mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 00:48:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor(profiles): use @{bin} and @{lib} in profiles (3)

Browse source
This commit is contained in:
Alexandre Pujol 2023-07-09 14:09:55 +01:00
parent 2eed3b725f
commit 27daa7c9bb
Failed to generate hash of commit
355 changed files with 1473 additions and 1472 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/groups/gnome/chrome-gnome-shell
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/chrome-gnome-shell
@{exec_path} = @{bin}/chrome-gnome-shell
profile chrome-gnome-shell @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>
@ -22,7 +22,7 @@ profile chrome-gnome-shell @{exec_path} {
network netlink raw,
@{exec_path} mr,
/{usr/,}bin/ r,
@{bin}/ r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,

2
apparmor.d/groups/gnome/evolution-addressbook-factory
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/{,evolution-data-server/}evolution-addressbook-factory
@{exec_path} = @{lib}/{,evolution-data-server/}evolution-addressbook-factory
profile evolution-addressbook-factory @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-network-manager-strict>

2
apparmor.d/groups/gnome/evolution-alarm-notify
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/evolution-data-server/{,evolution-data-server/}evolution-alarm-notify
@{exec_path} = @{lib}/evolution-data-server/{,evolution-data-server/}evolution-alarm-notify
profile evolution-alarm-notify @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session>

2
apparmor.d/groups/gnome/evolution-calendar-factory
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/{,evolution-data-server/}evolution-calendar-factory
@{exec_path} = @{lib}/{,evolution-data-server/}evolution-calendar-factory
profile evolution-calendar-factory @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-network-manager-strict>

2
apparmor.d/groups/gnome/evolution-source-registry
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/{,evolution-data-server/}evolution-source-registry
@{exec_path} = @{lib}/{,evolution-data-server/}evolution-source-registry
profile evolution-source-registry @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session-strict>

14
apparmor.d/groups/gnome/gdm
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}{s,}bin/gdm{3,}
@{exec_path} = @{bin}/gdm{3,}
profile gdm @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>
@ -66,12 +66,12 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
@{libexec}/{,gdm/}gdm-session-worker rPx,
/{usr/,}{s,}bin/prime-switch rPUx,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/pidof rPx,
/{usr/,}bin/plymouth rPx,
/{usr/,}bin/sleep rix,
@{bin}/{,ba,da}sh rix,
@{bin}/pidof rPx,
@{bin}/plymouth rPx,
@{bin}/prime-switch rPUx,
@{bin}/sleep rix,
@{lib}/{,gdm/}gdm-session-worker rPx,
/etc/gdm{3,}/PrimeOff/Default rix,
/usr/share/gdm/gdm.schemas r,

2
apparmor.d/groups/gnome/gdm-runtime-config
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gdm-runtime-config
@{exec_path} = @{lib}/gdm-runtime-config
profile gdm-runtime-config @{exec_path} {
include <abstractions/base>

8
apparmor.d/groups/gnome/gdm-session-worker
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/{,gdm/}gdm-session-worker
@{exec_path} = @{lib}/{,gdm/}gdm-session-worker
profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/authentication>
@ -58,9 +58,9 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
@{exec_path} mrix,
@{libexec}/{,gdm/}gdm-wayland-session rPx,
@{libexec}/{,gdm/}gdm-x-session rPx,
/{usr/,}bin/gnome-keyring-daemon rPx,
@{bin}/gnome-keyring-daemon rPx,
@{lib}/{,gdm/}gdm-wayland-session rPx,
@{lib}/{,gdm/}gdm-x-session rPx,
/etc/gdm{3,}/{Pre,Post}Session/Default rix,
/etc/gdm{3,}/PostLogin/Default rix,
/etc/gdm{3,}/PrimeOff/Default rix,

54
apparmor.d/groups/gnome/gdm-wayland-session
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/{,gdm/}gdm-wayland-session
@{exec_path} = @{lib}/{,gdm/}gdm-wayland-session
profile gdm-wayland-session @{exec_path} {
include <abstractions/base>
include <abstractions/bash>
@ -38,33 +38,33 @@ profile gdm-wayland-session @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/cat rix,
/{usr/,}bin/env rix,
/{usr/,}bin/gettext rix,
/{usr/,}bin/gettext.sh r,
/{usr/,}bin/gnome-session rix,
/{usr/,}bin/grep rix,
/{usr/,}bin/gsettings rPx,
/{usr/,}bin/head rix,
/{usr/,}bin/id rix,
/{usr/,}bin/locale rix,
/{usr/,}bin/locale-check rix,
/{usr/,}bin/manpath rix,
/{usr/,}bin/qmake rix,
/{usr/,}bin/readlink rix,
/{usr/,}bin/sed rix,
/{usr/,}bin/sort rix,
/{usr/,}bin/tr rix,
/{usr/,}bin/tty rix,
/{usr/,}bin/uname rix,
/{usr/,}bin/zsh rix,
@{bin}/{,ba,da}sh rix,
@{bin}/cat rix,
@{bin}/env rix,
@{bin}/gettext rix,
@{bin}/gettext.sh r,
@{bin}/gnome-session rix,
@{bin}/grep rix,
@{bin}/gsettings rPx,
@{bin}/head rix,
@{bin}/id rix,
@{bin}/locale rix,
@{bin}/locale-check rix,
@{bin}/manpath rix,
@{bin}/qmake rix,
@{bin}/readlink rix,
@{bin}/sed rix,
@{bin}/sort rix,
@{bin}/tr rix,
@{bin}/tty rix,
@{bin}/uname rix,
@{bin}/zsh rix,
@{libexec}/gnome-session-binary rPx,
/{usr/,}bin/dbus-daemon rPx,
/{usr/,}bin/dbus-run-session rPx,
/{usr/,}bin/dpkg-query rpx,
/{usr/,}bin/flatpak rPUx,
@{lib}/gnome-session-binary rPx,
@{bin}/dbus-daemon rPx,
@{bin}/dbus-run-session rPx,
@{bin}/dpkg-query rpx,
@{bin}/flatpak rPUx,
/usr/share/bash-completion/{,**} r,
/usr/share/gdm/gdm.schemas r,

6
apparmor.d/groups/gnome/gdm-x-session
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/{,gdm/}gdm-x-session
@{exec_path} = @{lib}/{,gdm/}gdm-x-session
profile gdm-x-session @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>
@ -35,8 +35,8 @@ profile gdm-x-session @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
/{usr/,}bin/Xorg rPx,
/{usr/,}bin/dbus-run-session rPx,
@{bin}/Xorg rPx,
@{bin}/dbus-run-session rPx,
/etc/gdm{3,}/Xsession rPx,
/etc/gdm{3,}/Prime/Default rix,

