diff --git a/apparmor.d/abstractions/X-strict b/apparmor.d/abstractions/X-strict index a2922b40a..0998bbb44 100644 --- a/apparmor.d/abstractions/X-strict +++ b/apparmor.d/abstractions/X-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # The unix socket to use to connect to the display unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"), @@ -30,3 +29,5 @@ owner @{run}/user/@{uid}/xauth_@{rand6} rl -> @{run}/user/@{uid}/#@{int}, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/X.d/complete b/apparmor.d/abstractions/X.d/complete index 533a132b9..8a6636664 100644 --- a/apparmor.d/abstractions/X.d/complete +++ b/apparmor.d/abstractions/X.d/complete @@ -2,7 +2,8 @@ # Copyright (C) 2020-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Available Xsessions /usr/share/xsessions/{,*.desktop} r, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/app-launcher-root b/apparmor.d/abstractions/app-launcher-root index 0f5bf70eb..c31d328fb 100644 --- a/apparmor.d/abstractions/app-launcher-root +++ b/apparmor.d/abstractions/app-launcher-root @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{bin}/* PUx, /usr/local/{s,}bin/* PUx, @@ -12,4 +11,6 @@ /usr/ r, /usr/local/{s,}bin/ r, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/app-launcher-user b/apparmor.d/abstractions/app-launcher-user index 062cd0967..5e7c50824 100644 --- a/apparmor.d/abstractions/app-launcher-user +++ b/apparmor.d/abstractions/app-launcher-user @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{bin}/* PUx, /opt/*/** PUx, @@ -22,4 +21,6 @@ /usr/ r, /usr/local/bin/ r, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/app-open b/apparmor.d/abstractions/app-open index 827722575..513924de6 100644 --- a/apparmor.d/abstractions/app-open +++ b/apparmor.d/abstractions/app-open @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Instead of allowing the run of all software in @{bin}/, @{lib} the purpose of # this abstraction is to list all GUI program that can open resources. @@ -52,3 +51,5 @@ include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/app/chromium b/apparmor.d/abstractions/app/chromium index c69e893ea..41bbab892 100644 --- a/apparmor.d/abstractions/app/chromium +++ b/apparmor.d/abstractions/app/chromium @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Full set of rules for all chromium based browsers. It works as a *function* # and requires some variables to be provided as *arguments* and set in the @@ -210,3 +209,5 @@ deny @{user_share_dirs}/gvfs-metadata/* r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/app/editor b/apparmor.d/abstractions/app/editor index 1ec287505..f0972f3e7 100644 --- a/apparmor.d/abstractions/app/editor +++ b/apparmor.d/abstractions/app/editor @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Zane Zakraisek # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include @@ -27,3 +26,5 @@ owner @{user_config_dirs}/vim/{,**} r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/app/firefox b/apparmor.d/abstractions/app/firefox index 4bb1311b7..bf86f419c 100644 --- a/apparmor.d/abstractions/app/firefox +++ b/apparmor.d/abstractions/app/firefox @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Full set of rules for all firefox based browsers. It works as a *function* # and requires some variables to be provided as *arguments* and set in the @@ -159,3 +158,5 @@ deny @{run}/user/@{uid}/gnome-shell-disable-extensions w, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/app/open b/apparmor.d/abstractions/app/open index b68c979d0..f93a1c444 100644 --- a/apparmor.d/abstractions/app/open +++ b/apparmor.d/abstractions/app/open @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Full set of rules for child-open-* profiles. @@ -14,3 +13,5 @@ /dev/tty rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/app/pgrep b/apparmor.d/abstractions/app/pgrep index 9d722ee42..4bab75387 100644 --- a/apparmor.d/abstractions/app/pgrep +++ b/apparmor.d/abstractions/app/pgrep @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Minimal set of rules for pgrep. @@ -24,3 +23,5 @@ @{PROC}/uptime r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/app/sudo b/apparmor.d/abstractions/app/sudo index 6529f5bcb..6fba1adfd 100644 --- a/apparmor.d/abstractions/app/sudo +++ b/apparmor.d/abstractions/app/sudo @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Minimal set of rules for sudo. Interactive sudo need more rules. @@ -69,3 +68,5 @@ deny @{user_share_dirs}/gvfs-metadata/* r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/app/systemctl b/apparmor.d/abstractions/app/systemctl index e486670c0..62b4aafdf 100644 --- a/apparmor.d/abstractions/app/systemctl +++ b/apparmor.d/abstractions/app/systemctl @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include include @@ -27,3 +26,5 @@ owner @{PROC}/@{pid}/stat r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/audio-client b/apparmor.d/abstractions/audio-client index 1733cdbe0..ca4a8e16c 100644 --- a/apparmor.d/abstractions/audio-client +++ b/apparmor.d/abstractions/audio-client @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Most programs do not need access to audio devices, audio-client only includes # configuration files to be used by client applications. @@ -59,3 +58,5 @@ owner /dev/shm/pulse-shm-@{int} rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/audio-server b/apparmor.d/abstractions/audio-server index cfb6804e3..619ba1111 100644 --- a/apparmor.d/abstractions/audio-server +++ b/apparmor.d/abstractions/audio-server @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Provide access to audio devices. It should only be used by audio servers that # need direct access to them. @@ -44,3 +43,5 @@ /dev/sound/* rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/audio.d/complete b/apparmor.d/abstractions/audio.d/complete index e115e1045..01d94e067 100644 --- a/apparmor.d/abstractions/audio.d/complete +++ b/apparmor.d/abstractions/audio.d/complete @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # PulseAudio module-ladspa-sink (plugin sc4m_1916) @{lib}/ladspa/ r, @@ -12,3 +11,5 @@ @{sys}/class/ r, @{sys}/class/sound/ r, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/authentication.d/complete b/apparmor.d/abstractions/authentication.d/complete index 831ad3df8..63819cc1b 100644 --- a/apparmor.d/abstractions/authentication.d/complete +++ b/apparmor.d/abstractions/authentication.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{bin}/pam-tmpdir-helper rPx, @@ -13,3 +12,4 @@ @{lib}/security-misc/pam-abort-on-locked-password rPx, @{lib}/security-misc/pam-info rPx, +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/base.d/complete b/apparmor.d/abstractions/base.d/complete index e0e9f7227..e9761b843 100644 --- a/apparmor.d/abstractions/base.d/complete +++ b/apparmor.d/abstractions/base.d/complete @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Allow to receive some signals from new well-known profiles signal (receive) peer=btop, @@ -30,3 +29,5 @@ @{PROC}/sys/kernel/core_pattern r, deny /apparmor/.null rw, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bash-strict b/apparmor.d/abstractions/bash-strict index e79dd7091..eb4f65230 100644 --- a/apparmor.d/abstractions/bash-strict +++ b/apparmor.d/abstractions/bash-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction is only required when an interactive shell is started. # Classic shell scripts do not need it. @@ -34,3 +33,5 @@ owner @{PROC}/@{pid}/mounts r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bash.d/complete b/apparmor.d/abstractions/bash.d/complete index 014535a31..6d16109de 100644 --- a/apparmor.d/abstractions/bash.d/complete +++ b/apparmor.d/abstractions/bash.