run}/user/@{uid}/xauth_@{rand6} rl, @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/mountinfo r, @@ -68,4 +68,4 @@ profile kioslave5 @{exec_path} { /dev/tty r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/kde/kscreenlocker-greet b/apparmor.d/groups/kde/kscreenlocker-greet index 8b260dcde..50154708b 100644 --- a/apparmor.d/groups/kde/kscreenlocker-greet +++ b/apparmor.d/groups/kde/kscreenlocker-greet @@ -71,7 +71,7 @@ profile kscreenlocker-greet @{exec_path} { owner @{user_cache_dirs}/plasma_theme_*.kcache rw, owner @{user_cache_dirs}/plasma-svgelements-default_v* r, owner @{user_cache_dirs}/plasma-svgelements.lock rwk, - owner @{user_cache_dirs}/plasma-svgelements{,.??????} rwl, + owner @{user_cache_dirs}/plasma-svgelements{,.@{rand6}} rwl, owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/@{hex} rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{int}, owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{int} rw, owner @{user_cache_dirs}/qtshadercache/ rw, diff --git a/apparmor.d/groups/kde/ksmserver b/apparmor.d/groups/kde/ksmserver index bdb16c943..dc3e45174 100644 --- a/apparmor.d/groups/kde/ksmserver +++ b/apparmor.d/groups/kde/ksmserver @@ -44,7 +44,7 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) { /etc/xdg/kwinrc r, /etc/xdg/menus/ r, - owner @{HOME}/?????? rw, + owner @{HOME}/@{rand6} rw, owner @{HOME}/.Xauthority rw, owner @{user_cache_dirs}/#@{int} rw, @@ -56,18 +56,18 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) { owner @{user_config_dirs}/kdedefaults/* r, owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kscreenlockerrc r, - owner @{user_config_dirs}/ksmserverrc.?????? rwl, + owner @{user_config_dirs}/ksmserverrc.@{rand6} rwl, owner @{user_config_dirs}/ksmserverrc r, owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/ksmserverrc.lock rwk, owner @{user_config_dirs}/kwinrc r, owner @{user_config_dirs}/session/*_[0-9]*_[0-9]*_[0-9]* rw, - owner /tmp/?????? rw, + owner /tmp/@{rand6} rw, @{run}/systemd/inhibit/[0-9]*.ref rw, owner @{run}/user/@{uid}/KSMserver__[0-9] rw, - owner @{run}/user/@{uid}/xauth_* rl, + owner @{run}/user/@{uid}/xauth_@{rand6} rl, @{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r, diff --git a/apparmor.d/groups/kde/kwalletd5 b/apparmor.d/groups/kde/kwalletd5 index eb1c16ccc..353259ec6 100644 --- a/apparmor.d/groups/kde/kwalletd5 +++ b/apparmor.d/groups/kde/kwalletd5 @@ -60,7 +60,7 @@ profile kwalletd5 @{exec_path} { owner @{user_share_dirs}/kwalletd/#@{int} rw, owner /tmp/kwalletd5.* rw, - owner /tmp/runtime-*/xauth_?????? r, + owner /tmp/runtime-*/xauth_@{rand6} r, @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/cmdline r, diff --git a/apparmor.d/groups/kde/kwin_x11 b/apparmor.d/groups/kde/kwin_x11 index ad15ffecc..f5664c40f 100644 --- a/apparmor.d/groups/kde/kwin_x11 +++ b/apparmor.d/groups/kde/kwin_x11 @@ -53,7 +53,7 @@ profile kwin_x11 @{exec_path} { owner @{user_cache_dirs}/plasmarc r, owner @{user_cache_dirs}/plasma_theme_*.kcache rw, owner @{user_cache_dirs}/plasma-svgelements.lock rwk, - owner @{user_cache_dirs}/plasma-svgelements{,.??????} rwl, + owner @{user_cache_dirs}/plasma-svgelements{,.