56
apparmor.d/groups/gnome/gdm-xsession
View file

@ -16,35 +16,35 @@ profile gdm-xsession @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/{,e}grep rix,
/{usr/,}bin/{m,g,}awk rix,
/{usr/,}bin/cat rix,
/{usr/,}bin/expr rix,
/{usr/,}bin/gettext rix,
/{usr/,}bin/gettext.sh r,
/{usr/,}bin/gnome-session rix,
/{usr/,}bin/gsettings rPx,
/{usr/,}bin/id rix,
/{usr/,}bin/locale rix,
/{usr/,}bin/locale-check rix,
/{usr/,}bin/mktemp rix,
/{usr/,}bin/sed rix,
/{usr/,}bin/tr rix,
/{usr/,}bin/truncate rix,
/{usr/,}bin/tty rix,
/{usr/,}bin/zsh rix,
@{bin}/{,ba,da}sh rix,
@{bin}/{,e}grep rix,
@{bin}/{m,g,}awk rix,
@{bin}/cat rix,
@{bin}/expr rix,
@{bin}/gettext rix,
@{bin}/gettext.sh r,
@{bin}/gnome-session rix,
@{bin}/gsettings rPx,
@{bin}/id rix,
@{bin}/locale rix,
@{bin}/locale-check rix,
@{bin}/mktemp rix,
@{bin}/sed rix,
@{bin}/tr rix,
@{bin}/truncate rix,
@{bin}/tty rix,
@{bin}/zsh rix,
@{etc_ro}/X11/xdm/Xsession rPx,
/{usr/,}bin/dbus-update-activation-environment rCx -> dbus,
/{usr/,}bin/flatpak rPUx,
/{usr/,}bin/systemctl rPx -> child-systemctl,
/{usr/,}bin/xbrlapi rPx,
/{usr/,}bin/xhost rPx,
/{usr/,}bin/im-launch rPx,
/{usr/,}bin/gpgconf rPx,
@{libexec}/gnome-session-binary rPx,
/{usr/,}bin/dpkg-query rpx,
@{bin}/dbus-update-activation-environment rCx -> dbus,
@{bin}/flatpak rPUx,
@{bin}/systemctl rPx -> child-systemctl,
@{bin}/xbrlapi rPx,
@{bin}/xhost rPx,
@{bin}/im-launch rPx,
@{bin}/gpgconf rPx,
@{lib}/gnome-session-binary rPx,
@{bin}/dpkg-query rpx,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/im-config/data/{,*} r,
@ -62,7 +62,7 @@ profile gdm-xsession @{exec_path} {
profile dbus {
include <abstractions/base>
/{usr/,}bin/dbus-update-activation-environment mr,
@{bin}/dbus-update-activation-environment mr,
owner @{run}/user/@{uid}/bus rw,

8
apparmor.d/groups/gnome/gio-launch-desktop
View file

@ -7,9 +7,9 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gio
@{exec_path} += /{usr/,}bin/gio-launch-desktop
@{exec_path} += /{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop
@{exec_path} = @{bin}/gio
@{exec_path} += @{bin}/gio-launch-desktop
@{exec_path} += @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop
profile gio-launch-desktop @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/app-launcher-user>
@ -20,7 +20,7 @@ profile gio-launch-desktop @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
/{usr/,}lib/gio-launch-desktop rix,
@{lib}/gio-launch-desktop rix,
# System files
/var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r,

8
apparmor.d/groups/gnome/gjs-console
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gjs-console
@{exec_path} = @{bin}/gjs-console
profile gjs-console @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>
@ -74,9 +74,9 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
dbus bind bus=session name=org.gnome.Shell.Notifications,
@{exec_path} mr,
/{usr/,}bin/ r,
/{usr/,}bin/[a-z0-9]* rPUx,
@{libexec}/** rPUx,
@{bin}/ r,
@{bin}/[a-z0-9]* rPUx,
@{lib}/** rPUx,
/etc/openni2/OpenNI.ini r,

2
apparmor.d/groups/gnome/gkbd-keyboard-display
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gkbd-keyboard-display
@{exec_path} = @{bin}/gkbd-keyboard-display
profile gkbd-keyboard-display @{exec_path} {
include <abstractions/base>
include <abstractions/fonts>

8
apparmor.d/groups/gnome/gnome-browser-connector-host
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gnome-browser-connector-host
@{exec_path} = @{bin}/gnome-browser-connector-host
profile gnome-browser-connector-host @{exec_path} {
include <abstractions/base>
include <abstractions/python>
@ -14,10 +14,10 @@ profile gnome-browser-connector-host @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/env rix,
/{usr/,}bin/python3.[0-9]* rix,
@{bin}/env rix,
@{bin}/python3.[0-9]* rix,
/{usr/,}lib/python3.[0-9]*/site-packages/gnome_browser_connector/__pycache__/{,**} rw,
@{lib}/python3.[0-9]*/site-packages/gnome_browser_connector/__pycache__/{,**} rw,
/usr/share/glib-2.0/schemas/gschemas.compiled r,

2
apparmor.d/groups/gnome/gnome-calculator-search-provider
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gnome-calculator-search-provider
@{exec_path} = @{lib}/gnome-calculator-search-provider
profile gnome-calculator-search-provider @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session-strict>

2
apparmor.d/groups/gnome/gnome-calendar
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gnome-calendar
@{exec_path} = @{bin}/gnome-calendar
profile gnome-calendar @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>

2
apparmor.d/groups/gnome/gnome-characters
View file

@ -20,7 +20,7 @@ profile gnome-characters @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/gjs-console rix,
@{bin}/gjs-console rix,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,

2
apparmor.d/groups/gnome/gnome-characters-backgroudservice
View file

@ -15,7 +15,7 @@ profile gnome-characters-backgroudservice @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/gjs-console rix,
@{bin}/gjs-console rix,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/icons/{,**} r,

2
apparmor.d/groups/gnome/gnome-contacts
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gnome-contacts
@{exec_path} = @{bin}/gnome-contacts
profile gnome-contacts @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>

2
apparmor.d/groups/gnome/gnome-contacts-search-provider
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gnome-contacts-search-provider
@{exec_path} = @{lib}/gnome-contacts-search-provider
profile gnome-contacts-search-provider @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>

