diff --git a/apparmor.d/abstractions/bus-accessibility b/apparmor.d/abstractions/bus-accessibility index 4a5615f9..b310d54c 100644 --- a/apparmor.d/abstractions/bus-accessibility +++ b/apparmor.d/abstractions/bus-accessibility @@ -5,12 +5,12 @@ dbus send bus=accessibility path=/org/freedesktop/DBus interface=org.freedesktop.DBus member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName} - peer=(name=org.freedesktop.DBus, label=at-spi-bus-launcher), + peer=(name=org.freedesktop.DBus, label="{dbus-daemon,at-spi-bus-launcher}"), dbus send bus=accessibility path=/org/freedesktop/DBus interface=org.freedesktop.DBus member={RequestName,ReleaseName} - peer=(name=org.freedesktop.DBus, label=at-spi-bus-launcher), + peer=(name=org.freedesktop.DBus, label="{dbus-daemon,at-spi-bus-launcher}"), owner @{run}/user/@{uid}/at-spi/ rw, owner @{run}/user/@{uid}/at-spi/bus rw, diff --git a/apparmor.d/groups/_full/default-sudo b/apparmor.d/groups/_full/default-sudo index 7f6a26c2..d0a492e2 100644 --- a/apparmor.d/groups/_full/default-sudo +++ b/apparmor.d/groups/_full/default-sudo @@ -9,8 +9,8 @@ include profile default-sudo @{exec_path} { include include + include include - include include include diff --git a/apparmor.d/groups/_full/systemd b/apparmor.d/groups/_full/systemd index d3f55cf7..fa2fefc3 100644 --- a/apparmor.d/groups/_full/systemd +++ b/apparmor.d/groups/_full/systemd @@ -21,8 +21,8 @@ profile systemd flags=(attach_disconnected,mediate_deleted) { include include include - include - include + include + include include include include diff --git a/apparmor.d/groups/_full/systemd-user b/apparmor.d/groups/_full/systemd-user index 9cdc29ee..b3960725 100644 --- a/apparmor.d/groups/_full/systemd-user +++ b/apparmor.d/groups/_full/systemd-user @@ -18,8 +18,8 @@ include @{exec_path} = @{lib}/systemd/systemd profile systemd-user flags=(attach_disconnected,mediate_deleted) { include - include - include + include + include include network netlink raw, diff --git a/apparmor.d/groups/apps/calibre b/apparmor.d/groups/apps/calibre index e2561214..597dcf72 100644 --- a/apparmor.d/groups/apps/calibre +++ b/apparmor.d/groups/apps/calibre @@ -16,10 +16,10 @@ include profile calibre @{exec_path} { include include + include + include include include - include - include include include include diff --git a/apparmor.d/groups/apt/apt b/apparmor.d/groups/apt/apt index 28dcd35b..79ba7491 100644 --- a/apparmor.d/groups/apt/apt +++ b/apparmor.d/groups/apt/apt @@ -11,11 +11,11 @@ include profile apt @{exec_path} flags=(attach_disconnected) { include include + include include include include include - include include include include diff --git a/apparmor.d/groups/apt/unattended-upgrade b/apparmor.d/groups/apt/unattended-upgrade index fa40f1f8..d1e0e7d0 100644 --- a/apparmor.d/groups/apt/unattended-upgrade +++ b/apparmor.d/groups/apt/unattended-upgrade @@ -11,11 +11,11 @@ include profile unattended-upgrade @{exec_path} flags=(attach_disconnected) { include include + include include include include include - include include include include diff --git a/apparmor.d/groups/apt/unattended-upgrade-shutdown b/apparmor.d/groups/apt/unattended-upgrade-shutdown index 0e0b0a3a..1190d343 100644 --- a/apparmor.d/groups/apt/unattended-upgrade-shutdown +++ b/apparmor.d/groups/apt/unattended-upgrade-shutdown @@ -9,9 +9,9 @@ include @{exec_path} = /usr/share/unattended-upgrades/unattended-upgrade-shutdown profile unattended-upgrade-shutdown @{exec_path} flags=(attach_disconnected) { include + include include include - include include include diff --git a/apparmor.d/groups/avahi/avahi-browse b/apparmor.d/groups/avahi/avahi-browse index 9a8c5062..3397019b 100644 --- a/apparmor.d/groups/avahi/avahi-browse +++ b/apparmor.d/groups/avahi/avahi-browse @@ -10,9 +10,9 @@ include @{exec_path} = @{bin}/avahi-browse @{bin}/avahi-browse-domains profile avahi-browse @{exec_path} { include + include include include - include dbus receive bus=system path=/Client@{int}/ServiceTypeBrowser@{int} interface=org.freedesktop.Avahi.ServiceTypeBrowser diff --git a/apparmor.d/groups/avahi/avahi-resolve b/apparmor.d/groups/avahi/avahi-resolve index b378b2d8..39a9d681 100644 --- a/apparmor.d/groups/avahi/avahi-resolve +++ b/apparmor.d/groups/avahi/avahi-resolve @@ -10,9 +10,9 @@ include @{exec_path} = @{bin}/avahi-resolve @{bin}/avahi-resolve-address @{bin}/avahi-resolve-host-name profile avahi-resolve @{exec_path} { include + include include include - include dbus send bus=system path=/Client@{int}/AddressResolver@{int} interface=org.freedesktop.Avahi.AddressResolver diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox index 26208841..1334becb 100644 --- a/apparmor.d/groups/browsers/firefox +++ b/apparmor.d/groups/browsers/firefox @@ -16,13 +16,13 @@ include profile firefox @{exec_path} flags=(attach_disconnected) { include include + include + include include include include include include - include - include include include include diff --git a/apparmor.d/groups/bus/ibus-daemon b/apparmor.d/groups/bus/ibus-daemon index b7f2d5c0..3aa08004 100644 --- a/apparmor.d/groups/bus/ibus-daemon +++ b/apparmor.d/groups/bus/ibus-daemon @@ -9,8 +9,8 @@ include @{exec_path} = @{bin}/ibus-daemon profile ibus-daemon @{exec_path} flags=(attach_disconnected) { include + include include - include include include diff --git a/apparmor.d/groups/bus/ibus-dconf b/apparmor.d/groups/bus/ibus-dconf index 0f4c06ce..8abeeced 100644 --- a/apparmor.d/groups/bus/ibus-dconf +++ b/apparmor.d/groups/bus/ibus-dconf @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/{,ibus/}ibus-dconf profile ibus-dconf @{exec_path} flags=(attach_disconnected) { include + include + include include - include - include include signal (receive) set=term peer=ibus-daemon, diff --git a/apparmor.d/groups/bus/ibus-extension-gtk3 b/apparmor.d/groups/bus/ibus-extension-gtk3 index c0c167d4..fb7a5d80 100644 --- a/apparmor.d/groups/bus/ibus-extension-gtk3 +++ b/apparmor.d/groups/bus/ibus-extension-gtk3 @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/{,ibus/}ibus-extension-gtk3 profile ibus-extension-gtk3 @{exec_path} flags=(attach_disconnected) { include + include + include include - include - include include include include diff --git a/apparmor.d/groups/bus/ibus-portal b/apparmor.d/groups/bus/ibus-portal index ed616710..031c090a 100644 --- a/apparmor.d/groups/bus/ibus-portal +++ b/apparmor.d/groups/bus/ibus-portal @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/{,ibus/}ibus-portal profile ibus-portal @{exec_path} flags=(attach_disconnected) { include - include + include include signal (receive) set=(term, hup) peer=gdm*, diff --git a/apparmor.d/groups/bus/ibus-x11 b/apparmor.d/groups/bus/ibus-x11 index d6fbe245..536cbdbb 100644 --- a/apparmor.d/groups/bus/ibus-x11 +++ b/apparmor.d/groups/bus/ibus-x11 @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/{,ibus/}ibus-x11 profile ibus-x11 @{exec_path} flags=(attach_disconnected) { include + include + include include - include - include include include include diff --git a/apparmor.d/groups/children/child-systemctl b/apparmor.d/groups/children/child-systemctl index 16e89c21..18644552 100644 --- a/apparmor.d/groups/children/child-systemctl +++ b/apparmor.d/groups/children/child-systemctl @@ -16,8 +16,8 @@ include @{exec_path} = @{bin}/systemctl profile child-systemctl flags=(attach_disconnected) { include + include include - include include include diff --git a/apparmor.d/groups/freedesktop/accounts-daemon b/apparmor.d/groups/freedesktop/accounts-daemon index 032a39f2..b3a6b1ce 100644 --- a/apparmor.d/groups/freedesktop/accounts-daemon +++ b/apparmor.d/groups/freedesktop/accounts-daemon @@ -10,8 +10,8 @@ include @{exec_path} = @{lib}/{,accountsservice/}accounts-daemon profile accounts-daemon @{exec_path} flags=(attach_disconnected) { include + include include - include include include diff --git a/apparmor.d/groups/freedesktop/at-spi2-registryd b/apparmor.d/groups/freedesktop/at-spi2-registryd index bd6dbe9e..99d6bc64 100644 --- a/apparmor.d/groups/freedesktop/at-spi2-registryd +++ b/apparmor.d/groups/freedesktop/at-spi2-registryd @@ -10,10 +10,10 @@ include @{exec_path} = @{lib}/{,at-spi2{,-core}/}at-spi2-registryd profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) { include + include + include include include - include - include include include diff --git a/apparmor.d/groups/freedesktop/colord b/apparmor.d/groups/freedesktop/colord index aaa4a61e..f791c4b9 100644 --- a/apparmor.d/groups/freedesktop/colord +++ b/apparmor.d/groups/freedesktop/colord @@ -10,8 +10,8 @@ include @{exec_path} = @{lib}/{,colord/}colord profile colord @{exec_path} flags=(attach_disconnected) { include + include include - include include include diff --git a/apparmor.d/groups/freedesktop/colord-sane b/apparmor.d/groups/freedesktop/colord-sane index b25c68f4..b6736041 100644 --- a/apparmor.d/groups/freedesktop/colord-sane +++ b/apparmor.d/groups/freedesktop/colord-sane @@ -10,8 +10,8 @@ include @{exec_path} = @{lib}/{,colord/}colord-sane profile colord-sane @{exec_path} flags=(attach_disconnected) { include + include include - include include include diff --git a/apparmor.d/groups/freedesktop/dconf-service b/apparmor.d/groups/freedesktop/dconf-service index d7d37180..eea031a0 100644 --- a/apparmor.d/groups/freedesktop/dconf-service +++ b/apparmor.d/groups/freedesktop/dconf-service @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/{,dconf/}dconf-service profile dconf-service @{exec_path} flags=(attach_disconnected) { include - include + include include signal (receive) set=(term kill hup) peer=dbus-daemon, diff --git