@{rand6}} rwl, owner @{user_cache_dirs}/qtshadercache-*/@{hex} r, owner @{user_cache_dirs}/session/#@{int} rw, @@ -62,17 +62,17 @@ profile kwin_x11 @{exec_path} { owner @{user_config_dirs}/kdedefaults/* r, owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwinrc.lock rwk, - owner @{user_config_dirs}/kwinrc{,.??????} rwl, + owner @{user_config_dirs}/kwinrc{,.@{rand6}} rwl, owner @{user_config_dirs}/kwinrulesrc r, owner @{user_config_dirs}/kxkbrc r, owner @{user_config_dirs}/session/kwin_* rwk, owner @{user_config_dirs}/plasmarc r, owner /tmp/#@{int} rw, - owner /tmp/kwin.?????? rwl, + owner /tmp/kwin.@{rand6} rwl, owner @{run}/user/@{uid}/kcrash_[0-9]* rw, - owner @{run}/user/@{uid}/xauth_* rl, + owner @{run}/user/@{uid}/xauth_@{rand6} rl, @{sys}/devices/system/node/ r, @{sys}/devices/system/node/node[0-9]*/meminfo r, diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell index e3462f963..8ab58dec9 100644 --- a/apparmor.d/groups/kde/plasmashell +++ b/apparmor.d/groups/kde/plasmashell @@ -97,7 +97,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { owner @{user_cache_dirs}/ksycoca5_* rl, owner @{user_cache_dirs}/org.kde.dirmodel-qml.kcache rw, owner @{user_cache_dirs}/plasma_theme_*.kcache rw, - owner @{user_cache_dirs}/plasma-svgelements.?????? rwlk, + owner @{user_cache_dirs}/plasma-svgelements.@{rand6} rwlk, owner @{user_cache_dirs}/plasma-svgelements.lock rwk, owner @{user_cache_dirs}/plasma-svgelements* rwl, owner @{user_cache_dirs}/plasmashell/qmlcache/{,**} rwl, @@ -138,7 +138,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { owner @{user_share_dirs}/kpeople/persondb rwk, owner @{user_share_dirs}/kpeoplevcard/ r, owner @{user_share_dirs}/krunnerstaterc rwl, - owner @{user_share_dirs}/krunnerstaterc.?????? rwl, + owner @{user_share_dirs}/krunnerstaterc.@{rand6} rwl, owner @{user_share_dirs}/krunnerstaterc.lock rwk, owner @{user_share_dirs}/ktp/cache.db rwk, owner @{user_share_dirs}/plasma_icons/*.desktop r, @@ -147,7 +147,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { owner @{run}/user/@{uid}/#@{int} rw, owner @{run}/user/@{uid}/kdesud_:1 w, - owner @{run}/user/@{uid}/plasmashell??????.[0-9].kioworker.socket rwl, + owner @{run}/user/@{uid}/plasmashell@{rand6}.[0-9].kioworker.socket rwl, owner @{run}/user/@{uid}/gvfs/ r, owner @{run}/user/@{uid}/pulse/ rw, diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm index 0b19800ff..10d07f06c 100644 --- a/apparmor.d/groups/kde/sddm +++ b/apparmor.d/groups/kde/sddm @@ -125,14 +125,14 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { owner /tmp/*/{,s} rw, owner /tmp/#@{int} rw, owner /tmp/sddm-auth* rw, - owner /tmp/xauth_?????? rw, + owner /tmp/xauth_@{rand6} rw, @{run}/faillock/[a-zA-z0-9]* rwk, @{run}/sddm.pid rw, @{run}/sddm/\{@{uuid}\} rw, - @{run}/sddm/xauth_?????? rwl, + @{run}/sddm/xauth_@{rand6} rwl, @{run}/systemd/sessions/*.ref rw, - @{run}/user/@{uid}/xauth_?????? rwl, + @{run}/user/@{uid}/xauth_@{rand6} rwl, owner @{run}/sddm/ rw, owner @{run}/user/@{uid}/#@{int} rw, owner @{run}/user/@{uid}/kwallet5.socket rw, diff --git a/apparmor.d/groups/kde/sddm-greeter b/apparmor.d/groups/kde/sddm-greeter