38
apparmor.d/groups/gnome/gnome-control-center
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gnome-control-center
@{exec_path} = @{bin}/gnome-control-center
profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/audio>
@ -64,26 +64,26 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
/{usr/,}bin/{,b,d,rb}ash rUx,
/{usr/,}bin/{c,k,tc,z}sh rUx,
@{bin}/{,b,d,rb}ash rUx,
@{bin}/{c,k,tc,z}sh rUx,
/{usr/,}bin/gcm-viewer rix,
/{usr/,}bin/grep rix,
/{usr/,}bin/locale rix,
/{usr/,}bin/sed rix,
@{bin}/gcm-viewer rix,
@{bin}/grep rix,
@{bin}/locale rix,
@{bin}/sed rix,
@{libexec}/gnome-control-center-goa-helper rPx,
@{libexec}/gnome-control-center-print-renderer rPx,
/{usr/,}bin/gnome-software rPUx,
/{usr/,}bin/gkbd-keyboard-display rPUx,
/{usr/,}bin/bwrap rPUx,
/{usr/,}bin/openvpn rPx,
/{usr/,}bin/passwd rPx,
/{usr/,}bin/software-properties-gtk rPx,
/{usr/,}bin/pkexec rPx,
/{usr/,}{s,}bin/usermod rPx,
/{usr/,}lib/@{multiarch}/webkit2gtk-{3,4}.0/WebKitNetworkProcess rix,
/{usr/,}lib/webkit2gtk-{3,4}.0/WebKitNetworkProcess rix,
@{bin}/bwrap rPUx,
@{bin}/gkbd-keyboard-display rPUx,
@{bin}/gnome-software rPUx,
@{bin}/openvpn rPx,
@{bin}/passwd rPx,
@{bin}/pkexec rPx,
@{bin}/software-properties-gtk rPx,
@{bin}/usermod rPx,
@{lib}/@{multiarch}/webkit2gtk-{3,4}.0/WebKitNetworkProcess rix,
@{lib}/gnome-control-center-goa-helper rPx,
@{lib}/gnome-control-center-print-renderer rPx,
@{lib}/webkit2gtk-{3,4}.0/WebKitNetworkProcess rix,
/usr/share/language-tools/language2locale rix,
/snap/*/[0-9]*/**.png r,

6
apparmor.d/groups/gnome/gnome-control-center-goa-helper
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}lib/gnome-control-center-goa-helper
@{exec_path} = @{lib}/gnome-control-center-goa-helper
profile gnome-control-center-goa-helper @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>
@ -29,9 +29,9 @@ profile gnome-control-center-goa-helper @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/bwrap rPUx,
@{bin}/bwrap rPUx,
/{usr/,}lib/webkit2gtk-{3,4}.0/WebKitNetworkProcess rix,
@{lib}/webkit2gtk-{3,4}.0/WebKitNetworkProcess rix,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/themes/{,**} r,

2
apparmor.d/groups/gnome/gnome-control-center-print-renderer
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gnome-control-center-print-renderer
@{exec_path} = @{lib}/gnome-control-center-print-renderer
profile gnome-control-center-print-renderer @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-accessibility-strict>

2
apparmor.d/groups/gnome/gnome-control-center-search-provider
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gnome-control-center-search-provider
@{exec_path} = @{lib}/gnome-control-center-search-provider
profile gnome-control-center-search-provider @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session-strict>

2
apparmor.d/groups/gnome/gnome-disk-image-mounter
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gnome-disk-image-mounter
@{exec_path} = @{bin}/gnome-disk-image-mounter
profile gnome-disk-image-mounter @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>

6
apparmor.d/groups/gnome/gnome-disks
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gnome-disks
@{exec_path} = @{bin}/gnome-disks
profile gnome-disks @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>
@ -16,8 +16,8 @@ profile gnome-disks @{exec_path} {
@{exec_path} mr,
/{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,
/{usr/,}lib/gio-launch-desktop rPx -> child-open,
@{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,
@{lib}/gio-launch-desktop rPx -> child-open,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/X11/xkb/{,**} r,

10
apparmor.d/groups/gnome/gnome-extension-ding
View file

@ -142,11 +142,11 @@ profile gnome-extension-ding @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/env rix,
/{usr/,}bin/gjs-console rix,
/{usr/,}bin/gnome-control-center rPx,
/{usr/,}bin/nautilus rPx,
@{bin}/{,ba,da}sh rix,
@{bin}/env rix,
@{bin}/gjs-console rix,
@{bin}/gnome-control-center rPx,
@{bin}/nautilus rPx,
/usr/share/gnome-shell/extensions/ding@rastersoft.com/* r,
/usr/share/thumbnailers/{,*.thumbnailer} r,

8
apparmor.d/groups/gnome/gnome-extension-manager
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/extension-manager
@{exec_path} = @{bin}/extension-manager
profile gnome-extension-manager @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>
@ -30,10 +30,10 @@ profile gnome-extension-manager @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/gjs-console rix,
@{bin}/gjs-console rix,
/{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,
/{usr/,}lib/gio-launch-desktop rPx -> child-open,
@{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,
@{lib}/gio-launch-desktop rPx -> child-open,
/usr/share/gnome-shell/org.gnome.Shell.Extensions r,
/usr/share/themes/{,**} r,

6
apparmor.d/groups/gnome/gnome-extensions-app
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gnome-extensions-app
@{exec_path} = @{bin}/gnome-extensions-app
profile gnome-extensions-app @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>
@ -22,8 +22,8 @@ profile gnome-extensions-app @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/gjs-console rix,
@{bin}/{,ba,da}sh rix,
@{bin}/gjs-console rix,
/usr/share/gnome-shell/org.gnome.Extensions* r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,

6
apparmor.d/groups/gnome/gnome-keyring-daemon
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gnome-keyring-daemon
@{exec_path} = @{bin}/gnome-keyring-daemon
profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>
@ -111,8 +111,8 @@ profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
/{usr/,}bin/ssh-add rix,
/{usr/,}bin/ssh-agent rPx,
@{bin}/ssh-add rix,
@{bin}/ssh-agent rPx,
/etc/gcrypt/hwf.deny r,