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /usr/share/bash-completion/{,**} r, @@ -10,3 +9,5 @@ owner @{HOME}/.alias r, owner @{HOME}/.i18n r, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus-accessibility b/apparmor.d/abstractions/bus-accessibility index e38e6c223..f032f842b 100644 --- a/apparmor.d/abstractions/bus-accessibility +++ b/apparmor.d/abstractions/bus-accessibility @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=accessibility path=/org/freedesktop/DBus interface=org.freedesktop.DBus @@ -18,3 +17,5 @@ owner @{run}/user/@{uid}/at-spi/bus_@{int} rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus-session b/apparmor.d/abstractions/bus-session index ed64ad22e..d5ca957e8 100644 --- a/apparmor.d/abstractions/bus-session +++ b/apparmor.d/abstractions/bus-session @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor unix (bind, listen) type=stream addr="@/tmp/dbus-*", unix (connect, send, receive, accept) type=stream addr="@/tmp/dbus-*", @@ -26,3 +25,5 @@ owner @{run}/user/@{uid}/bus rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus-system b/apparmor.d/abstractions/bus-system index 9dbc80371..0148d0711 100644 --- a/apparmor.d/abstractions/bus-system +++ b/apparmor.d/abstractions/bus-system @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus @@ -16,3 +15,5 @@ @{run}/dbus/system_bus_socket rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry b/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry index 0f6953254..3eceb53ab 100644 --- a/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry +++ b/apparmor.d/abstractions/bus/com.canonical.Unity.LauncherEntry @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Access required for connecting to/communicating with the Unity Launcher @@ -21,3 +20,5 @@ peer=(name=:*, label=gnome-shell), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/com.canonical.dbusmenu b/apparmor.d/abstractions/bus/com.canonical.dbusmenu index e28a878a0..290a86de8 100644 --- a/apparmor.d/abstractions/bus/com.canonical.dbusmenu +++ b/apparmor.d/abstractions/bus/com.canonical.dbusmenu @@ -1,7 +1,8 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 b/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 index c6c5b5c5b..a8e3d52a5 100644 --- a/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 +++ b/apparmor.d/abstractions/bus/fi.w1.wpa_supplicant1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/fi/w1/wpa_supplicant1 interface=org.freedesktop.DBus.Properties @@ -49,3 +48,5 @@ peer=(name=:*, label=wpa-supplicant), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/net.hadess.PowerProfiles b/apparmor.d/abstractions/bus/net.hadess.PowerProfiles index 1e046af3a..b4032e033 100644 --- a/apparmor.d/abstractions/bus/net.hadess.PowerProfiles +++ b/apparmor.d/abstractions/bus/net.hadess.PowerProfiles @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/net/hadess/PowerProfiles interface=org.freedesktop.DBus.Properties @@ -9,3 +8,5 @@ peer=(name=:*, label=power-profiles-daemon), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl b/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl index 185117e4d..55e4f414d 100644 --- a/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl +++ b/apparmor.d/abstractions/bus/net.hadess.SwitcherooControl @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/net/hadess/SwitcherooControl interface=org.freedesktop.DBus.Properties @@ -9,3 +8,5 @@ peer=(name=:*, label=switcheroo-control), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/net.reactivated.Fprint b/apparmor.d/abstractions/bus/net.reactivated.Fprint index 2b0c63376..7e7b21565 100644 --- a/apparmor.d/abstractions/bus/net.reactivated.Fprint +++ b/apparmor.d/abstractions/bus/net.reactivated.Fprint @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/net/reactivated/Fprint/Manager interface=net.reactivated.Fprint.Manager @@ -19,3 +18,5 @@ peer=(name=net.reactivated.Fprint, label=fprintd), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.a11y b/apparmor.d/abstractions/bus/org.a11y index 306c2291d..5103361c9 100644 --- a/apparmor.d/abstractions/bus/org.a11y +++ b/apparmor.d/abstractions/bus/org.a11y @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Accessibility bus @@ -43,3 +42,5 @@ peer=(name=org.a11y.Bus), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.bluez b/apparmor.d/abstractions/bus/org.bluez index 3a53931e6..7c86817f5 100644 --- a/apparmor.d/abstractions/bus/org.bluez +++ b/apparmor.d/abstractions/bus/org.bluez @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus receive bus=system path=/ interface=org.freedesktop.DBus.ObjectManager @@ -44,3 +43,5 @@ peer=(name=org.bluez, label=bluetoothd), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Accounts b/apparmor.d/abstractions/bus/org.freedesktop.Accounts index b53276bbd..10a9e8fc0 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Accounts +++ b/apparmor.d/abstractions/bus/org.freedesktop.Accounts @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/Accounts interface=org.freedesktop.Accounts @@ -29,3 +28,5 @@ peer=(name=:*, label=accounts-daemon), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Avahi b/apparmor.d/abstractions/bus/org.freedesktop.Avahi index 82827f6bb..8b24700db 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Avahi +++ b/apparmor.d/abstractions/bus/org.freedesktop.Avahi @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/ interface=org.freedesktop.DBus.Peer @@ -24,3 +23,5 @@ peer=(name=:*, label=avahi-daemon), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ColorManager b/apparmor.d/abstractions/bus/org.freedesktop.ColorManager index e4ec4c47c..3950b77aa 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.ColorManager +++ b/apparmor.d/abstractions/bus/org.freedesktop.ColorManager @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/ColorManager interface=org.freedesktop.ColorManager @@ -24,3 +23,5 @@ peer=(name=:*, label=colord), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 b/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 index a25a1600c..b4e985b9e 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.FileManager1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/FileManager1 interface=org.freedesktop.DBus.Properties @@ -14,3 +13,5 @@ peer=(name=:*, label=nautilus), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 b/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 index 714ee8c22..836e99d94 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 +++ b/apparmor.d/abstractions/bus/org.freedesktop.GeoClue2 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/GeoClue2/Manager interface=org.freedesktop.DBus.Properties @@ -34,3 +33,5 @@ peer=(name=:*, label=geoclue), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 b/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 index 655d50d97..217b588a4 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.ModemManager1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/ModemManager1 interface=org.freedesktop.DBus.ObjectManager @@ -19,3 +18,5 @@ peer=(name=:*, label=ModemManager), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager b/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager index 6bed5af41..0fa92d3cc 