index a25bfce78..f0422f50e 100644 --- a/apparmor.d/groups/kde/sddm-greeter +++ b/apparmor.d/groups/kde/sddm-greeter @@ -68,7 +68,7 @@ profile sddm-greeter @{exec_path} { owner @{HOME}/.glvnd* mrw, owner /tmp/runtime-sddm/ rw, - owner /tmp/xauth_?????? rw, + owner /tmp/xauth_@{rand6} rw, owner @{run}/sddm/{,*} rw, diff --git a/apparmor.d/groups/kde/startplasma-x11 b/apparmor.d/groups/kde/startplasma-x11 index 97fb992ec..c49afa2e1 100644 --- a/apparmor.d/groups/kde/startplasma-x11 +++ b/apparmor.d/groups/kde/startplasma-x11 @@ -63,9 +63,9 @@ profile startplasma-x11 @{exec_path} { owner @{user_share_dirs}/sddm/xorg-session.log rw, owner /tmp/#@{int} rw, - owner /tmp/startplasma-x11.?????? rwl, + owner /tmp/startplasma-x11.@{rand6} rwl, - @{run}/user/@{uid}/xauth_* rl, + @{run}/user/@{uid}/xauth_@{rand6} rl, @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/random/boot_id r, diff --git a/apparmor.d/groups/kde/xdm-xsession b/apparmor.d/groups/kde/xdm-xsession index 47e861485..37d04784f 100644 --- a/apparmor.d/groups/kde/xdm-xsession +++ b/apparmor.d/groups/kde/xdm-xsession @@ -82,7 +82,7 @@ profile xdm-xsession @{exec_path} { owner @{run}/user/@{uid}/gnupg/private-keys-v1.d/@{hex}.key rw, owner @{run}/user/@{uid}/gnupg/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw, owner @{run}/user/@{uid}/gnupg/sshcontrol r, - @{run}/user/@{uid}/xauth_* rl, + @{run}/user/@{uid}/xauth_@{rand6} rl, owner /tmp/ssh-*/ rw, owner /tmp/ssh-*/agent.* rw, @@ -106,4 +106,4 @@ profile xdm-xsession @{exec_path} { } include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/kde/xembedsniproxy b/apparmor.d/groups/kde/xembedsniproxy index f1aebfa34..1479d5751 100644 --- a/apparmor.d/groups/kde/xembedsniproxy +++ b/apparmor.d/groups/kde/xembedsniproxy @@ -17,7 +17,7 @@ profile xembedsniproxy @{exec_path} { /usr/share/hwdata/*.ids r, /usr/share/icu/[0-9]*.[0-9]*/*.dat r, - @{run}/user/@{uid}/xauth_* rl, + @{run}/user/@{uid}/xauth_@{rand6} rl, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/kde/xsettingsd b/apparmor.d/groups/kde/xsettingsd index c02941c78..8418025aa 100644 --- a/apparmor.d/groups/kde/xsettingsd +++ b/apparmor.d/groups/kde/xsettingsd @@ -16,7 +16,7 @@ profile xsettingsd @{exec_path} { owner @{user_config_dirs}/xsettingsd/{,**} rw, - owner @{run}/user/@{uid}/xauth_* rl, + owner @{run}/user/@{uid}/xauth_@{rand6} rl, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/pacman/pacman-hook-code b/apparmor.d/groups/pacman/pacman-hook-code index e98726173..ad3a72f1d 100644 --- a/apparmor.d/groups/pacman/pacman-hook-code +++ b/apparmor.d/groups/pacman/pacman-hook-code @@ -20,7 +20,7 @@ profile pacman-hook-code @{exec_path} { @{bin}/sed rix, @{lib}/code/product.json rw, - @{lib}/code/sed?????? rw, + @{lib}/code/sed@{rand6} rw, /dev/tty rw, diff --git a/apparmor.d/groups/systemd/systemd-hostnamed b/apparmor.d/groups/systemd/systemd-hostnamed index 9288266fa..a3ea57681 100644 --- a/apparmor.d/groups/systemd/systemd-hostnamed +++ b/apparmor.d/groups/systemd/systemd-hostnamed @@ -42,7 +42,7 @@ profile systemd-hostnamed @{exec_path} flags=(attach_disconnected) { @{etc_rw}/.#hostname* rw, @{etc_rw}/hostname rw, - /etc/.