8
apparmor.d/groups/gnome/gnome-music
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gnome-music
@{exec_path} = @{bin}/gnome-music
profile gnome-music @{exec_path} {
include <abstractions/base>
include <abstractions/audio>
@ -31,9 +31,9 @@ profile gnome-music @{exec_path} {
network netlink raw,
@{exec_path} mr,
/{usr/,}bin/ r,
/{usr/,}bin/python3.[0-9]* rix,
/{usr/,}lib/python3.[0-9]*/site-packages//gnomemusic/__pycache__/{,**} rw,
@{bin}/ r,
@{bin}/python3.[0-9]* rix,
@{lib}/python3.[0-9]*/site-packages//gnomemusic/__pycache__/{,**} rw,
/usr/share/egl/{,**} r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,

2
apparmor.d/groups/gnome/gnome-photos-thumbnailer
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}lib/gnome-photos-thumbnailer
@{exec_path} = @{lib}/gnome-photos-thumbnailer
profile gnome-photos-thumbnailer @{exec_path} {
include <abstractions/base>
include <abstractions/user-download-strict>

2
apparmor.d/groups/gnome/gnome-remote-desktop-daemon
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gnome-remote-desktop-daemon
@{exec_path} = @{lib}/gnome-remote-desktop-daemon
profile gnome-remote-desktop-daemon @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session-strict>

94
apparmor.d/groups/gnome/gnome-session-binary
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gnome-session-binary
@{exec_path} = @{lib}/gnome-session-binary
profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-accessibility-strict>
@ -135,57 +135,57 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
/{usr/,}bin/{,z,ba,da}sh rix,
/{usr/,}bin/env rix,
/{usr/,}bin/gnome-session rix,
/{usr/,}bin/grep rix,
/{usr/,}bin/gsettings rPx,
/{usr/,}bin/gsettings-data-convert rix,
/{usr/,}bin/mkdir rix,
/{usr/,}bin/session-migration rix,
/{usr/,}bin/xdg-user-dirs-gtk-update rix,
@{libexec}/at-spi-bus-launcher rPx,
@{libexec}/gnome-session-check-accelerated rix,
@{libexec}/gnome-session-check-accelerated-gl-helper rix,
@{libexec}/gnome-session-check-accelerated-gles-helper rix,
@{libexec}/gnome-session-failed rix,
@{libexec}/{,gnome-shell/}gnome-shell-overrides-migration.sh rix,
@{libexec}/gsd-* rPx,
@{bin}/{,z,ba,da}sh rix,
@{bin}/env rix,
@{bin}/gnome-session rix,
@{bin}/grep rix,
@{bin}/gsettings rPx,
@{bin}/gsettings-data-convert rix,
@{bin}/mkdir rix,
@{bin}/session-migration rix,
@{bin}/xdg-user-dirs-gtk-update rix,
@{lib}/{,gnome-shell/}gnome-shell-overrides-migration.sh rix,
@{lib}/at-spi-bus-launcher rPx,
@{lib}/gnome-session-check-accelerated rix,
@{lib}/gnome-session-check-accelerated-gl-helper rix,
@{lib}/gnome-session-check-accelerated-gles-helper rix,
@{lib}/gnome-session-failed rix,
@{lib}/gsd-* rPx,
# TODO: rCx gio-launch-desktop and put all the following program in this
# subprofile. Not done yet as it breaks compatibility with Ubuntu/Debian
@{libexec}/gio-launch-desktop rix,
@{lib}/gio-launch-desktop rix,
/{usr/,}bin/aa-notify rPx,
/{usr/,}bin/baloo_file rPx,
@{libexec}/baloo_file rPx,
/{usr/,}bin/blueman-applet rPx,
/{usr/,}bin/firewall-applet rPUx,
/{usr/,}bin/gnome-keyring-daemon rPx,
/{usr/,}bin/gnome-shell rPx,
/{usr/,}bin/gnome-software rPUx,
/{usr/,}bin/im-launch rPx,
/{usr/,}bin/keepassxc rPx,
/{usr/,}bin/parcellite rPUx,
/{usr/,}bin/pkcs11-register rPx,
/{usr/,}bin/snap rPUx,
/{usr/,}bin/snapshot-detect rPUx,
/{usr/,}bin/spice-vdagent rPx,
/{usr/,}bin/start-pulseaudio-x11 rPx,
/{usr/,}bin/ubuntu-report rPx,
/{usr/,}bin/update-notifier rPx,
/{usr/,}bin/xbrlapi rPx,
/{usr/,}bin/xdg-user-dirs-update rPx,
/{usr/,}lib/@{multiarch}/libexec/kdeconnectd rPUx,
/{usr/,}lib/@{multiarch}/xapps/sn-watcher/xapp-sn-watcher rPUx,
/{usr/,}lib/caribou/caribou rPUx,
/{usr/,}lib/thunderbird/thunderbird rPx,
/{usr/,}lib/update-notifier/ubuntu-advantage-notification rPx,
/{usr/,}lib/xapps/sn-watcher/* rPUx,
@{bin}/aa-notify rPx,
@{bin}/baloo_file rPx,
@{bin}/blueman-applet rPx,
@{bin}/firewall-applet rPUx,
@{bin}/gnome-keyring-daemon rPx,
@{bin}/gnome-shell rPx,
@{bin}/gnome-software rPUx,
@{bin}/im-launch rPx,
@{bin}/keepassxc rPx,
@{bin}/parcellite rPUx,
@{bin}/pkcs11-register rPx,
@{bin}/snap rPUx,
@{bin}/snapshot-detect rPUx,
@{bin}/spice-vdagent rPx,
@{bin}/start-pulseaudio-x11 rPx,
@{bin}/ubuntu-report rPx,
@{bin}/update-notifier rPx,
@{bin}/xbrlapi rPx,
@{bin}/xdg-user-dirs-update rPx,
@{lib}/@{multiarch}/libexec/kdeconnectd rPUx,
@{lib}/@{multiarch}/xapps/sn-watcher/xapp-sn-watcher rPUx,
@{lib}/baloo_file rPx,
@{lib}/caribou/caribou rPUx,
@{lib}/deja-dup/deja-dup-monitor rPUx,
@{lib}/evolution-data-server/{,evolution-data-server/}evolution-alarm-notify rPx,
@{lib}/gsd-disk-utility-notify rPx,
@{lib}/thunderbird/thunderbird rPx,
@{lib}/update-notifier/ubuntu-advantage-notification rPx,
@{lib}/xapps/sn-watcher/* rPUx,
/{usr/,}share/libpam-kwallet-common/pam_kwallet_init rPUx,
@{libexec}/deja-dup/deja-dup-monitor rPUx,
@{libexec}/gsd-disk-utility-notify rPx,
@{libexec}/evolution-data-server/{,evolution-data-server/}evolution-alarm-notify rPx,
/usr/share/dconf/profile/gdm r,
/usr/share/gdm/greeter-dconf-defaults r,

