From 0f9b7cb4748774441de12c423d82f3888a275934 Mon Sep 17 00:00:00 2001 From: ShellCode Date: Thu, 27 Jul 2023 13:20:19 +0200 Subject: [PATCH] Fix #184 (#185) * Replace @{HOME}/.config with @{user_config_dirs} * Replace @{HOME}/.cache with @{user_cache_dirs} * Replace @{HOME}/.local/state with @{user_state_dirs} * Add missing user_share_dirs to apparmor.d/tunables/home.d/apparmor.d * Update docs/variables.md * Replace @{HOME}/.local/share with @{user_share_dirs} * Replace @{HOME}/.local/lib with @{user_lib_dirs} * Revert "Add missing user_share_dirs to apparmor.d/tunables/home.d/apparmor.d" This reverts commit 9525003098c6264ee9d099786b03df673d769ddf. --- .../abstractions/thumbnails-cache-write | 2 +- apparmor.d/groups/apps/discord | 6 ++-- apparmor.d/groups/apps/telegram-desktop | 2 +- .../groups/freedesktop/pipewire-media-session | 4 +-- .../groups/freedesktop/xdg-desktop-portal-kde | 2 +- apparmor.d/groups/gnome/gnome-keyring-daemon | 2 +- apparmor.d/profiles-a-f/amixer | 2 +- apparmor.d/profiles-a-f/anki | 2 +- apparmor.d/profiles-a-f/deltachat-desktop | 4 +-- apparmor.d/profiles-a-f/dring | 8 +++--- apparmor.d/profiles-a-f/dunst | 2 +- apparmor.d/profiles-a-f/fritzing | 2 +- apparmor.d/profiles-a-f/fuseiso | 6 ++-- apparmor.d/profiles-a-f/fusermount | 4 +-- apparmor.d/profiles-g-l/gajim | 6 ++-- apparmor.d/profiles-g-l/jami-gnome | 20 ++++++------- apparmor.d/profiles-g-l/jmtpfs | 6 ++-- apparmor.d/profiles-m-r/merkaartor | 6 ++-- apparmor.d/profiles-m-r/openbox | 2 +- apparmor.d/profiles-m-r/pulseeffects | 6 ++-- apparmor.d/profiles-m-r/qtox | 2 +- apparmor.d/profiles-s-z/transmission-qt | 12 ++++---- apparmor.d/profiles-s-z/umount | 2 +- apparmor.d/profiles-s-z/yt-dlp | 6 ++-- dists/ubuntu/abstractions/trash | 28 +++++++++---------- docs/variables.md | 4 ++- 26 files changed, 75 insertions(+), 73 deletions(-) diff --git a/apparmor.d/abstractions/thumbnails-cache-write b/apparmor.d/abstractions/thumbnails-cache-write index 172072e1..e136d08d 100644 --- a/apparmor.d/abstractions/thumbnails-cache-write +++ b/apparmor.d/abstractions/thumbnails-cache-write @@ -7,7 +7,7 @@ owner @{HOME}/thumbnails/ rw, owner @{HOME}/thumbnails/{large,normal}/ rw, owner @{HOME}/thumbnails/{large,normal}/#[0-9]*[0-9] rw, - owner @{HOME}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{HOME}/.cache/thumbnails/{large,normal}/#[0-9]*[0-9], + owner @{HOME}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{user_cache_dirs}/thumbnails/{large,normal}/#[0-9]*[0-9], owner @{user_cache_dirs}/thumbnails/ rw, owner @{user_cache_dirs}/thumbnails/{large,normal}/ rw, diff --git a/apparmor.d/groups/apps/discord b/apparmor.d/groups/apps/discord index af2251b4..1c930fde 100644 --- a/apparmor.d/groups/apps/discord +++ b/apparmor.d/groups/apps/discord @@ -8,9 +8,9 @@ include @{DISCORD_LIBDIR} = /usr/share/discord @{DISCORD_LIBDIR} += /usr/share/discord-ptb /opt/discord -@{DISCORD_HOMEDIR} = @{HOME}/.config/discord -@{DISCORD_HOMEDIR} += @{HOME}/.config/discordptb -@{DISCORD_CACHEDIR} = @{HOME}/.cache/discord +@{DISCORD_HOMEDIR} = @{user_config_dirs}/discord +@{DISCORD_HOMEDIR} += @{user_config_dirs}/discordptb +@{DISCORD_CACHEDIR} = @{user_cache_dirs}/discord @{exec_path} = @{DISCORD_LIBDIR}/Discord{,PTB} @{bin}/discord{,-ptb} profile discord @{exec_path} { diff --git a/apparmor.d/groups/apps/telegram-desktop b/apparmor.d/groups/apps/telegram-desktop index c2234b09..69292d57 100644 --- a/apparmor.d/groups/apps/telegram-desktop +++ b/apparmor.d/groups/apps/telegram-desktop @@ -77,7 +77,7 @@ profile telegram-desktop @{exec_path} { /usr/share/hwdata/pnp.ids r, - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, # Allowed apps to open diff --git a/apparmor.d/groups/freedesktop/pipewire-media-session b/apparmor.d/groups/freedesktop/pipewire-media-session index 48991510..7b92f184 100644 --- a/apparmor.d/groups/freedesktop/pipewire-media-session +++ b/apparmor.d/groups/freedesktop/pipewire-media-session @@ -48,8 +48,8 @@ profile pipewire-media-session @{exec_path} { /var/lib/gdm{3,}/.local/state/pipewire/media-session.d/* rw, - owner @{HOME}/.local/state/ rw, - owner @{HOME}/.local/state/pipewire/{,**} rw, + owner @{user_state_dirs}/ rw, + owner @{user_state_dirs}/pipewire/{,**} rw, owner @{user_config_dirs}/pipewire-media-session/ w, owner @{user_config_dirs}/pipewire/ rw, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde index f695815b..30cafbd2 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde @@ -34,7 +34,7 @@ profile xdg-desktop-portal-kde @{exec_path} { /etc/xdg/kwinrc r, owner @{HOME}/.Xauthority r, - owner @{HOME}/.cache/*.kcache r, + owner @{user_cache_dirs}/*.kcache r, owner @{user_cache_dirs}/icon-cache.kcache rw, diff --git a/apparmor.d/groups/gnome/gnome-keyring-daemon b/apparmor.d/groups/gnome/gnome-keyring-daemon index c4800434..9cb2048d 100644 --- a/apparmor.d/groups/gnome/gnome-keyring-daemon +++ b/apparmor.d/groups/gnome/gnome-keyring-daemon @@ -128,7 +128,7 @@ profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) { owner @{HOME}/@{XDG_SSH_DIR}/{,**} r, owner @{HOME}/.local/ w, - owner @{HOME}/.local/share/ w, + owner @{user_share_dirs}/ w, owner @{HOME}/.xsession-errors w, owner @{run}/user/@{uid}/keyring/ rw, diff --git a/apparmor.d/profiles-a-f/amixer b/apparmor.d/profiles-a-f/amixer index c840fd78..6dacb53f 100644 --- a/apparmor.d/profiles-a-f/amixer +++ b/apparmor.d/profiles-a-f/amixer @@ -21,7 +21,7 @@ profile amixer @{exec_path} { owner @{HOME}/.Xauthority r, - owner @{HOME}/.config/pulse/ r, + owner @{user_config_dirs}/pulse/ r, owner @{PROC}/@{pid}/task/@{tid}/comm rw, diff --git a/apparmor.d/profiles-a-f/anki b/apparmor.d/profiles-a-f/anki index 66a821bd..32b08503 100644 --- a/apparmor.d/profiles-a-f/anki +++ b/apparmor.d/profiles-a-f/anki @@ -70,7 +70,7 @@ profile anki @{exec_path} { owner @{user_share_dirs}/Anki{,2}/** rwk, owner @{HOME}/ r, - owner @{HOME}/.cache/ rw, + owner @{user_cache_dirs}/ rw, # To remove the following error: # Error initializing NSS with a persistent database diff --git a/apparmor.d/profiles-a-f/deltachat-desktop b/apparmor.d/profiles-a-f/deltachat-desktop index 126173d8..e2c2b23b 100644 --- a/apparmor.d/profiles-a-f/deltachat-desktop +++ b/apparmor.d/profiles-a-f/deltachat-desktop @@ -44,8 +44,8 @@ profile deltachat-desktop @{exec_path} { @{DCD_LIBDIR}/resources/app.asar.unpacked/node_modules/**.so.[0-9]* mr, @{DCD_LIBDIR}/chrome-sandbox rPx, - owner @{HOME}/.config/DeltaChat/ rw, - owner @{HOME}/.config/DeltaChat/** rwk, + owner @{user_config_dirs}/DeltaChat/ rw, + owner @{user_config_dirs}/DeltaChat/** rwk, owner /tmp/@{hex}/ rw, owner /tmp/@{hex}/db.sqlite-blobs/ rw, diff --git a/apparmor.d/profiles-a-f/dring b/apparmor.d/profiles-a-f/dring index c2c68ca5..86504f4b 100644 --- a/apparmor.d/profiles-a-f/dring +++ b/apparmor.d/profiles-a-f/dring @@ -19,10 +19,10 @@ profile dring @{exec_path} { @{exec_path} mr, - owner @{HOME}/.config/ring/ rw, - owner @{HOME}/.config/jami/dring.yml rw, - owner @{HOME}/.config/jami/dring.yml.bak w, - owner @{HOME}/.local/share/jami/ r, + owner @{user_config_dirs}/ring/ rw, + owner @{user_config_dirs}/jami/dring.yml rw, + owner @{user_config_dirs}/jami/dring.yml.bak w, + owner @{user_share_dirs}/jami/ r, @{sys}/class/ r, @{sys}/bus/ r, diff --git a/apparmor.d/profiles-a-f/dunst b/apparmor.d/profiles-a-f/dunst index 5110c092..3929afff 100644 --- a/apparmor.d/profiles-a-f/dunst +++ b/apparmor.d/profiles-a-f/dunst @@ -16,7 +16,7 @@ profile dunst @{exec_path} { @{exec_path} mr, /etc/xdg/dunst/dunstrc r, - owner @{HOME}/.config/dunst/dunstrc r, + owner @{user_config_dirs}/dunst/dunstrc r, owner @{HOME}/.Xauthority r, diff --git a/apparmor.d/profiles-a-f/fritzing b/apparmor.d/profiles-a-f/fritzing index 9fe267c2..a0a3ac66 100644 --- a/apparmor.d/profiles-a-f/fritzing +++ b/apparmor.d/profiles-a-f/fritzing @@ -29,7 +29,7 @@ profile fritzing @{exec_path} { @{exec_path} mrix, owner @{user_config_dirs}/Fritzing/ rw, - owner @{user_config_dirs}/Fritzing/** rwkl -> @{HOME}/.config/Fritzing/**, + owner @{user_config_dirs}/Fritzing/** rwkl -> @{user_config_dirs}/Fritzing/**, owner @{HOME}/@{XDG_DOCUMENTS_DIR}/Fritzing/ rw, owner @{HOME}/@{XDG_DOCUMENTS_DIR}/Fritzing/** rw, diff --git a/apparmor.d/profiles-a-f/fuseiso b/apparmor.d/profiles-a-f/fuseiso index fa121ff7..66cbd654 100644 --- a/apparmor.d/profiles-a-f/fuseiso +++ b/apparmor.d/profiles-a-f/fuseiso @@ -15,7 +15,7 @@ profile fuseiso @{exec_path} { # Be able to mount ISO images mount fstype=fuse.fuseiso -> @{HOME}/*/, mount fstype=fuse.fuseiso -> @{HOME}/*/*/, - mount fstype=fuse.fuseiso -> @{HOME}/.cache/**/, + mount fstype=fuse.fuseiso -> @{user_cache_dirs}/**/, @{exec_path} mr, @@ -24,7 +24,7 @@ profile fuseiso @{exec_path} { # Where to mount ISO files owner @{HOME}/*/ rw, owner @{HOME}/*/*/ rw, - owner @{HOME}/.cache/**/ r, + owner @{user_cache_dirs}/**/ r, owner @{HOME}/.mtab.fuseiso rwk, owner @{HOME}/.mtab.fuseiso.new rw, @@ -45,7 +45,7 @@ profile fuseiso @{exec_path} { mount fstype={fuse,fuse.fuseiso} -> @{HOME}/*/, mount fstype={fuse,fuse.fuseiso} -> @{HOME}/*/*/, - mount fstype={fuse,fuse.fuseiso} -> @{HOME}/.cache/**/, + mount fstype={fuse,fuse.fuseiso} -> @{user_cache_dirs}/**/, @{bin}/fusermount{,3} mr, diff --git a/apparmor.d/profiles-a-f/fusermount b/apparmor.d/profiles-a-f/fusermount index 55cfa6f5..19b14fe6 100644 --- a/apparmor.d/profiles-a-f/fusermount +++ b/apparmor.d/profiles-a-f/fusermount @@ -30,7 +30,7 @@ profile fusermount @{exec_path} { # Be able to mount ISO images mount fstype={fuse,fuse.*} -> @{HOME}/*/, mount fstype={fuse,fuse.*} -> @{HOME}/*/*/, - mount fstype={fuse,fuse.*} -> @{HOME}/.cache/**/, + mount fstype={fuse,fuse.*} -> @{user_cache_dirs}/**/, mount fstype={fuse,fuse.*} -> @{MOUNTS}/*/, mount fstype={fuse,fuse.*} -> @{MOUNTS}/*/*/, mount fstype={fuse,fuse.*} -> @{run}/user/@{uid}/*/, @@ -38,7 +38,7 @@ profile fusermount @{exec_path} { umount @{HOME}/*/, umount @{HOME}/*/*/, - umount @{HOME}/.cache/**/, + umount @{user_cache_dirs}/**/, umount @{MOUNTS}/*/, umount @{MOUNTS}/*/*/, umount /tmp/.mount_*/, diff --git a/apparmor.d/profiles-g-l/gajim b/apparmor.d/profiles-g-l/gajim index 1c36d11b..971c6ca6 100644 --- a/apparmor.d/profiles-g-l/gajim +++ b/apparmor.d/profiles-g-l/gajim @@ -72,8 +72,8 @@ profile gajim @{exec_path} { owner @{user_cache_dirs}/gajim/ rw, owner @{user_cache_dirs}/gajim/** rwk, - owner @{HOME}/.cache/farstream/ rw, - owner @{HOME}/.cache/farstream/codecs.audio.x86_64.cache{,.tmp*} rw, + owner @{user_cache_dirs}/farstream/ rw, + owner @{user_cache_dirs}/farstream/codecs.audio.x86_64.cache{,.tmp*} rw, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mounts r, @@ -135,7 +135,7 @@ profile gajim @{exec_path} { owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, owner @{user_share_dirs}/gajim/openpgp/ rw, - owner @{user_share_dirs}/gajim/openpgp/** rwkl -> @{HOME}/.local/share/gajim/openpgp/**, + owner @{user_share_dirs}/gajim/openpgp/** rwkl -> @{user_share_dirs}/gajim/openpgp/**, # "Without owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/profiles-g-l/jami-gnome b/apparmor.d/profiles-g-l/jami-gnome index 80a0e919..1a4617ae 100644 --- a/apparmor.d/profiles-g-l/jami-gnome +++ b/apparmor.d/profiles-g-l/jami-gnome @@ -24,19 +24,19 @@ profile jami-gnome @{exec_path} { @{exec_path} mr, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/jami-gnome/ rw, - owner @{HOME}/.cache/jami-gnome/** rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/jami-gnome/ rw, + owner @{user_cache_dirs}/jami-gnome/** rw, - owner @{HOME}/.local/share/jami/ rw, - owner @{HOME}/.local/share/jami/** rwkl -> @{HOME}/.local/share/jami/, + owner @{user_share_dirs}/jami/ rw, + owner @{user_share_dirs}/jami/** rwkl -> @{user_share_dirs}/jami/, - owner @{HOME}/.config/autostart/jami-gnome.desktop