feat(tunable): unify some XDG and user dirs varibale name.

2025-01-11 23:07:25 +01:00 · 2024-11-21 20:59:06 +00:00 · 2024-11-21 20:59:06 +00:00 · 044f80b1db
commit 044f80b1db
parent cb86f1c076
11 changed files with 77 additions and 69 deletions
--- a/apparmor.d/abstractions/deny-sensitive-home
+++ b/apparmor.d/abstractions/deny-sensitive-home
@ -34,7 +34,7 @@
  deny @{HOME}/@{XDG_SSH_DIR}/{,**}       mrwkl,
  deny @{run}/user/@{uid}/keyring**       mrwkl,
  deny @{user_config_dirs}/*-store/{,**}  mrwkl,
-  deny @{user_password_store_dirs}/{,**}  mrwkl,
+  deny @{user_passwordstore_dirs}/{,**}   mrwkl,
  deny @{user_share_dirs}/kwalletd/{,**}  mrwkl,

  # Privacy violations
--- a/apparmor.d/groups/virt/virtiofsd
+++ b/apparmor.d/groups/virt/virtiofsd
@ -31,13 +31,13 @@ profile virtiofsd @{exec_path} {

  mount options=(rw, rbind) -> @{user_publicshare_dirs}/,
  mount options=(rw, rbind) -> @{user_vm_dirs}/,
-  mount options=(rw, rbind) -> @{user_vm_shares}/,
+  mount options=(rw, rbind) -> @{user_vmshare_dirs}/,

  umount /,

  pivot_root @{user_publicshare_dirs}/, # TODO: -> pivoted,
  pivot_root @{user_vm_dirs}/,
-  pivot_root @{user_vm_shares}/,
+  pivot_root @{user_vmshare_dirs}/,

  signal (receive) set=term peer=libvirtd,

@ -50,7 +50,7 @@ profile virtiofsd @{exec_path} {

  @{user_publicshare_dirs}/{,**} r,
  @{user_vm_dirs}/{,**} r,
-  @{user_vm_shares}/{,**} r,
+  @{user_vmshare_dirs}/{,**} r,

  owner @{run}/libvirt/qemu/*.pid rw,

--- a/apparmor.d/profiles-a-f/browserpass
+++ b/apparmor.d/profiles-a-f/browserpass
@ -48,8 +48,8 @@ profile browserpass @{exec_path} flags=(attach_disconnected) {
    owner @{HOME}/@{XDG_GPG_DIR}/ rw,
    owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,

-    owner @{user_password_store_dirs}/   rw,
-    owner @{user_password_store_dirs}/** rwkl -> @{HOME}/.password-store/**,
+    owner @{user_passwordstore_dirs}/   rw,
+    owner @{user_passwordstore_dirs}/** rwkl -> @{HOME}/.password-store/**,
    owner @{user_projects_dirs}/**/*-store/   rw,
    owner @{user_projects_dirs}/**/*-store/** rwkl -> @{user_projects_dirs}/**/*-store/**,
    owner @{user_config_dirs}/*-store/   rw,
--- a/apparmor.d/profiles-g-l/keepassxc
+++ b/apparmor.d/profiles-g-l/keepassxc
@ -48,10 +48,10 @@ profile keepassxc @{exec_path} {
  owner @{HOME}/@{XDG_SSH_DIR}/ r,
  owner @{HOME}/@{XDG_SSH_DIR}/* r,

-  owner @{user_password_store_dirs}/ r,
-  owner @{user_password_store_dirs}/*.csv rw,
-  owner @{user_password_store_dirs}/*.kdbx* rwl -> @{KP_DB}/#@{int},
-  owner @{user_password_store_dirs}/#@{int} rw,
+  owner @{user_passwordstore_dirs}/ r,
+  owner @{user_passwordstore_dirs}/*.csv rw,
+  owner @{user_passwordstore_dirs}/*.kdbx* rwl -> @{user_passwordstore_dirs}/#@{int},
+  owner @{user_passwordstore_dirs}/#@{int} rw,

  owner @{user_config_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev}/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json rw,
  owner @{user_config_dirs}/chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json rw,
--- a/apparmor.d/profiles-m-r/pass
+++ b/apparmor.d/profiles-m-r/pass
@ -59,7 +59,7 @@ profile pass @{exec_path} {

