From 1c9fc00c131e83f9fb069eae6908d91a3459ba9c Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Thu, 1 Apr 2021 17:20:05 +0100 Subject: [PATCH] @{HOME}/.cache -> @{user_cache_dirs} --- apparmor.d/abstractions/deny-dconf | 2 +- apparmor.d/abstractions/fontconfig-cache-read | 10 +++---- .../abstractions/fontconfig-cache-write | 6 ++-- apparmor.d/abstractions/kde5-plasma5 | 4 +-- apparmor.d/abstractions/thumbnails-cache-read | 6 ++-- .../abstractions/thumbnails-cache-write | 10 +++---- apparmor.d/abstractions/totem | 16 +++++------ apparmor.d/abstractions/vlc-art-cache-write | 14 +++++----- apparmor.d/groups/apps/android-studio | 18 ++++++------ apparmor.d/groups/apps/calibre | 20 ++++++------- apparmor.d/groups/apps/discord | 2 +- apparmor.d/groups/apps/discord-chrome-sandbox | 2 +- apparmor.d/groups/apps/filezilla | 4 +-- apparmor.d/groups/apps/okular | 4 +-- apparmor.d/groups/apps/spotify | 6 ++-- apparmor.d/groups/apps/thunderbird | 4 +-- .../usr.lib.libreoffice.program.soffice.bin | 10 +++---- apparmor.d/groups/apps/vlc | 6 ++-- apparmor.d/groups/apt/aptitude | 8 +++--- apparmor.d/groups/browsers/brave | 6 ++-- apparmor.d/groups/browsers/brave-browser | 2 +- apparmor.d/groups/browsers/brave-sandbox | 2 +- apparmor.d/groups/browsers/chromium | 2 +- .../groups/browsers/chromium-chrome-sandbox | 2 +- apparmor.d/groups/browsers/chromium-chromium | 4 +-- apparmor.d/groups/browsers/firefox | 8 +++--- .../groups/browsers/firefox-crashreporter | 2 +- .../groups/browsers/firefox-minidump-analyzer | 2 +- apparmor.d/groups/browsers/firefox-pingsender | 2 +- .../groups/browsers/firefox-plugin-container | 2 +- .../groups/browsers/google-chrome-chrome | 4 +-- .../browsers/google-chrome-chrome-sandbox | 2 +- .../browsers/google-chrome-google-chrome | 2 +- apparmor.d/groups/browsers/opera | 4 +-- .../groups/browsers/opera-crashreporter | 2 +- apparmor.d/groups/browsers/opera-sandbox | 2 +- .../browsers/torbrowser.Browser.firefox | 4 +-- apparmor.d/groups/desktop/blueman | 14 +++++----- apparmor.d/groups/desktop/bluetoothctl | 6 ++-- apparmor.d/groups/desktop/dconf-service | 6 ++-- apparmor.d/profiles-a-l/anki | 12 ++++---- apparmor.d/profiles-a-l/appstreamcli | 4 +-- apparmor.d/profiles-a-l/borg | 6 ++-- apparmor.d/profiles-a-l/cawbird | 8 +++--- apparmor.d/profiles-a-l/engrampa | 4 +-- apparmor.d/profiles-a-l/font-manager | 10 +++---- apparmor.d/profiles-a-l/fusermount | 6 ++-- apparmor.d/profiles-a-l/fwupd | 2 +- apparmor.d/profiles-a-l/fwupdmgr | 6 ++-- apparmor.d/profiles-a-l/fzsftp | 2 +- apparmor.d/profiles-a-l/gajim | 6 ++-- apparmor.d/profiles-a-l/gtk-youtube-viewer | 4 +-- apparmor.d/profiles-a-l/jgmenu | 6 ++-- apparmor.d/profiles-a-l/keepassxc | 4 +-- apparmor.d/profiles-a-l/keepassxc-proxy | 2 +- apparmor.d/profiles-a-l/kscreenlocker-greet | 14 +++++----- apparmor.d/profiles-a-l/kwalletd5 | 2 +- apparmor.d/profiles-a-l/kwalletmanager5 | 2 +- apparmor.d/profiles-m-z/minitube | 18 ++++++------ apparmor.d/profiles-m-z/mkvtoolnix-gui | 10 +++---- apparmor.d/profiles-m-z/mpsyt | 2 +- apparmor.d/profiles-m-z/obexctl | 4 +-- apparmor.d/profiles-m-z/obexd | 6 ++-- apparmor.d/profiles-m-z/openbox | 8 +++--- apparmor.d/profiles-m-z/pinentry-qt | 2 +- .../polkit-kde-authentication-agent | 2 +- apparmor.d/profiles-m-z/psi-plus | 6 ++-- apparmor.d/profiles-m-z/qbittorrent | 6 ++-- apparmor.d/profiles-m-z/qbittorrent-nox | 6 ++-- apparmor.d/profiles-m-z/qnapi | 2 +- apparmor.d/profiles-m-z/qt5ct | 4 +-- apparmor.d/profiles-m-z/quiterss | 8 +++--- apparmor.d/profiles-m-z/rpi-imager | 16 +++++------ apparmor.d/profiles-m-z/sddm-greeter | 28 +++++++++---------- apparmor.d/profiles-m-z/smplayer | 2 +- apparmor.d/profiles-m-z/smtube | 10 +++---- apparmor.d/profiles-m-z/strawberry | 14 +++++----- apparmor.d/profiles-m-z/strawberry-tagreader | 2 +- apparmor.d/profiles-m-z/tint2 | 8 +++--- apparmor.d/profiles-m-z/tint2conf | 2 +- apparmor.d/profiles-m-z/vidcutter | 12 ++++---- apparmor.d/profiles-m-z/virt-manager | 10 +++---- apparmor.d/profiles-m-z/xsel | 4 +-- apparmor.d/profiles-m-z/youtube-dl | 4 +-- apparmor.d/profiles-m-z/youtube-viewer | 2 +- apparmor.d/profiles-m-z/ytdl | 2 +- 86 files changed, 266 insertions(+), 266 deletions(-) diff --git a/apparmor.d/abstractions/deny-dconf b/apparmor.d/abstractions/deny-dconf index 40e9e445..69f18b72 100644 --- a/apparmor.d/abstractions/deny-dconf +++ b/apparmor.d/abstractions/deny-dconf @@ -12,7 +12,7 @@ deny owner @{run}/user/[0-9]*/dconf/{,**} rw, deny owner @{HOME}/.config/dconf/{,**} rw, - deny owner @{HOME}/.cache/dconf/{,**} rw, + deny owner @{user_cache_dirs}/dconf/{,**} rw, # When GSETTINGS_BACKEND=keyfile deny owner @{HOME}/.config/glib-2.0/ rw, diff --git a/apparmor.d/abstractions/fontconfig-cache-read b/apparmor.d/abstractions/fontconfig-cache-read index aea12c49..29c072ea 100644 --- a/apparmor.d/abstractions/fontconfig-cache-read +++ b/apparmor.d/abstractions/fontconfig-cache-read @@ -10,11 +10,11 @@ # fontconfig cache if some cache files are missing, so if this behavior is desirable, you can use # the "fontconfig-cache-write" abstraction. - owner @{HOME}/.cache/fontconfig/ r, - deny @{HOME}/.cache/fontconfig/ w, - deny @{HOME}/.cache/fontconfig/** w, - owner @{HOME}/.cache/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} r, - owner @{HOME}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r, + owner @{user_cache_dirs}/fontconfig/ r, + deny @{user_cache_dirs}/fontconfig/ w, + deny @{user_cache_dirs}/fontconfig/** w, + owner @{user_cache_dirs}/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} r, + owner @{user_cache_dirs}/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r, owner @{HOME}/.fontconfig/ r, deny @{HOME}/.fontconfig/ w, diff --git a/apparmor.d/abstractions/fontconfig-cache-write b/apparmor.d/abstractions/fontconfig-cache-write index ddbc55eb..bfd16fbf 100644 --- a/apparmor.d/abstractions/fontconfig-cache-write +++ b/apparmor.d/abstractions/fontconfig-cache-write @@ -4,9 +4,9 @@ abi , - owner @{HOME}/.cache/fontconfig/ rw, - owner @{HOME}/.cache/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw, - owner @{HOME}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rwk, + owner @{user_cache_dirs}/fontconfig/ rw, + owner @{user_cache_dirs}/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw, + owner @{user_cache_dirs}/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rwk, owner @{HOME}/.fontconfig/ rw, owner @{HOME}/.fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw, diff --git a/apparmor.d/abstractions/kde5-plasma5 b/apparmor.d/abstractions/kde5-plasma5 index cf946275..8d5810f9 100644 --- a/apparmor.d/abstractions/kde5-plasma5 +++ b/apparmor.d/abstractions/kde5-plasma5 @@ -40,8 +40,8 @@ #owner @{HOME}/.local/share/kfile/bookmarks.xml* rwl -> @{HOME}/.local/share/kfile/#[0-9]*[0-9], # Common cache files - #owner @{HOME}/.cache/icon-cache.kcache rw, - #owner @{HOME}/.cache/ksycoca5_* r, + #owner @{user_cache_dirs}/icon-cache.kcache rw, + #owner @{user_cache_dirs}/ksycoca5_* r, # Think what to do about this #FIXME# # It seems when a QT app is started in Plasma5/KDE5 environment it also wants the following. diff --git a/apparmor.d/abstractions/thumbnails-cache-read b/apparmor.d/abstractions/thumbnails-cache-read index 30d9c76e..48851717 100644 --- a/apparmor.d/abstractions/thumbnails-cache-read +++ b/apparmor.d/abstractions/thumbnails-cache-read @@ -8,6 +8,6 @@ owner @{HOME}/thumbnails/{large,normal}/ r, owner @{HOME}/thumbnails/{large,normal}/[a-f0-9]*.png r, - owner @{HOME}/.cache/thumbnails/ r, - owner @{HOME}/.cache/thumbnails/{large,normal}/ r, - owner @{HOME}/.cache/thumbnails/{large,normal}/[a-f0-9]*.png r, + owner @{user_cache_dirs}/thumbnails/ r, + owner @{user_cache_dirs}/thumbnails/{large,normal}/ r, + owner @{user_cache_dirs}/thumbnails/{large,normal}/[a-f0-9]*.png r, diff --git a/apparmor.d/abstractions/thumbnails-cache-write b/apparmor.d/abstractions/thumbnails-cache-write index 5d033977..ff3dc93c 100644 --- a/apparmor.d/abstractions/thumbnails-cache-write +++ b/apparmor.d/abstractions/thumbnails-cache-write @@ -7,9 +7,9 @@ owner @{HOME}/thumbnails/ rw, owner @{HOME}/thumbnails/{large,normal}/ rw, owner @{HOME}/thumbnails/{large,normal}/#[0-9]*[0-9] rw, - owner @{HOME}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{HOME}/.cache/thumbnails/{large,normal}/#[0-9]*[0-9], + owner @{HOME}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{user_cache_dirs}/thumbnails/{large,normal}/#[0-9]*[0-9], - owner @{HOME}/.cache/thumbnails/ rw, - owner @{HOME}/.cache/thumbnails/{large,normal}/ rw, - owner @{HOME}/.cache/thumbnails/{large,normal}/#[0-9]*[0-9] rw, - owner @{HOME}/.cache/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{HOME}/.cache/thumbnails/{large,normal}/#[0-9]*[0-9], + owner @{user_cache_dirs}/thumbnails/ rw, + owner @{user_cache_dirs}/thumbnails/{large,normal}/ rw, + owner @{user_cache_dirs}/thumbnails/{large,normal}/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{user_cache_dirs}/thumbnails/{large,normal}/#[0-9]*[0-9], diff --git a/apparmor.d/abstractions/totem b/apparmor.d/abstractions/totem index a1ebac2a..3e5406df 100644 --- a/apparmor.d/abstractions/totem +++ b/apparmor.d/abstractions/totem @@ -28,14 +28,14 @@ /usr/share/** r, /{media,mnt,opt,srv}/** r, - owner @{HOME}/.cache/mesa/** rwk, - owner @{HOME}/.cache/thumbnails/** rw, - owner @{HOME}/.cache/totem/ rw, - owner @{HOME}/.cache/totem/** rwk, - owner @{HOME}/.cache/totem-* rwk, - owner @{HOME}/.cache/tracker/db-locale.txt r, - owner @{HOME}/.cache/tracker/meta.db{,-shm,-journal,-wal} rwk, - owner @{HOME}/.cache/tracker/ontologies.gvdb r, + owner @{user_cache_dirs}/mesa/** rwk, + owner @{user_cache_dirs}/thumbnails/** rw, + owner @{user_cache_dirs}/totem/ rw, + owner @{user_cache_dirs}/totem/** rwk, + owner @{user_cache_dirs}/totem-* rwk, + owner @{user_cache_dirs}/tracker/db-locale.txt r, + owner @{user_cache_dirs}/tracker/meta.db{,-shm,-journal,-wal} rwk, + owner @{user_cache_dirs}/tracker/ontologies.gvdb r, owner @{HOME}/.config/totem/ rwk, owner @{HOME}/.config/totem/** rwk, owner @{HOME}/.local/share/grilo-plugins/ rwk, diff --git a/apparmor.d/abstractions/vlc-art-cache-write b/apparmor.d/abstractions/vlc-art-cache-write index 62e3a7a0..e3d6e62b 100644 --- a/apparmor.d/abstractions/vlc-art-cache-write +++ b/apparmor.d/abstractions/vlc-art-cache-write @@ -4,11 +4,11 @@ abi , - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/vlc/ rw, - owner @{HOME}/.cache/vlc/art/ rw, - owner @{HOME}/.cache/vlc/art/artistalbum/ rw, - owner @{HOME}/.cache/vlc/art/artistalbum/**/ rw, - owner @{HOME}/.cache/vlc/art/artistalbum/**/art rw, - owner @{HOME}/.cache/vlc/art/artistalbum/**/art.jpg rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/vlc/ rw, + owner @{user_cache_dirs}/vlc/art/ rw, + owner @{user_cache_dirs}/vlc/art/artistalbum/ rw, + owner @{user_cache_dirs}/vlc/art/artistalbum/**/ rw, + owner @{user_cache_dirs}/vlc/art/artistalbum/**/art rw, + owner @{user_cache_dirs}/vlc/art/artistalbum/**/art.jpg rw, diff --git a/apparmor.d/groups/apps/android-studio b/apparmor.d/groups/apps/android-studio index bac1d2e2..4d201f8d 100644 --- a/apparmor.d/groups/apps/android-studio +++ b/apparmor.d/groups/apps/android-studio @@ -133,22 +133,22 @@ profile android-studio @{exec_path} { owner @{HOME}/.config/Google/ rw, owner @{HOME}/.config/Google/** rwk, - owner @{HOME}/.cache/ rw, - owner "@{HOME}/.cache/Android Open Source Project/" rw, - owner "@{HOME}/.cache/Android Open Source Project/**" rw, + owner @{user_cache_dirs}/ rw, + owner "@{user_cache_dirs}/Android Open Source Project/" rw, + owner "@{user_cache_dirs}/Android Open Source Project/**" rw, - owner @{HOME}/.cache/Google/ rw, - owner @{HOME}/.cache/Google/** rwk, + owner @{user_cache_dirs}/Google/ rw, + owner @{user_cache_dirs}/Google/** rwk, # To remove the following error: # Location: /home/morfik/.cache/Google/AndroidStudio4.1/tmp # java.io.IOException: Cannot run program # "/home/morfik/.cache/Google/AndroidStudio4.1/tmp/ij659840309.tmp": error=13, Permission denied - owner @{HOME}/.cache/Google/AndroidStudio*/tmp/ij[0-9]*.tmp rwkix, + owner @{user_cache_dirs}/Google/AndroidStudio*/tmp/ij[0-9]*.tmp rwkix, # - owner @{HOME}/.cache/Google/AndroidStudio*/tmp/jna[0-9]*.tmp mrwk, + owner @{user_cache_dirs}/Google/AndroidStudio*/tmp/jna[0-9]*.tmp mrwk, - owner @{HOME}/.cache/JNA/ rw, - owner @{HOME}/.cache/JNA/** rw, + owner @{user_cache_dirs}/JNA/ rw, + owner @{user_cache_dirs}/JNA/** rw, owner @{HOME}/.gradle/ rw, owner @{HOME}/.gradle/** mrwkix, diff --git a/apparmor.d/groups/apps/calibre b/apparmor.d/groups/apps/calibre index 5e26087d..b8c750f7 100644 --- a/apparmor.d/groups/apps/calibre +++ b/apparmor.d/groups/apps/calibre @@ -93,18 +93,18 @@ profile calibre @{exec_path} { owner @{HOME}/.local/share/calibre-ebook.com/calibre/ rw, owner @{HOME}/.local/share/calibre-ebook.com/calibre/** rwk, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/calibre/ rw, - owner @{HOME}/.cache/calibre/** rwkl -> @{HOME}/.cache/calibre/**, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/calibre/ rw, + owner @{user_cache_dirs}/calibre/** rwkl -> @{user_cache_dirs}/calibre/**, - owner @{HOME}/.cache/qtshadercache/ rw, - owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw, - owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9], - owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, - owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9], + owner @{user_cache_dirs}/qtshadercache/ rw, + owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9], + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9], - owner @{HOME}/.cache/gstreamer-[0-9]*/ rw, - owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, + owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw, + owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, owner /tmp/calibre_*_tmp_*/{,**} rw, owner /tmp/calibre-*/{,**} rw, diff --git a/apparmor.d/groups/apps/discord b/apparmor.d/groups/apps/discord index 317827d2..d1866a2e 100644 --- a/apparmor.d/groups/apps/discord +++ b/apparmor.d/groups/apps/discord @@ -8,7 +8,7 @@ include @{DISCORD_LIBDIR} = /usr/share/discord @{DISCORD_HOMEDIR} = @{HOME}/.config/discord -@{DISCORD_CACHEDIR} = @{HOME}/.cache/discord +@{DISCORD_CACHEDIR} = @{user_cache_dirs}/discord @{exec_path} = @{DISCORD_LIBDIR}/Discord /{usr/,}bin/discord profile discord @{exec_path} { diff --git a/apparmor.d/groups/apps/discord-chrome-sandbox b/apparmor.d/groups/apps/discord-chrome-sandbox index f9fa0747..1b1f7c48 100644 --- a/apparmor.d/groups/apps/discord-chrome-sandbox +++ b/apparmor.d/groups/apps/discord-chrome-sandbox @@ -8,7 +8,7 @@ include @{DISCORD_LIBDIR} = /usr/share/discord @{DISCORD_HOMEDIR} = @{HOME}/.config/discord -@{DISCORD_CACHEDIR} = @{HOME}/.cache/discord +@{DISCORD_CACHEDIR} = @{user_cache_dirs}/discord @{exec_path} = @{DISCORD_LIBDIR}/chrome-sandbox diff --git a/apparmor.d/groups/apps/filezilla b/apparmor.d/groups/apps/filezilla index 7a57bbeb..28147359 100644 --- a/apparmor.d/groups/apps/filezilla +++ b/apparmor.d/groups/apps/filezilla @@ -33,8 +33,8 @@ profile filezilla @{exec_path} { owner @{HOME}/.config/filezilla/ rw, owner @{HOME}/.config/filezilla/* rwk, - owner @{HOME}/.cache/filezilla/ rw, - owner @{HOME}/.cache/filezilla/default_*.png rw, + owner @{user_cache_dirs}/filezilla/ rw, + owner @{user_cache_dirs}/filezilla/default_*.png rw, /usr/share/filezilla/{,**} r, diff --git a/apparmor.d/groups/apps/okular b/apparmor.d/groups/apps/okular index 7b969d9a..b2a7d833 100644 --- a/apparmor.d/groups/apps/okular +++ b/apparmor.d/groups/apps/okular @@ -57,8 +57,8 @@ profile okular @{exec_path} { owner @{HOME}/.config/qt5ct/{,**} r, /usr/share/qt5ct/** r, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/okular/{,**} rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/okular/{,**} rw, /usr/share/okular/{,**} r, /usr/share/kxmlgui5/okular/{,*} r, diff --git a/apparmor.d/groups/apps/spotify b/apparmor.d/groups/apps/spotify index c9938a4c..d561a369 100644 --- a/apparmor.d/groups/apps/spotify +++ b/apparmor.d/groups/apps/spotify @@ -33,9 +33,9 @@ profile spotify @{exec_path} { owner @{HOME}/.config/spotify/ rw, owner @{HOME}/.config/spotify/** rw, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/spotify/ rw, - owner @{HOME}/.cache/spotify/** rwk, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/spotify/ rw, + owner @{user_cache_dirs}/spotify/** rwk, owner @{HOME}/.Xauthority r, diff --git a/apparmor.d/groups/apps/thunderbird b/apparmor.d/groups/apps/thunderbird index 9ab4d116..028890c2 100644 --- a/apparmor.d/groups/apps/thunderbird +++ b/apparmor.d/groups/apps/thunderbird @@ -11,7 +11,7 @@ include @{MOZ_LIBDIR} = /{usr/,}lib/thunderbird @{MOZ_HOMEDIR} = @{HOME}/.thunderbird -@{MOZ_CACHEDIR} = @{HOME}/.cache/thunderbird +@{MOZ_CACHEDIR} = @{user_cache_dirs}/thunderbird @{exec_path} = @{MOZ_LIBDIR}/thunderbird{,-bin} @{exec_path} += /{usr/,}bin/thunderbird @@ -83,7 +83,7 @@ profile thunderbird @{exec_path} { deny @{HOME}/.mozilla/** mrwkl, # Cache - owner @{HOME}/.cache/ rw, + owner @{user_cache_dirs}/ rw, owner @{MOZ_CACHEDIR}/{,**} rw, # Needed for system mails diff --git a/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin b/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin index 57dd9c99..4049b92f 100644 --- a/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin +++ b/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin @@ -122,7 +122,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp owner @{HOME}/.config/soffice.binrc rwl -> @{HOME}/.config/#[0-9]*, owner @{HOME}/.config/soffice.binrc.