feat: small update and minor fixes.

apparmor.d/groups/apt/command-not-found

@@ -25,16 +25,13 @@ profile command-not-found @{exec_path} {
 
   @{lib}/python3/dist-packages/CommandNotFound/**/__pycache__/*.cpython-@{int}.pyc.@{int} w,
 
-  /var/lib/command-not-found/commands.db rwk,
-
   /usr/share/command-not-found/{,**} r,
 
+  /var/lib/command-not-found/commands.db rwk,
+
   owner @{PROC}/@{pid}/fd/ r,
 
   /dev/tty@{int} rw,
 
-  # Silencer
-  deny /usr/lib/ r,
-
   include if exists <local/command-not-found>
 }

apparmor.d/groups/browsers/firefox

@@ -54,7 +54,6 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
   signal (send) set=(term, kill) peer=firefox-*,
 
   # dbus: own bus=session name=org.mozilla.firefox
-  # dbus: own bus=session name=org.mozilla.firefox_beta
 
   deny dbus send bus=system path=/org/freedesktop/hostname1,
 

apparmor.d/groups/gnome/gdm

@@ -27,13 +27,16 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
 
   signal (send) set=(term),
 
+  unix (bind, listen) type=stream addr="@/tmp/dbus-@{rand8}",
+  unix (send receive accept) type=stream addr="@/tmp/dbus-@{rand8}" peer=(label=gdm-session-worker, addr=none),
+
   # dbus: own bus=system name=org.gnome.DisplayManager
 
   # dbus: talk bus=system name=org.freedesktop.login1 label=systemd-logind
 
   dbus send bus=system path=/org/freedesktop/Accounts
        interface=org.freedesktop.Accounts
-       member=ListCachedUsers
+       member={ListCachedUsers,UserAdded}
        peer=(name=:*, label=accounts-daemon),
   dbus send bus=system path=/org/freedesktop/Accounts
        interface=org.freedesktop.DBus.Properties

apparmor.d/groups/gnome/nautilus

@@ -27,6 +27,8 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
   include <abstractions/openssl>
   include <abstractions/trash>
 
+  # userns,
+
   # mqueue r type=posix /,
 
   dbus bind bus=session name=org.gnome.Nautilus,

apparmor.d/tunables/multiarch.d/paths

@@ -38,7 +38,7 @@
 
 # Emails
 
-@{thunderbird_name} = thunderbird{,-bin}
+@{thunderbird_name} = thunderbird{,.sh,-bin} 
 @{thunderbird_lib_dirs} = @{lib}/@{thunderbird_name}
 @{thunderbird_path} = @{bin}/@{thunderbird_name} @{thunderbird_lib_dirs}/@{thunderbird_name}
 

cmd/aa-log/main.go

@@ -60,7 +60,7 @@ func aaLog(logger string, path string, profile string) error {
 	}
 
 	if raw {
-		fmt.Print(strings.Join(logs.GetApparmorLogs(file, profile), "\n"))
+		fmt.Print(strings.Join(logs.GetApparmorLogs(file, profile), "\n") + "\n")
 		return nil
 	}
 

dists/displace

@@ -10,11 +10,12 @@ brave
 chrome
 element-desktop
 epiphany
+firefox
 flatpak
+nautilus
 opera
 plasmashell
 slirp4netns
 systemd-coredump
 thunderbird
 virtiofsd
-firefox

dists/docker.sh

@@ -77,8 +77,7 @@ build_in_docker_dpkg() {
 	else
 		docker pull "$BASEIMAGE/$dist"
 		docker run -tid --name "$img" --volume "$VOLUME:$BUILDIR" \
-			--env DEBIAN_FRONTEND=noninteractive --env DISTRIBUTION="$target" \
-			"$BASEIMAGE/$dist"
+			--env DISTRIBUTION="$target" "$BASEIMAGE/$dist"
 		docker exec "$img" sudo apt-get update -q
 		docker exec "$img" sudo apt-get install -y config-package-dev rsync
 		[[ "$COMMAND" == debian ]] && aptopt=(-t bookworm-backports)

dists/flags/arch.flags

@@ -11,5 +11,5 @@ pacman-hook-gio complain
 pacman-hook-gtk complain
 pacman-hook-mkinitcpio attach_disconnected,complain
 pacman-hook-perl complain
-pacman-hook-systemd complain
+pacman-hook-systemd attach_disconnected,complain
 pacman-key complain

dists/flags/main.flags

@@ -49,21 +49,18 @@ baloorunner complain
 busctl complain
 cc-remote-login-helper complain
 cctk complain
-cfdisk complain
-cgdisk complain
 child-open complain
 chronyd attach_disconnected,complain
 cockpit-askpass complain
 cockpit-bridge complain
-cockpit-certificate-ensure complain
+cockpit-certificate-ensure attach_disconnected,complain
 cockpit-certificate-helper complain
 cockpit-desktop complain
 cockpit-session attach_disconnected,complain
 cockpit-ssh complain
-cockpit-tls complain
+cockpit-tls attach_disconnected,complain
 cockpit-ws complain
 cockpit-wsinstance-factory complain
-code complain
 containerd-shim-runc-v2 attach_disconnected,complain
 ctop complain
 cups-backend-beh complain
@@ -120,12 +117,10 @@ flatpak-validate-icon complain
 fuse-overlayfs complain
 fusermount complain
 gcr-ssh-agent complain
-gdisk complain
 gdm-generate-config complain
 gdm-runtime-config complain
 gdm-x-session attach_disconnected,complain
 gdm-xsession complain
-glib-compile-resources complain
 gmenudbusmenuproxy complain
 gnome-browser-connector-host complain
 gnome-characters complain
@@ -228,6 +223,7 @@ locale-gen complain
 localectl complain
 login attach_disconnected,complain
 loginctl complain
+loupe attach_disconnected,complain
 low-memory-monitor attach_disconnected,complain
 lvm attach_disconnected,complain
 lvmconfig complain
@@ -400,7 +396,6 @@ update-grub complain
 update-secureboot-policy complain
 userdbctl complain
 utempter attach_disconnected,complain
-uuidd complain
 virt-manager attach_disconnected,complain
 virtinterfaced attach_disconnected,complain
 virtiofsd complain,attach_disconnected

dists/ignore/main.ignore

@@ -1,5 +1,5 @@
 # Common ignore file for all distributions
-# One ignore by line. Can be a profile name or a directory to ignore
+# File format: one ignore by line, it can be a profile name or a directory to ignore
 
 # Contains profiles and configuration for full system confinement, only included
 # when built with 'make full'