#machine-info?????? rw, + /etc/.#machine-info@{rand6} rw, /etc/machine-info rw, @{run}/systemd/default-hostname rw, diff --git a/apparmor.d/groups/systemd/systemd-remount-fs b/apparmor.d/groups/systemd/systemd-remount-fs index 0067eff3e..b11fa2d84 100644 --- a/apparmor.d/groups/systemd/systemd-remount-fs +++ b/apparmor.d/groups/systemd/systemd-remount-fs @@ -27,7 +27,7 @@ profile systemd-remount-fs @{exec_path} { @{run}/host/container-manager r, @{run}/mount/utab rw, - @{run}/mount/utab.?????? rw, + @{run}/mount/utab.@{rand6} rw, @{run}/mount/utab.lock rwk, @{PROC}/ r, diff --git a/apparmor.d/profiles-a-f/engrampa b/apparmor.d/profiles-a-f/engrampa index 9662ff320..43d3c185c 100644 --- a/apparmor.d/profiles-a-f/engrampa +++ b/apparmor.d/profiles-a-f/engrampa @@ -118,7 +118,7 @@ profile engrampa @{exec_path} { owner @{user_config_dirs}/ r, owner @{user_config_dirs}/engrampa/ rw, - owner @{user_config_dirs}/mimeapps.list{,.*} rw, + owner @{user_config_dirs}/mimeapps.list{,.@{rand6}} rw, owner @{user_share_dirs}/ r, diff --git a/apparmor.d/profiles-a-f/exo-helper b/apparmor.d/profiles-a-f/exo-helper index 5953d17f2..fcf7d7953 100644 --- a/apparmor.d/profiles-a-f/exo-helper +++ b/apparmor.d/profiles-a-f/exo-helper @@ -36,7 +36,7 @@ profile exo-helper @{exec_path} { owner @{user_share_dirs}/xfce4/helpers/*.desktop rw, owner @{user_share_dirs}/xfce4/helpers/*.desktop.@{pid}.tmp rw, - owner @{user_config_dirs}/mimeapps.list{,.*} rw, + owner @{user_config_dirs}/mimeapps.list{,.@{rand6}} rw, # Some missing icons /usr/share/**.png r, diff --git a/apparmor.d/profiles-g-l/gajim b/apparmor.d/profiles-g-l/gajim index 971c6ca66..777413384 100644 --- a/apparmor.d/profiles-g-l/gajim +++ b/apparmor.d/profiles-g-l/gajim @@ -73,7 +73,7 @@ profile gajim @{exec_path} { owner @{user_cache_dirs}/gajim/** rwk, owner @{user_cache_dirs}/farstream/ rw, - owner @{user_cache_dirs}/farstream/codecs.audio.x86_64.cache{,.tmp*} rw, + owner @{user_cache_dirs}/farstream/codecs.audio.x86_64.cache{,.tmp@{rand6}} rw, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-g-l/labwc b/apparmor.d/profiles-g-l/labwc index 8c62faac0..3e399fdfd 100644 --- a/apparmor.d/profiles-g-l/labwc +++ b/apparmor.d/profiles-g-l/labwc @@ -58,7 +58,7 @@ profile labwc @{exec_path} flags=(attach_disconnected) { @{run}/systemd/sessions/* r, @{run}/systemd/seats/seat[0-9]* r, - @{run}/user/@{uid}/wayland-[0-9].lock k, + @{run}/user/@{uid}/wayland-@{int}.lock k, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/profiles-m-r/packagekitd b/apparmor.d/profiles-m-r/packagekitd index e72e96fab..f763abdd6 100644 --- a/apparmor.d/profiles-m-r/packagekitd +++ b/apparmor.d/profiles-m-r/packagekitd @@ -173,4 +173,4 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) { } include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/profiles-m-r/pam/mappings b/apparmor.d/profiles-m-r/pam/mappings index ee9eb17cb..8f81c72aa 100644 --- a/apparmor.d/profiles-m-r/pam/mappings +++ b/apparmor.d/profiles-m-r/pam/mappings @@ -20,7 +20,7 @@ capability setuid, /etc/default/su r, @{etc_ro}/environment r, - @{HOMEDIRS}/.xauth* w, + @{HOMEDIRS}/.xauth@{rand6} w, @{bin}/{,b,d,rb}ash