From d9ca201519ddd361987860efccf95babbe24163c Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sat, 20 Jul 2024 13:20:45 +0100 Subject: [PATCH] feat(profile): cleanup handling of gnome session. --- apparmor.d/groups/gnome/gdm-prime-defaut | 18 ++++++++++++++++++ apparmor.d/groups/gnome/gdm-session | 9 +-------- apparmor.d/groups/gnome/gnome-control-center | 5 +---- apparmor.d/groups/gnome/gnome-session-binary | 5 +---- 4 files changed, 21 insertions(+), 16 deletions(-) create mode 100644 apparmor.d/groups/gnome/gdm-prime-defaut diff --git a/apparmor.d/groups/gnome/gdm-prime-defaut b/apparmor.d/groups/gnome/gdm-prime-defaut new file mode 100644 index 000000000..5e4e02b6f --- /dev/null +++ b/apparmor.d/groups/gnome/gdm-prime-defaut @@ -0,0 +1,18 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = /etc/gdm{3,}/{Init,Prime}/Default +profile gdm-defaut @{exec_path} flags=(complain) { + include + + @{exec_path} mr, + + include if exists +} + +# vim:syntax=apparmor diff --git a/apparmor.d/groups/gnome/gdm-session b/apparmor.d/groups/gnome/gdm-session index d889a708a..da99a23db 100644 --- a/apparmor.d/groups/gnome/gdm-session +++ b/apparmor.d/groups/gnome/gdm-session @@ -34,21 +34,14 @@ profile gdm-session @{exec_path} { # only: xorg @{bin}/Xorg rPx, - /etc/gdm{3,}/Prime/Default rix, + /etc/gdm{3,}/Prime/Default rPx, /etc/gdm{3,}/Xsession rPx, /usr/share/gdm{3,}/gdm.schemas r, - /etc/default/locale r, /etc/gdm{3,}/custom.conf r, /etc/gdm{3,}/daemon.conf r, - /etc/locale.conf r, - /etc/sysconfig/console r, /etc/sysconfig/displaymanager r, - /etc/sysconfig/language r, - /etc/sysconfig/mail r, - /etc/sysconfig/proxy r, - /etc/sysconfig/windowmanager r, owner @{gdm_cache_dirs}/gdm/ rw, owner @{gdm_cache_dirs}/gdm/Xauthority rw, diff --git a/apparmor.d/groups/gnome/gnome-control-center b/apparmor.d/groups/gnome/gnome-control-center index c1802c0a5..7643844c5 100644 --- a/apparmor.d/groups/gnome/gnome-control-center +++ b/apparmor.d/groups/gnome/gnome-control-center @@ -37,9 +37,6 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) { unix (send, receive, connect) type=stream peer=(addr="@/home/*/.cache/ibus/dbus-????????", label=ibus-daemon), - dbus bus=session, - dbus bus=system, - #aa:dbus own bus=session name=org.gnome.Settings #aa:dbus talk bus=session name=org.gnome.Mutter label=gnome-shell @@ -68,7 +65,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) { @{bin}/pkexec rCx -> pkexec, @{bin}/software-properties-gtk rPx, @{bin}/usermod rPx, - @{lib}/{,@{multiarch}/}webkit{2,}gtk-*/WebKitNetworkProcess rPx, + @{lib}/{,@{multiarch}/}webkit{2,}gtk-*/WebKitNetworkProcess rix, @{lib}/cups/backend/snmp rPx, @{lib}/gnome-control-center-goa-helper rPx, @{lib}/gnome-control-center-print-renderer rPx, diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary index c53f26eb2..962897ea8 100644 --- a/apparmor.d/groups/gnome/gnome-session-binary +++ b/apparmor.d/groups/gnome/gnome-session-binary @@ -51,10 +51,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, @{sh_path} rix, - @{bin}/dbus-daemon rPx -> dbus-session, - @{bin}/env rix, - @{bin}/gnome-session rPx, - @{bin}/gnome-shell rPx, + @{bin}/tput rix, @{bin}/session-migration rPx, @{lib}/gnome-session-check-accelerated rix,