a/apparmor.d/groups/freedesktop/geoclue b/apparmor.d/groups/freedesktop/geoclue index 12540c5a..6204d1fe 100644 --- a/apparmor.d/groups/freedesktop/geoclue +++ b/apparmor.d/groups/freedesktop/geoclue @@ -9,11 +9,11 @@ include @{exec_path} = @{lib}/geoclue @{lib}/geoclue-2.0/demos/agent profile geoclue @{exec_path} flags=(attach_disconnected) { include + include include include include include - include include include include diff --git a/apparmor.d/groups/freedesktop/pipewire b/apparmor.d/groups/freedesktop/pipewire index 0729b0f5..512fb9ef 100644 --- a/apparmor.d/groups/freedesktop/pipewire +++ b/apparmor.d/groups/freedesktop/pipewire @@ -11,9 +11,9 @@ include profile pipewire @{exec_path} flags=(attach_disconnected) { include include + include + include include - include - include include include diff --git a/apparmor.d/groups/freedesktop/pipewire-media-session b/apparmor.d/groups/freedesktop/pipewire-media-session index eec00848..faab7380 100644 --- a/apparmor.d/groups/freedesktop/pipewire-media-session +++ b/apparmor.d/groups/freedesktop/pipewire-media-session @@ -11,9 +11,9 @@ include profile pipewire-media-session @{exec_path} { include include + include + include include - include - include include include include diff --git a/apparmor.d/groups/freedesktop/polkit-agent-helper b/apparmor.d/groups/freedesktop/polkit-agent-helper index d3e96948..939a8ea6 100644 --- a/apparmor.d/groups/freedesktop/polkit-agent-helper +++ b/apparmor.d/groups/freedesktop/polkit-agent-helper @@ -12,8 +12,8 @@ include profile polkit-agent-helper @{exec_path} { include include + include include - include include capability audit_write, diff --git a/apparmor.d/groups/freedesktop/polkitd b/apparmor.d/groups/freedesktop/polkitd index c83119ff..0691c3ff 100644 --- a/apparmor.d/groups/freedesktop/polkitd +++ b/apparmor.d/groups/freedesktop/polkitd @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/{,polkit-1/}polkitd profile polkitd @{exec_path} flags=(attach_disconnected) { include - include + include include capability setgid, diff --git a/apparmor.d/groups/freedesktop/pulseaudio b/apparmor.d/groups/freedesktop/pulseaudio index 1c6d6894..3121da1c 100644 --- a/apparmor.d/groups/freedesktop/pulseaudio +++ b/apparmor.d/groups/freedesktop/pulseaudio @@ -12,13 +12,13 @@ include profile pulseaudio @{exec_path} { include include + include + include include include include include include - include - include include include include diff --git a/apparmor.d/groups/freedesktop/upowerd b/apparmor.d/groups/freedesktop/upowerd index 9e762e76..25883216 100644 --- a/apparmor.d/groups/freedesktop/upowerd +++ b/apparmor.d/groups/freedesktop/upowerd @@ -10,9 +10,9 @@ include @{exec_path} = @{lib}/{,upower/}upowerd profile upowerd @{exec_path} flags=(attach_disconnected) { include + include include include - include include network netlink raw, diff --git a/apparmor.d/groups/freedesktop/xdg-dbus-proxy b/apparmor.d/groups/freedesktop/xdg-dbus-proxy index ba2fbe84..ea58402d 100644 --- a/apparmor.d/groups/freedesktop/xdg-dbus-proxy +++ b/apparmor.d/groups/freedesktop/xdg-dbus-proxy @@ -9,12 +9,12 @@ include @{exec_path} = @{bin}/xdg-dbus-proxy profile xdg-dbus-proxy @{exec_path} flags=(attach_disconnected) { include + include + include + include include include include - include - include - include dbus send bus=session path=/org/freedesktop/portal/desktop interface=org.freedesktop.portal.Realtime diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal b/apparmor.d/groups/freedesktop/xdg-desktop-portal index 43d32280..683bfdd4 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal @@ -9,12 +9,12 @@ include @{exec_path} = @{lib}/xdg-desktop-portal profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) { include + include + include include include include include - include - include include include include diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome index d4910e0a..6b3c572f 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome @@ -9,12 +9,12 @@ include @{exec_path} = @{lib}/xdg-desktop-portal-gnome profile xdg-desktop-portal-gnome @{exec_path} { include + include + include include include include include - include - include include include include diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk index 6e43e90e..8d18c5a7 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk @@ -9,6 +9,9 @@ include @{exec_path} = @{lib}/xdg-desktop-portal-gtk profile xdg-desktop-portal-gtk @{exec_path} { include + include + include + include include include include @@ -16,9 +19,6 @@ profile xdg-desktop-portal-gtk @{exec_path} { include include include - include - include - include include include include diff --git a/apparmor.d/groups/freedesktop/xdg-document-portal b/apparmor.d/groups/freedesktop/xdg-document-portal index 2b7061b8..d7954092 100644 --- a/apparmor.d/groups/freedesktop/xdg-document-portal +++ b/apparmor.d/groups/freedesktop/xdg-document-portal @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/xdg-document-portal profile xdg-document-portal @{exec_path} flags=(attach_disconnected) { include + include include - include capability sys_nice, capability sys_resource, diff --git a/apparmor.d/groups/freedesktop/xdg-permission-store b/apparmor.d/groups/freedesktop/xdg-permission-store index afbddff4..6e7d9d43 100644 --- a/apparmor.d/groups/freedesktop/xdg-permission-store +++ b/apparmor.d/groups/freedesktop/xdg-permission-store @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/xdg-permission-store profile xdg-permission-store @{exec_path} flags=(attach_disconnected) { include - include + include capability sys_nice, diff --git a/apparmor.d/groups/freedesktop/xorg b/apparmor.d/groups/freedesktop/xorg index 6add25f4..3da13826 100644 --- a/apparmor.d/groups/freedesktop/xorg +++ b/apparmor.d/groups/freedesktop/xorg @@ -13,8 +13,8 @@ include @{exec_path} += @{lib}/xorg/Xorg{,.wrap} profile xorg @{exec_path} flags=(attach_disconnected) { include + include include - include include include include diff --git a/apparmor.d/groups/gnome/evolution-addressbook-factory b/apparmor.d/groups/gnome/evolution-addressbook-factory index c87177a0..5c081d17 100644 --- a/apparmor.d/groups/gnome/evolution-addressbook-factory +++ b/apparmor.d/groups/gnome/evolution-addressbook-factory @@ -9,11 +9,11 @@ include @{exec_path} = @{lib}/{,evolution-data-server/}evolution-addressbook-factory profile evolution-addressbook-factory @{exec_path} { include + include + include include include include - include - include include include include diff --git a/apparmor.d/groups/gnome/evolution-calendar-factory b/apparmor.d/groups/gnome/evolution-calendar-factory index 0bef231f..85b79b1d 100644 --- a/apparmor.d/groups/gnome/evolution-calendar-factory +++ b/apparmor.d/groups/gnome/evolution-calendar-factory @@ -9,10 +9,10 @@ include @{exec_path} = @{lib}/{,evolution-data-server/}evolution-calendar-factory profile evolution-calendar-factory @{exec_path} { include + include + include include include - include - include include include include diff --git a/apparmor.d/groups/gnome/evolution-source-registry b/apparmor.d/groups/gnome/evolution-source-registry index 65fced96..d9313580 100644 --- a/apparmor.d/groups/gnome/evolution-source-registry +++ b/apparmor.d/groups/gnome/evolution-source-registry @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/{,evolution-data-server/}evolution-source-registry profile evolution-source-registry @{exec_path} { include + include include - include include include include diff --git a/apparmor.d/groups/gnome/gdm b/apparmor.d/groups/gnome/gdm index eaa6afb3..d13c6f3c 100644 --- a/apparmor.d/groups/gnome/gdm +++ b/apparmor.d/groups/gnome/gdm @@ -9,8 +9,8 @@ include @{exec_path} = @{bin}/gdm{3,} profile gdm @{exec_path} flags=(attach_disconnected) { include - include - include + include + include include include diff --git a/apparmor.d/groups/gnome/gdm-session-worker b/apparmor.d/groups/gnome/gdm-session-worker index 5157fbbc..43725a20 100644 --- a/apparmor.d/groups/gnome/gdm-session-worker +++ b/apparmor.d/groups/gnome/gdm-session-worker @@ -10,9 +10,9 @@ include profile gdm-session-worker @{exec_path} flags=(attach_disconnected) { include include + include + include include - include - include include capability audit_write, diff --git a/apparmor.d/groups/gnome/gdm-wayland-session b/apparmor.d/groups/gnome/gdm-wayland-session index 6acdb444..7207994c 100644 --- a/apparmor.d/groups/gnome/gdm-wayland-session +++ b/apparmor.d/groups/gnome/gdm-wayland-session @@ -10,10 +10,10 @@ include profile gdm-wayland-session @{exec_path} { include include + include + include include include - include - include include include include diff --git a/apparmor.d/groups/gnome/gdm-x-session b/apparmor.d/groups/gnome/gdm-x-session index 22b35f1b..23666260 100644 --- a/apparmor.d/groups/gnome/gdm-x-session +++ b/apparmor.d/groups/gnome/gdm-x-session @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/{,gdm/}gdm-x-session profile gdm-x-session @{exec_path} flags=(attach_disconnected) { include - include - include + include + include include signal (receive) set=term peer=gdm{,-session-worker}, diff --git a/apparmor.d/groups/gnome/gdm-xsession b/apparmor.d/groups/gnome/gdm-xsession index dd98613c..a824ce8e 100644 --- a/apparmor.d/groups/gnome/gdm-xsession +++ b/apparmor.d/groups/gnome/gdm-xsession @@ -65,7 +65,7 @@ profile gdm-xsession @{exec_path} { profile dbus { include - include + include dbus send bus=session path=/org/freedesktop/systemd1 interface=org.freedesktop.systemd1.Manager diff --git a/apparmor.d/groups/gnome/gjs-console b/apparmor.d/groups/gnome/gjs-console index 08c85dad..5b0f23ed 100644 --- a/apparmor.d/groups/gnome/gjs-console +++ b/apparmor.d/groups/gnome/gjs-console @@ -13,8 +13,8 @@ include @{exec_path} = @{bin}/gjs-console profile gjs-console @{exec_path} flags=(attach_disconnected) { include - include - include + include + include include include include diff --git a/apparmor.d/groups/gnome/gnome-calculator-search-provider b/apparmor.d/groups/gnome/gnome-calculator-search-provider index 762e12aa..b06a0de3 100644 --- a/apparmor.d/groups/gnome/gnome-calculator-search-provider +++ b/apparmor.d/groups/gnome/gnome-calculator-search-provider @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/gnome-calculator-search-provider profile gnome-calculator-search-provider @{exec_path} { include - include + include include include include diff --git a/apparmor.d/groups/gnome/gnome-calendar b/apparmor.d/groups/gnome/gnome-calendar index f8a185a0..9f1c8e62 100644 --- a/apparmor.d/groups/gnome/gnome-calendar +++ b/apparmor.d/groups/gnome/gnome-calendar @@ -9,12 +9,12 @@ include @{exec_path} = @{bin}/gnome-calendar profile gnome-calendar @{exec_path} { include + include + include include include include include - include - include include include include diff --git a/apparmor.d/groups/gnome/gnome-characters b/apparmor.d/groups/gnome/gnome-characters index 38f4ae94..9170875b 100644 --- a/apparmor.d/groups/gnome/gnome-characters +++ b/apparmor.d/groups/gnome/gnome-characters @@ -9,9 +9,9 @@ include @{exec_path} = /usr/share/org.gnome.Characters/org.gnome.Characters profile gnome-characters @{exec_path} { include + include + include include - include - include include include include diff --git a/apparmor.d/groups/gnome/gnome-characters-backgroudservice b/apparmor.d/groups/gnome/gnome-characters-backgroudservice index ab2cfa1a..8e76baa3 100644 --- a/apparmor.d/groups/gnome/gnome-characters-backgroudservice +++ b/apparmor.d/groups/gnome/gnome-characters-backgroudservice @@ -9,7 +9,7 @@ include @{exec_path} = /usr/share/org.gnome.Characters/org.gnome.Characters.BackgroundService profile gnome-characters-backgroudservice @{exec_path} { include - include + include include include diff --git a/apparmor.d/groups/gnome/gnome-control-center b/apparmor.d/groups/gnome/gnome-control-center index 00dd628b..19d80ad0 100644 --- a/apparmor.d/groups/gnome/gnome-control-center +++ b/apparmor.d/groups/gnome/gnome-control-center @@ -10,8 +10,8 @@ include profile gnome-control-center @{exec_path} flags=(attach_disconnected) { include include + include include - include include include include diff --git a/apparmor.d/groups/gnome/gnome-control-center-goa-helper b/apparmor.d/groups/gnome/gnome-control-center-goa-helper index 0597f09c..0b68adce 100644 --- a/apparmor.d/groups/gnome/gnome-control-center-goa-helper +++ b/apparmor.d/groups/gnome/gnome-control-center-goa-helper @@ -9,10 +9,10 @@ include @{exec_path} = @{lib}/gnome-control-center-goa-helper profile gnome-control-center-goa-helper @{exec_path} { include + include + include include include - include - include include include include diff --git a/apparmor.d/groups/gnome/gnome-control-center-print-renderer b/apparmor.d/groups/gnome/gnome-control-center-print-renderer index ff3bad82..3a53ea19 100644 --- a/apparmor.d/groups/gnome/gnome-control-center-print-renderer +++ b/apparmor.d/groups/gnome/gnome-control-center-print-renderer @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/gnome-control-center-print-renderer profile gnome-control-center-print-renderer @{exec_path} { include + include + include include - include - include include include include diff --git a/apparmor.d/groups/gnome/gnome-control-center-search-provider b/apparmor.d/groups/gnome/gnome-control-center-search-provider index 5efe6b33..bad7e5ee 100644 --- a/apparmor.d/groups/gnome/gnome-control-center-search-provider +++ b/apparmor.d/groups/gnome/gnome-control-center-search-provider @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/gnome-control-center-search-provider profile gnome-control-center-search-provider @{exec_path} { include - include + include include include include diff --git a/apparmor.d/groups/gnome/gnome-disks b/apparmor.d/groups/gnome/gnome-disks index 7af6ab22..2190f5d2 100644 --- a/apparmor.d/groups/gnome/gnome-disks +++ b/apparmor.d/groups/gnome/gnome-disks @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/gnome-disks profile gnome-disks @{exec_path} { include - include + include include include include diff --git a/apparmor.d/groups/gnome/gnome-extension-ding b/apparmor.d/groups/gnome/gnome-extension-ding index b83c864d..45f35800 100644 --- a/apparmor.d/groups/gnome/gnome-extension-ding +++ b/apparmor.d/groups/gnome/gnome-extension-ding @@ -9,6 +9,9 @@ include @{exec_path} = /usr/share/gnome-shell/extensions/ding@rastersoft.com/{,app/}ding.js profile gnome-extension-ding @{exec_path} { include + include + include + include include include include @@ -16,9 +19,6 @@ profile gnome-extension-ding @{exec_path} { include include include - include - include - include include include include diff --git a/apparmor.d/groups/gnome/gnome-extension-gsconnect b/apparmor.d/groups/gnome/gnome-extension-gsconnect index 87273aed..600a928a 100644 --- a/apparmor.d/groups/gnome/gnome-extension-gsconnect +++ b/apparmor.d/groups/gnome/gnome-extension-gsconnect @@ -12,9 +12,9 @@ include @{exec_path} = @{share_dirs}/service/daemon.js profile gnome-extension-gsconnect @{exec_path} { include - include - include - include + include + include + include include include include diff --git a/apparmor.d/groups/gnome/gnome-initial-setup b/apparmor.d/groups/gnome/gnome-initial-setup index 938b35e8..8bde3fe3 100644 --- a/apparmor.d/groups/gnome/gnome-initial-setup +++ b/apparmor.d/groups/gnome/gnome-initial-setup @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/gnome-initial-setup profile gnome-initial-setup @{exec_path} { include - include + include include include include diff --git a/apparmor.d/groups/gnome/gnome-keyring-daemon b/apparmor.d/groups/gnome/gnome-keyring-daemon index cf639f5c..7c1a8fb1 100644 --- a/apparmor.d/groups/gnome/gnome-keyring-daemon +++ b/apparmor.d/groups/gnome/gnome-keyring-daemon @@ -10,11 +10,11 @@ include @{exec_path} = @{bin}/gnome-keyring-daemon profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) { include + include + include include include include - include - include include capability ipc_lock, diff --git a/apparmor.d/groups/gnome/gnome-remote-desktop-daemon b/apparmor.d/groups/gnome/gnome-remote-desktop-daemon index 93f1fcd9..14b1750c 100644 --- a/apparmor.d/groups/gnome/gnome-remote-desktop-daemon +++ b/apparmor.d/groups/gnome/gnome-remote-desktop-daemon @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/gnome-remote-desktop-daemon profile gnome-remote-desktop-daemon @{exec_path} { include - include + include include include include diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary index 2f527e2b..f86ca28f 100644 --- a/apparmor.d/groups/gnome/gnome-session-binary +++ b/apparmor.d/groups/gnome/gnome-session-binary @@ -9,14 +9,14 @@ include @{exec_path} = @{lib}/gnome-session-binary profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { include + include + include + include include include include include include - include - include - include include include include diff --git a/apparmor.d/groups/gnome/gnome-session-ctl b/apparmor.d/groups/gnome/gnome-session-ctl index ebd24651..cda4c31e 100644 --- a/apparmor.d/groups/gnome/gnome-session-ctl +++ b/apparmor.d/groups/gnome/gnome-session-ctl @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/gnome-session-ctl profile gnome-session-ctl @{exec_path} { include - include + include signal (receive) set=(kill) peer=@{systemd}, diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index c5a3f891..ac1b616f 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -11,6 +11,9 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { include include include + include + include + include include include include @@ -35,9 +38,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { include include include - include - include - include include include include diff --git a/apparmor.d/groups/gnome/gnome-shell-calendar-server b/apparmor.d/groups/gnome/gnome-shell-calendar-server index 25010724..873bde84 100644 --- a/apparmor.d/groups/gnome/gnome-shell-calendar-server +++ b/apparmor.d/groups/gnome/gnome-shell-calendar-server @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/{,gnome-shell/}gnome-shell-calendar-server profile gnome-shell-calendar-server @{exec_path} { include - include + include include include diff --git a/apparmor.d/groups/gnome/gnome-shell-hotplug-sniffer b/apparmor.d/groups/gnome/gnome-shell-hotplug-sniffer index 6ae8704f..f87e79ae 100644 --- a/apparmor.d/groups/gnome/gnome-shell-hotplug-sniffer +++ b/apparmor.d/groups/gnome/gnome-shell-hotplug-sniffer @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/gnome-shell-hotplug-sniffer profile gnome-shell-hotplug-sniffer @{exec_path} { include - include + include @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gnome-system-monitor b/apparmor.d/groups/gnome/gnome-system-monitor index dae3880f..a2475f02 100644 --- a/apparmor.d/groups/gnome/gnome-system-monitor +++ b/apparmor.d/groups/gnome/gnome-system-monitor @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/gnome-system-monitor profile gnome-system-monitor @{exec_path} flags=(attach_disconnected) { include - include + include include include include diff --git a/apparmor.d/groups/gnome/gnome-terminal-server b/apparmor.d/groups/gnome/gnome-terminal-server index 4edf1edc..821409b8 100644 --- a/apparmor.d/groups/gnome/gnome-terminal-server +++ b/apparmor.d/groups/gnome/gnome-terminal-server @@ -9,12 +9,12 @@ include @{exec_path} = @{lib}/gnome-terminal-server profile gnome-terminal-server @{exec_path} { include + include + include include include include include - include - include include include diff --git a/apparmor.d/groups/gnome/goa-daemon b/apparmor.d/groups/gnome/goa-daemon index d9a7aeb5..f4408837 100644 --- a/apparmor.d/groups/gnome/goa-daemon +++ b/apparmor.d/groups/gnome/goa-daemon @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/goa-daemon profile goa-daemon @{exec_path} { include + include + include include - include - include include include include diff --git a/apparmor.d/groups/gnome/goa-identity-service b/apparmor.d/groups/gnome/goa-identity-service index 9f2d9936..31d4c608 100644 --- a/apparmor.d/groups/gnome/goa-identity-service +++ b/apparmor.d/groups/gnome/goa-identity-service @@ -10,7 +10,7 @@ include profile goa-identity-service @{exec_path} { include include - include + include dbus bind bus=session name=org.gnome.Identity, dbus receive bus=session path=/org/gnome/Identity diff --git a/apparmor.d/groups/gnome/gsd-a11y-settings b/apparmor.d/groups/gnome/gsd-a11y-settings index 7ceb20d3..68ff65ae 100644 --- a/apparmor.d/groups/gnome/gsd-a11y-settings +++ b/apparmor.d/groups/gnome/gsd-a11y-settings @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/gsd-a11y-settings profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) { include + include include - include include signal (receive) set=(term, hup) peer=gdm*, diff --git a/apparmor.d/groups/gnome/gsd-color b/apparmor.d/groups/gnome/gsd-color index cbce8ef9..66b859f0 100644 --- a/apparmor.d/groups/gnome/gsd-color +++ b/apparmor.d/groups/gnome/gsd-color @@ -9,14 +9,14 @@ include @{exec_path} = @{lib}/gsd-color profile gsd-color @{exec_path} flags=(attach_disconnected) { include + include + include + include include include include include include - include - include - include include include include diff --git a/apparmor.d/groups/gnome/gsd-datetime b/apparmor.d/groups/gnome/gsd-datetime index 52f43ad4..3a78fe81 100644 --- a/apparmor.d/groups/gnome/gsd-datetime +++ b/apparmor.d/groups/gnome/gsd-datetime @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/gsd-datetime profile gsd-datetime @{exec_path} flags=(attach_disconnected) { include + include include - include include signal (receive) set=(term, hup) peer=gdm*, diff --git a/apparmor.d/groups/gnome/gsd-disk-utility-notify b/apparmor.d/groups/gnome/gsd-disk-utility-notify index 0f857769..c2ac8ef0 100644 --- a/apparmor.d/groups/gnome/gsd-disk-utility-notify +++ b/apparmor.d/groups/gnome/gsd-disk-utility-notify @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/gsd-disk-utility-notify profile gsd-disk-utility-notify @{exec_path} { include + include + include include - include - include dbus bind bus=session name=org.gnome.Disks.NotificationMonitor, diff --git a/apparmor.d/groups/gnome/gsd-housekeeping b/apparmor.d/groups/gnome/gsd-housekeeping index 9716b8d2..7cee1b52 100644 --- a/apparmor.d/groups/gnome/gsd-housekeeping +++ b/apparmor.d/groups/gnome/gsd-housekeeping @@ -10,9 +10,9 @@ include profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) { include include + include include include - include include include diff --git a/apparmor.d/groups/gnome/gsd-keyboard b/apparmor.d/groups/gnome/gsd-keyboard index 60879460..84df7f49 100644 --- a/apparmor.d/groups/gnome/gsd-keyboard +++ b/apparmor.d/groups/gnome/gsd-keyboard @@ -9,13 +9,13 @@ include @{exec_path} = @{lib}/gsd-keyboard profile gsd-keyboard @{exec_path} flags=(attach_disconnected) { include + include + include + include include include include include - include - include - include include include include diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys index 39d5e40a..e0789d0a 100644 --- a/apparmor.d/groups/gnome/gsd-media-keys +++ b/apparmor.d/groups/gnome/gsd-media-keys @@ -10,14 +10,14 @@ include profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { include include + include + include + include include include include include include - include - include - include include include include diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power index 55760b43..b9253fe1 100644 --- a/apparmor.d/groups/gnome/gsd-power +++ b/apparmor.d/groups/gnome/gsd-power @@ -10,6 +10,9 @@ include profile gsd-power @{exec_path} flags=(attach_disconnected) { include include + include + include + include include include include @@ -19,9 +22,6 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { include include include - include - include - include include include include diff --git a/apparmor.d/groups/gnome/gsd-print-notifications b/apparmor.d/groups/gnome/gsd-print-notifications index f4b93d01..7a5d752a 100644 --- a/apparmor.d/groups/gnome/gsd-print-notifications +++ b/apparmor.d/groups/gnome/gsd-print-notifications @@ -9,10 +9,10 @@ include @{exec_path} = @{lib}/gsd-print-notifications profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) { include + include + include include include - include - include include network inet stream, diff --git a/apparmor.d/groups/gnome/gsd-printer b/apparmor.d/groups/gnome/gsd-printer index 37c571ce..7dfd59f7 100644 --- a/apparmor.d/groups/gnome/gsd-printer +++ b/apparmor.d/groups/gnome/gsd-printer @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/gsd-printer profile gsd-printer @{exec_path} flags=(attach_disconnected) { include + include + include include - include - include include signal (receive) set=(term, hup) peer=gdm*, diff --git a/apparmor.d/groups/gnome/gsd-rfkill b/apparmor.d/groups/gnome/gsd-rfkill index 8ba57fa2..4c6c96b6 100644 --- a/apparmor.d/groups/gnome/gsd-rfkill +++ b/apparmor.d/groups/gnome/gsd-rfkill @@ -9,12 +9,12 @@ include @{exec_path} = @{lib}/gsd-rfkill profile gsd-rfkill @{exec_path} flags=(attach_disconnected) { include + include + include include include include include - include - include signal (receive) set=(term, hup) peer=gdm*, diff --git a/apparmor.d/groups/gnome/gsd-screensaver-proxy b/apparmor.d/groups/gnome/gsd-screensaver-proxy index 43efda14..9149023c 100644 --- a/apparmor.d/groups/gnome/gsd-screensaver-proxy +++ b/apparmor.d/groups/gnome/gsd-screensaver-proxy @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/gsd-screensaver-proxy profile gsd-screensaver-proxy @{exec_path} flags=(attach_disconnected) { include + include include - include signal (receive) set=(term, hup) peer=gdm*, diff --git a/apparmor.d/groups/gnome/gsd-sharing b/apparmor.d/groups/gnome/gsd-sharing index 55bff588..111fac2a 100644 --- a/apparmor.d/groups/gnome/gsd-sharing +++ b/apparmor.d/groups/gnome/gsd-sharing @@ -9,10 +9,10 @@ include @{exec_path} = @{lib}/gsd-sharing profile gsd-sharing @{exec_path} flags=(attach_disconnected) { include + include + include include include - include - include include signal (receive) set=(term, hup) peer=gdm*, diff --git a/apparmor.d/groups/gnome/gsd-smartcard b/apparmor.d/groups/gnome/gsd-smartcard index 7617ff33..d9c28023 100644 --- a/apparmor.d/groups/gnome/gsd-smartcard +++ b/apparmor.d/groups/gnome/gsd-smartcard @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/gsd-smartcard profile gsd-smartcard @{exec_path} flags=(attach_disconnected) { include + include include - include include include include diff --git a/apparmor.d/groups/gnome/gsd-sound b/apparmor.d/groups/gnome/gsd-sound index de8ef622..7659da3e 100644 --- a/apparmor.d/groups/gnome/gsd-sound +++ b/apparmor.d/groups/gnome/gsd-sound @@ -10,9 +10,9 @@ include profile gsd-sound @{exec_path} flags=(attach_disconnected) { include include + include include include - include include signal (receive) set=(term, hup) peer=gdm*, diff --git a/apparmor.d/groups/gnome/gsd-wacom b/apparmor.d/groups/gnome/gsd-wacom index 9d5c2681..4ee9d9e6 100644 --- a/apparmor.d/groups/gnome/gsd-wacom +++ b/apparmor.d/groups/gnome/gsd-wacom @@ -9,11 +9,11 @@ include @{exec_path} = @{lib}/gsd-wacom profile gsd-wacom @{exec_path} flags=(attach_disconnected) { include + include + include include include include - include - include include include include diff --git a/apparmor.d/groups/gnome/gsd-xsettings b/apparmor.d/groups/gnome/gsd-xsettings index 41d9a53d..401b3c04 100644 --- a/apparmor.d/groups/gnome/gsd-xsettings +++ b/apparmor.d/groups/gnome/gsd-xsettings @@ -9,14 +9,14 @@ include @{exec_path} = @{lib}/gsd-xsettings profile gsd-xsettings @{exec_path} { include + include + include + include include include include include include - include - include - include include include include diff --git a/apparmor.d/groups/gnome/mutter-x11-frames b/apparmor.d/groups/gnome/mutter-x11-frames index 3a883726..7a700e36 100644 --- a/apparmor.d/groups/gnome/mutter-x11-frames +++ b/apparmor.d/groups/gnome/mutter-x11-frames @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/mutter-x11-frames profile mutter-x11-frames @{exec_path} { include - include + include include include include diff --git a/apparmor.d/groups/gnome/nautilus b/apparmor.d/groups/gnome/nautilus index 87fb5c64..9a50a286 100644 --- a/apparmor.d/groups/gnome/nautilus +++ b/apparmor.d/groups/gnome/nautilus @@ -9,12 +9,12 @@ include @{exec_path} = @{bin}/nautilus profile nautilus @{exec_path} flags=(attach_disconnected) { include + include + include + include include include include - include - include - include include include include diff --git a/apparmor.d/groups/gnome/seahorse b/apparmor.d/groups/gnome/seahorse index 5e1845fd..309da110 100644 --- a/apparmor.d/groups/gnome/seahorse +++ b/apparmor.d/groups/gnome/seahorse @@ -9,12 +9,12 @@ include @{exec_path} = @{bin}/seahorse profile