  /usr/share/terminfo/** r,

-  owner @{user_password_store_dirs}/{,**} rw,
+  owner @{user_passwordstore_dirs}/{,**} rw,
  owner /dev/shm/pass.@{rand}/{,*} rw,

  @{sys}/devices/system/node/ r,
@ -88,7 +88,7 @@ profile pass @{exec_path} {

    /tmp/ r,

-    owner @{user_password_store_dirs}/{,**/} r,
+    owner @{user_passwordstore_dirs}/{,**/} r,

    owner /dev/shm/pass.@{rand}/{,*} rw,

@ -120,8 +120,8 @@ profile pass @{exec_path} {
    owner @{HOME}/.gitconfig r,
    owner @{user_config_dirs}/git/{,*} r,

-    owner @{user_password_store_dirs}/   rw,
-    owner @{user_password_store_dirs}/** rwkl -> @{HOME}/.password-store/**,
+    owner @{user_passwordstore_dirs}/   rw,
+    owner @{user_passwordstore_dirs}/** rwkl -> @{HOME}/.password-store/**,

    owner @{tmp}/.git_vtag_tmp@{rand6} rw,  # For git log --show-signature
    owner /dev/shm/pass.@{rand}/.git_vtag_tmp@{rand6} rw,
@ -142,8 +142,8 @@ profile pass @{exec_path} {
    owner @{HOME}/@{XDG_GPG_DIR}/ rw,
    owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,

-    owner @{user_password_store_dirs}/   rw,
-    owner @{user_password_store_dirs}/** rwkl -> @{HOME}/.password-store/**,
+    owner @{user_passwordstore_dirs}/   rw,
+    owner @{user_passwordstore_dirs}/** rwkl -> @{HOME}/.password-store/**,
    owner /dev/shm/pass.@{rand}/* rw,
    owner @{tmp}/.git_vtag_tmp@{rand6} rw,  # For git log --show-signature

--- a/apparmor.d/profiles-m-r/pass-import
+++ b/apparmor.d/profiles-m-r/pass-import
@ -33,7 +33,7 @@ profile pass-import @{exec_path} {

  /usr/share/file/misc/magic.mgc r,

-  owner @{user_password_store_dirs}/{,**} rw,
+  owner @{user_passwordstore_dirs}/{,**} rw,

  owner @{tmp}/[a-zA-Z0-9]* rw,

--- a/apparmor.d/profiles-m-r/protonmail-bridge-core
+++ b/apparmor.d/profiles-m-r/protonmail-bridge-core
@ -5,7 +5,7 @@
 # To force the use of the Gnome Keyring or Kwallet secret-service, add the
 # following lines in your local/protonmail-bridge-core file:
 #   deny @{bin}/pass x,
-#   deny owner @{user_password_store_dirs}/** r,
+#   deny owner @{user_passwordstore_dirs}/** r,

 abi <abi/4.0>,

@ -30,8 +30,8 @@ profile protonmail-bridge-core @{exec_path} {
  /etc/lsb-release r,
  /etc/machine-id r,

-  owner @{user_password_store_dirs}/docker-credential-helpers/{,**} r,
-  owner @{user_password_store_dirs}/protonmail-credentials/{,**} r,
+  owner @{user_passwordstore_dirs}/docker-credential-helpers/{,**} r,
+  owner @{user_passwordstore_dirs}/protonmail-credentials/{,**} r,

  owner @{user_cache_dirs}/protonmail/{,**} rwk,
  owner @{user_config_dirs}/protonmail/{,**} rwk,
@ -48,7 +48,7 @@ profile protonmail-bridge-core @{exec_path} {
  @{PROC}/sys/net/core/somaxconn r,

  deny @{bin}/pass x,
-  deny owner @{user_password_store_dirs}/** r,
+  deny owner @{user_passwordstore_dirs}/** r,

  profile pass {
    include <abstractions/base>
@ -72,10 +72,10 @@ profile protonmail-bridge-core @{exec_path} {
    @{bin}/tty         rix,
    @{bin}/which       rix,