* rwl -> @{HOME}/.config/#[0-9]*, owner @{HOME}/.config/soffice.binrc.lock rwk, - owner @{HOME}/.cache/fontconfig/** rw, + owner @{user_cache_dirs}/fontconfig/** rw, owner @{HOME}/.config/gtk-???/bookmarks r, #Make bookmarks work owner /{,var/}run/user/*/dconf/user rw, @@ -153,7 +153,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp /dev/tty rw, /usr/lib{,32,64}/@{multiarch}/gstreamer???/gstreamer-???/gst-plugin-scanner rmPUx, - owner @{HOME}/.cache/gstreamer-???/** rw, + owner @{user_cache_dirs}/gstreamer-???/** rw, unix peer=(addr=@/tmp/.ICE-unix/* label=unconfined), #Gstreamer doesn't work without this /usr/lib{,32,64}/jvm/ r, @@ -234,7 +234,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp /usr/share/plasma/look-and-feel/**/contents/defaults r, # TODO: remove when rules are available in abstractions/kde - owner @{HOME}/.cache/ksycoca5_??_* r, # KDE System Configuration Cache + owner @{user_cache_dirs}/ksycoca5_??_* r, # KDE System Configuration Cache owner @{HOME}/.config/baloofilerc r, # indexing options (excludes, etc), used by KFileWidget owner @{HOME}/.config/dolphinrc r, # settings used by KFileWidget owner @{HOME}/.config/kde.org/libphonon.conf r, # for KNotifications::sendEvent() @@ -243,7 +243,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp /usr/share/knotifications5/*.notifyrc r, # KNotification::sendEvent # TODO: remove when rules are available in abstractions/kde-write-icon-cache or similar - owner @{HOME}/.cache/icon-cache.kcache rw, # for KIconLoader + owner @{user_cache_dirs}/icon-cache.kcache rw, # for KIconLoader # TODO: remove when rules are available in abstractions/kdeframeworks5 or similar /usr/share/kservices5/*.protocol r, @@ -256,7 +256,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp owner @{HOME}/.config/QtProject.conf.lock rwk, # TODO: use qt5-compose-cache-write abstraction when it is available - owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* r, + owner @{user_cache_dirs}/qt_compose_cache_{little,big}_endian_* r, # TODO: use recent-documents-write abstraction when it is available owner @{HOME}/.local/share/RecentDocuments/** r, diff --git a/apparmor.d/groups/apps/vlc b/apparmor.d/groups/apps/vlc index c1440df0..cfb1570b 100644 --- a/apparmor.d/groups/apps/vlc +++ b/apparmor.d/groups/apps/vlc @@ -102,9 +102,9 @@ profile vlc @{exec_path} { owner @{HOME}/.config/vlc/* rwkl -> @{HOME}/.config/vlc/#[0-9]*[0-9], owner @{HOME}/.local/share/vlc/{,*} rw, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/vlc/{,**} rw, - owner @{HOME}/.cache/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/vlc/{,**} rw, + owner @{user_cache_dirs}/#[0-9]*[0-9] rw, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration owner @{HOME}/.config/qt5ct/{,**} r, diff --git a/apparmor.d/groups/apt/aptitude b/apparmor.d/groups/apt/aptitude index fe622eaf..1aaeb2b4 100644 --- a/apparmor.d/groups/apt/aptitude +++ b/apparmor.d/groups/apt/aptitude @@ -102,10 +102,10 @@ profile aptitude @{exec_path} flags=(complain) { owner /tmp/aptitude-*.@{pid}:*/cache{ContentCompressed,Extracted}* rw, owner /tmp/aptitude-*.@{pid}:*/aptitude-download-* rw, owner /tmp/aptitude-*.@{pid}:*/parsedchangelog* w, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/aptitude/ rw, - owner @{HOME}/.cache/aptitude/metadata-download{,-journal} rw, - owner @{HOME}/.cache/aptitude/metadata-download rwk, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/aptitude/ rw, + owner @{user_cache_dirs}/aptitude/metadata-download{,-journal} rw, + owner @{user_cache_dirs}/aptitude/metadata-download rwk, /{usr/,}bin/sensible-pager rCx -> pager, # For aptitude-run-state-bundle diff --git a/apparmor.d/groups/browsers/brave b/apparmor.d/groups/browsers/brave index f9d7bbdb..38d9d78d 100644 --- a/apparmor.d/groups/browsers/brave +++ b/apparmor.d/groups/browsers/brave @@ -8,7 +8,7 @@ include @{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev} @{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev} -@{BRAVE_CACHEDIR} = @{HOME}/.cache/BraveSoftware/Brave-Browser{,-Beta,-Dev} +@{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev} @{exec_path} = @{BRAVE_INSTALLDIR}/brave{,-beta,-dev} profile brave @{exec_path} { @@ -94,8 +94,8 @@ profile brave @{exec_path} { owner @{BRAVE_HOMEDIR}/WidevineCdm/libwidevinecdm.so mrw, # Cache files - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/BraveSoftware/ rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/BraveSoftware/ rw, owner @{BRAVE_CACHEDIR}/{,**/} rw, owner @{BRAVE_CACHEDIR}/*/**/{*-,}index rw, owner @{BRAVE_CACHEDIR}/*/**/[a-f0-9]*_? rw, diff --git a/apparmor.d/groups/browsers/brave-browser b/apparmor.d/groups/browsers/brave-browser index 7c2dd3e0..558d6991 100644 --- a/apparmor.d/groups/browsers/brave-browser +++ b/apparmor.d/groups/browsers/brave-browser @@ -4,7 +4,7 @@ @{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev} @{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev} -@{BRAVE_CACHEDIR} = @{HOME}/.cache/BraveSoftware/Brave-Browser{,-Beta,-Dev} +@{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev} abi , diff --git a/apparmor.d/groups/browsers/brave-sandbox b/apparmor.d/groups/browsers/brave-sandbox index 4d444091..534418b1 100644 --- a/apparmor.d/groups/browsers/brave-sandbox +++ b/apparmor.d/groups/browsers/brave-sandbox @@ -4,7 +4,7 @@ @{BRAVE_INSTALLDIR} = /opt/brave.com/brave{,-beta,-dev} @{BRAVE_HOMEDIR} = @{HOME}/.config/BraveSoftware/Brave-Browser{,-Beta,-Dev} -@{BRAVE_CACHEDIR} = @{HOME}/.cache/BraveSoftware/Brave-Browser{,-Beta,-Dev} +@{BRAVE_CACHEDIR} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev} abi , diff --git a/apparmor.d/groups/browsers/chromium b/apparmor.d/groups/browsers/chromium index 12135ad6..e6237ed3 100644 --- a/apparmor.d/groups/browsers/chromium +++ b/apparmor.d/groups/browsers/chromium @@ -8,7 +8,7 @@ include @{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium @{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium -@{CHROMIUM_CACHEDIR} = @{HOME}/.cache/chromium +@{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium @{exec_path} = /{usr/,}bin/chromium profile chromium @{exec_path} { diff --git a/apparmor.d/groups/browsers/chromium-chrome-sandbox b/apparmor.d/groups/browsers/chromium-chrome-sandbox index 378ecd2f..20461570 100644 --- a/apparmor.d/groups/browsers/chromium-chrome-sandbox +++ b/apparmor.d/groups/browsers/chromium-chrome-sandbox @@ -8,7 +8,7 @@ include @{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium @{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium -@{CHROMIUM_CACHEDIR} = @{HOME}/.cache/chromium +@{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium @{exec_path} = @{CHROMIUM_INSTALLDIR}/chrome-sandbox diff --git a/apparmor.d/groups/browsers/chromium-chromium b/apparmor.d/groups/browsers/chromium-chromium index 8f2260b2..5daf2f87 100644 --- a/apparmor.d/groups/browsers/chromium-chromium +++ b/apparmor.d/groups/browsers/chromium-chromium @@ -8,7 +8,7 @@ include @{CHROMIUM_INSTALLDIR} = /{usr/,}lib/chromium @{CHROMIUM_HOMEDIR} = @{HOME}/.config/chromium -@{CHROMIUM_CACHEDIR} = @{HOME}/.cache/chromium +@{CHROMIUM_CACHEDIR} = @{user_cache_dirs}/chromium @{exec_path} = @{CHROMIUM_INSTALLDIR}/chromium profile chromium-chromium @{exec_path} { @@ -91,7 +91,7 @@ profile chromium-chromium @{exec_path} { owner @{HOME}/.local/share/.org.chromium.Chromium.