feat(profiles): define more xdg variables.

2022-06-26 17:32:12 +01:00 · 2022-06-26 17:32:12 +01:00 · e087349662
commit e087349662
parent b3a28da5e5
35 changed files with 103 additions and 128 deletions
--- a/apparmor.d/profiles-m-r/man
+++ b/apparmor.d/profiles-m-r/man
@ -97,10 +97,9 @@ profile man_filter {
  # do is feed data to the invoking man process.
        /usr/** r,
  owner @{HOME}/@{XDG_DATA_HOME}/** r,
-  owner @{HOME}/@{XDG_PROJECTS_DIR}/** r,
+  owner @{user_projects_dirs}/** r,
  owner @{user_cache_dirs}/** r,
  owner @{MOUNTS}/*/@{XDG_DATA_HOME}/** r,
-  owner @{MOUNTS}/*/@{XDG_PROJECTS_DIR}/** r,

  /var/cache/man/** w,
 }
--- a/apparmor.d/profiles-m-r/minitube
+++ b/apparmor.d/profiles-m-r/minitube
@ -41,7 +41,7 @@ profile minitube @{exec_path} {
  owner "@{user_share_dirs}/Flavio Tordini/Minitube/*" rwk,

  # Snapshot
-  owner @{HOME}/@{XDG_PICTURES_DIR}/*.png rw,
+  owner @{user_pictures_dirs}/*.png rw,
  owner @{HOME}/vlcsnap-.png rw,

  /usr/share/minitube/{,**} r,
--- a/apparmor.d/profiles-m-r/ntfscp
+++ b/apparmor.d/profiles-m-r/ntfscp
@ -17,10 +17,10 @@ profile ntfscp @{exec_path} {

  # For writing files owned by users other than root, since ntfscp has to be started as root.
  capability dac_read_search,
-  @{HOME}/@{XDG_DOWNLOAD_DIR}/ r,
-  @{HOME}/@{XDG_DOWNLOAD_DIR}/** rwl -> @{HOME}/@{XDG_DOWNLOAD_DIR}/**,
  @{HOME}/@{XDG_DESKTOP_DIR}/ r,
-  @{HOME}/@{XDG_DESKTOP_DIR}/** rwl -> @{HOME}/@{XDG_DESKTOP_DIR}/**,
+  @{HOME}/@{XDG_DESKTOP_DIR}/** rwkl -> @{HOME}/@{XDG_DESKTOP_DIR}/**,
+  @{user_download_dirs}/ r,
+  @{user_download_dirs}/** rwkl -> @{user_download_dirs}/**,

  owner @{PROC}/@{pid}/mounts r,

--- a/apparmor.d/profiles-m-r/pass
+++ b/apparmor.d/profiles-m-r/pass
@ -56,7 +56,7 @@ profile pass @{exec_path} {
  /usr/share/terminfo/x/xterm-256color r,

  owner @{HOME}/.password-store/{,**} rw,
-  owner @{HOME}/@{XDG_PROJECTS_DIR}/**/*-store/{,**} rw,
+  owner @{user_projects_dirs}/**/*-store/{,**} rw,
  owner @{user_config_dirs}/password-store/{,**} rw,
  owner /dev/shm/pass.*/{,*} rw,

@ -84,7 +84,7 @@ profile pass @{exec_path} {
    owner @{HOME}/.viminfo{,.tmp} rw,

    owner @{HOME}/.password-store/ r,
-    owner @{HOME}/@{XDG_PROJECTS_DIR}/**/*-store/ r,
+    owner @{user_projects_dirs}/**/*-store/ r,
    owner @{user_config_dirs}/password-store/ r,

    owner @{user_cache_dirs}/vim/{,**} rw,
@ -118,8 +118,8 @@ profile pass @{exec_path} {

    owner @{HOME}/.password-store/   rw,
    owner @{HOME}/.password-store/** rwkl -> @{HOME}/.password-store/**,
-    owner @{HOME}/@{XDG_PROJECTS_DIR}/**/*-store/   rw,
-    owner @{HOME}/@{XDG_PROJECTS_DIR}/**/*-store/** rwkl -> @{HOME}/@{XDG_PROJECTS_DIR}/**/*-store/**,
+    owner @{user_projects_dirs}/**/*-store/   rw,
+    owner @{user_projects_dirs}/**/*-store/** rwkl -> @{user_projects_dirs}/**/*-store/**,
    owner @{user_config_dirs}/password-store/   rw,
    owner @{user_config_dirs}/password-store/** rwkl -> @{user_config_dirs}/password-store/**,

--- a/apparmor.d/profiles-m-r/pass-import
+++ b/apparmor.d/profiles-m-r/pass-import
@ -27,7 +27,7 @@ profile pass-import @{exec_path} {
  /usr/share/file/misc/magic.mgc r,

  owner @{HOME}/.password-store/{,**} rw,
-  owner @{HOME}/@{XDG_PROJECTS_DIR}/**/*-store/{,**} rw,
+  owner @{user_projects_dirs}/**/*-store/{,**} rw,
  owner @{user_config_dirs}/password-store/{,**} rw,

  owner /tmp/[a-zA-Z0-9]* rw,
--- a/apparmor.d/profiles-m-r/qbittorrent
+++ b/apparmor.d/profiles-m-r/qbittorrent
@ -7,8 +7,6 @@ abi <abi/3.0>,

 include <tunables/global>

-@{TORRENT_DIR} = @{MOUNTS}/torrent
-
@{exec_path} = /{usr/,}bin/qbittorrent
 profile qbittorrent @{exec_path} {
  include <abstractions/base>
@ -71,10 +69,8 @@ profile qbittorrent @{exec_path} {
  /usr/share/qt5ct/** r,

  # Torrent files
-        @{MOUNTS}/ r,
-  owner @{MOUNTS}/*/ r,
-  owner @{TORRENT_DIR}/ r,
-  owner @{TORRENT_DIR}/** rw,
+  owner @{user_torrents_dirs}/ r,
+  owner @{user_torrents_dirs}/** rw,

  # GeoIP settings
  /usr/share/GeoIP/GeoIP.dat r,
--- a/apparmor.d/profiles-m-r/qbittorrent-nox
+++ b/apparmor.d/profiles-m-r/qbittorrent-nox
@ -6,8 +6,6 @@ abi <abi/3.0>,

 include <tunables/global>

-@{TORRENT_DIR} = @{MOUNTS}/*/torrent
-
@{exec_path} = /{usr/,}bin/qbittorrent-nox
 profile qbittorrent-nox @{exec_path} {
  include <abstractions/base>
@ -38,10 +36,8 @@ profile qbittorrent-nox @{exec_path} {
  owner @{user_cache_dirs}/qBittorrent/{,**} rw,

  # Torrent files
-        @{MOUNTS}/ r,
-  owner @{MOUNTS}/*/ r,
-  owner @{TORRENT_DIR}/ r,
-  owner @{TORRENT_DIR}/** rw,
+  owner @{user_torrents_dirs}/ r,
+  owner @{user_torrents_dirs}/** rw,

  /dev/disk/by-label/ r,