2
apparmor.d/groups/gnome/gnome-session-ctl
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gnome-session-ctl
@{exec_path} = @{lib}/gnome-session-ctl
profile gnome-session-ctl @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session-strict>

8
apparmor.d/groups/gnome/gnome-shell
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gnome-shell
@{exec_path} = @{bin}/gnome-shell
profile gnome-shell @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/app-launcher-user>
@ -479,9 +479,9 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
/{usr/,}bin/Xwayland rPx,
@{libexec}/polkit-1/polkit* rPx,
@{libexec}/* rPUx,
@{bin}/Xwayland rPx,
@{lib}/polkit-1/polkit* rPx,
@{lib}/* rPUx,
/usr/share/gnome-shell/extensions/ding@rastersoft.com/ding.js rPx,

2
apparmor.d/groups/gnome/gnome-shell-calendar-server
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/{,gnome-shell/}gnome-shell-calendar-server
@{exec_path} = @{lib}/{,gnome-shell/}gnome-shell-calendar-server
profile gnome-shell-calendar-server @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session-strict>

2
apparmor.d/groups/gnome/gnome-shell-hotplug-sniffer
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gnome-shell-hotplug-sniffer
@{exec_path} = @{lib}/gnome-shell-hotplug-sniffer
profile gnome-shell-hotplug-sniffer @{exec_path} {
include <abstractions/base>

24
apparmor.d/groups/gnome/gnome-software
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gnome-software
@{exec_path} = @{bin}/gnome-software
profile gnome-software @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>
@ -34,13 +34,13 @@ profile gnome-software @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/bwrap rPUx,
/{usr/,}bin/fusermount{,3} rCx -> fusermount,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/gpgconf rCx -> gpg,
/{usr/,}bin/gpgsm rCx -> gpg,
/{usr/,}lib/gio-launch-desktop rPx -> child-open,
/{usr/,}lib/revokefs-fuse rix,
@{bin}/bwrap rPUx,
@{bin}/fusermount{,3} rCx -> fusermount,
@{bin}/gpg{,2} rCx -> gpg,
@{bin}/gpgconf rCx -> gpg,
@{bin}/gpgsm rCx -> gpg,
@{lib}/gio-launch-desktop rPx -> child-open,
@{lib}/revokefs-fuse rix,
/usr/share/app-info/{,**} r,
/usr/share/appdata/{,**} r,
@ -110,9 +110,9 @@ profile gnome-software @{exec_path} {
profile gpg {
include <abstractions/base>
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/gpgconf mr,
/{usr/,}bin/gpgsm mr,
@{bin}/gpg{,2} mr,
@{bin}/gpgconf mr,
@{bin}/gpgsm mr,
@{HOME}/@{XDG_GPG_DIR}/*.conf r,
@ -130,7 +130,7 @@ profile gnome-software @{exec_path} {
mount fstype=fuse.revokefs-fuse options=(rw, nosuid, nodev) -> /var/tmp/flatpak-cache-*/*/,
umount /var/tmp/flatpak-cache-*/*/,
/{usr/,}bin/fusermount{,3} mr,
@{bin}/fusermount{,3} mr,
/etc/fuse.conf r,

4
apparmor.d/groups/gnome/gnome-system-monitor
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gnome-system-monitor
@{exec_path} = @{bin}/gnome-system-monitor
profile gnome-system-monitor @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>
@ -26,7 +26,7 @@ profile gnome-system-monitor @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
/{usr/,}bin/pkexec rPx,
@{bin}/pkexec rPx,
/usr/share/gnome-system-monitor/{,**} r,

16
apparmor.d/groups/gnome/gnome-terminal-server
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gnome-terminal-server
@{exec_path} = @{lib}/gnome-terminal-server
profile gnome-terminal-server @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
@ -26,16 +26,16 @@ profile gnome-terminal-server @{exec_path} {
@{exec_path} mr,
# The shell is not confined on purpose.
/{usr/,}bin/{,b,d,rb}ash rUx,
/{usr/,}bin/{c,k,tc,z}sh rUx,
@{bin}/{,b,d,rb}ash rUx,
@{bin}/{c,k,tc,z}sh rUx,
# Some CLI program can be launched directly from Gnome Shell
/{usr/,}bin/htop rPx,
/{usr/,}bin/micro rPUx,
/{usr/,}bin/nvtop rPx,
@{bin}/htop rPx,
@{bin}/micro rPUx,
@{bin}/nvtop rPx,
/{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,
/{usr/,}lib/gio-launch-desktop rPx -> child-open,
@{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,
@{lib}/gio-launch-desktop rPx -> child-open,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
/usr/share/X11/xkb/{,**} r,

10
apparmor.d/groups/gnome/gnome-tweaks
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gnome-tweaks
@{exec_path} = @{bin}/gnome-tweaks
profile gnome-tweaks @{exec_path} {
include <abstractions/base>
include <abstractions/audio>
@ -17,11 +17,11 @@ profile gnome-tweaks @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/ r,
/{usr/,}bin/ps rPx,
/{usr/,}bin/python3.[0-9]* rix,
@{bin}/ r,
@{bin}/ps rPx,
@{bin}/python3.[0-9]* rix,
/{usr/,}lib/python3.[0-9]*/site-packages/gtweak/{,*/,**/}__pycache__/*pyc* w,
@{lib}/python3.[0-9]*/site-packages/gtweak/{,*/,**/}__pycache__/*pyc* w,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/gnome-tweaks/{,**} r,

2
apparmor.d/groups/gnome/goa-daemon
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/goa-daemon
@{exec_path} = @{lib}/goa-daemon
profile goa-daemon @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-network-manager-strict>

2
apparmor.d/groups/gnome/goa-identity-service
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/goa-identity-service
@{exec_path} = @{lib}/goa-identity-service
profile goa-identity-service @{exec_path} {
include <abstractions/base>
include <abstractions/authentication>

2
apparmor.d/groups/gnome/gsd-a11y-settings
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gsd-a11y-settings
@{exec_path} = @{lib}/gsd-a11y-settings
profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>

2
apparmor.d/groups/gnome/gsd-color
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gsd-color
@{exec_path} = @{lib}/gsd-color
profile gsd-color @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-accessibility-strict>

