# apparmor.d - Full set of apparmor profiles # Copyright (C) 2021-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include @{exec_path} = @{lib}/gsd-xsettings profile gsd-xsettings @{exec_path} { include include include include include include include include include include include include include include include network inet stream, network inet6 stream, network inet dgram, network inet6 dgram, network netlink raw, #aa:dbus own bus=session name=org.gnome.SettingsDaemon.XSettings #aa:dbus own bus=session name=org.gtk.Settings dbus send bus=system path=/org/freedesktop/Accounts/User@{uid} interface=org.freedesktop.Accounts.User member=SetInputSources peer=(name=:*, label=accounts-daemon), dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetId peer=(name=org.freedesktop.DBus, label=dbus-session), @{exec_path} mr, @{bin}/cat rix, @{bin}/sed rix, @{bin}/which{,.debianutils} rix, @{bin}/busctl rPx, @{bin}/pactl rPx, @{bin}/run-parts rCx -> run-parts, @{bin}/xprop rPx, @{bin}/xrdb rPx, @{lib}/{,ibus/}ibus-x11 rPx, /usr/share/dconf/profile/gdm r, /usr/share/gdm/greeter-dconf-defaults r, /etc/X11/Xsession.options r, @{etc_ro}/xdg/Xwayland-session.d/ r, @{etc_ro}/xdg/Xwayland-session.d/* rix, owner @{GDM_HOME}/greeter-dconf-defaults r, owner @{gdm_cache_dirs}/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rw, owner @{gdm_config_dirs}/dconf/user r, @{run}/systemd/sessions/* r, @{run}/systemd/users/@{uid} r, owner @{PROC}/@{pid}/fd/ r, /dev/tty rw, /dev/tty@{int} rw, profile run-parts { include @{bin}/run-parts mr, /etc/X11/Xresources/ r, include if exists } include if exists }