-         owner @{user_password_store_dirs}/ r,
-         owner @{user_password_store_dirs}/.gpg-id r,
-         owner @{user_password_store_dirs}/protonmail-credentials/{,**} rw,
-    deny owner @{user_password_store_dirs}/**/ r,
+         owner @{user_passwordstore_dirs}/ r,
+         owner @{user_passwordstore_dirs}/.gpg-id r,
+         owner @{user_passwordstore_dirs}/protonmail-credentials/{,**} rw,
+    deny owner @{user_passwordstore_dirs}/**/ r,

    /dev/tty rw,

--- a/apparmor.d/tunables/home.d/apparmor.d
+++ b/apparmor.d/tunables/home.d/apparmor.d
@ -11,30 +11,7 @@

 # First part, second part in /etc/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d

-# Extra user personal directories
-@{XDG_SCREENSHOTS_DIR}="Pictures/Screenshots"
-@{XDG_WALLPAPERS_DIR}="Pictures/Wallpapers"
-@{XDG_BOOKS_DIR}="Books"
-@{XDG_GAMES_DIR}=".games"
-@{XDG_PROJECTS_DIR}="Projects"
-@{XDG_WORK_DIR}="Work"
-@{XDG_MAIL_DIR}="Mail" ".{m,M}ail"
-@{XDG_SYNC_DIR}="Sync"
-@{XDG_TORRENTS_DIR}="Torrents"
-@{XDG_VM_DIR}=".vm"
-@{XDG_VM_SHARES_DIR}="VM_Shares"
-@{XDG_IMG_DIR}="images"
-@{XDG_GAMESSTUDIO_DIR}="unity3d"
-
-# User personal keyrings
-@{XDG_GPG_DIR}=".gnupg"
-@{XDG_SSH_DIR}=".ssh"
-@{XDG_PASSWORD_STORE_DIR}=".password-store"
-
-# User personal private directories
-@{XDG_PRIVATE_DIR}=".{p,P}rivate" "{p,P}rivate"
-
-# Definition of local user configuration directories
+# Define the XDG Base Directory
@{XDG_CACHE_DIR}=".cache"
@{XDG_CONFIG_DIR}=".config"
@{XDG_DATA_DIR}=".local/share"
@ -42,28 +19,59 @@
@{XDG_BIN_DIR}=".local/bin"
@{XDG_LIB_DIR}=".local/lib"

-# Full path of the user configuration directories
+# Define extended user directories not defined in the XDG standard but commonly
+# used in profiles
+@{XDG_SCREENSHOTS_DIR}="Pictures/Screenshots"
+@{XDG_WALLPAPERS_DIR}="Pictures/Wallpapers"
+@{XDG_BOOKS_DIR}="Books"
+@{XDG_GAMES_DIR}="Games"
+@{XDG_PROJECTS_DIR}="Projects"
+@{XDG_WORK_DIR}="Work"
+@{XDG_MAIL_DIR}="Mail" ".{m,M}ail"
+@{XDG_SYNC_DIR}="Sync"
+@{XDG_TORRENTS_DIR}="Torrents"
+@{XDG_GAMESSTUDIO_DIR}="unity3d"
+
+# Define user directories for virtual machines, shared folders and disk images
+@{XDG_VM_DIR}=".vm"
+@{XDG_VMSHARE_DIR}=".vmshare"
+@{XDG_IMG_DIR}=".img"
+
+# Define user build directories and artifacts output
+@{XDG_BUILD_DIR}=".build"
+@{XDG_PKG_DIR}=".pkg"
+
+# Define user personal keyrings
+@{XDG_GPG_DIR}=".gnupg"
+@{XDG_SSH_DIR}=".ssh"
+@{XDG_PASSWORDSTORE_DIR}=".password-store"
+
+# Define user personal private directories
+@{XDG_PRIVATE_DIR}=".{p,P}rivate" "{p,P}rivate"
+
+# Full path of the XDG Base Directory 
@{user_cache_dirs}=@{HOME}/@{XDG_CACHE_DIR}
@{user_config_dirs}=@{HOME}/@{XDG_CONFIG_DIR}
+@{user_state_dirs}=@{HOME}/@{XDG_STATE_DIR}
@{user_bin_dirs}=@{HOME}/@{XDG_BIN_DIR}
@{user_lib_dirs}=@{HOME}/@{XDG_LIB_DIR}
-@{user_state_dirs}=@{HOME}/@{XDG_STATE_DIR}
-
-# User build directories and output
-@{user_build_dirs}="/tmp/build/"
-@{user_pkg_dirs}="/tmp/pkg/"
-@{user_img_dirs}=@{HOME}/@{XDG_IMG_DIR} @{MOUNTS}/@{XDG_IMG_DIR}