* rw, # Cache files - owner @{HOME}/.cache/ rw, + owner @{user_cache_dirs}/ rw, owner @{CHROMIUM_CACHEDIR}/{,**/} rw, owner @{CHROMIUM_CACHEDIR}/*/**/{*-,}index rw, owner @{CHROMIUM_CACHEDIR}/*/**/[a-f0-9]*_? rw, diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox index e0676efc..8a4b4401 100644 --- a/apparmor.d/groups/browsers/firefox +++ b/apparmor.d/groups/browsers/firefox @@ -8,7 +8,7 @@ include @{MOZ_LIBDIR} = /{usr/,}lib/firefox{,-esr} @{MOZ_HOMEDIR} = @{HOME}/.mozilla -@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla +@{MOZ_CACHEDIR} = @{user_cache_dirs}/mozilla @{exec_path} = @{MOZ_LIBDIR}/firefox{,-bin,-esr} profile firefox @{exec_path} { @@ -84,12 +84,12 @@ profile firefox @{exec_path} { owner @{MOZ_HOMEDIR}/native-messaging-hosts/org.keepassxc.keepassxc_browser.json r, # Cache - owner @{HOME}/.cache/ rw, + owner @{user_cache_dirs}/ rw, owner @{MOZ_CACHEDIR}/ rw, owner @{MOZ_CACHEDIR}/** rwk, - owner @{HOME}/.cache/gstreamer-[0-9]*/ rw, - owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, + owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw, + owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, deny @{sys}/devices/system/cpu/present r, deny @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r, diff --git a/apparmor.d/groups/browsers/firefox-crashreporter b/apparmor.d/groups/browsers/firefox-crashreporter index 9b2f7ecf..6ac2b8ec 100644 --- a/apparmor.d/groups/browsers/firefox-crashreporter +++ b/apparmor.d/groups/browsers/firefox-crashreporter @@ -8,7 +8,7 @@ include @{MOZ_LIBDIR} = /{usr/,}lib/firefox @{MOZ_HOMEDIR} = @{HOME}/.mozilla -@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla +@{MOZ_CACHEDIR} = @{user_cache_dirs}/mozilla @{exec_path} = @{MOZ_LIBDIR}/crashreporter profile firefox-crashreporter @{exec_path} { diff --git a/apparmor.d/groups/browsers/firefox-minidump-analyzer b/apparmor.d/groups/browsers/firefox-minidump-analyzer index 10e83223..bb1b040b 100644 --- a/apparmor.d/groups/browsers/firefox-minidump-analyzer +++ b/apparmor.d/groups/browsers/firefox-minidump-analyzer @@ -8,7 +8,7 @@ include @{MOZ_LIBDIR} = /{usr/,}lib/firefox @{MOZ_HOMEDIR} = @{HOME}/.mozilla -@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla +@{MOZ_CACHEDIR} = @{user_cache_dirs}/mozilla @{exec_path} = /{usr/,}lib/firefox/minidump-analyzer profile firefox-minidump-analyzer @{exec_path} { diff --git a/apparmor.d/groups/browsers/firefox-pingsender b/apparmor.d/groups/browsers/firefox-pingsender index c353974d..c65079ba 100644 --- a/apparmor.d/groups/browsers/firefox-pingsender +++ b/apparmor.d/groups/browsers/firefox-pingsender @@ -8,7 +8,7 @@ include @{MOZ_LIBDIR} = /{usr/,}lib/firefox @{MOZ_HOMEDIR} = @{HOME}/.mozilla -@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla +@{MOZ_CACHEDIR} = @{user_cache_dirs}/mozilla @{exec_path} = @{MOZ_LIBDIR}/pingsender profile firefox-pingsender @{exec_path} { diff --git a/apparmor.d/groups/browsers/firefox-plugin-container b/apparmor.d/groups/browsers/firefox-plugin-container index 77f395de..d4074ccc 100644 --- a/apparmor.d/groups/browsers/firefox-plugin-container +++ b/apparmor.d/groups/browsers/firefox-plugin-container @@ -8,7 +8,7 @@ include @{MOZ_LIBDIR} = /{usr/,}lib/firefox{,-esr} @{MOZ_HOMEDIR} = @{HOME}/.mozilla -@{MOZ_CACHEDIR} = @{HOME}/.cache/mozilla +@{MOZ_CACHEDIR} = @{user_cache_dirs}/mozilla @{exec_path} = @{MOZ_LIBDIR}/plugin-container profile firefox-plugin-container @{exec_path} { diff --git a/apparmor.d/groups/browsers/google-chrome-chrome b/apparmor.d/groups/browsers/google-chrome-chrome index f2aa7483..6ed75bf6 100644 --- a/apparmor.d/groups/browsers/google-chrome-chrome +++ b/apparmor.d/groups/browsers/google-chrome-chrome @@ -8,7 +8,7 @@ include @{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable} @{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable} -@{CHROME_CACHEDIR} = @{HOME}/.cache/google-chrome{,-beta,-unstable} +@{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable} @{exec_path} = @{CHROME_INSTALLDIR}/chrome{,-beta,-unstable} profile google-chrome-chrome @{exec_path} { @@ -87,7 +87,7 @@ profile google-chrome-chrome @{exec_path} { owner @{HOME}/.local/share/.com.google.Chrome.* rw, # Cache files - owner @{HOME}/.cache/ rw, + owner @{user_cache_dirs}/ rw, owner @{CHROME_CACHEDIR}/{,**/} rw, owner @{CHROME_CACHEDIR}/*/**/{*-,}index rw, owner @{CHROME_CACHEDIR}/*/**/[a-f0-9]*_? rw, diff --git a/apparmor.d/groups/browsers/google-chrome-chrome-sandbox b/apparmor.d/groups/browsers/google-chrome-chrome-sandbox index a36b2284..73b3aecd 100644 --- a/apparmor.d/groups/browsers/google-chrome-chrome-sandbox +++ b/apparmor.d/groups/browsers/google-chrome-chrome-sandbox @@ -8,7 +8,7 @@ include @{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable} @{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable} -@{CHROME_CACHEDIR} = @{HOME}/.cache/google-chrome{,-beta,-unstable} +@{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable} @{exec_path} = @{CHROME_INSTALLDIR}/chrome-sandbox profile google-chrome-chrome-sandbox @{exec_path} { diff --git a/apparmor.d/groups/browsers/google-chrome-google-chrome b/apparmor.d/groups/browsers/google-chrome-google-chrome index ae90aa4f..6378ccad 100644 --- a/apparmor.d/groups/browsers/google-chrome-google-chrome +++ b/apparmor.d/groups/browsers/google-chrome-google-chrome @@ -8,7 +8,7 @@ include @{CHROME_INSTALLDIR} = /opt/google/chrome{,-beta,-unstable} @{CHROME_HOMEDIR} = @{HOME}/.config/google-chrome{,-beta,-unstable} -@{CHROME_CACHEDIR} = @{HOME}/.cache/google-chrome{,-beta,-unstable} +@{CHROME_CACHEDIR} = @{user_cache_dirs}/google-chrome{,-beta,-unstable} @{exec_path} = @{CHROME_INSTALLDIR}/google-chrome{,-beta,-unstable} profile google-chrome-google-chrome @{exec_path} { diff --git a/apparmor.d/groups/browsers/opera b/apparmor.d/groups/browsers/opera index b6a9e062..625e3c9b 100644 --- a/apparmor.d/groups/browsers/opera +++ b/apparmor.d/groups/browsers/opera @@ -8,7 +8,7 @@ include @{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer} @{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer} -@{OPERA_CACHEDIR} = @{HOME}/.cache/opera{,-beta,-developer} +@{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer} @{exec_path} = @{OPERA_INSTALLDIR}/opera{,-beta,-developer} profile opera @{exec_path} { @@ -78,7 +78,7 @@ profile opera @{exec_path} { owner @{HOME}/.local/share/.org.chromium.Chromium.* rw, # Cache files - owner @{HOME}/.cache/ rw, + owner @{user_cache_dirs}/ rw, owner @{OPERA_CACHEDIR}/{,**/} rw, owner @{OPERA_CACHEDIR}/**/{*-,}index rw, owner @{OPERA_CACHEDIR}/**/[a-f0-9]*_? rw, diff --git a/apparmor.d/groups/browsers/opera-crashreporter b/apparmor.d/groups/browsers/opera-crashreporter index 3887f719..1b7fb7dc 100644 --- a/apparmor.d/groups/browsers/opera-crashreporter +++ b/apparmor.d/groups/browsers/opera-crashreporter @@ -8,7 +8,7 @@ include @{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer} @{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer} -@{OPERA_CACHEDIR} = @{HOME}/.cache/opera{,-beta,-developer} +@{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer} @{exec_path} = @{OPERA_INSTALLDIR}/opera_crashreporter profile opera-crashreporter @{exec_path} { diff --git a/apparmor.d/groups/browsers/opera-sandbox b/apparmor.d/groups/browsers/opera-sandbox index a3db7083..db9131db 100644 --- a/apparmor.d/groups/browsers/opera-sandbox +++ b/apparmor.d/groups/browsers/opera-sandbox @@ -8,7 +8,7 @@ include @{OPERA_INSTALLDIR} = /{usr/,}lib/@{multiarch}/opera{,-beta,-developer} @{OPERA_HOMEDIR} = @{HOME}/.config/opera{,-beta,-developer} -@{OPERA_CACHEDIR} = @{HOME}/.cache/opera{,-beta,-developer} +@{OPERA_CACHEDIR} = @{user_cache_dirs}/opera{,-beta,-developer} @{exec_path} = @{OPERA_INSTALLDIR}/opera_sandbox profile opera-sandbox @{exec_path} { diff --git a/apparmor.d/groups/browsers/torbrowser.Browser.firefox b/apparmor.d/groups/browsers/torbrowser.Browser.firefox index c8236f6b..f8e7130a 100644 --- a/apparmor.d/groups/browsers/torbrowser.Browser.firefox +++ b/apparmor.d/groups/browsers/torbrowser.Browser.firefox @@ -117,8 +117,8 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} { # Silence denial logs about permissions we don't need deny /dev/dri/ rwklx, - deny @{HOME}/.cache/fontconfig/ rw, - deny @{HOME}/.cache/fontconfig/** rw, + deny @{user_cache_dirs}/fontconfig/ rw, + deny @{user_cache_dirs}/fontconfig/** rw, deny @{HOME}/.config/gtk-2.0/ rw, deny @{HOME}/.config/gtk-2.0/** rw, deny @{PROC}/@{pid}/net/route r, diff --git a/apparmor.d/groups/desktop/blueman