seahorse @{exec_path} { include + include + include include include include include - include - include include include include diff --git a/apparmor.d/groups/gnome/tracker-extract b/apparmor.d/groups/gnome/tracker-extract index ce64f017..dbe28719 100644 --- a/apparmor.d/groups/gnome/tracker-extract +++ b/apparmor.d/groups/gnome/tracker-extract @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/tracker-extract-3 profile tracker-extract @{exec_path} flags=(attach_disconnected) { include + include include include - include include include include diff --git a/apparmor.d/groups/gnome/tracker-miner b/apparmor.d/groups/gnome/tracker-miner index 7531f964..6d3e5f4c 100644 --- a/apparmor.d/groups/gnome/tracker-miner +++ b/apparmor.d/groups/gnome/tracker-miner @@ -9,11 +9,11 @@ include @{exec_path} = @{lib}/tracker-miner-fs-{,control-}3 profile tracker-miner @{exec_path} flags=(attach_disconnected) { include + include + include include include include - include - include include include include diff --git a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor index 2357778a..806d6fcb 100644 --- a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfs-afc-volume-monitor profile gvfs-afc-volume-monitor @{exec_path} { include - include + include dbus bind bus=session name=org.gtk.vfs.AfcVolumeMonitor, dbus receive bus=session path=/org/gtk/Private/RemoteVolumeMonitor diff --git a/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor b/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor index 9a4c3b9d..059c0a1f 100644 --- a/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfs-goa-volume-monitor profile gvfs-goa-volume-monitor @{exec_path} { include - include + include dbus bind bus=session name=org.gtk.vfs.GoaVolumeMonitor, diff --git a/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor index 32aa83cd..e99eddd2 100644 --- a/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfs-gphoto2-volume-monitor profile gvfs-gphoto2-volume-monitor @{exec_path} { include - include + include include include diff --git a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor index fff1b126..06d2e3b0 100644 --- a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfs-mtp-volume-monitor profile gvfs-mtp-volume-monitor @{exec_path} { include - include + include include network netlink raw, diff --git a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor index a92f4a48..b7e6bfdc 100644 --- a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor @@ -10,10 +10,10 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfs-udisks2-volume-monitor profile gvfs-udisks2-volume-monitor @{exec_path} flags=(attach_disconnected) { include + include + include include include - include - include include include include diff --git a/apparmor.d/groups/gvfs/gvfsd b/apparmor.d/groups/gvfs/gvfsd index 5666d525..0f93193d 100644 --- a/apparmor.d/groups/gvfs/gvfsd +++ b/apparmor.d/groups/gvfs/gvfsd @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfsd profile gvfsd @{exec_path} { include - include + include dbus bind bus=session name=org.gtk.vfs.Daemon, diff --git a/apparmor.d/groups/gvfs/gvfsd-dnssd b/apparmor.d/groups/gvfs/gvfsd-dnssd index c081b6bd..49504313 100644 --- a/apparmor.d/groups/gvfs/gvfsd-dnssd +++ b/apparmor.d/groups/gvfs/gvfsd-dnssd @@ -10,10 +10,10 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfsd-dnssd profile gvfsd-dnssd @{exec_path} { include + include + include include include - include - include dbus bind bus=session name=org.gtk.vfs.mountpoint_dnssd, diff --git a/apparmor.d/groups/gvfs/gvfsd-fuse b/apparmor.d/groups/gvfs/gvfsd-fuse index 7fe5c1e3..7ec099e4 100644 --- a/apparmor.d/groups/gvfs/gvfsd-fuse +++ b/apparmor.d/groups/gvfs/gvfsd-fuse @@ -10,8 +10,8 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfsd-fuse profile gvfsd-fuse @{exec_path} { include + include include - include unix (send,receive) type=stream addr=none peer=(label=gvfsd-fuse//fusermount), diff --git a/apparmor.d/groups/gvfs/gvfsd-metadata b/apparmor.d/groups/gvfs/gvfsd-metadata index 8ba651eb..d49e533c 100644 --- a/apparmor.d/groups/gvfs/gvfsd-metadata +++ b/apparmor.d/groups/gvfs/gvfsd-metadata @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfsd-metadata profile gvfsd-metadata @{exec_path} { include - include + include include network netlink raw, diff --git a/apparmor.d/groups/gvfs/gvfsd-network b/apparmor.d/groups/gvfs/gvfsd-network index b8c65a14..1208707a 100644 --- a/apparmor.d/groups/gvfs/gvfsd-network +++ b/apparmor.d/groups/gvfs/gvfsd-network @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfsd-network profile gvfsd-network @{exec_path} { include - include + include include dbus send bus=session path=/org/gtk/gvfs/exec_spaw/@{int} diff --git a/apparmor.d/groups/gvfs/gvfsd-smb-browse b/apparmor.d/groups/gvfs/gvfsd-smb-browse index 5f1f91bb..3f26bf8d 100644 --- a/apparmor.d/groups/gvfs/gvfsd-smb-browse +++ b/apparmor.d/groups/gvfs/gvfsd-smb-browse @@ -10,8 +10,8 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfsd-smb-browse profile gvfsd-smb-browse @{exec_path} { include + include include - include include include diff --git a/apparmor.d/groups/gvfs/gvfsd-trash b/apparmor.d/groups/gvfs/gvfsd-trash index a586cb8a..ae1abf58 100644 --- a/apparmor.d/groups/gvfs/gvfsd-trash +++ b/apparmor.d/groups/gvfs/gvfsd-trash @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/{,gvfs/}gvfsd-trash profile gvfsd-trash @{exec_path} { include - include + include include include include diff --git a/apparmor.d/groups/kde/kded5 b/apparmor.d/groups/kde/kded5 index 2c89d4bb..19bd2942 100644 --- a/apparmor.d/groups/kde/kded5 +++ b/apparmor.d/groups/kde/kded5 @@ -10,9 +10,9 @@ include profile kded5 @{exec_path} { include include + include include include - include include include include diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell index 923e63e4..75214af3 100644 --- a/apparmor.d/groups/kde/plasmashell +++ b/apparmor.d/groups/kde/plasmashell @@ -11,10 +11,10 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { include include include + include + include include include - include - include include include include diff --git a/apparmor.d/groups/network/ModemManager b/apparmor.d/groups/network/ModemManager index ca04cd06..d46ca2f5 100644 --- a/apparmor.d/groups/network/ModemManager +++ b/apparmor.d/groups/network/ModemManager @@ -9,10 +9,10 @@ include @{exec_path} = @{bin}/ModemManager profile ModemManager @{exec_path} flags=(attach_disconnected) { include + include include include include - include include include diff --git a/apparmor.d/groups/network/networkd-dispatcher b/apparmor.d/groups/network/networkd-dispatcher index f1ba6169..5d312778 100644 --- a/apparmor.d/groups/network/networkd-dispatcher +++ b/apparmor.d/groups/network/networkd-dispatcher @@ -9,10 +9,10 @@ include @{exec_path} = @{bin}/networkd-dispatcher profile networkd-dispatcher @{exec_path} { include - include + include include - include include + include dbus receive bus=system path=/org/freedesktop/network1{,/link/*} interface=org.freedesktop.DBus.Properties diff --git a/apparmor.d/groups/network/nm-dispatcher b/apparmor.d/groups/network/nm-dispatcher index 2b272dca..95f1f3a7 100644 --- a/apparmor.d/groups/network/nm-dispatcher +++ b/apparmor.d/groups/network/nm-dispatcher @@ -11,7 +11,7 @@ include @{exec_path} = @{lib}/{,NetworkManager/}nm-dispatcher profile nm-dispatcher @{exec_path} flags=(attach_disconnected) { include - include + include include capability net_admin, diff --git a/apparmor.d/groups/network/nm-online b/apparmor.d/groups/network/nm-online index b80628b3..d203b0fa 100644 --- a/apparmor.d/groups/network/nm-online +++ b/apparmor.d/groups/network/nm-online @@ -9,7 +9,8 @@ include @{exec_path} = @{bin}/nm-online profile nm-online @{exec_path} { include - include + include + include @{exec_path} mr, diff --git a/apparmor.d/groups/network/tailscaled b/apparmor.d/groups/network/tailscaled index 93b3fc73..55e1d35f 100644 --- a/apparmor.d/groups/network/tailscaled +++ b/apparmor.d/groups/network/tailscaled @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/tailscaled profile tailscaled @{exec_path} flags=(attach_disconnected) { include - include + include include include diff --git a/apparmor.d/groups/ssh/ssh-agent-launch b/apparmor.d/groups/ssh/ssh-agent-launch index 99e983fb..0231aa10 100644 --- a/apparmor.d/groups/ssh/ssh-agent-launch +++ b/apparmor.d/groups/ssh/ssh-agent-launch @@ -21,7 +21,7 @@ profile ssh-agent-launch @{exec_path} { profile dbus { include - include + include dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus diff --git a/apparmor.d/groups/ssh/sshd b/apparmor.d/groups/ssh/sshd index 79342929..5bc5e725 100644 --- a/apparmor.d/groups/ssh/sshd +++ b/apparmor.d/groups/ssh/sshd @@ -19,8 +19,8 @@ include profile sshd @{exec_path} flags=(attach_disconnected) { include include + include include - include include include include diff --git a/apparmor.d/groups/systemd/hostnamectl b/apparmor.d/groups/systemd/hostnamectl index 58d967d6..eccb2cc8 100644 --- a/apparmor.d/groups/systemd/hostnamectl +++ b/apparmor.d/groups/systemd/hostnamectl @@ -9,9 +9,9 @@ include @{exec_path} = @{bin}/hostnamectl profile hostnamectl @{exec_path} { include + include include include - include capability net_admin, diff --git a/apparmor.d/groups/systemd/loginctl b/apparmor.d/groups/systemd/loginctl index 4a813943..3a910bd0 100644 --- a/apparmor.d/groups/systemd/loginctl +++ b/apparmor.d/groups/systemd/loginctl @@ -9,9 +9,9 @@ include @{exec_path} = @{bin}/loginctl profile loginctl @{exec_path} { include + include include include - include include capability net_admin, diff --git