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager +++ b/apparmor.d/abstractions/bus/org.freedesktop.NetworkManager @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop interface=org.freedesktop.DBus.ObjectManager @@ -74,3 +73,5 @@ peer=(name="{:*,org.freedesktop.NetworkManager}", label=NetworkManager), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Notifications b/apparmor.d/abstractions/bus/org.freedesktop.Notifications index c898fa710..90ee1aefc 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Notifications +++ b/apparmor.d/abstractions/bus/org.freedesktop.Notifications @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/Notifications interface=org.freedesktop.DBus.Properties @@ -24,3 +23,5 @@ peer=(name=org.freedesktop.DBus, label=gjs-console), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.PackageKit b/apparmor.d/abstractions/bus/org.freedesktop.PackageKit index 304546862..7cdd9a3ce 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.PackageKit +++ b/apparmor.d/abstractions/bus/org.freedesktop.PackageKit @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/PackageKit interface=org.freedesktop.DBus.Properties @@ -23,3 +22,5 @@ peer=(name=org.freedesktop.PackageKit, label=packagekitd), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 b/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 index 2b1dce959..3201e48ce 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.PolicyKit1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus receive bus=system path=/org/freedesktop/PolicyKit1/Authority interface=org.freedesktop.PolicyKit1.Authority @@ -33,3 +32,5 @@ peer=(name=:*, label=polkitd), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 b/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 index aa344f841..474c4c625 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.RealtimeKit1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/RealtimeKit1 interface=org.freedesktop.DBus.Properties @@ -29,3 +28,5 @@ peer=(name=org.freedesktop.RealtimeKit1, label=rtkit-daemon), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver b/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver index eee573b3f..842057a1d 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver +++ b/apparmor.d/abstractions/bus/org.freedesktop.ScreenSaver @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/ScreenSaver interface=org.freedesktop.ScreenSaver @@ -9,3 +8,5 @@ peer=(name=org.freedesktop.ScreenSaver), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files b/apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files index 36cac015e..567740a35 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files +++ b/apparmor.d/abstractions/bus/org.freedesktop.Tracker3.Miner.Files @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/Tracker3/Endpoint interface=org.freedesktop.DBus.Peer @@ -14,3 +13,5 @@ peer=(name=org.freedesktop.Tracker3.Miner.Files, label=tracker-miner), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 b/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 index a1558529b..79b882e51 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 +++ b/apparmor.d/abstractions/bus/org.freedesktop.UDisks2 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/UDisks2 interface=org.freedesktop.DBus.ObjectManager @@ -54,3 +53,5 @@ peer=(name="{:*,org.freedesktop.UDisks2}", label=udisksd), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.UPower b/apparmor.d/abstractions/bus/org.freedesktop.UPower index 2cdf18362..d8341d33c 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.UPower +++ b/apparmor.d/abstractions/bus/org.freedesktop.UPower @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/UPower interface=org.freedesktop.UPower @@ -43,3 +42,5 @@ peer=(name="{:*,org.freedesktop.UPower}", label=upowerd), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor b/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor index 9b094aac4..5f951381b 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor +++ b/apparmor.d/abstractions/bus/org.freedesktop.background.Monitor @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/background/monitor interface=org.freedesktop.DBus.Properties @@ -14,3 +13,5 @@ peer=(name=:*, label=xdg-desktop-portal), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.hostname1 b/apparmor.d/abstractions/bus/org.freedesktop.hostname1 index 360440016..54196d16b 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.hostname1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.hostname1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/hostname1 interface=org.freedesktop.DBus.Properties @@ -14,3 +13,5 @@ peer=(name=org.freedesktop.hostname1), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore b/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore index f294e038d..6b965a2f5 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore +++ b/apparmor.d/abstractions/bus/org.freedesktop.impl.portal.PermissionStore @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/impl/portal/PermissionStore interface=org.freedesktop.DBus.Properties @@ -14,3 +13,5 @@ peer=(name=:*, label=xdg-permission-store), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.locale1 b/apparmor.d/abstractions/bus/org.freedesktop.locale1 index cc86d16a5..a2865c7c9 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.locale1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.locale1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/locale1 interface=org.freedesktop.DBus.Properties @@ -13,3 +12,5 @@ peer=(name=org.freedesktop.locale1), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.login1 b/apparmor.d/abstractions/bus/org.freedesktop.login1 index 3ecc5e5bd..fdceceea4 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.login1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.login1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.DBus.Properties @@ -34,3 +33,5 @@ peer=(name=org.freedesktop.login1, label=systemd-logind), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.login1.Session b/apparmor.d/abstractions/bus/org.freedesktop.login1.Session index 0c5559e20..24d5c1452 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.login1.Session +++ b/apparmor.d/abstractions/bus/org.freedesktop.login1.Session @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager @@ -39,3 +38,5 @@ peer=(name="{:*,org.freedesktop.login1}", label=systemd-logind), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.network1 b/apparmor.d/abstractions/bus/org.freedesktop.network1 index 67c2c4012..268a21dea 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.network1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.network1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/network1 interface=org.freedesktop.DBus.Properties @@ -9,3 +8,5 @@ peer=(name=org.freedesktop.network1, label=systemd-networkd), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop b/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop index 949527dbf..a2a1a94a0 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop +++ b/apparmor.d/abstractions/bus/org.freedesktop.portal.Desktop @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/portal/desktop interface=org.freedesktop.DBus.Properties @@ -29,3 +28,5 @@ peer=(name=:*, label=xdg-desktop-portal), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.resolve1 b/apparmor.d/abstractions/bus/org.freedesktop.resolve1 index 38f102a06..3057282c9 