w, + owner @{user_config_dirs}/autostart/jami-gnome.desktop w, - owner @{HOME}/.local/share/ r, - owner @{HOME}/.local/share/webkitgtk/deviceidhashsalts/1/ r, - owner @{HOME}/.local/share/webkitgtk/databases/indexeddb/v0 w, - owner @{HOME}/.local/share/webkitgtk/databases/indexeddb/v1/ w, + owner @{user_share_dirs}/ r, + owner @{user_share_dirs}/webkitgtk/deviceidhashsalts/1/ r, + owner @{user_share_dirs}/webkitgtk/databases/indexeddb/v0 w, + owner @{user_share_dirs}/webkitgtk/databases/indexeddb/v1/ w, @{lib}/@{multiarch}/webkit2gtk-4.0/WebKitNetworkProcess rix, @{lib}/@{multiarch}/webkit2gtk-4.0/WebKitWebProcess rix, diff --git a/apparmor.d/profiles-g-l/jmtpfs b/apparmor.d/profiles-g-l/jmtpfs index bb3b0e29..3de4f8ea 100644 --- a/apparmor.d/profiles-g-l/jmtpfs +++ b/apparmor.d/profiles-g-l/jmtpfs @@ -24,11 +24,11 @@ profile jmtpfs @{exec_path} { owner @{HOME}/*/ r, owner @{HOME}/*/*/ r, - owner @{HOME}/.cache/*/mtp{,-[0-9]*}/ rw, + owner @{user_cache_dirs}/*/mtp{,-[0-9]*}/ rw, mount fstype={fuse,fuse.jmtpfs} -> @{HOME}/*/, mount fstype={fuse,fuse.jmtpfs} -> @{HOME}/*/*/, - mount fstype={fuse,fuse.jmtpfs} -> @{HOME}/.cache/*/*/, + mount fstype={fuse,fuse.jmtpfs} -> @{user_cache_dirs}/*/*/, /etc/magic r, @@ -49,7 +49,7 @@ profile jmtpfs @{exec_path} { mount fstype={fuse,fuse.jmtpfs} -> @{HOME}/*/, mount fstype={fuse,fuse.jmtpfs} -> @{HOME}/*/*/, - mount fstype={fuse,fuse.jmtpfs} -> @{HOME}/.cache/*/*/, + mount fstype={fuse,fuse.jmtpfs} -> @{user_cache_dirs}/*/*/, /etc/fuse.conf r, diff --git a/apparmor.d/profiles-m-r/merkaartor b/apparmor.d/profiles-m-r/merkaartor index d9556b67..d9909288 100644 --- a/apparmor.d/profiles-m-r/merkaartor +++ b/apparmor.d/profiles-m-r/merkaartor @@ -33,8 +33,8 @@ profile merkaartor @{exec_path} { /usr/share/merkaartor/{,**} r, - owner @{HOME}/.config/Merkaartor/ rw, - owner @{HOME}/.config/Merkaartor/* rwkl -> @{HOME}/.config/Merkaartor/, + owner @{user_config_dirs}/Merkaartor/ rw, + owner @{user_config_dirs}/Merkaartor/* rwkl -> @{user_config_dirs}/Merkaartor/, owner @{HOME}/.merkaartor/ rw, owner @{HOME}/.merkaartor/* rw, @@ -45,7 +45,7 @@ profile merkaartor @{exec_path} { /etc/machine-id r, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, /usr/share/hwdata/pnp.ids r, diff --git a/apparmor.d/profiles-m-r/openbox b/apparmor.d/profiles-m-r/openbox index 103fe7fa..a9ff5874 100644 --- a/apparmor.d/profiles-m-r/openbox +++ b/apparmor.d/profiles-m-r/openbox @@ -75,7 +75,7 @@ profile openbox @{exec_path} { # Silencer deny @{lib}/python3/** w, - deny owner @{HOME}/.local/lib/python*/site-packages/ r, + deny owner @{user_lib_dirs}/python*/site-packages/ r, # file_inherit owner @{HOME}/.xsession-errors w, diff --git a/apparmor.d/profiles-m-r/pulseeffects b/apparmor.d/profiles-m-r/pulseeffects index 1ee24af2..1d270b8b 100644 --- a/apparmor.d/profiles-m-r/pulseeffects +++ b/apparmor.d/profiles-m-r/pulseeffects @@ -24,10 +24,10 @@ profile pulseeffects @{exec_path} { /etc/pipewire/pipewire.conf r, /etc/pipewire/client.conf r, - owner @{HOME}/.config/PulseEffects/ rw, - owner @{HOME}/.config/PulseEffects/** rw, + owner @{user_config_dirs}/PulseEffects/ rw, + owner @{user_config_dirs}/PulseEffects/** rw, - owner @{HOME}/.config/autostart/pulseeffects-service.desktop w, + owner @{user_config_dirs}/autostart/pulseeffects-service.desktop w, owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/profiles-m-r/qtox b/apparmor.d/profiles-m-r/qtox index 9365233c..b78851a9 100644 --- a/apparmor.d/profiles-m-r/qtox +++ b/apparmor.d/profiles-m-r/qtox @@ -41,7 +41,7 @@ profile qtox @{exec_path} { owner @{user_cache_dirs}/qTox/qtox.log rw, owner @{user_config_dirs}/tox/ rw, - owner @{user_config_dirs}/tox/** rwkl -> @{HOME}/.config/tox/**, + owner @{user_config_dirs}/tox/** rwkl -> @{user_config_dirs}/tox/**, owner @{user_config_dirs}/autostart/qTox*.desktop rw, diff --git a/apparmor.d/profiles-s-z/transmission-qt b/apparmor.d/profiles-s-z/transmission-qt index 20597848..08bd18de 100644 --- a/apparmor.d/profiles-s-z/transmission-qt +++ b/apparmor.d/profiles-s-z/transmission-qt @@ -37,12 +37,12 @@ profile transmission-qt @{exec_path} { owner @{user_torrents_dirs}/ r, owner @{user_torrents_dirs}/** rw, - owner @{HOME}/.config/transmission/ rw, - owner @{HOME}/.config/transmission/** rwk, + owner @{user_config_dirs}/transmission/ rw, + owner @{user_config_dirs}/transmission/** rwk, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/transmission/ rw, - owner @{HOME}/.cache/transmission/** rwk, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/transmission/ rw, + owner @{user_cache_dirs}/transmission/** rwk, owner /tmp/tr_session_id_* rwk, @@ -53,7 +53,7 @@ profile transmission-qt @{exec_path} { @{PROC}/sys/kernel/random/uuid r, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration - owner @{HOME}/.config/qt5ct/{,**} r, + owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, /usr/share/hwdata/pnp.ids r, diff --git a/apparmor.d/profiles-s-z/umount b/apparmor.d/profiles-s-z/umount index 12c8efd8..25b23b6a 100644 --- a/apparmor.d/profiles-s-z/umount +++ b/apparmor.d/profiles-s-z/umount @@ -34,7 +34,7 @@ profile umount @{exec_path} { @{HOME}/ r, @{HOME}/*/ r, @{HOME}/*/*/ r, - @{HOME}/.cache/*/*/ r, + @{user_cache_dirs}/*/*/ r, @{MOUNTS}/*/ r, @{MOUNTS}/*/*/ r, diff --git a/apparmor.d/profiles-s-z/yt-dlp b/apparmor.d/profiles-s-z/yt-dlp index 48b3337f..2c5b6610 100644 --- a/apparmor.d/profiles-s-z/yt-dlp +++ b/apparmor.d/profiles-s-z/yt-dlp @@ -37,9 +37,9 @@ profile yt-dlp @{exec_path} { owner @{user_music_dirs}/{,**} rwk, owner @{user_videos_dirs}/{,**} rwk, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/yt-dlp/ rw, - owner @{HOME}/.cache/yt-dlp/** rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/yt-dlp/ rw, + owner @{user_cache_dirs}/yt-dlp/** rw, owner @{PROC}/@{pid}/fd/ r, diff --git a/dists/ubuntu/abstractions/trash b/dists/ubuntu/abstractions/trash index 68a43c06..4c1473d8 100644 --- a/dists/ubuntu/abstractions/trash +++ b/dists/ubuntu/abstractions/trash @@ -2,25 +2,25 @@ abi , # requires - owner @{HOME}/.config/trashrc rw, - owner @{HOME}/.config/trashrc.lock rwk, - owner @{HOME}/.config/#[0-9]*[0-9] rwk, - owner @{HOME}/.config/trashrc.