Px -> default_user, @{bin}/{c,k,tc,z}sh Px -> default_user, } @@ -42,7 +42,7 @@ /etc/default/su r, @{etc_ro}/environment r, - @{HOMEDIRS}/.xauth* w, + @{HOMEDIRS}/.xauth@{rand6} w, } @@ -64,6 +64,6 @@ /etc/default/su r, @{etc_ro}/environment r, - @{HOMEDIRS}/.xauth* w, + @{HOMEDIRS}/.xauth@{rand6} w, } diff --git a/apparmor.d/profiles-s-z/strawberry-tagreader b/apparmor.d/profiles-s-z/strawberry-tagreader index 2b23d8ed7..229dad80c 100644 --- a/apparmor.d/profiles-s-z/strawberry-tagreader +++ b/apparmor.d/profiles-s-z/strawberry-tagreader @@ -25,7 +25,7 @@ profile strawberry-tagreader @{exec_path} { # file_inherit owner @{HOME}/.xsession-errors w, owner @{HOME}/.anyRemote/anyremote.stdout w, - owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, + owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp@{rand6}} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/su b/apparmor.d/profiles-s-z/su index 0985699f0..d3bbbc3ad 100644 --- a/apparmor.d/profiles-s-z/su +++ b/apparmor.d/profiles-s-z/su @@ -53,7 +53,7 @@ profile su @{exec_path} { /etc/default/locale r, /etc/shells r, - owner @{HOME}/.xauth?????? rw, + owner @{HOME}/.xauth@{rand6} rw, owner @{PROC}/@{pids}/loginuid r, owner @{PROC}/@{pids}/cgroup r, diff --git a/apparmor.d/profiles-s-z/xauth b/apparmor.d/profiles-s-z/xauth index 730384864..cba9de0fd 100644 --- a/apparmor.d/profiles-s-z/xauth +++ b/apparmor.d/profiles-s-z/xauth @@ -16,10 +16,10 @@ profile xauth @{exec_path} { /Xauthority-c w, - owner @{HOME}/.xauth?????? rw, - owner @{HOME}/.xauth??????-c w, - owner @{HOME}/.xauth??????-l wl, - owner @{HOME}/.xauth??????-n rw, + owner @{HOME}/.xauth@{rand6} rw, + owner @{HOME}/.xauth@{rand6}-c w, + owner @{HOME}/.xauth@{rand6}-l wl, + owner @{HOME}/.xauth@{rand6}-n rw, owner @{HOME}/.Xauthority-c w, owner @{HOME}/.Xauthority-l wl -> @{HOME}/.Xauthority-c, @@ -31,11 +31,11 @@ profile xauth @{exec_path} { owner /tmp/serverauth.*-n rw, owner /tmp/serverauth.* rwl -> /tmp/serverauth.*-n, - owner /tmp/runtime-*/xauth_?????? r, + owner /tmp/runtime-*/xauth_@{rand6} r, - owner @{run}/user/@{uid}/xauth_?????? rw, - owner @{run}/user/@{uid}/xauth_??????-c w, - owner @{run}/user/@{uid}/xauth_??????-l wl, + owner @{run}/user/@{uid}/xauth_@{rand6} rw, + owner @{run}/user/@{uid}/xauth_@{rand6}-c w, + owner @{run}/user/@{uid}/xauth_@{rand6}-l wl, include if exists } diff --git a/apparmor.d/profiles-s-z/yadifad b/apparmor.d/profiles-s-z/yadifad index a80a44f39..7b0f88700 100644 --- a/apparmor.d/profiles-s-z/yadifad +++ b/apparmor.d/profiles-s-z/yadifad @@ -24,15 +24,15 @@ profile yadifad @{exec_path} { /etc/yadifa/yadifad.conf r, /var/lib/yadifa/** r, - owner /var/lib/yadifa/ydf.?????? rw, - owner /var/lib/yadifa/keys/ydf.?????? rw, - owner /var/lib/yadifa/xfr/ydf.?????? rw, + owner /var/lib/yadifa/ydf.@{rand6} rw, + owner /var/lib/yadifa/keys/ydf.@{rand6} rw, + owner /var/lib/yadifa/xfr/ydf.@{rand6} rw, /var/log/yadifa/*.log rw, - /var/log/yadifa/ydf.?????? rw, + /var/log/yadifa/ydf.@{rand6} rw, owner @{run}/yadifa/yadifad.pid rwk, - owner @{run}/yadifa/ydf.?????? rw, + owner @{run}/yadifa/ydf.@{rand6} rw, include if exists }