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.resolve1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.resolve1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/resolve1 interface=org.freedesktop.resolve1.Manager @@ -9,3 +8,5 @@ peer=(name="{:*,org.freedesktop.resolve1}", label=systemd-resolved), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.secrets b/apparmor.d/abstractions/bus/org.freedesktop.secrets index 4eb008995..01ecf0786 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.secrets +++ b/apparmor.d/abstractions/bus/org.freedesktop.secrets @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/secrets{,/**} interface=org.freedesktop.DBus.Properties @@ -29,3 +28,5 @@ peer=(name=:*, label=gnome-keyring-daemon), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.systemd1 b/apparmor.d/abstractions/bus/org.freedesktop.systemd1 index 134af5525..49e4b014d 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.systemd1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.systemd1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/systemd1 interface=org.freedesktop.DBus.Properties @@ -19,3 +18,5 @@ peer=(name=org.freedesktop.systemd1), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session b/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session index 12a6c94a0..c0e852662 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session +++ b/apparmor.d/abstractions/bus/org.freedesktop.systemd1-session @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/freedesktop/systemd1 interface=org.freedesktop.DBus.Properties @@ -19,3 +18,5 @@ peer=(name="{:*,org.freedesktop.systemd1}", label="@{p_systemd_user}"), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.freedesktop.timedate1 b/apparmor.d/abstractions/bus/org.freedesktop.timedate1 index 283313780..883c5c165 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.timedate1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.timedate1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/freedesktop/timedate1 interface=org.freedesktop.DBus.Properties @@ -20,3 +19,5 @@ peer=(name=:*, label=systemd-timedated), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 b/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 index 69c06a28f..9953ee8bf 100644 --- a/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 +++ b/apparmor.d/abstractions/bus/org.gnome.ArchiveManager1 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gnome/ArchiveManager1 interface=org.freedesktop.DBus.Properties @@ -14,3 +13,5 @@ peer=(name=:*, label=file-roller), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gnome.DisplayManager b/apparmor.d/abstractions/bus/org.gnome.DisplayManager index 3048d23ba..05945a253 100644 --- a/apparmor.d/abstractions/bus/org.gnome.DisplayManager +++ b/apparmor.d/abstractions/bus/org.gnome.DisplayManager @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=system path=/org/gnome/DisplayManager/Manager interface=org.gnome.DisplayManager.Manager @@ -9,3 +8,5 @@ peer=(name=:*, label=gdm), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig b/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig index 63107f697..d701792a6 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig +++ b/apparmor.d/abstractions/bus/org.gnome.Mutter.DisplayConfig @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gnome/Mutter/DisplayConfig interface=org.gnome.Mutter.DisplayConfig @@ -29,3 +28,5 @@ peer=(name=:*, label=gnome-shell), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor b/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor index 2ecc4ad9b..7ada64f05 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor +++ b/apparmor.d/abstractions/bus/org.gnome.Mutter.IdleMonitor @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gnome/Mutter/IdleMonitor interface=org.freedesktop.DBus.ObjectManager @@ -19,3 +18,5 @@ peer=(name=:*, label=gnome-shell), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 b/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 index 50966aa21..e547ab2c5 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 +++ b/apparmor.d/abstractions/bus/org.gnome.Nautilus.FileOperations2 @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gnome/Nautilus/FileOperations2 interface=org.freedesktop.DBus.Properties @@ -19,3 +18,5 @@ peer=(name=:*, label=nautilus), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gnome.ScreenSaver b/apparmor.d/abstractions/bus/org.gnome.ScreenSaver index 692dc5bd9..3e228ad1f 100644 --- a/apparmor.d/abstractions/bus/org.gnome.ScreenSaver +++ b/apparmor.d/abstractions/bus/org.gnome.ScreenSaver @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gnome/ScreenSaver interface=org.freedesktop.DBus.Properties @@ -19,3 +18,5 @@ peer=(name=:*, label=gjs-console), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gnome.SessionManager b/apparmor.d/abstractions/bus/org.gnome.SessionManager index c4a2227b2..4197fb4cf 100644 --- a/apparmor.d/abstractions/bus/org.gnome.SessionManager +++ b/apparmor.d/abstractions/bus/org.gnome.SessionManager @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # FIXME: Too large, restrict it. @@ -61,3 +60,5 @@ peer=(name=org.gnome.SessionManager, label=gnome-session-binary), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect b/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect index d65ff07e0..72e4525bc 100644 --- a/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect +++ b/apparmor.d/abstractions/bus/org.gnome.Shell.Introspect @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gnome/Shell/Introspect interface=org.freedesktop.DBus.Properties @@ -29,3 +28,5 @@ peer=(name=:*, label=gnome-shell), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor b/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor index b57c53d83..73d958513 100644 --- a/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor +++ b/apparmor.d/abstractions/bus/org.gtk.Private.RemoteVolumeMonitor @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gtk/Private/RemoteVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor @@ -19,3 +18,5 @@ peer=(name=:*, label=gvfs-*-volume-monitor), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon b/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon index 634b759f8..35cd640d6 100644 --- a/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon +++ b/apparmor.d/abstractions/bus/org.gtk.vfs.Daemon @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gtk/vfs/Daemon interface=org.gtk.vfs.Daemon @@ -9,3 +8,5 @@ peer=(name=:*, label=gvfsd), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata b/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata index cccfae178..33d3c1c36 100644 --- a/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata +++ b/apparmor.d/abstractions/bus/org.gtk.vfs.Metadata @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gtk/vfs/metadata interface=org.freedesktop.DBus.Properties @@ -14,3 +13,5 @@ peer=(name=:*, label=gvfsd-metadata), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker b/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker index 1538e6ea1..4d59f0afc 100644 --- a/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker +++ b/apparmor.d/abstractions/bus/org.gtk.vfs.MountTracker @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/org/gtk/vfs/mounttracker interface=org.gtk.vfs.MountTracker @@ -19,3 +18,5 @@ peer=(name=:*, label=gvfsd), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.kde.StatusNotifierItem