 # Other user directories
@{user_books_dirs}=@{HOME}/@{XDG_BOOKS_DIR} @{MOUNTS}/@{XDG_BOOKS_DIR}
@{user_games_dirs}=@{HOME}/@{XDG_GAMES_DIR} @{MOUNTS}/@{XDG_GAMES_DIR}
-@{user_private_dirs}=@{HOME}/@{XDG_PRIVATE_DIR} @{MOUNTS}/@{XDG_PRIVATE_DIR}
-@{user_password_store_dirs}=@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}
+@{user_projects_dirs}=@{HOME}/@{XDG_PROJECTS_DIR} @{MOUNTS}/@{XDG_PROJECTS_DIR}
@{user_work_dirs}=@{HOME}/@{XDG_WORK_DIR} @{MOUNTS}/@{XDG_WORK_DIR}
@{user_mail_dirs}=@{HOME}/@{XDG_MAIL_DIR} @{MOUNTS}/@{XDG_MAIL_DIR}
-@{user_projects_dirs}=@{HOME}/@{XDG_PROJECTS_DIR} @{MOUNTS}/@{XDG_PROJECTS_DIR}
-@{user_sync_dirs}=@{HOME}/@{XDG_SYNC_DIR} @{MOUNTS}/*/@{XDG_SYNC_DIR}
+@{user_sync_dirs}=@{HOME}/@{XDG_SYNC_DIR} @{MOUNTS}/@{XDG_SYNC_DIR}
@{user_torrents_dirs}=@{HOME}/@{XDG_TORRENTS_DIR} @{MOUNTS}/@{XDG_TORRENTS_DIR}
@{user_vm_dirs}=@{HOME}/@{XDG_VM_DIR} @{MOUNTS}/@{XDG_VM_DIR}
+@{user_vmshare_dirs}=@{HOME}/@{XDG_VMSHARE_DIR} @{MOUNTS}/@{XDG_VMSHARE_DIR}
+@{user_img_dirs}=@{HOME}/@{XDG_IMG_DIR} @{MOUNTS}/@{XDG_IMG_DIR}
+@{user_build_dirs}=@{HOME}/@{XDG_BUILD_DIR} @{MOUNTS}/@{XDG_BUILD_DIR}
+@{user_pkg_dirs}=@{HOME}/@{XDG_PKG_DIR} @{MOUNTS}/@{XDG_PKG_DIR}
+@{user_gpg_dirs}=@{HOME}/@{XDG_GPG_DIR} @{MOUNTS}/@{XDG_GPG_DIR}
+@{user_ssh_dirs}=@{HOME}/@{XDG_SSH_DIR} @{MOUNTS}/@{XDG_SSH_DIR}
+@{user_passwordstore_dirs}=@{HOME}/@{XDG_PASSWORDSTORE_DIR} @{MOUNTS}/@{XDG_PASSWORDSTORE_DIR}
+@{user_private_dirs}=@{HOME}/@{XDG_PRIVATE_DIR} @{MOUNTS}/@{XDG_PRIVATE_DIR}

