From 2431ba98aafdcb555274e34cf2bd95712931d853 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sat, 14 Jan 2023 13:00:01 +0000 Subject: [PATCH] feat(profile): include more rule from #94. --- apparmor.d/groups/browsers/firefox | 1 + apparmor.d/groups/children/child-pager | 1 + apparmor.d/groups/freedesktop/colord-sane | 1 + apparmor.d/groups/freedesktop/geoclue | 4 +++ apparmor.d/groups/freedesktop/pipewire | 1 + apparmor.d/groups/freedesktop/plymouthd | 2 ++ apparmor.d/groups/freedesktop/xwayland | 1 + apparmor.d/groups/gnome/gnome-characters | 32 ++++++++++++++++++++ apparmor.d/groups/gnome/gnome-session-binary | 1 + apparmor.d/groups/gnome/gnome-shell | 6 ++-- apparmor.d/groups/gnome/gsd-datetime | 5 +++ apparmor.d/groups/gnome/gsd-media-keys | 3 ++ apparmor.d/groups/gnome/gsd-xsettings | 2 +- apparmor.d/groups/gnome/nautilus | 1 + apparmor.d/groups/grub/grub-mkconfig | 2 ++ apparmor.d/groups/grub/grub-mkrelpath | 7 +++++ apparmor.d/groups/grub/grub-mount | 10 +++++- apparmor.d/groups/grub/grub-probe | 1 + apparmor.d/groups/grub/grub-script-check | 2 +- apparmor.d/groups/network/nm-dispatcher | 16 ++++++++-- apparmor.d/groups/systemd/systemd-coredump | 2 +- apparmor.d/profiles-a-f/bluetoothd | 1 + apparmor.d/profiles-g-l/keepassxc-proxy | 3 ++ apparmor.d/profiles-m-r/os-prober | 18 +++++++++++ apparmor.d/profiles-s-z/wireplumber | 1 + apparmor.d/tunables/xdg-user-dirs | 2 ++ dists/flags/main.flags | 1 + 27 files changed, 119 insertions(+), 8 deletions(-) create mode 100644 apparmor.d/groups/gnome/gnome-characters diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox index 5b90c85b..d8cf4858 100644 --- a/apparmor.d/groups/browsers/firefox +++ b/apparmor.d/groups/browsers/firefox @@ -160,6 +160,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) { /usr/share/egl/{,**} r, /usr/share/firefox{,-esr}/{,**} r, /usr/share/glib-2.0/schemas/gschemas.compiled r, + /usr/share/libdrm/*.ids r, /usr/share/mozilla/extensions/{,**} r, /usr/share/webext/{,**} r, /usr/share/xul-ext/kwallet5/* r, diff --git a/apparmor.d/groups/children/child-pager b/apparmor.d/groups/children/child-pager index 7249cbbf..bf841cc8 100644 --- a/apparmor.d/groups/children/child-pager +++ b/apparmor.d/groups/children/child-pager @@ -33,6 +33,7 @@ profile child-pager { owner @{HOME}/ r, owner @{HOME}/.lesshs* rw, owner @{user_cache_dirs}/lesshs* rw, + owner @{user_state_dirs}/lesshs* rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/colord-sane b/apparmor.d/groups/freedesktop/colord-sane index f395bb11..83c517e9 100644 --- a/apparmor.d/groups/freedesktop/colord-sane +++ b/apparmor.d/groups/freedesktop/colord-sane @@ -13,6 +13,7 @@ profile colord-sane @{exec_path} flags=(attach_disconnected,complain) { include include include + include network inet dgram, network inet6 dgram, diff --git a/apparmor.d/groups/freedesktop/geoclue b/apparmor.d/groups/freedesktop/geoclue index 2d2c5956..c860fd00 100644 --- a/apparmor.d/groups/freedesktop/geoclue +++ b/apparmor.d/groups/freedesktop/geoclue @@ -13,6 +13,10 @@ profile geoclue @{exec_path} flags=(attach_disconnected) { include include + network inet dgram, + network inet6 dgram, + network inet stream, + network inet6 stream, network netlink raw, dbus (send,receive) bus=system path=/org/freedesktop/GeoClue2/{Agent,Manager} diff --git a/apparmor.d/groups/freedesktop/pipewire b/apparmor.d/groups/freedesktop/pipewire index 6f85353d..e3bf93a6 100644 --- a/apparmor.d/groups/freedesktop/pipewire +++ b/apparmor.d/groups/freedesktop/pipewire @@ -61,6 +61,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/pipewire-[0-9]*.lock rwk, + @{run}/udev/data/c236:[0-9]* r, @{run}/udev/data/c50[0-9]:[0-9]* r, @{run}/udev/data/c81:[0-9]* r, # For video4linux diff --git a/apparmor.d/groups/freedesktop/plymouthd b/apparmor.d/groups/freedesktop/plymouthd index 9c702149..aef30573 100644 --- a/apparmor.d/groups/freedesktop/plymouthd +++ b/apparmor.d/groups/freedesktop/plymouthd @@ -13,6 +13,7 @@ profile plymouthd @{exec_path} { include capability sys_admin, + capability sys_chroot, capability sys_tty_config, network netlink raw, @@ -46,6 +47,7 @@ profile plymouthd @{exec_path} { @{sys}/devices/virtual/graphics/fbcon/uevent r, @{sys}/devices/virtual/tty/console/active r, @{sys}/firmware/acpi/bgrt/{,*} r, + @{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r, @{PROC}/cmdline r, diff --git a/apparmor.d/groups/freedesktop/xwayland b/apparmor.d/groups/freedesktop/xwayland index 45f0bfd4..c10b3de0 100644 --- a/apparmor.d/groups/freedesktop/xwayland +++ b/apparmor.d/groups/freedesktop/xwayland @@ -29,6 +29,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) { /usr/share/egl/{,**} r, /usr/share/fonts/X11/{,**} r, + /usr/share/libdrm/*.ids r, /usr/share/X11/xkb/rules/evdev r, owner /var/lib/gdm{3,}/.cache/mesa_shader_cache/index rw, diff --git a/apparmor.d/groups/gnome/gnome-characters b/apparmor.d/groups/gnome/gnome-characters new file mode 100644 index 00000000..6f7ce5e5 --- /dev/null +++ b/apparmor.d/groups/gnome/gnome-characters @@ -0,0 +1,32 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = /usr/share/org.gnome.Characters/org.gnome.Characters +profile gnome-characters @{exec_path} { + include + include + include + include + include + + @{exec_path} mr, + + /{usr/,}bin/gjs-console rix, + + /usr/share/glib-2.0/schemas/gschemas.compiled r, + /usr/share/org.gnome.Characters/org.gnome.Characters.BackgroundService.*.gresource r, + /usr/share/themes/{,**} r, + /usr/share/X11/xkb/{,**} r, + + owner @{PROC}/@{pid}/mounts r, + owner @{PROC}/@{pid}/stat r, + owner @{PROC}/@{pid}/status r, + owner @{PROC}/@{pid}/task/@{tid}/stat r, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary index 6054c5b2..cbf0cb9b 100644 --- a/apparmor.d/groups/gnome/gnome-session-binary +++ b/apparmor.d/groups/gnome/gnome-session-binary @@ -162,6 +162,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { /{usr/,}bin/gnome-shell rPx, /{usr/,}bin/gnome-software rPUx, /{usr/,}bin/im-launch rPx, + /{usr/,}bin/keepassxc rPx, /{usr/,}bin/parcellite rPUx, /{usr/,}bin/pkcs11-register rPx, /{usr/,}bin/snap rPUx, diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index d608e2b5..adc62abc 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -507,6 +507,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { /usr/share/wayland-sessions/{,*.desktop} r, /usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r, /usr/share/desktop-base/** r, + /usr/share/libdrm/*.ids r, /.flatpak-info r, /etc/fstab r, @@ -514,6 +515,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.cache/ w, /var/lib/gdm{3,}/.cache/event-sound-cache.tdb.