b/apparmor.d/abstractions/bus/org.kde.StatusNotifierItem index 9bf19f219..4fca40e84 100644 --- a/apparmor.d/abstractions/bus/org.kde.StatusNotifierItem +++ b/apparmor.d/abstractions/bus/org.kde.StatusNotifierItem @@ -1,7 +1,8 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher b/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher index 7fe310d4c..67ac1fb6d 100644 --- a/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher +++ b/apparmor.d/abstractions/bus/org.kde.StatusNotifierWatcher @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session path=/StatusNotifierWatcher interface=org.freedesktop.DBus.Properties @@ -19,3 +18,5 @@ peer=(name=org.kde.StatusNotifierWatcher, label=gnome-shell), include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/bus/org.kde.kwalletd b/apparmor.d/abstractions/bus/org.kde.kwalletd index 2a27c0367..c0d2ecba2 100644 --- a/apparmor.d/abstractions/bus/org.kde.kwalletd +++ b/apparmor.d/abstractions/bus/org.kde.kwalletd @@ -1,6 +1,7 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/common/app b/apparmor.d/abstractions/common/app index ea2444117..e44d8509c 100644 --- a/apparmor.d/abstractions/common/app +++ b/apparmor.d/abstractions/common/app @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # LOGPROF-SUGGEST: no # Common rules for applications sandboxed using bwrap. @@ -130,4 +129,6 @@ /dev/pts/ptmx rw, /dev/tty rw, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/common/apt b/apparmor.d/abstractions/common/apt index 490943625..77c5a0b7e 100644 --- a/apparmor.d/abstractions/common/apt +++ b/apparmor.d/abstractions/common/apt @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /usr/share/dpkg/cputable r, /usr/share/dpkg/tupletable r, @@ -29,4 +28,6 @@ owner @{tmp}/#@{int} rw, owner @{tmp}/clearsigned.message.* rw, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/common/bwrap b/apparmor.d/abstractions/common/bwrap index d9bca7b09..a73626bb1 100644 --- a/apparmor.d/abstractions/common/bwrap +++ b/apparmor.d/abstractions/common/bwrap @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # A minimal set of rules for sandboxed programs using bwrap. # A profile using this abstraction still needs to set: @@ -54,3 +53,5 @@ owner @{PROC}/@{pid}/uid_map rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/common/chromium b/apparmor.d/abstractions/common/chromium index b46fe9051..2e98c515a 100644 --- a/apparmor.d/abstractions/common/chromium +++ b/apparmor.d/abstractions/common/chromium @@ -2,7 +2,6 @@ # Copyright (C) 2022 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction is for chromium based application. Chromium based browsers # need to use abstractions/chromium instead. @@ -40,4 +39,6 @@ owner @{PROC}/@{pid}/gid_map w, owner @{PROC}/@{pid}/uid_map w, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/common/electron b/apparmor.d/abstractions/common/electron index 9061d14e7..732129c26 100644 --- a/apparmor.d/abstractions/common/electron +++ b/apparmor.d/abstractions/common/electron @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Minimal set of rules for all electron based UI application. It works as a # *function* and requires some variables to be provided as *arguments* and set @@ -87,4 +86,6 @@ owner @{PROC}/@{pid}/task/@{tid}/status r, owner @{PROC}/@{pid}/uid_map w, # If kernel.unprivileged_userns_clone = 1 - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/common/gnome b/apparmor.d/abstractions/common/gnome index 03a449cd4..c93f9bc05 100644 --- a/apparmor.d/abstractions/common/gnome +++ b/apparmor.d/abstractions/common/gnome @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Minimal set of rules for all gnome based UI application. @@ -25,4 +24,6 @@ owner @{PROC}/@{pid}/cmdline r, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/common/systemd b/apparmor.d/abstractions/common/systemd index bc7c22e71..0ed3a824b 100644 --- a/apparmor.d/abstractions/common/systemd +++ b/apparmor.d/abstractions/common/systemd @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor ptrace (read) peer=@{p_systemd}, @@ -19,4 +18,6 @@ /dev/kmsg w, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/crypto.d/complete b/apparmor.d/abstractions/crypto.d/complete index 68486ad1c..a163af66d 100644 --- a/apparmor.d/abstractions/crypto.d/complete +++ b/apparmor.d/abstractions/crypto.d/complete @@ -1,9 +1,10 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include @{etc_ro}/gnutls/config r, @{etc_ro}/gnutls/pkcs11.conf r, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/dconf-write b/apparmor.d/abstractions/dconf-write index 6b75c34d3..f25e1c3e6 100644 --- a/apparmor.d/abstractions/dconf-write +++ b/apparmor.d/abstractions/dconf-write @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Permissions for querying dconf settings with write access; use the dconf # abstraction first, and dconf-write only for specific application's profile. @@ -26,3 +25,5 @@ owner @{run}/user/@{uid}/dconf/user rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/deny-sensitive-home b/apparmor.d/abstractions/deny-sensitive-home index fef546b67..d8e1fdfb8 100644 --- a/apparmor.d/abstractions/deny-sensitive-home +++ b/apparmor.d/abstractions/deny-sensitive-home @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # DO NOT USE IT WITHOUT EXPLICIT AUTHORISATION FROM THE PROJECT MAINTAINER @@ -50,3 +49,5 @@ deny @{HOME}/.{,cache/}fontconfig/** mrwl, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/desktop b/apparmor.d/abstractions/desktop index e30be1cec..befea8bcb 100644 --- a/apparmor.d/abstractions/desktop +++ b/apparmor.d/abstractions/desktop @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Unified minimal abstraction for all UI application regardless of the desktop environment. @@ -64,3 +63,5 @@ owner @{user_share_dirs}/ rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/devices-usb b/apparmor.d/abstractions/devices-usb index 48c5b783f..5a2a8b742 100644 --- a/apparmor.d/abstractions/devices-usb +++ b/apparmor.d/abstractions/devices-usb @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /dev/ r, /dev/bus/usb/ r, @@ -23,4 +22,6 @@ @{run}/udev/data/c16[6,7]:@{int} r, # USB modems @{run}/udev/data/c18[0,8,9]:@{int} r, # USB devices & USB serial converters - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/disks-read b/apparmor.d/abstractions/disks-read index 90453aac5..10beb258d 100644 --- a/apparmor.d/abstractions/disks-read +++ b/apparmor.d/abstractions/disks-read @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # The /sys/ entries probably should be tightened @@ -96,3 +95,5 @@ @{run}/udev/data/+usb:* r, # for disk over usb hub include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/disks-write b/apparmor.d/abstractions/disks-write index 725beba73..361b60d82 100644 --- a/apparmor.d/abstractions/disks-write +++ b/apparmor.d/abstractions/disks-write @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # The /sys/ entries probably should be tightened @@ -96,3 +95,5 @@ @{run}/udev/data/+usb:* r, # for disk over usb hub include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/dri b/apparmor.d/abstractions/dri index 8c1341dc7..a1eb1cd41 100644 --- a/apparmor.d/abstractions/dri +++ b/apparmor.d/abstractions/dri @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # The Direct Rendering Infrastructure (DRI) is the framework comprising the modern # Linux graphics stack which allows unprivileged user-space programs to issue @@ -33,3 +32,5 @@ /dev/dri/renderD129 rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/fish b/apparmor.d/abstractions/fish index af02b010b..fe3cab891 100644 --- a/apparmor.d/abstractions/fish +++ b/apparmor.d/abstractions/fish @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction is only required when an interactive shell is started. # Classic shell scripts do not need it. @@ -13,3 +12,5 @@ owner @{user_config_dirs}/fish/{,**} r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/fontconfig-cache-read b/apparmor.d/abstractions/fontconfig-cache-read index 252b56590..216075648 100644 --- a/apparmor.d/abstractions/fontconfig-cache-read +++ b/apparmor.d/abstractions/fontconfig-cache-read @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # The fontconfig cache can be generated via the following command: # $ fc-cache -f -v @@ -47,3 +46,5 @@ deny "@{user_share_dirs}/fonts/**/.uuid{,.NEW,.LCK,.TMP-*}" w, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/fontconfig-cache-write b/apparmor.d/abstractions/fontconfig-cache-write index 73ebe1503..19fa7c53a 100644 --- a/apparmor.d/abstractions/fontconfig-cache-write +++ b/apparmor.d/abstractions/fontconfig-cache-write @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{user_cache_dirs}/fontconfig/ rw, owner @{user_cache_dirs}/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw, @@ -40,3 +39,5 @@ link @{user_share_dirs}/fonts/**/.uuid.LCK -> @{user_share_dirs}/fonts/**/.uuid.TMP-*, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/freedesktop.org.d/complete b/apparmor.d/abstractions/freedesktop.org.d/complete index 91fadcf5f..3e669f4dc 100644 --- a/apparmor.d/abstractions/freedesktop.org.d/complete +++ b/apparmor.d/abstractions/freedesktop.org.d/complete @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{system_share_dirs}/*ubuntu/applications/{,**} r, @{system_share_dirs}/gnome/applications/{,**} r, @@ -23,3 +22,5 @@ /var/lib/snapd/desktop/icons/{,**} r, owner @{HOME}/.icons/{,**} r, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/gnome-strict b/apparmor.d/abstractions/gnome-strict index 71f266b00..891e5a573 100644 --- a/apparmor.d/abstractions/gnome-strict +++ b/apparmor.d/abstractions/gnome-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include include @@ -29,3 +28,5 @@ owner @{user_share_dirs}/ rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/gnome.d/complete b/apparmor.d/abstractions/gnome.d/complete index 0dc468632..90f705ac7 100644 --- a/apparmor.d/abstractions/gnome.d/complete +++ b/apparmor.d/abstractions/gnome.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include @@ -11,3 +10,5 @@ peer=(name=:*, label=gnome-shell), /var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/graphics b/apparmor.d/abstractions/graphics index a222c1db9..9b7954f0d 100644 --- a/apparmor.d/abstractions/graphics +++ b/apparmor.d/abstractions/graphics @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include include @@ -21,3 +20,5 @@ @{sys}/devices/system/node/node@{int}/meminfo r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/graphics-full b/apparmor.d/abstractions/graphics-full index 62334b864..fe2d2001c 100644 --- a/apparmor.d/abstractions/graphics-full +++ b/apparmor.d/abstractions/graphics-full @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include @@ -10,3 +9,5 @@ /dev/nvidia-uvm-tools rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/gstreamer b/apparmor.d/abstractions/gstreamer index 58aa8eca4..60bac614e 100644 --- a/apparmor.d/abstractions/gstreamer +++ b/apparmor.d/abstractions/gstreamer @@ -2,7 +2,6 @@ # Copyright (C) 2019-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{lib}/@{multiarch}/libproxy/*/modules/*.so mr, @{lib}/@{multiarch}/libvisual-[0-9].[0-9]/*/*.so mr, @@ -55,3 +54,5 @@ /dev/dri/ r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/gtk.d/complete b/apparmor.d/abstractions/gtk.d/complete index 1efef2f9c..ac702a70f 100644 --- a/apparmor.d/abstractions/gtk.d/complete +++ b/apparmor.d/abstractions/gtk.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor dbus send bus=session interface=org.gtk.Actions @@ -41,3 +40,5 @@ owner @{user_config_dirs}/gtk-{3,4}.0/servers r, owner @{user_config_dirs}/gtk-{3,4}.0/settings.ini r, owner @{user_config_dirs}/gtk-{3,4}.0/window_decorations.css r, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/ibus.d/complete b/apparmor.d/abstractions/ibus.d/complete index c5a56891a..33d034b5a 100644 --- a/apparmor.d/abstractions/ibus.d/complete +++ b/apparmor.d/abstractions/ibus.d/complete @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # abstract path in ibus < 1.5.22 uses /tmp unix (connect, receive, send) @@ -23,3 +22,5 @@ addr="@/home/*/.cache/ibus/dbus-????????", owner @{user_cache_dirs}/ibus/dbus-@{rand8} rw, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/kde-open5.d/complete b/apparmor.d/abstractions/kde-open5.d/complete index dd4266623..37038b129 100644 --- a/apparmor.d/abstractions/kde-open5.d/complete +++ b/apparmor.d/abstractions/kde-open5.d/complete @@ -1,10 +1,11 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{bin}/kde-open rix, owner @{user_config_dirs}/menus/{,**} r, owner @{run}/user/@{uid}/kioclient*.@{int}.kioworker.socket rwl -> @{run}/user/@{uid}/#@{int}, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/kde-strict b/apparmor.d/abstractions/kde-strict index e89ad2acd..c164bd434 100644 --- a/apparmor.d/abstractions/kde-strict +++ b/apparmor.d/abstractions/kde-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include include @@ -35,3 +34,5 @@ owner @{user_config_dirs}/kwinrc r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/mesa.d/complete b/apparmor.d/abstractions/mesa.d/complete index e0e1aab2e..ed3306e42 100644 --- a/apparmor.d/abstractions/mesa.d/complete +++ b/apparmor.d/abstractions/mesa.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Extra Mesa rules for desktop environments owner @{desktop_cache_dirs}/ w, @@ -11,3 +10,5 @@ owner @{desktop_cache_dirs}/mesa_shader_cache/@{hex2}/@{hex38}.tmp rwk, owner @{desktop_cache_dirs}/mesa_shader_cache/index rw, owner @{desktop_cache_dirs}/mesa_shader_cache/marker rw, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/nameservice-strict b/apparmor.d/abstractions/nameservice-strict index 6a43b8db0..b1d474717 100644 --- a/apparmor.d/abstractions/nameservice-strict +++ b/apparmor.d/abstractions/nameservice-strict @@ -2,7 +2,6 @@ # Copyright (C) 2019-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Many programs wish to perform nameservice-like operations, such as looking up # users by name or id, groups by name or id, hosts by name or IP, etc. @@ -50,3 +49,5 @@ @{PROC}/sys/kernel/random/boot_id r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/nvidia-strict b/apparmor.d/abstractions/nvidia-strict index b112e99eb..6521c9840 100644 --- a/apparmor.d/abstractions/nvidia-strict +++ b/apparmor.d/abstractions/nvidia-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{bin}/nvidia-modprobe Px -> child-modprobe-nvidia, @@ -35,3 +34,5 @@ deny owner @{HOME}/.nv/.local/share/gvfs-metadata/* r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/nvidia.d/complete b/apparmor.d/abstractions/nvidia.d/complete index 1c79790cc..ef9d0c40d 100644 --- a/apparmor.d/abstractions/nvidia.d/complete +++ b/apparmor.d/abstractions/nvidia.