2
apparmor.d/groups/gnome/gsd-datetime
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gsd-datetime
@{exec_path} = @{lib}/gsd-datetime
profile gsd-datetime @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>

2
apparmor.d/groups/gnome/gsd-disk-utility-notify
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gsd-disk-utility-notify
@{exec_path} = @{lib}/gsd-disk-utility-notify
profile gsd-disk-utility-notify @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session-strict>

2
apparmor.d/groups/gnome/gsd-housekeeping
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gsd-housekeeping
@{exec_path} = @{lib}/gsd-housekeeping
profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/app-launcher-user>

2
apparmor.d/groups/gnome/gsd-keyboard
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gsd-keyboard
@{exec_path} = @{lib}/gsd-keyboard
profile gsd-keyboard @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-accessibility-strict>

6
apparmor.d/groups/gnome/gsd-media-keys
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gsd-media-keys
@{exec_path} = @{lib}/gsd-media-keys
profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/audio>
@ -159,8 +159,8 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
/{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,
/{usr/,}lib/gio-launch-desktop rPx -> child-open,
@{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,
@{lib}/gio-launch-desktop rPx -> child-open,
/usr/share/dconf/profile/gdm r,
/usr/share/gdm/greeter-dconf-defaults r,

2
apparmor.d/groups/gnome/gsd-power
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gsd-power
@{exec_path} = @{lib}/gsd-power
profile gsd-power @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/audio>

4
apparmor.d/groups/gnome/gsd-print-notifications
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gsd-print-notifications
@{exec_path} = @{lib}/gsd-print-notifications
profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>
@ -77,7 +77,7 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) {
name=org.gnome.SettingsDaemon.PrintNotifications,
@{exec_path} mr,
@{libexec}/gsd-printer rPx,
@{lib}/gsd-printer rPx,
/etc/machine-id r,
/etc/cups/client.conf r,

2
apparmor.d/groups/gnome/gsd-printer
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gsd-printer
@{exec_path} = @{lib}/gsd-printer
profile gsd-printer @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>

2
apparmor.d/groups/gnome/gsd-rfkill
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gsd-rfkill
@{exec_path} = @{lib}/gsd-rfkill
profile gsd-rfkill @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>

2
apparmor.d/groups/gnome/gsd-screensaver-proxy
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gsd-screensaver-proxy
@{exec_path} = @{lib}/gsd-screensaver-proxy
profile gsd-screensaver-proxy @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>

2
apparmor.d/groups/gnome/gsd-sharing
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gsd-sharing
@{exec_path} = @{lib}/gsd-sharing
profile gsd-sharing @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-network-manager-strict>

2
apparmor.d/groups/gnome/gsd-smartcard
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gsd-smartcard
@{exec_path} = @{lib}/gsd-smartcard
profile gsd-smartcard @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/nameservice-strict>

2
apparmor.d/groups/gnome/gsd-sound
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gsd-sound
@{exec_path} = @{lib}/gsd-sound
profile gsd-sound @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/audio>

2
apparmor.d/groups/gnome/gsd-usb-protection
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gsd-usb-protection
@{exec_path} = @{lib}/gsd-usb-protection
profile gsd-usb-protection @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>

2
apparmor.d/groups/gnome/gsd-wacom
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gsd-wacom
@{exec_path} = @{lib}/gsd-wacom
profile gsd-wacom @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-accessibility-strict>

22
apparmor.d/groups/gnome/gsd-xsettings
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/gsd-xsettings
@{exec_path} = @{lib}/gsd-xsettings
profile gsd-xsettings @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-accessibility-strict>
@ -118,16 +118,16 @@ profile gsd-xsettings @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/cat rix,
/{usr/,}bin/which{,.debianutils} rix,
@{bin}/cat rix,
@{bin}/which{,.debianutils} rix,
@{libexec}/ibus-x11 rPx,
/{usr/,}bin/busctl rPx,
/{usr/,}bin/pactl rPx,
/{usr/,}bin/run-parts rCx -> run-parts,
/{usr/,}bin/xprop rPx,
/{usr/,}bin/xrdb rPx,
/{usr/,}lib/ibus/ibus-x11 rPx,
@{bin}/busctl rPx,
@{bin}/pactl rPx,
@{bin}/run-parts rCx -> run-parts,
@{bin}/xprop rPx,
@{bin}/xrdb rPx,
@{lib}/ibus-x11 rPx,
@{lib}/ibus/ibus-x11 rPx,
/usr/share/dconf/profile/gdm r,
/usr/share/gdm/greeter-dconf-defaults r,
@ -155,7 +155,7 @@ profile gsd-xsettings @{exec_path} {
profile run-parts {
include <abstractions/base>
/{usr/,}bin/run-parts mr,
@{bin}/run-parts mr,
/etc/X11/Xresources/ r,

16
apparmor.d/groups/gnome/kgx
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/kgx
@{exec_path} = @{bin}/kgx
profile kgx @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
@ -26,16 +26,16 @@ profile kgx @{exec_path} {
@{exec_path} mr,
# The shell is not confined on purpose.
/{usr/,}bin/{,b,d,rb}ash rUx,
/{usr/,}bin/{c,k,tc,z}sh rUx,
@{bin}/{,b,d,rb}ash rUx,
@{bin}/{c,k,tc,z}sh rUx,
# Some CLI program can be launched directly from Gnome Shell
/{usr/,}bin/htop rPx,
/{usr/,}bin/micro rPUx,
/{usr/,}bin/nvtop rPx,
@{bin}/htop rPx,
@{bin}/micro rPUx,
@{bin}/nvtop rPx,
/{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,
/{usr/,}lib/gio-launch-desktop rPx -> child-open,
@{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,
@{lib}/gio-launch-desktop rPx -> child-open,
/usr/share/themes/{,**} r,
/usr/share/X11/xkb/{,**} r,

2
apparmor.d/groups/gnome/mutter-x11-frames
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}lib/mutter-x11-frames
@{exec_path} = @{lib}/mutter-x11-frames
profile mutter-x11-frames @{exec_path} {
include <abstractions/base>
include <abstractions/dconf-write>

