feat: small update and minor fixes.

2025-02-24 19:05:40 +01:00 · 2024-03-05 18:29:44 +00:00 · 2024-03-05 18:29:44 +00:00 · 1df176cf7b
commit 1df176cf7b
parent ff849b9f09
11 changed files with 18 additions and 22 deletions
--- a/apparmor.d/groups/apt/command-not-found
+++ b/apparmor.d/groups/apt/command-not-found
@ -25,16 +25,13 @@ profile command-not-found @{exec_path} {
  @{lib}/python3/dist-packages/CommandNotFound/**/__pycache__/*.cpython-@{int}.pyc.@{int} w,
  /var/lib/command-not-found/commands.db rwk,
  /usr/share/command-not-found/{,**} r,
  /var/lib/command-not-found/commands.db rwk,
  owner @{PROC}/@{pid}/fd/ r,
  /dev/tty@{int} rw,
  # Silencer
  deny /usr/lib/ r,
  include if exists <local/command-not-found>
 }
--- a/apparmor.d/groups/browsers/firefox
+++ b/apparmor.d/groups/browsers/firefox
@ -54,7 +54,6 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
  signal (send) set=(term, kill) peer=firefox-*,
  # dbus: own bus=session name=org.mozilla.firefox
  # dbus: own bus=session name=org.mozilla.firefox_beta
  deny dbus send bus=system path=/org/freedesktop/hostname1,
--- a/apparmor.d/groups/gnome/gdm
+++ b/apparmor.d/groups/gnome/gdm
@ -27,13 +27,16 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
  signal (send) set=(term),
  unix (bind, listen) type=stream addr="@/tmp/dbus-@{rand8}",
  unix (send receive accept) type=stream addr="@/tmp/dbus-@{rand8}" peer=(label=gdm-session-worker, addr=none),
  # dbus: own bus=system name=org.gnome.DisplayManager
  # dbus: talk bus=system name=org.freedesktop.login1 label=systemd-logind
  dbus send bus=system path=/org/freedesktop/Accounts
       interface=org.freedesktop.Accounts
-       member=ListCachedUsers
+       member={ListCachedUsers,UserAdded}
       peer=(name=:*, label=accounts-daemon),
  dbus send bus=system path=/org/freedesktop/Accounts
       interface=org.freedesktop.DBus.Properties
--- a/apparmor.d/groups/gnome/nautilus
+++ b/apparmor.d/groups/gnome/nautilus
@ -27,6 +27,8 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
  include <abstractions/openssl>
  include <abstractions/trash>
  # userns,
  # mqueue r type=posix /,
  dbus bind bus=session name=org.gnome.Nautilus,
--- a/apparmor.d/tunables/multiarch.d/paths
+++ b/apparmor.d/tunables/multiarch.d/paths
@ -38,7 +38,7 @@
 # Emails
-@{thunderbird_name} = thunderbird{,-bin}
+@{thunderbird_name} = thunderbird{,.sh,-bin} 
@{thunderbird_lib_dirs} = @{lib}/@{thunderbird_name}
@{thunderbird_path} = @{bin}/@{thunderbird_name} @{thunderbird_lib_dirs}/@{thunderbird_name}
--- a/cmd/aa-log/main.go
+++ b/cmd/aa-log/main.go
@ -60,7 +60,7 @@ func aaLog(logger string, path string, profile string) error {
 	}
 	if raw {
-		fmt.Print(strings.Join(logs.GetApparmorLogs(file, profile), "\n"))
+		fmt.Print(strings.Join(logs.GetApparmorLogs(file, profile), "\n") + "\n")
 		return nil
 	}
--- a/dists/displace
+++ b/dists/displace
@ -10,11 +10,12 @@ brave
 chrome
 element-desktop
 epiphany
 firefox
 flatpak
 nautilus
 opera
 plasmashell
 slirp4netns
 systemd-coredump
 thunderbird
 virtiofsd
 firefox
--- a/dists/docker.sh
+++ b/dists/docker.sh
@ -77,8 +77,7 @@ build_in_docker_dpkg() {
 	else
 		docker pull "$BASEIMAGE/$dist"
 		docker run -tid --name "$img" --volume "$VOLUME:$BUILDIR" \
-			--env DEBIAN_FRONTEND=noninteractive --env DISTRIBUTION="$target" \
+			--env DISTRIBUTION="$target" "$BASEIMAGE/$dist"
 			"$BASEIMAGE/$dist"
 		docker exec "$img" sudo apt-get update -q
 		docker exec "$img" sudo apt-get install -y config-package-dev rsync
 		[[ "$COMMAND" == debian ]] && aptopt=(-t bookworm-backports)
--- a/dists/flags/arch.flags
+++ b/dists/flags/arch.flags
@ -11,5 +11,5 @@ pacman-hook-gio complain
 pacman-hook-gtk complain
 pacman-hook-mkinitcpio attach_disconnected,complain
 pacman-hook-perl complain
-pacman-hook-systemd complain
+pacman-hook-systemd attach_disconnected,complain
 pacman-key complain
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@ -49,21 +49,18 @@ baloorunner complain
 busctl complain
 cc-remote-login-helper complain
 cctk complain
 cfdisk complain
 cgdisk complain
 child-open complain
 chronyd attach_disconnected,complain
 cockpit-askpass complain
 cockpit-bridge complain
-cockpit-certificate-ensure complain
+cockpit-certificate-ensure attach_disconnected,complain
 cockpit-certificate-helper complain
 cockpit-desktop complain
 cockpit-session attach_disconnected,complain
 cockpit-ssh complain
-cockpit-tls complain
+cockpit-tls attach_disconnected,complain
 cockpit-ws complain
 cockpit-wsinstance-factory complain
 code complain
 containerd-shim-runc-v2 attach_disconnected,complain
 ctop complain
 cups-backend-beh complain
@ -120,12 +117,10 @@ flatpak-validate-icon complain
 fuse-overlayfs complain
 fusermount complain
 gcr-ssh-agent complain
 gdisk complain
 gdm-generate-config complain
 gdm-runtime-config complain
 gdm-x-session attach_disconnected,complain
 gdm-xsession complain
 glib-compile-resources complain
 gmenudbusmenuproxy complain
 gnome-browser-connector-host complain
 gnome-characters complain
@ -228,6 +223,7 @@ locale-gen complain
 localectl complain
 login attach_disconnected,complain
 loginctl complain
 loupe attach_disconnected,complain
 low-memory-monitor attach_disconnected,complain
 lvm attach_disconnected,complain
 lvmconfig complain
@ -400,7 +396,6 @@ update-grub complain
 update-secureboot-policy complain
 userdbctl complain
 utempter attach_disconnected,complain
 uuidd complain
 virt-manager attach_disconnected,complain
 virtinterfaced attach_disconnected,complain
 virtiofsd complain,attach_disconnected
--- a/dists/ignore/main.ignore
+++ b/dists/ignore/main.ignore
@ -1,5 +1,5 @@
 # Common ignore file for all distributions
-# One ignore by line. Can be a profile name or a directory to ignore
+# File format: one ignore by line, it can be a profile name or a directory to ignore
 # Contains profiles and configuration for full system confinement, only included
 # when built with 'make full'