* rwl -> @{HOME}/.config/#[0-9]*[0-9], + owner @{user_config_dirs}/trashrc rw, + owner @{user_config_dirs}/trashrc.lock rwk, + owner @{user_config_dirs}/#[0-9]*[0-9] rwk, + owner @{user_config_dirs}/trashrc.* rwl -> @{user_config_dirs}/#[0-9]*[0-9], owner @{run}/user/@{uid}/#[0-9]*[0-9] rw, owner @{run}/user/@{uid}/trash.so*.[0-9].slave-socket rwl -> @{run}/user/@{uid}/#[0-9]*[0-9], # Home trash location - owner @{HOME}/.local/share/Trash/ rw, - owner @{HOME}/.local/share/Trash/#[0-9]*[0-9] rw, - owner @{HOME}/.local/share/Trash/directorysizes{,.*} rwl -> @{HOME}/.local/share/Trash/#[0-9]*[0-9], - owner @{HOME}/.local/share/Trash/files/{,**} rw, - owner @{HOME}/.local/share/Trash/info/ rw, - owner @{HOME}/.local/share/Trash/info/*.trashinfo{,.*} rw, - owner @{HOME}/.local/share/Trash/expunged/ rw, - owner @{HOME}/.local/share/Trash/expunged/[0-9]* rw, - owner @{HOME}/.local/share/Trash/expunged/[0-9]*/ rw, - owner @{HOME}/.local/share/Trash/expunged/[0-9]*/** rw, + owner @{user_share_dirs}/Trash/ rw, + owner @{user_share_dirs}/Trash/#[0-9]*[0-9] rw, + owner @{user_share_dirs}/Trash/directorysizes{,.*} rwl -> @{user_share_dirs}/Trash/#[0-9]*[0-9], + owner @{user_share_dirs}/Trash/files/{,**} rw, + owner @{user_share_dirs}/Trash/info/ rw, + owner @{user_share_dirs}/Trash/info/*.trashinfo{,.*} rw, + owner @{user_share_dirs}/Trash/expunged/ rw, + owner @{user_share_dirs}/Trash/expunged/[0-9]* rw, + owner @{user_share_dirs}/Trash/expunged/[0-9]*/ rw, + owner @{user_share_dirs}/Trash/expunged/[0-9]*/** rw, # Partitions' trash location when the admin creates the .Trash/ folder in the top lvl dir owner /media/*/.Trash/ rw, diff --git a/docs/variables.md b/docs/variables.md index 54bd5b73..f39a5615 100644 --- a/docs/variables.md +++ b/docs/variables.md @@ -35,6 +35,7 @@ title: Variables References | Cache | ` @{XDG_CACHE_HOME}` | `.cache` | | Config | `@{XDG_CONFIG_HOME}` | `.config` | | Data | `@{XDG_DATA_HOME}` | `.local/share` | +| State | `@{XDG_STATE_HOME}` | `.local/state` | | Bin | `@{XDG_BIN_HOME}` | `.local/bin` | | Lib | `@{XDG_LIB_HOME}` | `.local/lib` | @@ -44,7 +45,8 @@ title: Variables References |-------------|:----:|---------| | Cache | `@{user_cache_dirs}` | `@{HOME}/@{XDG_CACHE_HOME}` | | Config | `@{user_config_dirs}` | `@{HOME}/@{XDG_CONFIG_HOME}` | -| Share | `@{user_share_dirs}` | ` @{HOME}/.local/share/` | +| Share | `@{user_share_dirs}` | ` @{HOME}/@{XDG_DATA_HOME}` | +| State | `@{user_state_dirs}` | ` @{HOME}/@{XDG_STATE_HOME}` | | Bin | `@{user_bin_dirs}` | `@{HOME}/@{XDG_BIN_HOME}` | | Lib | `@{user_lib_dirs}` | `@{HOME}/@{XDG_LIB_HOME}` | | Build | `@{user_build_dirs}` | `/tmp/` |