a/apparmor.d/groups/systemd/networkctl b/apparmor.d/groups/systemd/networkctl index afdd1ded..23c619ee 100644 --- a/apparmor.d/groups/systemd/networkctl +++ b/apparmor.d/groups/systemd/networkctl @@ -10,7 +10,7 @@ include @{exec_path} = @{bin}/networkctl profile networkctl @{exec_path} flags=(attach_disconnected) { include - include + include capability net_admin, capability sys_module, diff --git a/apparmor.d/groups/systemd/systemd-analyze b/apparmor.d/groups/systemd/systemd-analyze index 92d042b9..5b77813f 100644 --- a/apparmor.d/groups/systemd/systemd-analyze +++ b/apparmor.d/groups/systemd/systemd-analyze @@ -10,8 +10,8 @@ include @{exec_path} = @{bin}/systemd-analyze profile systemd-analyze @{exec_path} { include + include include - include include capability sys_resource, diff --git a/apparmor.d/groups/systemd/systemd-homed b/apparmor.d/groups/systemd/systemd-homed index 13016266..2690d633 100644 --- a/apparmor.d/groups/systemd/systemd-homed +++ b/apparmor.d/groups/systemd/systemd-homed @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/systemd/systemd-homed profile systemd-homed @{exec_path} flags=(attach_disconnected) { include - include + include include include include diff --git a/apparmor.d/groups/systemd/systemd-hostnamed b/apparmor.d/groups/systemd/systemd-hostnamed index f3bdb1e6..a4300d4a 100644 --- a/apparmor.d/groups/systemd/systemd-hostnamed +++ b/apparmor.d/groups/systemd/systemd-hostnamed @@ -10,8 +10,8 @@ include @{exec_path} = @{lib}/systemd/systemd-hostnamed profile systemd-hostnamed @{exec_path} flags=(attach_disconnected) { include + include include - include include capability sys_admin, # To set a hostname diff --git a/apparmor.d/groups/systemd/systemd-localed b/apparmor.d/groups/systemd/systemd-localed index ebb05e99..a3c69fcb 100644 --- a/apparmor.d/groups/systemd/systemd-localed +++ b/apparmor.d/groups/systemd/systemd-localed @@ -10,8 +10,8 @@ include @{exec_path} = @{lib}/systemd/systemd-localed profile systemd-localed @{exec_path} flags=(attach_disconnected) { include + include include - include include # Needed? diff --git a/apparmor.d/groups/systemd/systemd-logind b/apparmor.d/groups/systemd/systemd-logind index 464ac6d7..c762acd6 100644 --- a/apparmor.d/groups/systemd/systemd-logind +++ b/apparmor.d/groups/systemd/systemd-logind @@ -10,9 +10,9 @@ include @{exec_path} = @{lib}/systemd/systemd-logind profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) { include + include include include - include include include include diff --git a/apparmor.d/groups/systemd/systemd-machined b/apparmor.d/groups/systemd/systemd-machined index 641bb871..456f948d 100644 --- a/apparmor.d/groups/systemd/systemd-machined +++ b/apparmor.d/groups/systemd/systemd-machined @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/systemd/systemd-machined profile systemd-machined @{exec_path} { include - include + include include capability chown, diff --git a/apparmor.d/groups/systemd/systemd-networkd b/apparmor.d/groups/systemd/systemd-networkd index b1b92df5..d4a8f17f 100644 --- a/apparmor.d/groups/systemd/systemd-networkd +++ b/apparmor.d/groups/systemd/systemd-networkd @@ -10,8 +10,8 @@ include @{exec_path} = @{lib}/systemd/systemd-networkd profile systemd-networkd @{exec_path} flags=(attach_disconnected,complain) { include + include include - include include capability net_admin, diff --git a/apparmor.d/groups/systemd/systemd-oomd b/apparmor.d/groups/systemd/systemd-oomd index d778cbba..5bfa3f98 100644 --- a/apparmor.d/groups/systemd/systemd-oomd +++ b/apparmor.d/groups/systemd/systemd-oomd @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/systemd/systemd-oomd profile systemd-oomd @{exec_path} flags=(attach_disconnected) { include - include + include include capability dac_override, diff --git a/apparmor.d/groups/systemd/systemd-resolved b/apparmor.d/groups/systemd/systemd-resolved index f938b7e3..c8fe3ef5 100644 --- a/apparmor.d/groups/systemd/systemd-resolved +++ b/apparmor.d/groups/systemd/systemd-resolved @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/systemd/systemd-resolved profile systemd-resolved @{exec_path} flags=(attach_disconnected) { include + include include - include include include include diff --git a/apparmor.d/groups/systemd/systemd-sleep b/apparmor.d/groups/systemd/systemd-sleep index 7222c785..186aed4f 100644 --- a/apparmor.d/groups/systemd/systemd-sleep +++ b/apparmor.d/groups/systemd/systemd-sleep @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/systemd/systemd-sleep profile systemd-sleep @{exec_path} { include + include include - include include capability net_admin, diff --git a/apparmor.d/groups/systemd/systemd-timedated b/apparmor.d/groups/systemd/systemd-timedated index beb7f295..5b00b71a 100644 --- a/apparmor.d/groups/systemd/systemd-timedated +++ b/apparmor.d/groups/systemd/systemd-timedated @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/systemd/systemd-timedated profile systemd-timedated @{exec_path} flags=(attach_disconnected) { include - include + include include capability sys_time, diff --git a/apparmor.d/groups/systemd/systemd-timesyncd b/apparmor.d/groups/systemd/systemd-timesyncd index f1ea2a12..6871a354 100644 --- a/apparmor.d/groups/systemd/systemd-timesyncd +++ b/apparmor.d/groups/systemd/systemd-timesyncd @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/systemd/systemd-timesyncd profile systemd-timesyncd @{exec_path} flags=(attach_disconnected) { include - include + include include include diff --git a/apparmor.d/groups/systemd/systemd-user-runtime-dir b/apparmor.d/groups/systemd/systemd-user-runtime-dir index 71a0f665..0a6b1d72 100644 --- a/apparmor.d/groups/systemd/systemd-user-runtime-dir +++ b/apparmor.d/groups/systemd/systemd-user-runtime-dir @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/systemd/systemd-user-runtime-dir profile systemd-user-runtime-dir @{exec_path} { include + include include - include include include diff --git a/apparmor.d/groups/ubuntu/apport-gtk b/apparmor.d/groups/ubuntu/apport-gtk index dd7fbd83..eefd2cfe 100644 --- a/apparmor.d/groups/ubuntu/apport-gtk +++ b/apparmor.d/groups/ubuntu/apport-gtk @@ -10,7 +10,7 @@ include profile apport-gtk @{exec_path} { include include - include + include include include include diff --git a/apparmor.d/groups/ubuntu/check-new-release-gtk b/apparmor.d/groups/ubuntu/check-new-release-gtk index 5bb04cc4..8fdc7051 100644 --- a/apparmor.d/groups/ubuntu/check-new-release-gtk +++ b/apparmor.d/groups/ubuntu/check-new-release-gtk @@ -10,9 +10,9 @@ include profile check-new-release-gtk @{exec_path} { include include + include + include include - include - include include include include diff --git a/apparmor.d/groups/ubuntu/livepatch-notification b/apparmor.d/groups/ubuntu/livepatch-notification index 13521edf..9f74579a 100644 --- a/apparmor.d/groups/ubuntu/livepatch-notification +++ b/apparmor.d/groups/ubuntu/livepatch-notification @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/update-notifier/livepatch-notification profile livepatch-notification @{exec_path} { include + include + include include - include - include include include include diff --git a/apparmor.d/groups/ubuntu/software-properties-dbus b/apparmor.d/groups/ubuntu/software-properties-dbus index 2864843b..b877a3e4 100644 --- a/apparmor.d/groups/ubuntu/software-properties-dbus +++ b/apparmor.d/groups/ubuntu/software-properties-dbus @@ -10,7 +10,7 @@ include profile software-properties-dbus @{exec_path} { include include - include + include include include include diff --git a/apparmor.d/groups/ubuntu/software-properties-gtk b/apparmor.d/groups/ubuntu/software-properties-gtk index 350fe94d..c59851b6 100644 --- a/apparmor.d/groups/ubuntu/software-properties-gtk +++ b/apparmor.d/groups/ubuntu/software-properties-gtk @@ -10,10 +10,10 @@ include profile software-properties-gtk @{exec_path} { include include + include + include include include - include - include include include include diff --git a/apparmor.d/groups/ubuntu/ubuntu-advantage-desktop-daemon b/apparmor.d/groups/ubuntu/ubuntu-advantage-desktop-daemon index e7b2298c..f15ef14a 100644 --- a/apparmor.d/groups/ubuntu/ubuntu-advantage-desktop-daemon +++ b/apparmor.d/groups/ubuntu/ubuntu-advantage-desktop-daemon @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/ubuntu-advantage-desktop-daemon profile ubuntu-advantage-desktop-daemon @{exec_path} flags=(attach_disconnected) { include - include + include include capability sys_nice, diff --git a/apparmor.d/groups/ubuntu/ubuntu-advantage-notification b/apparmor.d/groups/ubuntu/ubuntu-advantage-notification index a5838563..bfcbaff4 100644 --- a/apparmor.d/groups/ubuntu/ubuntu-advantage-notification +++ b/apparmor.d/groups/ubuntu/ubuntu-advantage-notification @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/update-notifier/ubuntu-advantage-notification profile ubuntu-advantage-notification @{exec_path} { include + include + include include - include - include include include include diff --git a/apparmor.d/groups/ubuntu/update-manager b/apparmor.d/groups/ubuntu/update-manager index 02a76768..e42d987a 100644 --- a/apparmor.d/groups/ubuntu/update-manager +++ b/apparmor.d/groups/ubuntu/update-manager @@ -10,12 +10,12 @@ include profile update-manager @{exec_path} flags=(attach_disconnected) { include include + include + include include include include include - include - include include include include diff --git a/apparmor.d/groups/ubuntu/update-notifier b/apparmor.d/groups/ubuntu/update-notifier index 6b25889e..73f7f4d6 100644 --- a/apparmor.d/groups/ubuntu/update-notifier +++ b/apparmor.d/groups/ubuntu/update-notifier @@ -11,10 +11,10 @@ profile update-notifier @{exec_path} { include include include + include + include + include include - include - include - include include include include diff --git a/apparmor.d/groups/virt/dockerd b/apparmor.d/groups/virt/dockerd index 4428eedb..137ef88e 100644 --- a/apparmor.d/groups/virt/dockerd +++ b/apparmor.d/groups/virt/dockerd @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/dockerd profile dockerd @{exec_path} flags=(attach_disconnected) { include - include + include include include diff --git a/apparmor.d/profiles-a-f/aa-notify b/apparmor.d/profiles-a-f/aa-notify index a7632528..490fae5c 100644 --- a/apparmor.d/profiles-a-f/aa-notify +++ b/apparmor.d/profiles-a-f/aa-notify @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/aa-notify profile aa-notify @{exec_path} { include - include + include include include diff --git a/apparmor.d/profiles-a-f/atril b/apparmor.d/profiles-a-f/atril index 30c45d71..7660c942 100644 --- a/apparmor.d/profiles-a-f/atril +++ b/apparmor.d/profiles-a-f/atril @@ -10,10 +10,10 @@ include @{exec_path} = @{bin}/atril{,-*} profile atril @{exec_path} { include + include + include include include - include - include include include include diff --git a/apparmor.d/profiles-a-f/atrild b/apparmor.d/profiles-a-f/atrild index d8607e01..3a29906c 100644 --- a/apparmor.d/profiles-a-f/atrild +++ b/apparmor.d/profiles-a-f/atrild @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/atril/atrild profile atrild @{exec_path} { include - include + include dbus bind bus=session name=org.mate.atril.Daemon, diff --git a/apparmor.d/profiles-a-f/bluetoothd b/apparmor.d/profiles-a-f/bluetoothd index c70b5aa9..80383135 100644 --- a/apparmor.d/profiles-a-f/bluetoothd +++ b/apparmor.d/profiles-a-f/bluetoothd @@ -10,7 +10,7 @@ include @{exec_path} = @{lib}/bluetooth/bluetoothd profile bluetoothd @{exec_path} flags=(attach_disconnected) { include - include + include # Needed for configuring HCI interfaces capability net_admin, diff --git a/apparmor.d/profiles-a-f/boltd b/apparmor.d/profiles-a-f/boltd index 2c503d36..af400833 100644 --- a/apparmor.d/profiles-a-f/boltd +++ b/apparmor.d/profiles-a-f/boltd @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/boltd profile boltd @{exec_path} flags=(attach_disconnected) { include + include include - include include capability net_admin, diff --git a/apparmor.d/profiles-a-f/cups-browsed b/apparmor.d/profiles-a-f/cups-browsed index 1cb1a6c1..edf4f57d 100644 --- a/apparmor.d/profiles-a-f/cups-browsed +++ b/apparmor.d/profiles-a-f/cups-browsed @@ -9,10 +9,10 @@ include @{exec_path} = @{bin}/cups-browsed profile cups-browsed @{exec_path} { include + include include include include - include include include diff --git a/apparmor.d/profiles-a-f/cups-pk-helper-mechanism b/apparmor.d/profiles-a-f/cups-pk-helper-mechanism index 90721065..634f699d 100644 --- a/apparmor.d/profiles-a-f/cups-pk-helper-mechanism +++ b/apparmor.d/profiles-a-f/cups-pk-helper-mechanism @@ -10,8 +10,8 @@ include @{exec_path} += @{lib}/@{multiarch}/cups-pk-helper-mechanism profile cups-pk-helper-mechanism @{exec_path} { include + include include - include include capability dac_read_search, diff --git a/apparmor.d/profiles-a-f/engrampa b/apparmor.d/profiles-a-f/engrampa index 7b440ee6..cf3d79f8 100644 --- a/apparmor.d/profiles-a-f/engrampa +++ b/apparmor.d/profiles-a-f/engrampa @@ -10,10 +10,10 @@ include @{exec_path} = @{bin}/engrampa profile engrampa @{exec_path} { include + include + include include include - include - include include include include diff --git a/apparmor.d/profiles-a-f/evince b/apparmor.d/profiles-a-f/evince index 038f419d..db291556 100644 --- a/apparmor.d/profiles-a-f/evince +++ b/apparmor.d/profiles-a-f/evince @@ -9,10 +9,10 @@ include @{exec_path} = @{bin}/evince @{lib}/evinced profile evince @{exec_path} { include + include + include include include - include - include include include include diff --git a/apparmor.d/profiles-a-f/evince-previewer b/apparmor.d/profiles-a-f/evince-previewer index 3fd79a15..68d0c034 100644 --- a/apparmor.d/profiles-a-f/evince-previewer +++ b/apparmor.d/profiles-a-f/evince-previewer @@ -9,8 +9,8 @@ include @{exec_path} = @{bin}/evince-previewer profile evince-previewer @{exec_path} { include - include - include + include + include include include include diff --git a/apparmor.d/profiles-a-f/exim4 b/apparmor.d/profiles-a-f/exim4 index 01f7de4d..96f970fd 100644 --- a/apparmor.d/profiles-a-f/exim4 +++ b/apparmor.d/profiles-a-f/exim4 @@ -10,8 +10,8 @@ include @{exec_path} = @{bin}/exim4 profile exim4 @{exec_path} { include + include include - include include include diff --git a/apparmor.d/profiles-a-f/file-roller b/apparmor.d/profiles-a-f/file-roller index f00e86a5..bc227ac0 100644 --- a/apparmor.d/profiles-a-f/file-roller +++ b/apparmor.d/profiles-a-f/file-roller @@ -9,8 +9,8 @@ include @{exec_path} = @{bin}/file-roller profile file-roller @{exec_path} { include - include - include + include + include include include include diff --git a/apparmor.d/profiles-a-f/fprintd b/apparmor.d/profiles-a-f/fprintd index 705cac99..f1d10735 100644 --- a/apparmor.d/profiles-a-f/fprintd +++ b/apparmor.d/profiles-a-f/fprintd @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/fprintd profile fprintd @{exec_path} flags=(attach_disconnected) { include + include include - include include include diff --git a/apparmor.d/profiles-a-f/fwupd b/apparmor.d/profiles-a-f/fwupd index dc23df36..537f964e 100644 --- a/apparmor.d/profiles-a-f/fwupd +++ b/apparmor.d/profiles-a-f/fwupd @@ -10,12 +10,12 @@ include @{exec_path} = @{lib}/{,fwupd/}fwupd profile fwupd @{exec_path} flags=(complain,attach_disconnected) { include + include include include include include include - include include include include diff --git a/apparmor.d/profiles-a-f/fwupdmgr b/apparmor.d/profiles-a-f/fwupdmgr index 32c0dc2e..a99f69d0 100644 --- a/apparmor.d/profiles-a-f/fwupdmgr +++ b/apparmor.d/profiles-a-f/fwupdmgr @@ -10,7 +10,7 @@ include @{exec_path} = @{bin}/fwupdmgr profile fwupdmgr @{exec_path} flags=(attach_disconnected,complain) { include - include + include include include include diff --git a/apparmor.d/profiles-g-l/glib-pacrunner b/apparmor.d/profiles-g-l/glib-pacrunner index 097e756d..0161527c 100644 --- a/apparmor.d/profiles-g-l/glib-pacrunner +++ b/apparmor.d/profiles-g-l/glib-pacrunner @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/glib-pacrunner profile glib-pacrunner @{exec_path} { include - include - include + include + include include network inet dgram, diff --git a/apparmor.d/profiles-g-l/gsettings b/apparmor.d/profiles-g-l/gsettings index cc8f83c3..f5da2bf7 100644 --- a/apparmor.d/profiles-g-l/gsettings +++ b/apparmor.d/profiles-g-l/gsettings @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/gsettings profile gsettings @{exec_path} { include - include + include include @{exec_path} mr, diff --git a/apparmor.d/profiles-g-l/keepassxc b/apparmor.d/profiles-g-l/keepassxc index f40bdd2d..e4ce3217 100644 --- a/apparmor.d/profiles-g-l/keepassxc +++ b/apparmor.d/profiles-g-l/keepassxc @@ -10,8 +10,8 @@ include @{exec_path} = @{bin}/keepassxc profile keepassxc @{exec_path} { include - include - include + include + include include include include diff --git a/apparmor.d/profiles-g-l/kerneloops b/apparmor.d/profiles-g-l/kerneloops index b8dc7dd1..07d021bc 100644 --- a/apparmor.d/profiles-g-l/kerneloops +++ b/apparmor.d/profiles-g-l/kerneloops @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/kerneloops profile kerneloops @{exec_path} { include - include + include include capability syslog, diff --git a/apparmor.d/profiles-g-l/login b/apparmor.d/profiles-g-l/login index c8211e64..0e278b08 100644 --- a/apparmor.d/profiles-g-l/login +++ b/apparmor.d/profiles-g-l/login @@ -10,9 +10,9 @@ include profile login @{exec_path} flags=(attach_disconnected) { include include + include include include - include include include diff --git a/apparmor.d/profiles-g-l/lvm b/apparmor.d/profiles-g-l/lvm index 1760ae92..725452b5 100644 --- a/apparmor.d/profiles-g-l/lvm +++ b/apparmor.d/profiles-g-l/lvm @@ -9,8 +9,8 @@ include @{exec_path} = @{bin}/lvm profile lvm @{exec_path} flags=(attach_disconnected) { include + include include - include include capability dac_read_search, diff --git a/apparmor.d/profiles-m-r/murmurd b/apparmor.d/profiles-m-r/murmurd index 47faeb87..6eb54c79 100644 --- a/apparmor.d/profiles-m-r/murmurd +++ b/apparmor.d/profiles-m-r/murmurd @@ -7,8 +7,8 @@ include @{exec_path} = @{bin}/murmurd profile murmurd @{exec_path} { include + include include - include include include include diff --git a/apparmor.d/profiles-m-r/needrestart-apt-pinvoke b/apparmor.d/profiles-m-r/needrestart-apt-pinvoke index 45408b1f..b5e7b39d 100644 --- a/apparmor.d/profiles-m-r/needrestart-apt-pinvoke +++ b/apparmor.d/profiles-m-r/needrestart-apt-pinvoke @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/needrestart/apt-pinvoke profile needrestart-apt-pinvoke @{exec_path} { include + include include include - include @{exec_path} mr, diff --git a/apparmor.d/profiles-m-r/obexd b/apparmor.d/profiles-m-r/obexd index b16c8ec9..9a951011 100644 --- a/apparmor.d/profiles-m-r/obexd +++ b/apparmor.d/profiles-m-r/obexd @@ -9,8 +9,8 @@ include @{exec_path} = @{lib}/bluetooth/obexd profile obexd @{exec_path} { include - include - include + include + include include network bluetooth stream, diff --git a/apparmor.d/profiles-m-r/packagekitd b/apparmor.d/profiles-m-r/packagekitd index 61d2d3b6..ac585bef 100644 --- a/apparmor.d/profiles-m-r/packagekitd +++ b/apparmor.d/profiles-m-r/packagekitd @@ -9,10 +9,10 @@ include @{exec_path} = @{lib}/packagekitd profile packagekitd @{exec_path} flags=(attach_disconnected) { include + include include include include - include include include include diff --git a/apparmor.d/profiles-m-r/passimd b/apparmor.d/profiles-m-r/passimd index e725ecfe..4c44a458 100644 --- a/apparmor.d/profiles-m-r/passimd +++ b/apparmor.d/profiles-m-r/passimd @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/passimd profile passimd @{exec_path} flags=(attach_disconnected) { include - include + include include capability dac_read_search, diff --git a/apparmor.d/profiles-m-r/pkexec b/apparmor.d/profiles-m-r/pkexec index 4d22bf16..4f2d95c2 100644 --- a/apparmor.d/profiles-m-r/pkexec +++ b/apparmor.d/profiles-m-r/pkexec @@ -11,9 +11,9 @@ include profile pkexec @{exec_path} { include include + include include include - include include include diff --git a/apparmor.d/profiles-m-r/pkttyagent b/apparmor.d/profiles-m-r/pkttyagent index a6403791..cb1033a7 100644 --- a/apparmor.d/profiles-m-r/pkttyagent +++ b/apparmor.d/profiles-m-r/pkttyagent @@ -10,9 +10,9 @@ include @{exec_path} = @{bin}/pkttyagent profile pkttyagent @{exec_path} { include + include include include - include include capability sys_nice, diff --git a/apparmor.d/profiles-m-r/plank b/apparmor.d/profiles-m-r/plank index 678250bb..6edb169c 100644 --- a/apparmor.d/profiles-m-r/plank +++ b/apparmor.d/profiles-m-r/plank @@ -11,7 +11,7 @@ include profile plank @{exec_path} { include include - include + include include include include diff --git a/apparmor.d/profiles-m-r/power-profiles-daemon b/apparmor.d/profiles-m-r/power-profiles-daemon index ddf177c3..fa2d02dc 100644 --- a/apparmor.d/profiles-m-r/power-profiles-daemon +++ b/apparmor.d/profiles-m-r/power-profiles-daemon @@ -9,9 +9,9 @@ include @{exec_path} = @{lib}/power-profiles-daemon profile power-profiles-daemon @{exec_path} flags=(attach_disconnected) { include + include include include - include include capability dac_read_search, diff --git a/apparmor.d/profiles-m-r/qbittorrent b/apparmor.d/profiles-m-r/qbittorrent index ff36c675..25409ce0 100644 --- a/apparmor.d/profiles-m-r/qbittorrent +++ b/apparmor.d/profiles-m-r/qbittorrent @@ -13,11 +13,11 @@ include @{exec_path} = @{bin}/qbittorrent profile qbittorrent @{exec_path} { include + include + include + include include include - include - include - include include include include diff --git a/apparmor.d/profiles-m-r/qemu-ga b/apparmor.d/profiles-m-r/qemu-ga index 4f7462b9..1ee7c05b 100644 --- a/apparmor.d/profiles-m-r/qemu-ga +++ b/apparmor.d/profiles-m-r/qemu-ga @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/qemu-ga profile qemu-ga @{exec_path} { include - include + include capability mknod, capability net_admin, diff --git a/apparmor.d/profiles-m-r/remmina b/apparmor.d/profiles-m-r/remmina index 0e415c3c..a93687ea 100644 --- a/apparmor.d/profiles-m-r/remmina +++ b/apparmor.d/profiles-m-r/remmina @@ -9,12 +9,12 @@ include @{exec_path} = @{bin}/remmina profile remmina @{exec_path} { include + include + include + include include include include - include - include - include include include include diff --git a/apparmor.d/profiles-m-r/rtkit-daemon b/apparmor.d/profiles-m-r/rtkit-daemon index ed388a90..be17ced7 100644 --- a/apparmor.d/profiles-m-r/rtkit-daemon +++ b/apparmor.d/profiles-m-r/rtkit-daemon @@ -10,8 +10,8 @@ include @{exec_path} = @{lib}/{,rtkit/}rtkit-daemon profile rtkit-daemon @{exec_path} flags=(attach_disconnected) { include + include include - include include capability dac_read_search, diff --git a/apparmor.d/profiles-m-r/rustdesk b/apparmor.d/profiles-m-r/rustdesk index ce21aef0..709a34d4 100644 --- a/apparmor.d/profiles-m-r/rustdesk +++ b/apparmor.d/profiles-m-r/rustdesk @@ -9,9 +9,9 @@ include profile rustdesk @{exec_path} { include include + include + include include - include - include include include include diff --git a/apparmor.d/profiles-s-z/snap b/apparmor.d/profiles-s-z/snap index 351d9bc8..7bc41a56 100644 --- a/apparmor.d/profiles-s-z/snap +++ b/apparmor.d/profiles-s-z/snap @@ -12,9 +12,9 @@ include @{exec_path} = @{bin_dirs}/snap profile snap @{exec_path} { include + include + include include - include - include include include diff --git a/apparmor.d/profiles-s-z/snapd b/apparmor.d/profiles-s-z/snapd index 19ad28f3..b828f486 100644 --- a/apparmor.d/profiles-s-z/snapd +++ b/apparmor.d/profiles-s-z/snapd @@ -13,8 +13,8 @@ include profile snapd @{exec_path} { include include + include include - include include include include diff --git a/apparmor.d/profiles-s-z/spice-vdagent b/apparmor.d/profiles-s-z/spice-vdagent index 454fb5e5..b0771b85 100644 --- a/apparmor.d/profiles-s-z/spice-vdagent +++ b/apparmor.d/profiles-s-z/spice-vdagent @@ -10,13 +10,13 @@ include profile spice-vdagent @{exec_path} { include include + include + include + include include include include include - include - include - include include include include diff --git a/apparmor.d/profiles-s-z/spice-vdagentd b/apparmor.d/profiles-s-z/spice-vdagentd index c42faeba..ccee6610 100644 --- a/apparmor.d/profiles-s-z/spice-vdagentd +++ b/apparmor.d/profiles-s-z/spice-vdagentd @@ -9,7 +9,7 @@ include @{exec_path} = @{bin}/spice-vdagentd profile spice-vdagentd @{exec_path} flags=(attach_disconnected) { include - include + include include capability sys_nice, diff --git a/apparmor.d/profiles-s-z/su b/apparmor.d/profiles-s-z/su index 7f2240f8..0e812901 100644 --- a/apparmor.d/profiles-s-z/su +++ b/apparmor.d/profiles-s-z/su @@ -12,8 +12,8 @@ profile su @{exec_path} { include include include + include include - include include include # include diff --git a/apparmor.d/profiles-s-z/sudo b/apparmor.d/profiles-s-z/sudo index 971fc9e1..c10ea4b3 100644 --- a/apparmor.d/profiles-s-z/sudo +++ b/apparmor.d/profiles-s-z/sudo @@ -13,8 +13,8 @@ profile sudo @{exec_path} { include include include + include include - include include include # include diff --git a/apparmor.d/profiles-s-z/switcheroo-control b/apparmor.d/profiles-s-z/switcheroo-control index 17a85d3b..36748dc4 100644 --- a/apparmor.d/profiles-s-z/switcheroo-control +++ b/apparmor.d/profiles-s-z/switcheroo-control @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/switcheroo-control profile switcheroo-control @{exec_path} flags=(attach_disconnected) { include - include + include capability sys_nice, diff --git a/apparmor.d/profiles-s-z/system-config-printer b/apparmor.d/profiles-s-z/system-config-printer index 54db96e8..748e96ea 100644 --- a/apparmor.d/profiles-s-z/system-config-printer +++ b/apparmor.d/profiles-s-z/system-config-printer @@ -11,10 +11,10 @@ include @{exec_path} += /usr/share/system-config-printer/system-config-printer.py profile system-config-printer @{exec_path} flags=(complain) { include + include + include include include - include - include include include include diff --git a/apparmor.d/profiles-s-z/thermald b/apparmor.d/profiles-s-z/thermald index 3c628fd3..6fd1e0fc 100644 --- a/apparmor.d/profiles-s-z/thermald +++ b/apparmor.d/profiles-s-z/thermald @@ -11,9 +11,9 @@ include @{exec_path} = @{bin}/thermald profile thermald @{exec_path} flags=(attach_disconnected) { include + include include include - include capability sys_boot, diff --git a/apparmor.d/profiles-s-z/thunderbird b/apparmor.d/profiles-s-z/thunderbird index 1b8c961e..60394bbc 100644 --- a/apparmor.d/profiles-s-z/thunderbird +++ b/apparmor.d/profiles-s-z/thunderbird @@ -16,11 +16,11 @@ include profile thunderbird @{exec_path} { include include + include + include include include include - include - include include include include diff --git a/apparmor.d/profiles-s-z/udisksd b/apparmor.d/profiles-s-z/udisksd index 654903ab..428ff523 100644 --- a/apparmor.d/profiles-s-z/udisksd +++ b/apparmor.d/profiles-s-z/udisksd @@ -10,9 +10,9 @@ include @{exec_path} = @{lib}/{,udisks2/}udisksd profile udisksd @{exec_path} flags=(attach_disconnected) { include + include include include - include include include include diff --git a/apparmor.d/profiles-s-z/wireplumber b/apparmor.d/profiles-s-z/wireplumber index 999a11a9..1c84cc00 100644 --- a/apparmor.d/profiles-s-z/wireplumber +++ b/apparmor.d/profiles-s-z/wireplumber @@ -10,10 +10,10 @@ include profile wireplumber @{exec_path} { include include + include + include include include - include - include include include include diff --git a/apparmor.d/profiles-s-z/wireshark b/apparmor.d/profiles-s-z/wireshark index e01c6147..b6557b32 100644 --- a/apparmor.d/profiles-s-z/wireshark +++ b/apparmor.d/profiles-s-z/wireshark @@ -13,22 +13,22 @@ include @{exec_path} = @{bin}/wireshark profile wireshark @{exec_path} { include + include + include include - include - include - include - include - include - include - include - include include + include + include + include + include include + include + include + include include include - include - include - include + include + include signal (send) peer=dumpcap, diff --git a/apparmor.d/profiles-s-z/wpa-supplicant b/apparmor.d/profiles-s-z/wpa-supplicant index 0a3de6a5..43d79b2f 100644 --- a/apparmor.d/profiles-s-z/wpa-supplicant +++ b/apparmor.d/profiles-s-z/wpa-supplicant @@ -10,7 +10,7 @@ include @{exec_path} = @{bin}/wpa_supplicant profile wpa-supplicant @{exec_path} flags=(attach_disconnected) { include - include + include include include diff --git a/apparmor.d/profiles-s-z/zsysd b/apparmor.d/profiles-s-z/zsysd index 724622ba..d492635e 100644 --- a/apparmor.d/profiles-s-z/zsysd +++ b/apparmor.d/profiles-s-z/zsysd @@ -9,8 +9,8 @@ include @{exec_path} = @{bin}/zsysd @{bin}/zsysctl profile zsysd @{exec_path} flags=(complain) { include + include include - include include capability sys_ptrace,