18
apparmor.d/groups/gnome/nautilus
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/nautilus
@{exec_path} = @{bin}/nautilus
profile nautilus @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>
@ -42,12 +42,12 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/bwrap rPUx,
/{usr/,}bin/firejail rPUx,
/{usr/,}bin/net rPUx,
/{usr/,}bin/tracker3 rPUx,
/{usr/,}lib/gio-launch-desktop rPx -> child-open,
@{bin}/{,ba,da}sh rix,
@{bin}/bwrap rPUx,
@{bin}/firejail rPUx,
@{bin}/net rPUx,
@{bin}/tracker3 rPUx,
@{lib}/gio-launch-desktop rPx -> child-open,
/usr/share/*ubuntu/applications/{,**} r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
@ -65,8 +65,8 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
# Full access to user's data
/ r,
/*/ r,
/{usr/,}bin/ r,
@{libexec}/ r,
@{bin}/ r,
@{lib}/ r,
@{MOUNTDIRS}/ r,
@{MOUNTS}/ r,
@{MOUNTS}/** rw,

8
apparmor.d/groups/gnome/seahorse
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/seahorse
@{exec_path} = @{bin}/seahorse
profile seahorse @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session-strict>
@ -38,9 +38,9 @@ profile seahorse @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/gpgconf rPx,
/{usr/,}bin/gpg{,2} rPx,
/{usr/,}bin/gpgsm rPx,
@{bin}/gpgconf rPx,
@{bin}/gpg{,2} rPx,
@{bin}/gpgsm rPx,
# freedesktop.org-strict
/usr/share/glib-2.0/schemas/gschemas.compiled r,

2
apparmor.d/groups/gnome/tracker-extract
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/tracker-extract-3
@{exec_path} = @{lib}/tracker-extract-3
profile tracker-extract @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>

2
apparmor.d/groups/gnome/tracker-miner
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/tracker-miner-fs-{,control-}3
@{exec_path} = @{lib}/tracker-miner-fs-{,control-}3
profile tracker-miner @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-session-strict>

2
apparmor.d/groups/grub/grub-bios-setup
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}{s,}bin/grub-bios-setup
@{exec_path} = @{bin}/grub-bios-setup
profile grub-bios-setup @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

8
apparmor.d/groups/grub/grub-check-signatures
View file

@ -13,10 +13,10 @@ profile grub-check-signatures @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/{m,g,}awk rix,
/{usr/,}bin//mktemp rix,
/{usr/,}bin//od rix,
@{bin}/{,ba,da}sh rix,
@{bin}/{m,g,}awk rix,
@{bin}//mktemp rix,
@{bin}//od rix,
/usr/share/debconf/frontend rPx,

2
apparmor.d/groups/grub/grub-editenv
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/grub-editenv
@{exec_path} = @{bin}/grub-editenv
profile grub-editenv @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/groups/grub/grub-file
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/grub-file
@{exec_path} = @{bin}/grub-file
profile grub-file @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/groups/grub/grub-fstest
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/grub-fstest
@{exec_path} = @{bin}/grub-fstest
profile grub-fstest @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/groups/grub/grub-glue-efi
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/grub-glue-efi
@{exec_path} = @{bin}/grub-glue-efi
profile grub-glue-efi @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

12
apparmor.d/groups/grub/grub-install
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}{s,}bin/grub-install
@{exec_path} = @{bin}/grub-install
profile grub-install @{exec_path} flags=(complain) {
include <abstractions/base>
include <abstractions/consoles>
@ -18,11 +18,11 @@ profile grub-install @{exec_path} flags=(complain) {
@{exec_path} mr,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/efibootmgr rix,
/{usr/,}bin/kmod rPx,
/{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/udevadm rPx,
@{bin}/{,ba,da}sh rix,
@{bin}/efibootmgr rix,
@{bin}/kmod rPx,
@{bin}/lsb_release rPx -> lsb_release,
@{bin}/udevadm rPx,
/usr/share/grub/{,**} r,

2
apparmor.d/groups/grub/grub-kbdcomp
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/grub-kbdcomp
@{exec_path} = @{bin}/grub-kbdcomp
profile grub-kbdcomp @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/groups/grub/grub-macbless
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}{s,}bin/grub-macbless
@{exec_path} = @{bin}/grub-macbless
profile grub-macbless @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/groups/grub/grub-menulst2cfg
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/grub-menulst2cfg
@{exec_path} = @{bin}/grub-menulst2cfg
profile grub-menulst2cfg @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

78
apparmor.d/groups/grub/grub-mkconfig
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}{s,}bin/grub-mkconfig
@{exec_path} = @{bin}/grub-mkconfig
profile grub-mkconfig @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
@ -19,44 +19,44 @@ profile grub-mkconfig @{exec_path} {
/{usr/,}{local/,}{s,}bin/zfs rPx,
/{usr/,}{local/,}{s,}bin/zpool rPx,
/{usr/,}{s,}bin/dmsetup rPUx,
/{usr/,}{s,}bin/grub-probe rPx,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/{e,f,}grep rix,
/{usr/,}bin/{m,g,}awk rix,
/{usr/,}bin/basename rix,
/{usr/,}bin/btrfs rPx,
/{usr/,}bin/cat rix,
/{usr/,}bin/chmod rix,
/{usr/,}bin/cut rix,
/{usr/,}bin/date rix,
/{usr/,}bin/dirname rix,
/{usr/,}bin/dpkg rPx,
/{usr/,}bin/find rix,
/{usr/,}bin/findmnt rPx,
/{usr/,}bin/gettext rix,
/{usr/,}bin/grub-mkrelpath rPx,
/{usr/,}bin/grub-script-check rPx,
/{usr/,}bin/head rix,
/{usr/,}bin/id rPx,
/{usr/,}bin/ls rix,
/{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/mktemp rix,
/{usr/,}bin/mount rPx,
/{usr/,}bin/mountpoint rix,
/{usr/,}bin/os-prober rPx,
/{usr/,}bin/paste rix,
/{usr/,}bin/readlink rix,
/{usr/,}bin/rm rix,
/{usr/,}bin/rmdir rix,
/{usr/,}bin/sed rix,
/{usr/,}bin/sort rix,
/{usr/,}bin/stat rix,
/{usr/,}bin/tail rix,
/{usr/,}bin/tr rix,
/{usr/,}bin/umount rPx,
/{usr/,}bin/uname rix,
/{usr/,}bin/which{.debianutils,} rix,
@{bin}/dmsetup rPUx,
@{bin}/grub-probe rPx,
@{bin}/{,ba,da}sh rix,
@{bin}/{e,f,}grep rix,
@{bin}/{m,g,}awk rix,
@{bin}/basename rix,
@{bin}/btrfs rPx,
@{bin}/cat rix,
@{bin}/chmod rix,
@{bin}/cut rix,
@{bin}/date rix,
@{bin}/dirname rix,
@{bin}/dpkg rPx,
@{bin}/find rix,
@{bin}/findmnt rPx,
@{bin}/gettext rix,
@{bin}/grub-mkrelpath rPx,
@{bin}/grub-script-check rPx,
@{bin}/head rix,
@{bin}/id rPx,
@{bin}/ls rix,
@{bin}/lsb_release rPx -> lsb_release,
@{bin}/mktemp rix,
@{bin}/mount rPx,
@{bin}/mountpoint rix,
@{bin}/os-prober rPx,
@{bin}/paste rix,
@{bin}/readlink rix,
@{bin}/rm rix,
@{bin}/rmdir rix,
@{bin}/sed rix,
@{bin}/sort rix,
@{bin}/stat rix,
@{bin}/tail rix,
@{bin}/tr rix,
@{bin}/umount rPx,
@{bin}/uname rix,
@{bin}/which{.debianutils,} rix,
/etc/grub.d/{**,} rix,
/boot/{**,} r,