b/apparmor.d/groups/desktop/blueman index 29f0fa38..0b3c7dc4 100644 --- a/apparmor.d/groups/desktop/blueman +++ b/apparmor.d/groups/desktop/blueman @@ -33,14 +33,14 @@ profile blueman @{exec_path} { /usr/share/blueman/{,**} r, - owner @{HOME}/.cache/blueman-tray-[0-9]* rw, - owner @{HOME}/.cache/blueman-services-[0-9]* rw, - owner @{HOME}/.cache/blueman-adapters-[0-9]* rw, - owner @{HOME}/.cache/blueman-manager-[0-9]* rw, - owner @{HOME}/.cache/blueman-applet-[0-9]* rw, + owner @{user_cache_dirs}/blueman-tray-[0-9]* rw, + owner @{user_cache_dirs}/blueman-services-[0-9]* rw, + owner @{user_cache_dirs}/blueman-adapters-[0-9]* rw, + owner @{user_cache_dirs}/blueman-manager-[0-9]* rw, + owner @{user_cache_dirs}/blueman-applet-[0-9]* rw, - owner @{HOME}/.cache/obexd/ rw, - owner @{HOME}/.cache/obexd/* rw, + owner @{user_cache_dirs}/obexd/ rw, + owner @{user_cache_dirs}/obexd/* rw, owner @{HOME}/ r, owner @{HOME}/bluetooth*/ r, diff --git a/apparmor.d/groups/desktop/bluetoothctl b/apparmor.d/groups/desktop/bluetoothctl index 74890859..253bff9c 100644 --- a/apparmor.d/groups/desktop/bluetoothctl +++ b/apparmor.d/groups/desktop/bluetoothctl @@ -14,9 +14,9 @@ profile bluetoothctl @{exec_path} { /etc/inputrc r, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/.bluetoothctl_history rw, - owner @{HOME}/.cache/.bluetoothctl_history-@{pid}.tmp rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/.bluetoothctl_history rw, + owner @{user_cache_dirs}/.bluetoothctl_history-@{pid}.tmp rw, include if exists } diff --git a/apparmor.d/groups/desktop/dconf-service b/apparmor.d/groups/desktop/dconf-service index eeed20da..1d052495 100644 --- a/apparmor.d/groups/desktop/dconf-service +++ b/apparmor.d/groups/desktop/dconf-service @@ -21,9 +21,9 @@ profile dconf-service @{exec_path} { owner @{HOME}/.config/dconf/ rw, owner @{HOME}/.config/dconf/user{,.*} rw, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/dconf/ rw, - owner @{HOME}/.cache/dconf/user rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/dconf/ rw, + owner @{user_cache_dirs}/dconf/user rw, @{PROC}/cmdline r, diff --git a/apparmor.d/profiles-a-l/anki b/apparmor.d/profiles-a-l/anki index 32cdddd0..c9d008b5 100644 --- a/apparmor.d/profiles-a-l/anki +++ b/apparmor.d/profiles-a-l/anki @@ -46,12 +46,12 @@ profile anki @{exec_path} { /usr/share/qt5ct/** r, owner @{HOME}/ r, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/qtshadercache/ rw, - owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw, - owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9], - owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, - owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9], + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/qtshadercache/ rw, + owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9], + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9], /usr/share/anki/{,**} r, diff --git a/apparmor.d/profiles-a-l/appstreamcli b/apparmor.d/profiles-a-l/appstreamcli index 21cf8a07..f370958a 100644 --- a/apparmor.d/profiles-a-l/appstreamcli +++ b/apparmor.d/profiles-a-l/appstreamcli @@ -20,8 +20,8 @@ profile appstreamcli @{exec_path} flags=(complain) { owner @{PROC}/@{pid}/fd/ r, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/appstream-cache-*.mdb rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/appstream-cache-*.mdb rw, /usr/share/appdata/ r, /var/lib/app-info/yaml/ r, diff --git a/apparmor.d/profiles-a-l/borg b/apparmor.d/profiles-a-l/borg index fe025c35..69c22413 100644 --- a/apparmor.d/profiles-a-l/borg +++ b/apparmor.d/profiles-a-l/borg @@ -43,9 +43,9 @@ profile borg @{exec_path} { owner @{PROC}/@{pid}/fd/ r, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/borg/ rw, - owner @{HOME}/.cache/borg/** rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/borg/ rw, + owner @{user_cache_dirs}/borg/** rw, owner @{HOME}/.config/borg/ rw, owner @{HOME}/.config/borg/** rw, diff --git a/apparmor.d/profiles-a-l/cawbird b/apparmor.d/profiles-a-l/cawbird index 161fca93..61452ef4 100644 --- a/apparmor.d/profiles-a-l/cawbird +++ b/apparmor.d/profiles-a-l/cawbird @@ -31,11 +31,11 @@ profile cawbird @{exec_path} { owner @{HOME}/.config/cawbird/ rw, owner @{HOME}/.config/cawbird/** rwk, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/cawbird-* rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/cawbird-* rw, - owner @{HOME}/.cache/gstreamer-[0-9]*/ rw, - owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, + owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw, + owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, /usr/share/glib-2.0/schemas/gschemas.compiled r, diff --git a/apparmor.d/profiles-a-l/engrampa b/apparmor.d/profiles-a-l/engrampa index 0f711745..43703be8 100644 --- a/apparmor.d/profiles-a-l/engrampa +++ b/apparmor.d/profiles-a-l/engrampa @@ -59,8 +59,8 @@ profile engrampa @{exec_path} { /tmp/ r, owner /tmp/** rw, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/.fr-*/{,**} rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/.fr-*/{,**} rw, owner @{HOME}/.config/ r, owner @{HOME}/.config/mimeapps.list{,.*} rw, diff --git a/apparmor.d/profiles-a-l/font-manager b/apparmor.d/profiles-a-l/font-manager index 4f487c04..9b4258ae 100644 --- a/apparmor.d/profiles-a-l/font-manager +++ b/apparmor.d/profiles-a-l/font-manager @@ -29,12 +29,12 @@ profile font-manager @{exec_path} { /{usr/,}lib/@{multiarch}/gstreamer[0-9]*.[0-9]*/gstreamer-[0-9]*.[0-9]*/gst-plugin-scanner rPUx, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/font-manager/ rw, - owner @{HOME}/.cache/font-manager/* rwk, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/font-manager/ rw, + owner @{user_cache_dirs}/font-manager/* rwk, - owner @{HOME}/.cache/gstreamer-[0-9]*/ rw, - owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, + owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw, + owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, owner @{HOME}/.config/font-manager/ rw, owner @{HOME}/.config/font-manager/* rw, diff --git a/apparmor.d/profiles-a-l/fusermount b/apparmor.d/profiles-a-l/fusermount index 48a5c886..c62527a0 100644 --- a/apparmor.d/profiles-a-l/fusermount +++ b/apparmor.d/profiles-a-l/fusermount @@ -27,12 +27,12 @@ profile fusermount @{exec_path} { # Where to mount ISO files owner @{HOME}/*/ rw, owner @{HOME}/*/*/ rw, - owner @{HOME}/.cache/**/ rw, + owner @{user_cache_dirs}/**/ rw, # Be able to mount ISO images mount fstype={fuse,fuse.*} -> @{HOME}/*/, mount fstype={fuse,fuse.*} -> @{HOME}/*/*/, - mount fstype={fuse,fuse.*} -> @{HOME}/.cache/**/, + mount fstype={fuse,fuse.*} -> @{user_cache_dirs}/**/, mount fstype={fuse,fuse.*} -> /media/*/, mount fstype={fuse,fuse.*} -> /media/*/*/, # For MTP @@ -47,7 +47,7 @@ profile fusermount @{exec_path} { # Be able to unmount the ISO images umount @{HOME}/*/, umount @{HOME}/*/*/, - umount @{HOME}/.cache/**/, + umount @{user_cache_dirs}/**/, umount /media/*/, umount /tmp/.mount_*/, umount @{run}/user/[0-9]*/**/, diff --git a/apparmor.d/profiles-a-l/fwupd b/apparmor.d/profiles-a-l/fwupd index b87319dd..304967b1 100644 --- a/apparmor.d/profiles-a-l/fwupd +++ b/apparmor.d/profiles-a-l/fwupd @@ -31,7 +31,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) { /etc/fwupd/** r, # In order to get to this file, the attach_disconnected flag has to be set - owner @{HOME}/.cache/fwupd/lvfs-metadata.xml.gz r, + owner @{user_cache_dirs}/fwupd/lvfs-metadata.xml.gz r, /usr/share/mime/mime.cache r, diff --git a/apparmor.d/profiles-a-l/fwupdmgr b/apparmor.d/profiles-a-l/fwupdmgr index 33967646..e08cb40a 100644 --- a/apparmor.d/profiles-a-l/fwupdmgr +++ b/apparmor.d/profiles-a-l/fwupdmgr @@ -17,9 +17,9 @@ profile fwupdmgr @{exec_path} flags=(complain) { /{usr/,}bin/dbus-launch rCx -> dbus, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/fwupd/ rw, - owner @{HOME}/.cache/fwupd/lvfs-metadata.xml.gz{,.*} rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/fwupd/ rw, + owner @{user_cache_dirs}/fwupd/lvfs-metadata.xml.gz{,.*} rw, owner /var/cache/private/fwupdmgr/fwupd/lvfs-metadata.xml.gz{,.asc}.