Add include if exists abstractions *.d

2025-02-20 08:55:34 +01:00 · 2021-04-12 19:59:04 +01:00 · 2021-04-12 19:59:04 +01:00 · 3734e5aedf
commit 3734e5aedf
parent 8d22bc10b2
28 changed files with 53 additions and 0 deletions
--- a/apparmor.d/abstractions/app-launcher-root
+++ b/apparmor.d/abstractions/app-launcher-root
@ -9,3 +9,5 @@
  /usr/ r,
  /{usr/,}{s,}bin/ r,
  /{usr/,}{s,}bin/[a-z0-9]* rPUx,
+
+  include if exists <abstractions/app-launcher-root.d>
--- a/apparmor.d/abstractions/app-launcher-user
+++ b/apparmor.d/abstractions/app-launcher-user
@ -36,3 +36,5 @@
  /opt/FreeTube/freetube         rPx,
  /opt/FreeTube-Vue/             r,
  /opt/FreeTube-Vue/freetube-vue rPx,
+
+  include if exists <abstractions/app-launcher-user.d>
--- a/apparmor.d/abstractions/apt-common
+++ b/apparmor.d/abstractions/apt-common
@ -26,3 +26,5 @@

  owner /tmp/clearsigned.message.* rw,
  owner /tmp/#[0-9]*[0-9] rw,
+
+  include if exists <abstractions/apt-common.d>
--- a/apparmor.d/abstractions/deny-dconf
+++ b/apparmor.d/abstractions/deny-dconf
@ -19,3 +19,5 @@
  deny owner @{user_config_dirs}/glib-2.0/settings/ rw,
  deny owner @{user_config_dirs}/glib-2.0/settings/keyfile rw,
  deny owner @{user_config_dirs}/glib-2.0/settings/.goutputstream-* rw,
+
+  include if exists <abstractions/deny-dconf.d>
--- a/apparmor.d/abstractions/deny-root-dir-access
+++ b/apparmor.d/abstractions/deny-root-dir-access
@ -14,3 +14,5 @@

  # Use audit for now to see whether some apps are trying to get access to the /root/ dir.
  audit deny /root/{,**} rwkmlx,
+
+  include if exists <abstractions/deny-root-dir-access.d>
--- a/apparmor.d/abstractions/devices-usb
+++ b/apparmor.d/abstractions/devices-usb
@ -23,3 +23,5 @@
  @{run}/udev/data/c16[6,7]* r,
  @{run}/udev/data/c18[0,8,9]* r,
  @{run}/udev/data/c8[0-9]:[0-9]* r,
+
+  include if exists <abstractions/devices-usb.d>
--- a/apparmor.d/abstractions/disks-read
+++ b/apparmor.d/abstractions/disks-read
@ -81,3 +81,5 @@
  @{run}/udev/data/c189:[0-9]* r, # for /dev/bus/usb/**

  @{run}/udev/data/+usb:*      r, # for ?
+
+  include if exists <abstractions/disks-read.d>
--- a/apparmor.d/abstractions/disks-write
+++ b/apparmor.d/abstractions/disks-write
@ -82,3 +82,5 @@
  @{run}/udev/data/c189:[0-9]* r, # for /dev/bus/usb/**

  @{run}/udev/data/+usb:*      r, # for ?
+
+  include if exists <abstractions/disks-write.d>
--- a/apparmor.d/abstractions/file-browsing-strict
+++ b/apparmor.d/abstractions/file-browsing-strict
@ -11,3 +11,5 @@
  deny /etc/fstab r,