2
apparmor.d/groups/grub/grub-mkdevicemap
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}{s,}bin/grub-mkdevicemap
@{exec_path} = @{bin}/grub-mkdevicemap
profile grub-mkdevicemap @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/groups/grub/grub-mkfont
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/grub-mkfont
@{exec_path} = @{bin}/grub-mkfont
profile grub-mkfont @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/groups/grub/grub-mkimage
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/grub-mkimage
@{exec_path} = @{bin}/grub-mkimage
profile grub-mkimage @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/groups/grub/grub-mklayout
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/grub-mklayout
@{exec_path} = @{bin}/grub-mklayout
profile grub-mklayout @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/groups/grub/grub-mknetdir
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/grub-mknetdir
@{exec_path} = @{bin}/grub-mknetdir
profile grub-mknetdir @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/groups/grub/grub-mkpasswd-pbkdf2
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/grub-mkpasswd-pbkdf2
@{exec_path} = @{bin}/grub-mkpasswd-pbkdf2
profile grub-mkpasswd-pbkdf2 @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/groups/grub/grub-mkrelpath
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}{s,}bin/grub-mkrelpath
@{exec_path} = @{bin}/grub-mkrelpath
profile grub-mkrelpath @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/groups/grub/grub-mkrescue
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/grub-mkrescue
@{exec_path} = @{bin}/grub-mkrescue
profile grub-mkrescue @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/groups/grub/grub-mkstandalone
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/grub-mkstandalone
@{exec_path} = @{bin}/grub-mkstandalone
profile grub-mkstandalone @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/groups/grub/grub-mount
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/grub-mount
@{exec_path} = @{bin}/grub-mount
profile grub-mount @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

22
apparmor.d/groups/grub/grub-multi-install
View file

@ -6,23 +6,23 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}lib/grub/grub-multi-install
@{exec_path} = @{lib}/grub/grub-multi-install
profile grub-multi-install @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
@{exec_path} mr,
/{usr/,}{s,}bin/grub-install rPx,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/{,e}grep rix,
/{usr/,}bin/cat rix,
/{usr/,}bin/dpkg-query rpx,
/{usr/,}bin/readlink rix,
/{usr/,}bin/sed rix,
/{usr/,}bin/sort rix,
/{usr/,}bin/touch rix,
/{usr/,}bin/udevadm rPx,
@{bin}/grub-install rPx,
@{bin}/{,ba,da}sh rix,
@{bin}/{,e}grep rix,
@{bin}/cat rix,
@{bin}/dpkg-query rpx,
@{bin}/readlink rix,
@{bin}/sed rix,
@{bin}/sort rix,
@{bin}/touch rix,
@{bin}/udevadm rPx,
/usr/share/debconf/frontend rPx,
/usr/lib/terminfo/x/xterm-256color r,

2
apparmor.d/groups/grub/grub-ntldr-img
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/grub-ntldr-img
@{exec_path} = @{bin}/grub-ntldr-img
profile grub-ntldr-img @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

8
apparmor.d/groups/grub/grub-probe
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}{s,}bin/grub-probe
@{exec_path} = @{bin}/grub-probe
profile grub-probe @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
@ -18,9 +18,9 @@ profile grub-probe @{exec_path} {
@{exec_path} mr,
/{usr/,}{local/,}{s,}bin/zpool rPx,
/{usr/,}{s,}bin/lvm rPx,
/{usr/,}bin/lsb_release rPx -> lsb_release,
/{usr/,}bin/udevadm rPx,
@{bin}/lvm rPx,
@{bin}/lsb_release rPx -> lsb_release,
@{bin}/udevadm rPx,
/ r,
/usr/share/grub/* r,

2
apparmor.d/groups/grub/grub-reboot
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}{s,}bin/grub-reboot
@{exec_path} = @{bin}/grub-reboot
profile grub-reboot @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/groups/grub/grub-render-label
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/grub-render-label
@{exec_path} = @{bin}/grub-render-label
profile grub-render-label @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/groups/grub/grub-script-check
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/grub-script-check
@{exec_path} = @{bin}/grub-script-check
profile grub-script-check @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/groups/grub/grub-set-default
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}{s,}bin/grub-set-default
@{exec_path} = @{bin}/grub-set-default
profile grub-set-default @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

2
apparmor.d/groups/grub/grub-syslinux2cfg
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/grub-syslinux2cfg
@{exec_path} = @{bin}/grub-syslinux2cfg
profile grub-syslinux2cfg @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>

6
apparmor.d/groups/grub/update-grub
View file

@ -6,14 +6,14 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}{s,}bin/update-grub{2,}
@{exec_path} = @{bin}/update-grub{2,}
profile update-grub @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
@{exec_path} mr,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}{s,}bin/grub-mkconfig rPx,
@{bin}/{,ba,da}sh rix,
@{bin}/grub-mkconfig rPx,
include if exists <local/update-grub>
}

2
apparmor.d/groups/gvfs/gvfs-afc-volume-monitor
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/{,gvfs/}gvfs-afc-volume-monitor
@{exec_path} = @{lib}/{,gvfs/}gvfs-afc-volume-monitor
profile gvfs-afc-volume-monitor @{exec_path} {
include <abstractions/base>
include <abstractions/dbus-session-strict>

Some files were not shown because too many files have changed in this diff Show more