*.x86_64-pc-linux-gnu rwk, + /var/lib/gdm{3,}/.cache/fontconfig/* rw, /var/lib/gdm{3,}/.cache/gstreamer-[0-9]*/ rw, /var/lib/gdm{3,}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, /var/lib/gdm{3,}/.cache/libgweather/ r, @@ -566,8 +568,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { owner @{user_cache_dirs}/gnome-boxes/*.png r, owner @{user_cache_dirs}/gnome-photos/{,**} r, owner @{user_cache_dirs}/gnome-screenshot/{,**} rw, - owner @{user_cache_dirs}/libgweather/ w, - owner @{user_cache_dirs}/libgweather/{,**} r, + owner @{user_cache_dirs}/libgweather/{,**} rw, owner @{user_cache_dirs}/media-art/{,**} r, owner @{user_cache_dirs}/vlc/**/*.jpg r, @@ -624,6 +625,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { @{sys}/devices/pci[0-9]*/**/drm/ r, @{sys}/devices/pci[0-9]*/**/input[0-9]*/{properties,name} r, @{sys}/devices/pci[0-9]*/**/net/*/statistics/{rx_bytes,tx_bytes} r, + @{sys}/devices/platform/**/input[0-9]*/{properties,name} r, @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_cur_freq r, @{sys}/devices/virtual/net/*/statistics/{rx_bytes,tx_bytes} r, diff --git a/apparmor.d/groups/gnome/gsd-datetime b/apparmor.d/groups/gnome/gsd-datetime index f92f5355..fc9b0591 100644 --- a/apparmor.d/groups/gnome/gsd-datetime +++ b/apparmor.d/groups/gnome/gsd-datetime @@ -57,10 +57,15 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) { /usr/share/dconf/profile/gdm r, /usr/share/gdm/greeter-dconf-defaults r, /usr/share/glib-2.0/schemas/gschemas.compiled r, + /usr/share/gnome-settings-daemon/datetime/backward r, /var/lib/gdm{3,}/.config/dconf/user r, /var/lib/gdm{3,}/greeter-dconf-defaults r, + owner @{user_cache_dirs}/geocode-glib/* r, + + owner @{PROC}/@{pid}/stat r, + owner /dev/tty[0-9]* rw, include if exists diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys index 3bad81c1..b24ac846 100644 --- a/apparmor.d/groups/gnome/gsd-media-keys +++ b/apparmor.d/groups/gnome/gsd-media-keys @@ -189,5 +189,8 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { @{sys}/devices/platform/**/uevent r, @{sys}/devices/**/usb[0-9]/{,**} r, + @{PROC}/1/cgroup r, + owner @{PROC}/@{pid}/cgroup r, + include if exists } diff --git a/apparmor.d/groups/gnome/gsd-xsettings b/apparmor.d/groups/gnome/gsd-xsettings index cb897cb2..97f284ab 100644 --- a/apparmor.d/groups/gnome/gsd-xsettings +++ b/apparmor.d/groups/gnome/gsd-xsettings @@ -129,7 +129,7 @@ profile gsd-xsettings @{exec_path} { /usr/share/dconf/profile/gdm r, /usr/share/glib-2.0/schemas/gschemas.compiled r, - /usr/share/gdm/greeter-dconf-defaults r, + /usr/share/libdrm/*.ids r, /etc/X11/Xsession.options r, /etc/xdg/Xwayland-session.d/ r, diff --git a/apparmor.d/groups/gnome/nautilus b/apparmor.d/groups/gnome/nautilus index d434c79f..aceca310 100644 --- a/apparmor.d/groups/gnome/nautilus +++ b/apparmor.d/groups/gnome/nautilus @@ -46,6 +46,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) { /{usr/,}lib/gio-launch-desktop rPx -> child-open, /usr/share/*ubuntu/applications/{,**} r, + /usr/share/libdrm/*.ids r, /usr/share/nautilus/{,**} r, /usr/share/poppler/{,**} r, /usr/share/sounds/freedesktop/stereo/*.oga r, diff --git a/apparmor.d/groups/grub/grub-mkconfig b/apparmor.d/groups/grub/grub-mkconfig index 5d85d1cd..6a0e6f98 100644 --- a/apparmor.d/groups/grub/grub-mkconfig +++ b/apparmor.d/groups/grub/grub-mkconfig @@ -25,6 +25,7 @@ profile grub-mkconfig @{exec_path} { /{usr/,}bin/{e,f,}grep rix, /{usr/,}bin/{m,g,}awk rix, /{usr/,}bin/basename rix, + /{usr/,}bin/btrfs rPx, /{usr/,}bin/cat rix, /{usr/,}bin/chmod rix, /{usr/,}bin/cut rix, @@ -62,6 +63,7 @@ profile grub-mkconfig @{exec_path} { /boot/grub/{**,} rw, /etc/default/grub r, + /etc/default/grub-btrfs/config r, /etc/default/grub.d/{*,} r, /usr/share/grub/{**,} r, diff --git a/apparmor.d/groups/grub/grub-mkrelpath b/apparmor.d/groups/grub/grub-mkrelpath index 5e5e532d..b540a56b 100644 --- a/apparmor.d/groups/grub/grub-mkrelpath +++ b/apparmor.d/groups/grub/grub-mkrelpath @@ -1,5 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022 Jeroen Rijken +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , @@ -11,9 +12,15 @@ profile grub-mkrelpath @{exec_path} { include include + capability sys_admin, + @{exec_path} mr, + /{usr/,}{local/,}{s,}bin/zpool rPx, + / r, + /usr/share/grub/* r, + @{PROC}/@{pids}/mountinfo r, include if exists diff --git a/apparmor.d/groups/grub/grub-mount b/apparmor.d/groups/grub/grub-mount index 90d87523..79edeac5 100644 --- a/apparmor.d/groups/grub/grub-mount +++ b/apparmor.d/groups/grub/grub-mount @@ -1,5 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2022 Jeroen Rijken +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , @@ -10,9 +11,16 @@ include profile grub-mount @{exec_path} { include include + include + + capability sys_admin, @{exec_path} mr, + / r, + /var/lib/os-prober/mount/ r, + + /dev/fuse rw, + include if exists } - diff --git a/apparmor.d/groups/grub/grub-probe b/apparmor.d/groups/grub/grub-probe index 27c83ae3..2e1c5d1a 100644 --- a/apparmor.d/groups/grub/grub-probe +++ b/apparmor.d/groups/grub/grub-probe @@ -23,6 +23,7 @@ profile grub-probe @{exec_path} { /{usr/,}bin/udevadm rPx, / r, + /usr/share/grub/* r, @{PROC}/@{pids}/mountinfo r, @{PROC}/devices r, diff --git a/apparmor.d/groups/grub/grub-script-check b/apparmor.d/groups/grub/grub-script-check index 18706518..81a7fcbb 100644 --- a/apparmor.d/groups/grub/grub-script-check +++ b/apparmor.d/groups/grub/grub-script-check @@ -13,7 +13,7 @@ profile grub-script-check @{exec_path} { @{exec_path} mr, - /boot/grub/grub.cfg{.new,} rw, + /boot/grub/grub* rw, include if exists } diff --git a/apparmor.d/groups/network/nm-dispatcher b/apparmor.d/groups/network/nm-dispatcher index a84fac4c..287b0973 100644 --- a/apparmor.d/groups/network/nm-dispatcher +++ b/apparmor.d/groups/network/nm-dispatcher @@ -27,13 +27,25 @@ profile nm-dispatcher @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - /{usr/,}bin/{,ba,da}sh rix, - /{usr/,}bin/run-parts rPx, + /{usr/,}bin/{,ba,da}sh rix, + /{usr/,}bin/date rix, + /{usr/,}bin/gawk rix, + /{usr/,}bin/grep rix, + /{usr/,}bin/id rix, + /{usr/,}bin/mktemp rix, + /{usr/,}bin/nmcli rix, + /{usr/,}bin/readlink rix, + /{usr/,}bin/rm rix, + /{usr/,}bin/run-parts rPx, + /usr/share/tlp/tlp-readconfs rPUx, + + /usr/share/tlp/{.**} rw, /etc/NetworkManager/dispatcher.d/ r, /etc/NetworkManager/dispatcher.d/** rix, @{run}/systemd/notify rw, + @{run}/tlp/* rw, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/groups/systemd/systemd-coredump b/apparmor.d/groups/systemd/systemd-coredump index 81155992..ce1ce0db 100644 --- a/apparmor.d/groups/systemd/systemd-coredump +++ b/apparmor.d/groups/systemd/systemd-coredump @@ -35,7 +35,7 @@ profile systemd-coredump @{exec_path} flags=(attach_disconnected) { /var/lib/systemd/coredump/ r, owner /var/lib/systemd/coredump/#[0-9]* rwl, - owner /var/lib/systemd/coredump/core.*.zst rwl -> /var/lib/systemd/coredump/#[0-9]*, + owner /var/lib/systemd/coredump/core.