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor unix (send, receive) type=dgram peer=(addr="@var/run/nvidia-xdriver-*"), @@ -10,3 +9,5 @@ /etc/nvidia/nvidia-application-profiles* r, /dev/char/195:@{int} rw, # Nvidia graphics devices + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/opencl-intel.d/complete b/apparmor.d/abstractions/opencl-intel.d/complete index f3fc8cc7e..1845cd61d 100644 --- a/apparmor.d/abstractions/opencl-intel.d/complete +++ b/apparmor.d/abstractions/opencl-intel.d/complete @@ -1,7 +1,8 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /opt/intel/oneapi/{compiler,lib,mkl}/**/ r, /opt/intel/oneapi/{compiler,lib,mkl}/**.so* mr, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/python.d/complete b/apparmor.d/abstractions/python.d/complete index 405e6a808..e6eea6744 100644 --- a/apparmor.d/abstractions/python.d/complete +++ b/apparmor.d/abstractions/python.d/complete @@ -2,7 +2,6 @@ # Copyright (C) 2020-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{bin}/ r, @{bin}/python{2.[4-7],3,3.[0-9],3.1[0-9]} r, @@ -11,3 +10,5 @@ owner @{user_lib_dirs}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/**.{egg,py,pth} r, owner @{user_lib_dirs}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/{site,dist}-packages/ r, owner @{user_lib_dirs}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/{site,dist}-packages/**/ r, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/qt5-shader-cache b/apparmor.d/abstractions/qt5-shader-cache index a6224251c..4ac0f7f1d 100644 --- a/apparmor.d/abstractions/qt5-shader-cache +++ b/apparmor.d/abstractions/qt5-shader-cache @@ -2,7 +2,6 @@ # Copyright (C) 2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{user_cache_dirs}/ w, owner @{user_cache_dirs}/qtshadercache/ rw, @@ -13,3 +12,5 @@ owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/@{hex}* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{int}, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/qt5.d/complete b/apparmor.d/abstractions/qt5.d/complete index d02f57303..6063b47e2 100644 --- a/apparmor.d/abstractions/qt5.d/complete +++ b/apparmor.d/abstractions/qt5.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /usr/share/qt{,5,6}/qtlogging.ini r, /usr/share/qt{,5,6}/resources/*.pak r, @@ -10,3 +9,5 @@ /usr/share/qt{,5,6}ct/{,**} r, owner @{user_config_dirs}/qt{,5,6}ct/{,**} r, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/shells b/apparmor.d/abstractions/shells index adf995036..b269f2335 100644 --- a/apparmor.d/abstractions/shells +++ b/apparmor.d/abstractions/shells @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction is only required when an interactive shell is started. # Classic shell scripts do not need it. @@ -11,3 +10,5 @@ include include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/thumbnails-cache-read b/apparmor.d/abstractions/thumbnails-cache-read index f191fc9e8..dc164c6ba 100644 --- a/apparmor.d/abstractions/thumbnails-cache-read +++ b/apparmor.d/abstractions/thumbnails-cache-read @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{user_cache_dirs}/thumbnails/ r, owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/ r, @@ -13,3 +12,5 @@ owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/#@{int} r, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/thumbnails-cache-write b/apparmor.d/abstractions/thumbnails-cache-write index 100dc6296..01de0407e 100644 --- a/apparmor.d/abstractions/thumbnails-cache-write +++ b/apparmor.d/abstractions/thumbnails-cache-write @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{user_cache_dirs}/thumbnails/ rw, owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/ rw, @@ -13,3 +12,5 @@ owner @{user_cache_dirs}/thumbnails/{fail,*large,normal}/#@{int} rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/trash-strict b/apparmor.d/abstractions/trash-strict index e3c3b3bf8..1f4202818 100644 --- a/apparmor.d/abstractions/trash-strict +++ b/apparmor.d/abstractions/trash-strict @@ -2,7 +2,6 @@ # Copyright (C) 2018-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Already upstreamed. Different because recent change does not play well # with upstream's version. @@ -81,3 +80,5 @@ @{MOUNTS}/*/.Trash-@{uid}/expunged/@{int}/** rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/trash.d/complete b/apparmor.d/abstractions/trash.d/complete index cbc79c530..a80a1e5a6 100644 --- a/apparmor.d/abstractions/trash.d/complete +++ b/apparmor.d/abstractions/trash.d/complete @@ -2,7 +2,6 @@ # Copyright (C) 2018-2022 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{user_config_dirs}/trashrc rw, owner @{user_config_dirs}/trashrc.lock rwk, @@ -26,3 +25,5 @@ # Removable media's trash location when the admin doesn't create the .Trash/ folder in the top lvl dir owner /{media,mnt}/*/*/.Trash-@{int}/{,**} rwl, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/uim b/apparmor.d/abstractions/uim index 7d9d64e0e..03ae9e3e8 100644 --- a/apparmor.d/abstractions/uim +++ b/apparmor.d/abstractions/uim @@ -2,7 +2,6 @@ # Copyright (C) 2024 Alexandre Pujol # Copyright (C) 2024 Jeroen Rijken # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /usr/share/uim/* r, @@ -13,4 +12,6 @@ owner @{run}/user/@{uid}/uim/socket/uim-helper rw, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/user-download-strict b/apparmor.d/abstractions/user-download-strict index 89cc65156..3feed5cd8 100644 --- a/apparmor.d/abstractions/user-download-strict +++ b/apparmor.d/abstractions/user-download-strict @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{HOME}/@{XDG_DESKTOP_DIR}/ w, owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ w, @@ -14,3 +13,5 @@ owner @{user_download_dirs}/** rwkl, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/user-read b/apparmor.d/abstractions/user-read index 7c54c8af7..4187ab9e2 100644 --- a/apparmor.d/abstractions/user-read +++ b/apparmor.d/abstractions/user-read @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Warning: This abstraction gives unrestricted read access on all non hidden user directories. @@ -11,4 +10,6 @@ owner @{HOME}/[^.]** r, owner @{MOUNTS}/[^.]** r, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/user-read-strict b/apparmor.d/abstractions/user-read-strict index b3274bfe6..5211b0345 100644 --- a/apparmor.d/abstractions/user-read-strict +++ b/apparmor.d/abstractions/user-read-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction gives read access on all defined user directories. It should # only be used if access to **ALL** folders is required. @@ -31,4 +30,6 @@ owner @{user_vm_dirs}/{,**} rk, owner @{user_work_dirs}/{,**} rk, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/user-write-strict b/apparmor.d/abstractions/user-write-strict index c18bfd47b..223fc660a 100644 --- a/apparmor.d/abstractions/user-write-strict +++ b/apparmor.d/abstractions/user-write-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction gives write only access on all defined user directories. It should # only be used if access to **ALL** folders is required. @@ -31,4 +30,6 @@ owner @{user_vm_dirs}/{,**} wl, owner @{user_work_dirs}/{,**} wl, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/user-write.d/complete b/apparmor.d/abstractions/user-write.d/complete index dc39c5efe..a529324f5 100644 --- a/apparmor.d/abstractions/user-write.d/complete +++ b/apparmor.d/abstractions/user-write.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Warning: This abstraction gives unrestricted write access on all non hidden user directories. @@ -10,3 +9,5 @@ owner @{HOME}/[^.]** wl, owner @{MOUNTS}/[^.]