* rw, owner /var/cache/private/fwupdmgr/fwupd/lvfs-metadata.xml.gz{,.asc} rw, diff --git a/apparmor.d/profiles-a-l/fzsftp b/apparmor.d/profiles-a-l/fzsftp index d1e4f2aa..de15e941 100644 --- a/apparmor.d/profiles-a-l/fzsftp +++ b/apparmor.d/profiles-a-l/fzsftp @@ -36,7 +36,7 @@ profile fzsftp @{exec_path} { owner @{HOME}/.putty/randomseed rw, # file_inherit - #deny @{HOME}/.cache/filezilla/** rw, + #deny @{user_cache_dirs}/filezilla/** rw, include if exists } diff --git a/apparmor.d/profiles-a-l/gajim b/apparmor.d/profiles-a-l/gajim index 150feb8d..1330b196 100644 --- a/apparmor.d/profiles-a-l/gajim +++ b/apparmor.d/profiles-a-l/gajim @@ -58,9 +58,9 @@ profile gajim @{exec_path} { owner @{HOME}/.local/share/gajim/** rwk, # Cache - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/gajim/ rw, - owner @{HOME}/.cache/gajim/** rwk, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/gajim/ rw, + owner @{user_cache_dirs}/gajim/** rwk, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-a-l/gtk-youtube-viewer b/apparmor.d/profiles-a-l/gtk-youtube-viewer index 88c3bfe4..fdca017b 100644 --- a/apparmor.d/profiles-a-l/gtk-youtube-viewer +++ b/apparmor.d/profiles-a-l/gtk-youtube-viewer @@ -46,8 +46,8 @@ profile gtk-youtube-viewer @{exec_path} { owner @{HOME}/.config/youtube-viewer/{,*} rw, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/youtube-viewer/ rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/youtube-viewer/ rw, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-a-l/jgmenu b/apparmor.d/profiles-a-l/jgmenu index 7ebce51e..ff0681cd 100644 --- a/apparmor.d/profiles-a-l/jgmenu +++ b/apparmor.d/profiles-a-l/jgmenu @@ -37,9 +37,9 @@ profile jgmenu @{exec_path} { owner @{HOME}/.config/jgmenu/ rw, owner @{HOME}/.config/jgmenu/** rw, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/jgmenu/ rw, - owner @{HOME}/.cache/jgmenu/** rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/jgmenu/ rw, + owner @{user_cache_dirs}/jgmenu/** rw, owner @{HOME}/.Xauthority r, diff --git a/apparmor.d/profiles-a-l/keepassxc b/apparmor.d/profiles-a-l/keepassxc index 2ceb73da..45126663 100644 --- a/apparmor.d/profiles-a-l/keepassxc +++ b/apparmor.d/profiles-a-l/keepassxc @@ -41,8 +41,8 @@ profile keepassxc @{exec_path} { owner @{HOME}/.config/keepassxc/ rw, owner @{HOME}/.config/keepassxc/* rwkl -> @{HOME}/.config/keepassxc/#[0-9]*[0-9], - owner @{HOME}/.cache/keepassxc/ rw, - owner @{HOME}/.cache/keepassxc/* rwkl -> @{HOME}/.cache/keepassxc/#[0-9]*[0-9], + owner @{user_cache_dirs}/keepassxc/ rw, + owner @{user_cache_dirs}/keepassxc/* rwkl -> @{user_cache_dirs}/keepassxc/#[0-9]*[0-9], # Database location / r, diff --git a/apparmor.d/profiles-a-l/keepassxc-proxy b/apparmor.d/profiles-a-l/keepassxc-proxy index f0efcf9c..5c52f4f9 100644 --- a/apparmor.d/profiles-a-l/keepassxc-proxy +++ b/apparmor.d/profiles-a-l/keepassxc-proxy @@ -29,7 +29,7 @@ profile keepassxc-proxy @{exec_path} { deny owner /dev/shm/org.mozilla.ipc.[0-9]*.[0-9]* rw, # deny owner @{HOME}/.mozilla/** rw, - deny owner @{HOME}/.cache/mozilla/** rw, + deny owner @{user_cache_dirs}/mozilla/** rw, deny owner /media/*/.mozilla/** rw, deny owner /tmp/firefox*/.parentlock rw, deny owner /tmp/tmp-*.xpi rw, diff --git a/apparmor.d/profiles-a-l/kscreenlocker-greet b/apparmor.d/profiles-a-l/kscreenlocker-greet index 146f578f..b5ed17d0 100644 --- a/apparmor.d/profiles-a-l/kscreenlocker-greet +++ b/apparmor.d/profiles-a-l/kscreenlocker-greet @@ -40,14 +40,14 @@ profile kscreenlocker-greet @{exec_path} { owner @{HOME}/.config/qt5ct/{,**} r, /usr/share/qt5ct/** r, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/qtshadercache/ rw, - owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw, - owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9], - owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, - owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9], + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/qtshadercache/ rw, + owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9], + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9], - owner @{HOME}/.cache/plasma-svgelements-default_v* r, + owner @{user_cache_dirs}/plasma-svgelements-default_v* r, # If one is blocked, the others are probed. deny owner @{HOME}/#[0-9]*[0-9] mrw, diff --git a/apparmor.d/profiles-a-l/kwalletd5 b/apparmor.d/profiles-a-l/kwalletd5 index e36540dc..16d0b769 100644 --- a/apparmor.d/profiles-a-l/kwalletd5 +++ b/apparmor.d/profiles-a-l/kwalletd5 @@ -30,7 +30,7 @@ profile kwalletd5 @{exec_path} { owner @{HOME}/.config/kwalletrc r, owner @{HOME}/.config/kdeglobals r, - owner @{HOME}/.cache/icon-cache.kcache rw, + owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{HOME}/.local/share/kwalletd/ rw, owner @{HOME}/.local/share/kwalletd/#[0-9]*[0-9] rw, diff --git a/apparmor.d/profiles-a-l/kwalletmanager5 b/apparmor.d/profiles-a-l/kwalletmanager5 index 352503ae..02c7e60a 100644 --- a/apparmor.d/profiles-a-l/kwalletmanager5 +++ b/apparmor.d/profiles-a-l/kwalletmanager5 @@ -45,7 +45,7 @@ profile kwalletmanager5 @{exec_path} { owner @{HOME}/.config/session/kwalletmanager5_*.lock rwk, owner @{HOME}/.config/kdeglobals r, - owner @{HOME}/.cache/icon-cache.kcache rw, + owner @{user_cache_dirs}/icon-cache.kcache rw, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration owner @{HOME}/.config/qt5ct/{,**} r, diff --git a/apparmor.d/profiles-m-z/minitube b/apparmor.d/profiles-m-z/minitube index 43d91e17..51f9b14f 100644 --- a/apparmor.d/profiles-m-z/minitube +++ b/apparmor.d/profiles-m-z/minitube @@ -54,16 +54,16 @@ profile minitube @{exec_path} { # owner /tmp/.glvnd* mrw, # Cache - owner @{HOME}/.cache/ rw, - owner "@{HOME}/.cache/Flavio Tordini/" rw, - owner "@{HOME}/.cache/Flavio Tordini/Minitube/" rw, - owner "@{HOME}/.cache/Flavio Tordini/Minitube/**" rwl -> "@{HOME}/.cache/Flavio Tordini/Minitube/**", + owner @{user_cache_dirs}/ rw, + owner "@{user_cache_dirs}/Flavio Tordini/" rw, + owner "@{user_cache_dirs}/Flavio Tordini/Minitube/" rw, + owner "@{user_cache_dirs}/Flavio Tordini/Minitube/**" rwl -> "@{user_cache_dirs}/Flavio Tordini/Minitube/**", - owner @{HOME}/.cache/qtshadercache/ rw, - owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw, - owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9], - owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, - owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9], + owner @{user_cache_dirs}/qtshadercache/ rw, + owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9], + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9], # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration owner @{HOME}/.config/qt5ct/{,**} r, diff --git a/apparmor.d/profiles-m-z/mkvtoolnix-gui b/apparmor.d/profiles-m-z/mkvtoolnix-gui index cd9a0f3f..d0955f95 100644 --- a/apparmor.d/profiles-m-z/mkvtoolnix-gui +++ b/apparmor.d/profiles-m-z/mkvtoolnix-gui @@ -74,11 +74,11 @@ profile mkvtoolnix-gui @{exec_path} { owner @{HOME}/.config/bunkus.org/mkvtoolnix-gui/ rw, owner @{HOME}/.config/bunkus.org/mkvtoolnix-gui/** rwkl -> @{HOME}/.config/bunkus.org/mkvtoolnix-gui/#[0-9]*[0-9], - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/bunkus.org/ rw, - owner @{HOME}/.cache/bunkus.org/mkvtoolnix-gui/ rw, - owner @{HOME}/.cache/bunkus.org/mkvtoolnix-gui/**/ rw, - owner @{HOME}/.cache/bunkus.org/mkvtoolnix-gui/**/[0-9a-f]* rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/bunkus.org/ rw, + owner @{user_cache_dirs}/bunkus.org/mkvtoolnix-gui/ rw, + owner @{user_cache_dirs}/bunkus.org/mkvtoolnix-gui/**/ rw, + owner @{user_cache_dirs}/bunkus.org/mkvtoolnix-gui/**/[0-9a-f]* rw, owner @{HOME}/.config/qt5ct/{,**} r, /usr/share/qt5ct/** r, diff --git a/apparmor.d/profiles-m-z/mpsyt b/apparmor.d/profiles-m-z/mpsyt index 82d54069..f1056979 100644 --- a/apparmor.d/profiles-m-z/mpsyt +++ b/apparmor.d/profiles-m-z/mpsyt @@ -44,7 +44,7 @@ profile mpsyt @{exec_path} { owner @{HOME}/.config/mps-youtube/{,**} rw, # Cache files - owner @{HOME}/.cache/youtube-dl/youtube-sigfuncs/js_*.json{,.*.tmp} rw, + owner @{user_cache_dirs}/youtube-dl/youtube-sigfuncs/js_*.json{,.