 # vim:syntax=apparmor
--- a/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d
+++ b/apparmor.d/tunables/xdg-user-dirs.d/apparmor.d
@ -14,14 +14,14 @@
@{XDG_DOWNLOAD_DIR}+=".tb/tor-browser/Browser/Downloads"

 # Other user directories
-@{user_documents_dirs}=@{HOME}/@{XDG_DOCUMENTS_DIR} @{MOUNTS}/@{XDG_DOCUMENTS_DIR}
+@{user_desktop_dirs}=@{HOME}/@{XDG_DESKTOP_DIR} @{MOUNTS}/@{XDG_DESKTOP_DIR}
@{user_download_dirs}=@{HOME}/@{XDG_DOWNLOAD_DIR} @{MOUNTS}/@{XDG_DOWNLOAD_DIR}
+@{user_templates_dirs}=@{HOME}/@{XDG_TEMPLATES_DIR} @{MOUNTS}/@{XDG_TEMPLATES_DIR}
+@{user_publicshare_dirs}=@{HOME}/@{XDG_PUBLICSHARE_DIR} @{MOUNTS}/@{XDG_PUBLICSHARE_DIR}
+@{user_documents_dirs}=@{HOME}/@{XDG_DOCUMENTS_DIR} @{MOUNTS}/@{XDG_DOCUMENTS_DIR}
@{user_music_dirs}=@{HOME}/@{XDG_MUSIC_DIR} @{MOUNTS}/@{XDG_MUSIC_DIR}
@{user_pictures_dirs}=@{HOME}/@{XDG_PICTURES_DIR} @{MOUNTS}/@{XDG_PICTURES_DIR}
@{user_videos_dirs}=@{HOME}/@{XDG_VIDEOS_DIR} @{MOUNTS}/@{XDG_VIDEOS_DIR}
-@{user_publicshare_dirs}=@{HOME}/@{XDG_PUBLICSHARE_DIR} @{MOUNTS}/@{XDG_PUBLICSHARE_DIR}
-@{user_templates_dirs}=@{HOME}/@{XDG_TEMPLATES_DIR} @{MOUNTS}/@{XDG_TEMPLATES_DIR}
-@{user_vm_shares}=@{HOME}/@{XDG_VM_SHARES_DIR} @{MOUNTS}/@{XDG_VM_SHARES_DIR}

 include if exists <tunables/xdg-user-dirs.d/apparmor.d.d>

--- a/docs/configuration.md
+++ b/docs/configuration.md
@ -143,7 +143,7 @@ Please ensure that all personal directories you are using are well-defined XDG d
      | Books | `@{user_books_dirs}` | `@{HOME}/@{XDG_BOOKS_DIR} @{MOUNTS}/@{XDG_BOOKS_DIR}` |
      | Games | `@{user_games_dirs}` | `@{HOME}/@{XDG_GAMES_DIR} @{MOUNTS}/@{XDG_GAMES_DIR}` |
      | Private | `@{user_private_dirs}` | `@{HOME}/@{XDG_PRIVATE_DIR} @{MOUNTS}/@{XDG_PRIVATE_DIR}` |
-      | Passwords | `@{user_password_store_dirs}` | `@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}` |
+      | Passwords | `@{user_passwordstore_dirs}` | `@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}` |
      | Work | `@{user_work_dirs}` | `@{HOME}/@{XDG_WORK_DIR} @{MOUNTS}/@{XDG_WORK_DIR}` |
      | Mail | `@{user_mail_dirs}` | `@{HOME}/@{XDG_MAIL_DIR} @{MOUNTS}/@{XDG_MAIL_DIR}` |
      | Projects | `@{user_projects_dirs}` | `@{HOME}/@{XDG_PROJECTS_DIR} @{MOUNTS}/@{XDG_PROJECTS_DIR}` |
@ -152,7 +152,7 @@ Please ensure that all personal directories you are using are well-defined XDG d
      | Torrents | `@{user_torrents_dirs}` | `@{HOME}/@{XDG_TORRENTS_DIR} @{MOUNTS}/@{XDG_TORRENTS_DIR}` |
      | Sync | `@{user_sync_dirs}` | `@{HOME}/@{XDG_SYNC_DIR} @{MOUNTS}/*/@{XDG_SYNC_DIR}` |
      | Vm | `@{user_vm_dirs}` | `@{HOME}/@{XDG_VM_DIR} @{MOUNTS}/@{XDG_VM_DIR}` |
-      | Vm Shares | `@{user_vm_shares}` | `@{HOME}/@{XDG_VM_SHARES_DIR} @{MOUNTS}/@{XDG_VM_SHARES_DIR}` |
+      | Vm Shares | `@{user_vmshare_dirs}` | `@{HOME}/@{XDG_VM_SHARES_DIR} @{MOUNTS}/@{XDG_VM_SHARES_DIR}` |
      | Disk images | `@{user_img_dirs}` | `@{HOME}/@{XDG_IMG_DIR} @{MOUNTS}/@{XDG_IMG_DIR}` |