** wl, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/video.d/complete b/apparmor.d/abstractions/video.d/complete index 46628d3e4..97b7f1a2a 100644 --- a/apparmor.d/abstractions/video.d/complete +++ b/apparmor.d/abstractions/video.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor @{run}/udev/data/c81:@{int} r, # For video4linux @@ -9,3 +8,5 @@ # Access to video /dev devices /dev/video@{int} rw, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/vulkan-strict b/apparmor.d/abstractions/vulkan-strict index 1cdf3bc8d..fd86f1e81 100644 --- a/apparmor.d/abstractions/vulkan-strict +++ b/apparmor.d/abstractions/vulkan-strict @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /usr/share/egl/egl_external_platform.d/{,*.json} r, /usr/share/glvnd/egl_vendor.d/{,*.json} r, @@ -30,3 +29,5 @@ include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/vulkan.d/complete b/apparmor.d/abstractions/vulkan.d/complete index 41b308d98..8e5b68c08 100644 --- a/apparmor.d/abstractions/vulkan.d/complete +++ b/apparmor.d/abstractions/vulkan.d/complete @@ -1,7 +1,8 @@ # apparmor.d - Full set of apparmor profiles # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor /etc/glvnd/egl_vendor.d/{,*.json} r, /usr/share/glvnd/egl_vendor.d/{,*.json} r, /usr/share/egl/egl_external_platform.d/{,*.json} r, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/wayland.d/complete b/apparmor.d/abstractions/wayland.d/complete index b228c4fd0..245b9238d 100644 --- a/apparmor.d/abstractions/wayland.d/complete +++ b/apparmor.d/abstractions/wayland.d/complete @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor owner @{user_config_dirs}/ibus/bus/@{hex32}-unix-wayland-@{int} r, @@ -12,3 +11,5 @@ owner /dev/shm/sway* rw, owner /dev/shm/dunst-@{rand6} rw, + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/xfce b/apparmor.d/abstractions/xfce index 810079c9c..067de9148 100644 --- a/apparmor.d/abstractions/xfce +++ b/apparmor.d/abstractions/xfce @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor include include @@ -20,3 +19,5 @@ owner @{user_share_dirs}/ rw, include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/abstractions/zsh b/apparmor.d/abstractions/zsh index a914fed89..15711713c 100644 --- a/apparmor.d/abstractions/zsh +++ b/apparmor.d/abstractions/zsh @@ -2,7 +2,6 @@ # Copyright (C) 2018-2021 Mikhail Morfikov # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # This abstraction is only required when an interactive shell is started. # Classic shell scripts do not need it. @@ -27,4 +26,6 @@ owner @{user_config_dirs}/zsh/.zcompdump-* rw, owner @{user_config_dirs}/zsh/{,**} r, - include if exists \ No newline at end of file + include if exists + +# vim:syntax=apparmor diff --git a/apparmor.d/tunables/home.d/apparmor.d b/apparmor.d/tunables/home.d/apparmor.d index fb68ff20d..87daf969e 100644 --- a/apparmor.d/tunables/home.d/apparmor.d +++ b/apparmor.d/tunables/home.d/apparmor.d @@ -2,7 +2,6 @@ # Extended user XDG directories definition # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # To allow extended personalisation by the user without breaking everything. # All apparmor profiles should always use the variables defined here. @@ -66,3 +65,5 @@ @{user_sync_dirs}=@{HOME}/@{XDG_SYNC_DIR} @{MOUNTS}/*/@{XDG_SYNC_DIR} @{user_torrents_dirs}=@{HOME}/@{XDG_TORRENTS_DIR} @{MOUNTS}/@{XDG_TORRENTS_DIR} @{user_vm_dirs}=@{HOME}/@{XDG_VM_DIR} @{MOUNTS}/@{XDG_VM_DIR} + +# vim:syntax=apparmor \ No newline at end of file diff --git a/apparmor.d/tunables/home.d/whonix b/apparmor.d/tunables/home.d/whonix index 2b902472f..e3c3f3d8a 100644 --- a/apparmor.d/tunables/home.d/whonix +++ b/apparmor.d/tunables/home.d/whonix @@ -2,7 +2,6 @@ # Copyright (C) 2012-2023 ENCRYPTED SUPPORT LP # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Whonix aliases copied here as they conflict with apparmor.d # Note: only installed on Whonix @@ -71,3 +70,5 @@ alias /etc/timezone -> /etc/timezone.anondist-orig, alias /etc/timezone -> /etc/timezone.anondist, alias /etc/tor/torrc -> /etc/tor/torrc.anondist-orig, alias /etc/tor/torrc -> /etc/tor/torrc.anondist, + +# vim:syntax=apparmor diff --git a/apparmor.d/tunables/multiarch.d/paths b/apparmor.d/tunables/multiarch.d/paths index 02e21be77..67f32bf8c 100644 --- a/apparmor.d/tunables/multiarch.d/paths +++ b/apparmor.d/tunables/multiarch.d/paths @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Define some paths for some commonly used programs @@ -54,3 +53,5 @@ # Office suites @{offices_path} = @{bin}/@{offices} @{lib}/libreoffice/program/soffice + +# vim:syntax=apparmor diff --git a/apparmor.d/tunables/multiarch.d/profiles b/apparmor.d/tunables/multiarch.d/profiles index 72d8b715d..dd9386b09 100644 --- a/apparmor.d/tunables/multiarch.d/profiles +++ b/apparmor.d/tunables/multiarch.d/profiles @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Define some variables for some commonly used profile. They may be used in # other profiles peer label. @@ -11,3 +10,5 @@ # Name of the systemd profiles. Can be `unconfined` or `systemd`, `systemd-user` @{p_systemd}=unconfined @{p_systemd_user}=unconfined + +# vim:syntax=apparmor diff --git a/apparmor.d/tunables/multiarch.d/programs b/apparmor.d/tunables/multiarch.d/programs index 2d5513e2a..a118d0cbe 100644 --- a/apparmor.d/tunables/multiarch.d/programs +++ b/apparmor.d/tunables/multiarch.d/programs @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Define some some commonly used programs. This is not an exhaustive list. # It is meant to label programs to easily provide access in profiles. @@ -69,3 +68,5 @@ # Office suites @{offices} = libreoffice soffice + +# vim:syntax=apparmor diff --git a/apparmor.d/tunables/multiarch.d/system b/apparmor.d/tunables/multiarch.d/system index 10b35c52c..d219c1d4d 100644 --- a/apparmor.d/tunables/multiarch.d/system +++ b/apparmor.d/tunables/multiarch.d/system @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # To allow extended personalisation without breaking everything. # All apparmor profiles should always use the variables defined here. @@ -89,3 +88,5 @@ # OpenSUSE does not have the same multiarch structure @{multiarch}+=*-suse-linux* #aa:only opensuse + +# vim:syntax=apparmor diff --git a/apparmor.d/tunables/multiarch.d/system-users b/apparmor.d/tunables/multiarch.d/system-users index 2f90d6c6a..885913da3 100644 --- a/apparmor.d/tunables/multiarch.d/system-users +++ b/apparmor.d/tunables/multiarch.d/system-users @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # Define some extra paths for some commonly used system user @@ -32,3 +31,5 @@ @{desktop_config_dirs}=@{gdm_config_dirs} @{sddm_config_dirs} @{lightdm_config_dirs} @{desktop_local_dirs}=@{gdm_local_dirs} @{sddm_local_dirs} @{lightdm_local_dirs} @{desktop_share_dirs}=@{gdm_share_dirs} @{sddm_share_dirs} @{lightdm_share_dirs} + +# vim:syntax=apparmor diff --git a/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d b/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d index 1f0514bd5..00231cbce 100644 --- a/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d +++ b/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d @@ -1,7 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# vim:syntax=apparmor # To allow extended personalisation by the user without breaking everything. # All apparmor profiles should always use the variables defined here. @@ -25,3 +24,5 @@ @{user_vm_shares}=@{HOME}/@{XDG_VM_SHARES_DIR} @{MOUNTS}/@{XDG_VM_SHARES_DIR} include if exists + +# vim:syntax=apparmor