*.tmp} rw, /etc/inputrc r, /etc/mime.types r, diff --git a/apparmor.d/profiles-m-z/obexctl b/apparmor.d/profiles-m-z/obexctl index b7b6d9d9..79e2175f 100644 --- a/apparmor.d/profiles-m-z/obexctl +++ b/apparmor.d/profiles-m-z/obexctl @@ -14,8 +14,8 @@ profile obexctl @{exec_path} { /etc/inputrc r, - owner @{HOME}/.cache/.obexctl_history rw, - owner @{HOME}/.cache/.obexctl_history-@{pid}.tmp rw, + owner @{user_cache_dirs}/.obexctl_history rw, + owner @{user_cache_dirs}/.obexctl_history-@{pid}.tmp rw, include if exists } diff --git a/apparmor.d/profiles-m-z/obexd b/apparmor.d/profiles-m-z/obexd index e597b69f..549a67c4 100644 --- a/apparmor.d/profiles-m-z/obexd +++ b/apparmor.d/profiles-m-z/obexd @@ -16,9 +16,9 @@ profile obexd @{exec_path} { @{exec_path} mr, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/obexd/ rw, - owner @{HOME}/.cache/obexd/* rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/obexd/ rw, + owner @{user_cache_dirs}/obexd/* rw, owner @{HOME}/bluetooth/* rw, diff --git a/apparmor.d/profiles-m-z/openbox b/apparmor.d/profiles-m-z/openbox index 78c226b7..b5e21a0c 100644 --- a/apparmor.d/profiles-m-z/openbox +++ b/apparmor.d/profiles-m-z/openbox @@ -36,10 +36,10 @@ profile openbox @{exec_path} { owner @{HOME}/.config/obmenu-generator/icons/[0-9a-f]*.png r, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/openbox/ rw, - owner @{HOME}/.cache/openbox/openbox.log rw, - owner @{HOME}/.cache/openbox/sessions/ rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/openbox/ rw, + owner @{user_cache_dirs}/openbox/openbox.log rw, + owner @{user_cache_dirs}/openbox/sessions/ rw, owner @{HOME}/.Xauthority r, diff --git a/apparmor.d/profiles-m-z/pinentry-qt b/apparmor.d/profiles-m-z/pinentry-qt index e8a8d3fe..608025e9 100644 --- a/apparmor.d/profiles-m-z/pinentry-qt +++ b/apparmor.d/profiles-m-z/pinentry-qt @@ -28,7 +28,7 @@ profile pinentry-qt @{exec_path} { owner @{HOME}/.config/qt5ct/{,**} r, /usr/share/qt5ct/** r, - owner @{HOME}/.cache/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/#[0-9]*[0-9] rw, /var/lib/dbus/machine-id r, /etc/machine-id r, diff --git a/apparmor.d/profiles-m-z/polkit-kde-authentication-agent b/apparmor.d/profiles-m-z/polkit-kde-authentication-agent index 267a9d5e..6c56f4a7 100644 --- a/apparmor.d/profiles-m-z/polkit-kde-authentication-agent +++ b/apparmor.d/profiles-m-z/polkit-kde-authentication-agent @@ -44,7 +44,7 @@ profile polkit-kde-authentication-agent @{exec_path} { /usr/share/hwdata/pnp.ids r, owner @{HOME}/.config/kdeglobals r, - owner @{HOME}/.cache/icon-cache.kcache rw, + owner @{user_cache_dirs}/icon-cache.kcache rw, /dev/shm/#[0-9]*[0-9] rw, diff --git a/apparmor.d/profiles-m-z/psi-plus b/apparmor.d/profiles-m-z/psi-plus index 0f8371c4..831c923d 100644 --- a/apparmor.d/profiles-m-z/psi-plus +++ b/apparmor.d/profiles-m-z/psi-plus @@ -62,9 +62,9 @@ profile psi-plus @{exec_path} { /usr/share/qt5ct/** r, # Cache files - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/psi+/{,**} rw, - owner @{HOME}/.cache/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/psi+/{,**} rw, + owner @{user_cache_dirs}/#[0-9]*[0-9] rw, /var/lib/dbus/machine-id r, /etc/machine-id r, diff --git a/apparmor.d/profiles-m-z/qbittorrent b/apparmor.d/profiles-m-z/qbittorrent index f33addfb..db6b49bb 100644 --- a/apparmor.d/profiles-m-z/qbittorrent +++ b/apparmor.d/profiles-m-z/qbittorrent @@ -49,9 +49,9 @@ profile qbittorrent @{exec_path} { owner @{HOME}/.local/share/data/qBittorrent/** rwl -> @{HOME}/.local/share/data/qBittorrent/**/#[0-9]*[0-9], # Cache dir - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/#[0-9]*[0-9] rw, - owner @{HOME}/.cache/qBittorrent/{,**} rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qBittorrent/{,**} rw, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration owner @{HOME}/.config/qt5ct/{,**} r, diff --git a/apparmor.d/profiles-m-z/qbittorrent-nox b/apparmor.d/profiles-m-z/qbittorrent-nox index 8d5b4f08..a0d795c2 100644 --- a/apparmor.d/profiles-m-z/qbittorrent-nox +++ b/apparmor.d/profiles-m-z/qbittorrent-nox @@ -32,9 +32,9 @@ profile qbittorrent-nox @{exec_path} { owner @{HOME}/.local/share/data/qBittorrent/** rwl -> @{HOME}/.local/share/data/qBittorrent/**/#[0-9]*[0-9], # Cache dir - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/#[0-9]*[0-9] rw, - owner @{HOME}/.cache/qBittorrent/{,**} rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qBittorrent/{,**} rw, # Torrent files /media/ r, diff --git a/apparmor.d/profiles-m-z/qnapi b/apparmor.d/profiles-m-z/qnapi index 8ecf4854..4cd39885 100644 --- a/apparmor.d/profiles-m-z/qnapi +++ b/apparmor.d/profiles-m-z/qnapi @@ -89,7 +89,7 @@ profile qnapi @{exec_path} { owner @{HOME}/.config/qt5ct/{,**} r, /usr/share/qt5ct/** r, - owner @{HOME}/.cache/ rw, + owner @{user_cache_dirs}/ rw, /usr/share/hwdata/pnp.ids r, diff --git a/apparmor.d/profiles-m-z/qt5ct b/apparmor.d/profiles-m-z/qt5ct index 7f1693ea..a80ea9ec 100644 --- a/apparmor.d/profiles-m-z/qt5ct +++ b/apparmor.d/profiles-m-z/qt5ct @@ -31,8 +31,8 @@ profile qt5ct @{exec_path} { owner @{HOME}/.config/kdeglobals r, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/icon-cache.kcache rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/icon-cache.kcache rw, /usr/share/qt5ct/** r, diff --git a/apparmor.d/profiles-m-z/quiterss b/apparmor.d/profiles-m-z/quiterss index 9104faf8..aee1b75f 100644 --- a/apparmor.d/profiles-m-z/quiterss +++ b/apparmor.d/profiles-m-z/quiterss @@ -50,11 +50,11 @@ profile quiterss @{exec_path} { owner @{HOME}/.config/QuiteRss/** rwkl -> @{HOME}/.config/QuiteRss/**, owner @{HOME}/.local/share/QuiteRss/ rw, owner @{HOME}/.local/share/QuiteRss/** rwkl -> @{HOME}/.local/share/QuiteRss/QuiteRss/**, - owner @{HOME}/.cache/QuiteRss/ rw, - owner @{HOME}/.cache/QuiteRss/** rwl -> @{HOME}/.cache/QuiteRss/**, + owner @{user_cache_dirs}/QuiteRss/ rw, + owner @{user_cache_dirs}/QuiteRss/** rwl -> @{user_cache_dirs}/QuiteRss/**, - owner @{HOME}/.cache/gstreamer-[0-9]*/ rw, - owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, + owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw, + owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, owner @{PROC}/@{pid}/fd/ r, deny @{PROC}/sys/kernel/random/boot_id r, diff --git a/apparmor.d/profiles-m-z/rpi-imager b/apparmor.d/profiles-m-z/rpi-imager index 3f929e22..9aabe2ee 100644 --- a/apparmor.d/profiles-m-z/rpi-imager +++ b/apparmor.d/profiles-m-z/rpi-imager @@ -51,15 +51,15 @@ profile rpi-imager @{exec_path} { owner "@{HOME}/.config/Raspberry Pi/Imager.conf" rw, owner "@{HOME}/.config/Raspberry Pi/Imager.conf.lock" rwk, - owner "@{HOME}/.cache/Raspberry Pi/" rw, - owner "@{HOME}/.cache/Raspberry Pi/**" rwl -> "@{HOME}/.cache/Raspberry Pi/**", + owner "@{user_cache_dirs}/Raspberry Pi/" rw, + owner "@{user_cache_dirs}/Raspberry Pi/**" rwl -> "@{user_cache_dirs}/Raspberry Pi/**", - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/qtshadercache/ rw, - owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw, - owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9], - owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, - owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9], + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/qtshadercache/ rw, + owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9], + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9], # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration owner @{HOME}/.config/qt5ct/{,**} r, diff --git a/apparmor.d/profiles-m-z/sddm-greeter b/apparmor.d/profiles-m-z/sddm-greeter index d82a75f1..5b9600cf 100644 --- a/apparmor.d/profiles-m-z/sddm-greeter +++ b/apparmor.d/profiles-m-z/sddm-greeter @@ -48,18 +48,18 @@ profile sddm-greeter @{exec_path} { # All the following is for the test mode #------------------------------------------------------------------ - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/sddm-greeter/ rw, - owner @{HOME}/.cache/sddm-greeter/qmlcache/ rw, - owner @{HOME}/.cache/sddm-greeter/qmlcache/#[0-9]*[0-9] rw, - owner @{HOME}/.cache/sddm-greeter/qmlcache/[a-f0-9]*.jsc* rwl -> @{HOME}/.cache/sddm-greeter/qmlcache/#[0-9]*[0-9], - owner @{HOME}/.cache/sddm-greeter/qmlcache/[a-f0-9]*.qmlc* rwl -> @{HOME}/.cache/sddm-greeter/qmlcache/#[0-9]*[0-9], + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/sddm-greeter/ rw, + owner @{user_cache_dirs}/sddm-greeter/qmlcache/ rw, + owner @{user_cache_dirs}/sddm-greeter/qmlcache/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/sddm-greeter/qmlcache/[a-f0-9]*.jsc* rwl -> @{user_cache_dirs}/sddm-greeter/qmlcache/#[0-9]*[0-9], + owner @{user_cache_dirs}/sddm-greeter/qmlcache/[a-f0-9]*.qmlc* rwl -> @{user_cache_dirs}/sddm-greeter/qmlcache/#[0-9]*[0-9], - owner @{HOME}/.cache/qtshadercache/ rw, - owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw, - owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9], - owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, - owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9], + owner @{user_cache_dirs}/qtshadercache/ rw, + owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9], + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9], owner @{HOME}/.config/qt5ct/{,**} r, /usr/share/qt5ct/** r, @@ -72,9 +72,9 @@ profile sddm-greeter @{exec_path} { owner @{HOME}/.config/kdeglobals r, owner @{HOME}/.config/plasmarc r, - owner @{HOME}/.cache/icon-cache.kcache rw, - owner @{HOME}/.cache/plasma_theme_*.kcache rw, - owner @{HOME}/.cache/plasma-svgelements-* rw, + owner @{user_cache_dirs}/icon-cache.kcache rw, + owner @{user_cache_dirs}/plasma_theme_*.kcache rw, + owner @{user_cache_dirs}/plasma-svgelements-* rw, include diff --git a/apparmor.d/profiles-m-z/smplayer b/apparmor.d/profiles-m-z/smplayer index 3058777e..98df4a93 100644 --- a/apparmor.d/profiles-m-z/smplayer +++ b/apparmor.d/profiles-m-z/smplayer @@ -105,7 +105,7 @@ profile smplayer @{exec_path} { owner @{HOME}/.config/qt5ct/{,**} r, /usr/share/qt5ct/** r, - owner @{HOME}/.cache/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/#[0-9]*[0-9] rw, /var/lib/dbus/machine-id r, /etc/machine-id r, diff --git a/apparmor.d/profiles-m-z/smtube b/apparmor.d/profiles-m-z/smtube index 45d12ba2..45dfed01 100644 --- a/apparmor.d/profiles-m-z/smtube +++ b/apparmor.d/profiles-m-z/smtube @@ -50,12 +50,12 @@ profile smtube @{exec_path} { /usr/share/qt5ct/** r, # Cache - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/smtube/ rw, - owner @{HOME}/.cache/smtube/* rwk, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/smtube/ rw, + owner @{user_cache_dirs}/smtube/* rwk, - owner @{HOME}/.cache/gstreamer-[0-9]*/ rw, - owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, + owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw, + owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, /var/lib/dbus/machine-id r, /etc/machine-id r, diff --git a/apparmor.d/profiles-m-z/strawberry b/apparmor.d/profiles-m-z/strawberry index b21a6a5d..a436d6fc 100644 --- a/apparmor.d/profiles-m-z/strawberry +++ b/apparmor.d/profiles-m-z/strawberry @@ -64,15 +64,15 @@ profile strawberry @{exec_path} { owner @{HOME}/.local/share/strawberry/ rw, owner @{HOME}/.local/share/strawberry/** rwk, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/strawberry/ rw, - owner @{HOME}/.cache/strawberry/** rwl -> @{HOME}/.cache/strawberry/networkcache/prepared/#[0-9]*[0-9], + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/strawberry/ rw, + owner @{user_cache_dirs}/strawberry/** rwl -> @{user_cache_dirs}/strawberry/networkcache/prepared/#[0-9]*[0-9], - owner @{HOME}/.cache/gstreamer-[0-9]*/ rw, - owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, + owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw, + owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, - owner @{HOME}/.cache/xine-lib/ rw, - owner @{HOME}/.cache/xine-lib/plugins.cache{,.new} rw, + owner @{user_cache_dirs}/xine-lib/ rw, + owner @{user_cache_dirs}/xine-lib/plugins.cache{,.new} rw, owner @{HOME}/.config/qt5ct/{,**} r, /usr/share/qt5ct/** r, diff --git a/apparmor.d/profiles-m-z/strawberry-tagreader b/apparmor.d/profiles-m-z/strawberry-tagreader index a3fececc..224b8d88 100644 --- a/apparmor.d/profiles-m-z/strawberry-tagreader +++ b/apparmor.d/profiles-m-z/strawberry-tagreader @@ -28,7 +28,7 @@ profile strawberry-tagreader @{exec_path} { # file_inherit owner @{HOME}/.xsession-errors w, owner @{HOME}/.anyRemote/anyremote.stdout w, - owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, + owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, include if exists } diff --git a/apparmor.d/profiles-m-z/tint2 b/apparmor.d/profiles-m-z/tint2 index 24674bb2..a6bf254a 100644 --- a/apparmor.d/profiles-m-z/tint2 +++ b/apparmor.d/profiles-m-z/tint2 @@ -27,10 +27,10 @@ profile tint2 @{exec_path} { owner @{HOME}/.config/tint2/{,*} rw, # Tint2 cache files - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/tint2/ rw, - owner @{HOME}/.cache/tint2/[0-9a-f]*.png w, - owner @{HOME}/.cache/tint2/icon.cache rwk, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/tint2/ rw, + owner @{user_cache_dirs}/tint2/[0-9a-f]*.png w, + owner @{user_cache_dirs}/tint2/icon.cache rwk, # Launcher config files owner @{HOME}/.config/launchers/{,*.desktop} r, diff --git a/apparmor.d/profiles-m-z/tint2conf b/apparmor.d/profiles-m-z/tint2conf index 7bb515fc..d55ab173 100644 --- a/apparmor.d/profiles-m-z/tint2conf +++ b/apparmor.d/profiles-m-z/tint2conf @@ -29,7 +29,7 @@ profile tint2conf @{exec_path} { owner @{HOME}/.config/tint2/ r, owner @{HOME}/.config/tint2/* rw, - owner @{HOME}/.cache/tint2/[0-9a-f]*.png r, + owner @{user_cache_dirs}/tint2/[0-9a-f]*.png r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-m-z/vidcutter b/apparmor.d/profiles-m-z/vidcutter index 78746ca3..c05c5385 100644 --- a/apparmor.d/profiles-m-z/vidcutter +++ b/apparmor.d/profiles-m-z/vidcutter @@ -84,12 +84,12 @@ profile vidcutter @{exec_path} { # owner /tmp/#[0-9]*[0-9] mrw, # owner /tmp/.glvnd* mrw, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/qtshadercache/ rw, - owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw, - owner @{HOME}/.cache/qtshadercache/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9], - owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, - owner @{HOME}/.cache/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9], + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/qtshadercache/ rw, + owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9], + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/[0-9a-f]* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9], owner @{HOME}/.config/qt5ct/{,**} r, /usr/share/qt5ct/** r, diff --git a/apparmor.d/profiles-m-z/virt-manager b/apparmor.d/profiles-m-z/virt-manager index 1925234f..c3aef0bb 100644 --- a/apparmor.d/profiles-m-z/virt-manager +++ b/apparmor.d/profiles-m-z/virt-manager @@ -47,12 +47,12 @@ profile virt-manager @{exec_path} { /usr/share/virt-manager/{,**} r, owner @{HOME}/ r, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/virt-manager/ rw, - owner @{HOME}/.cache/virt-manager/** rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/virt-manager/ rw, + owner @{user_cache_dirs}/virt-manager/** rw, - owner @{HOME}/.cache/gstreamer-[0-9]*/ rw, - owner @{HOME}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, + owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw, + owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, # For disk images /media/ r, diff --git a/apparmor.d/profiles-m-z/xsel b/apparmor.d/profiles-m-z/xsel index af7a58a9..fd04122c 100644 --- a/apparmor.d/profiles-m-z/xsel +++ b/apparmor.d/profiles-m-z/xsel @@ -15,8 +15,8 @@ profile xsel @{exec_path} { @{exec_path} mr, owner @{HOME}/.xsel.log rw, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/xsel.log rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/xsel.log rw, owner @{HOME}/.Xauthority r, owner /tmp/xauth-[0-9]*-_[0-9] r, diff --git a/apparmor.d/profiles-m-z/youtube-dl b/apparmor.d/profiles-m-z/youtube-dl index 1c9c92ba..2a644ef2 100644 --- a/apparmor.d/profiles-m-z/youtube-dl +++ b/apparmor.d/profiles-m-z/youtube-dl @@ -82,8 +82,8 @@ profile youtube-dl @{exec_path} { /etc/mime.types r, - owner @{HOME}/.cache/ rw, - owner @{HOME}/.cache/youtube-dl/{,**} rw, + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/youtube-dl/{,**} rw, owner @{HOME}/.config/git/config r, diff --git a/apparmor.d/profiles-m-z/youtube-viewer b/apparmor.d/profiles-m-z/youtube-viewer index 6272eab7..03877a90 100644 --- a/apparmor.d/profiles-m-z/youtube-viewer +++ b/apparmor.d/profiles-m-z/youtube-viewer @@ -34,7 +34,7 @@ profile youtube-viewer @{exec_path} { /{usr/,}bin/wget rCx -> wget, owner @{HOME}/.config/youtube-viewer/{,*} rw, - owner @{HOME}/.cache/youtube-viewer/{,*} rw, + owner @{user_cache_dirs}/youtube-viewer/{,*} rw, owner @{HOME}/Downloads/youtube-viewer/{,*} rw, /etc/inputrc r, diff --git a/apparmor.d/profiles-m-z/ytdl b/apparmor.d/profiles-m-z/ytdl index 0471589a..c3bf02c4 100644 --- a/apparmor.d/profiles-m-z/ytdl +++ b/apparmor.d/profiles-m-z/ytdl @@ -74,7 +74,7 @@ profile ytdl @{exec_path} { /etc/mime.types r, # Needed when displaying info on available formats - owner @{HOME}/.cache/youtube-dl/youtube-sigfuncs/js*.json r, + owner @{user_cache_dirs}/youtube-dl/youtube-sigfuncs/js*.json r, include if exists }