*.zst rwl, @{PROC}/@{pids}/cgroup r, @{PROC}/@{pids}/cmdline r, diff --git a/apparmor.d/profiles-a-f/bluetoothd b/apparmor.d/profiles-a-f/bluetoothd index 26316237..70f45828 100644 --- a/apparmor.d/profiles-a-f/bluetoothd +++ b/apparmor.d/profiles-a-f/bluetoothd @@ -33,6 +33,7 @@ profile bluetoothd @{exec_path} { @{run}/sdp rw, @{run}/udev/data/+hid:* r, + @{sys}/devices/pci[0-9]*/**/rfkill[0-9]*/name r, @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/bluetooth/**/{uevent,name} r, @{sys}/devices/platform/**/rfkill/**/name r, @{sys}/devices/virtual/dmi/id/chassis_type r, diff --git a/apparmor.d/profiles-g-l/keepassxc-proxy b/apparmor.d/profiles-g-l/keepassxc-proxy index 008f9569..c73a811a 100644 --- a/apparmor.d/profiles-g-l/keepassxc-proxy +++ b/apparmor.d/profiles-g-l/keepassxc-proxy @@ -1,5 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2018-2021 Mikhail Morfikov +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , @@ -21,6 +22,8 @@ profile keepassxc-proxy @{exec_path} { @{exec_path} mr, + owner @{run}/user/@{pid}/org.keepassxc.KeePassXC.BrowserServer rw, + # file_inherit deny owner @{run}/user/@{uid}/.[a-zA-Z]*/{,s} rw, deny owner @{run}/user/@{uid}/kpxc_server rw, diff --git a/apparmor.d/profiles-m-r/os-prober b/apparmor.d/profiles-m-r/os-prober index 6e337414..4ce682ef 100644 --- a/apparmor.d/profiles-m-r/os-prober +++ b/apparmor.d/profiles-m-r/os-prober @@ -16,27 +16,45 @@ profile os-prober @{exec_path} flags=(attach_disconnected) { @{exec_path} mrix, /{usr/,}{s,}bin/blkid rPx, + /{usr/,}{s,}bin/dmraid rPUx, + /{usr/,}{s,}bin/lvm rPx, /{usr/,}bin/{,ba,da}sh rix, /{usr/,}bin/{e,f,}grep rix, /{usr/,}bin/cut rix, + /{usr/,}bin/find rix, + /{usr/,}bin/grub-mount rPx, + /{usr/,}bin/grub-probe rPx, /{usr/,}bin/head rix, /{usr/,}bin/kmod rPx, /{usr/,}bin/logger rix, + /{usr/,}bin/ls rix, /{usr/,}bin/lsblk rPx, + /{usr/,}bin/mkdir rix, /{usr/,}bin/mktemp rix, /{usr/,}bin/readlink rix, /{usr/,}bin/rm rix, + /{usr/,}bin/rmdir rix, /{usr/,}bin/sed rix, + /{usr/,}bin/udevadm rPx, + /{usr/,}bin/umount rix, /{usr/,}bin/uname rix, /{usr/,}lib/os-prober/* rix, /{usr/,}lib/os-probes/{,**} rix, /usr/share/os-prober/common.sh r, + /var/lib/os-prober/{,**} rw, + + /boot/ r, + owner /tmp/os-prober.*/{,**} rw, @{sys}/block/ r, @{sys}/devices/pci[0-9]*/**/block/*/ r, + @{sys}/devices/virtual/block/*/ r, + + @{PROC}/swaps r, + owner @{PROC}/@{pid}/mounts r, include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-s-z/wireplumber b/apparmor.d/profiles-s-z/wireplumber index 466564d2..c1636789 100644 --- a/apparmor.d/profiles-s-z/wireplumber +++ b/apparmor.d/profiles-s-z/wireplumber @@ -36,6 +36,7 @@ profile wireplumber @{exec_path} { @{run}/udev/data/+sound:card[0-9]* r, # For sound @{run}/udev/data/c116:[0-9]* r, # for ALSA + @{run}/udev/data/c236:[0-9]* r, @{run}/udev/data/c50[0-9]:[0-9]* r, @{run}/udev/data/c81:[0-9]* r, # For video4linux diff --git a/apparmor.d/tunables/xdg-user-dirs b/apparmor.d/tunables/xdg-user-dirs index 7ad77a89..248b3f0d 100644 --- a/apparmor.d/tunables/xdg-user-dirs +++ b/apparmor.d/tunables/xdg-user-dirs @@ -39,12 +39,14 @@ @{XDG_CACHE_HOME}=".cache" @{XDG_CONFIG_HOME}=".config" @{XDG_DATA_HOME}=".local/share" +@{XDG_STATE_HOME}=".local/state" @{XDG_BIN_HOME}=".local/bin" @{XDG_LIB_HOME}=".local/lib" # Full path of the user configuration directories @{user_cache_dirs}=@{HOME}/@{XDG_CACHE_HOME} @{user_config_dirs}=@{HOME}/@{XDG_CONFIG_HOME} +@{user_state_dirs}=@{HOME}/@{XDG_STATE_HOME} @{user_bin_dirs}=@{HOME}/@{XDG_BIN_HOME} @{user_lib_dirs}=@{HOME}/@{XDG_LIB_HOME} diff --git a/dists/flags/main.flags b/dists/flags/main.flags index 64a158c1..8ff3b91a 100644 --- a/dists/flags/main.flags +++ b/dists/flags/main.flags @@ -67,6 +67,7 @@ gdm-xsession complain git complain glib-compile-resources complain gnome-browser-connector-host complain +gnome-characters complain gnome-control-center attach_disconnected,complain gnome-control-center-goa-helper complain gnome-disk-image-mounter complain