    </figure>
--- a/docs/variables.md
+++ b/docs/variables.md
@ -29,7 +29,7 @@ title: Variables References
 | Sync | `@{XDG_SYNC_DIR}` | `Sync` |
 | Torrents | `@{XDG_TORRENTS_DIR}` | `Torrents` |
 | Vm | `@{XDG_VM_DIR}` | `.vm` |
-| Vm Shares | `@{XDG_VM_SHARES_DIR}` | `VM_Shares` |
+| Vm Shares | `@{XDG_VMSHARE_DIR}` | `VM_Shares` |
 | Disk images | `@{XDG_IMG_DIR}` | `images` |
 | Games Studio | `@{XDG_GAMESSTUDIO_DIR}` | `.unity3d` |

@ -85,7 +85,7 @@ title: Variables References
 | Books | `@{user_books_dirs}` | `@{HOME}/@{XDG_BOOKS_DIR} @{MOUNTS}/@{XDG_BOOKS_DIR}` |
 | Games | `@{user_games_dirs}` | `@{HOME}/@{XDG_GAMES_DIR} @{MOUNTS}/@{XDG_GAMES_DIR}` |
 | Private | `@{user_private_dirs}` | `@{HOME}/@{XDG_PRIVATE_DIR} @{MOUNTS}/@{XDG_PRIVATE_DIR}` |
-| Passwords | `@{user_password_store_dirs}` | `@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}` |
+| Passwords | `@{user_passwordstore_dirs}` | `@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}` |
 | Work | `@{user_work_dirs}` | `@{HOME}/@{XDG_WORK_DIR} @{MOUNTS}/@{XDG_WORK_DIR}` |
 | Mail | `@{user_mail_dirs}` | `@{HOME}/@{XDG_MAIL_DIR} @{MOUNTS}/@{XDG_MAIL_DIR}` |
 | Projects | `@{user_projects_dirs}` | `@{HOME}/@{XDG_PROJECTS_DIR} @{MOUNTS}/@{XDG_PROJECTS_DIR}` |
@ -94,7 +94,7 @@ title: Variables References
 | Torrents | `@{user_torrents_dirs}` | `@{HOME}/@{XDG_TORRENTS_DIR} @{MOUNTS}/@{XDG_TORRENTS_DIR}` |
 | Sync | `@{user_sync_dirs}` | `@{HOME}/@{XDG_SYNC_DIR} @{MOUNTS}/*/@{XDG_SYNC_DIR}` |
 | Vm | `@{user_vm_dirs}` | `@{HOME}/@{XDG_VM_DIR} @{MOUNTS}/@{XDG_VM_DIR}` |
-| Vm Shares | `@{user_vm_shares}` | `@{HOME}/@{XDG_VM_SHARES_DIR} @{MOUNTS}/@{XDG_VM_SHARES_DIR}` |
+| Vm Shares | `@{user_vmshare_dirs}` | `@{HOME}/@{XDG_VMSHARE_DIR} @{MOUNTS}/@{XDG_VMSHARE_DIR}` |
 | Disk images | `@{user_img_dirs}` | `@{HOME}/@{XDG_IMG_DIR} @{MOUNTS}/@{XDG_IMG_DIR}` |

 </figure>