  deny /dev/disk/*/ r,
+
+  include if exists <abstractions/file-browsing-strict.d>
--- a/apparmor.d/abstractions/flatpak-snap
+++ b/apparmor.d/abstractions/flatpak-snap
@ -17,3 +17,5 @@
  /var/lib/snapd/desktop/applications/mimeinfo.cache r,
  /var/lib/snapd/desktop/applications/*.desktop r,
  /var/lib/snapd/desktop/applications/ r,
+
+  include if exists <abstractions/flatpak-snap.d>
--- a/apparmor.d/abstractions/fontconfig-cache-read
+++ b/apparmor.d/abstractions/fontconfig-cache-read
@ -40,3 +40,5 @@
  deny       "@{user_share_dirs}/fonts/Google Fonts/.uuid{,.NEW,.LCK,.TMP-*}" w,
       owner "@{user_share_dirs}/fonts/Google Fonts/**/.uuid" r,
  deny       "@{user_share_dirs}/fonts/Google Fonts/**/.uuid{,.NEW,.LCK,.TMP-*}" w,
+
+  include if exists <abstractions/fontconfig-cache-read.d>
--- a/apparmor.d/abstractions/fontconfig-cache-write
+++ b/apparmor.d/abstractions/fontconfig-cache-write
@ -25,3 +25,4 @@
  owner "@{user_share_dirs}/fonts/Google Fonts/**/.uuid{,.NEW,.LCK,.TMP-*}" rw,
   link "@{user_share_dirs}/fonts/Google Fonts/**/.uuid.LCK" -> "/home/*/.local/share/fonts/Google Fonts/**/.uuid.TMP-*",

+  include if exists <abstractions/fontconfig-cache-write.d>
--- a/apparmor.d/abstractions/fzf
+++ b/apparmor.d/abstractions/fzf
@ -7,3 +7,5 @@
  owner @{HOME}/.fzf/{,**} r,

  owner @{HOME}/.fzf.* r,
+
+  include if exists <abstractions/fzf.d>
--- a/apparmor.d/abstractions/gstreamer
+++ b/apparmor.d/abstractions/gstreamer
@ -51,3 +51,5 @@

  owner @{HOME}/{.cache/,.}gstreamer-[0-9]*/ rw,
  owner @{HOME}/{.cache/,.}gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw,
+
+  include if exists <abstractions/gstreamer.d>
--- a/apparmor.d/abstractions/gtk
+++ b/apparmor.d/abstractions/gtk
@ -42,3 +42,5 @@

  # Xsession errors file
  owner @{HOME}/.xsession-errors w,
+
+  include if exists <abstraction/gtk.d>
--- a/apparmor.d/abstractions/kde4
+++ b/apparmor.d/abstractions/kde4
@ -29,3 +29,5 @@
  owner /var/tmp/kdecache-*/ r,
  owner /var/tmp/kdecache-*/** r,
  owner /var/tmp/kdecache-*/*.kcache rw,
+
+  include if exists <abstractions/kde4.d>
--- a/apparmor.d/abstractions/kde5-plasma5
+++ b/apparmor.d/abstractions/kde5-plasma5
@ -58,3 +58,5 @@
  #/usr/share/mime/ r,
  #owner @{user_config_dirs}/menus/ r,
  #owner @{user_config_dirs}/menus/applications-merged/ r,
+
+  include if exists <abstractions/kde5-plasma5.d>
--- a/apparmor.d/abstractions/nameservice-strict
+++ b/apparmor.d/abstractions/nameservice-strict
@ -20,3 +20,4 @@
  /{var,}run/systemd/userdb/io.systemd.{NameServiceSwitch,Multiplexer,DynamicUser,Home} r,
  @{PROC}/sys/kernel/random/boot_id r,

+  include if exists <abstractions/nameservice-strict.d>
--- a/apparmor.d/abstractions/systemd-common
+++ b/apparmor.d/abstractions/systemd-common
@ -17,3 +17,5 @@
  /dev/kmsg w,

  @{sys}/firmware/efi/efivars/SecureBoot-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* r,
+
+  include if exists <abstractions/systemd-common.d>
--- a/apparmor.d/abstractions/thumbnails-cache-read
+++ b/apparmor.d/abstractions/thumbnails-cache-read
@ -11,3 +11,5 @@
  owner @{user_cache_dirs}/thumbnails/ r,
  owner @{user_cache_dirs}/thumbnails/{large,normal}/ r,
  owner @{user_cache_dirs}/thumbnails/{large,normal}/[a-f0-9]*.png r,
+
+  include if exists <abstractions/thumbnails-cache-read.d>
--- a/apparmor.d/abstractions/thumbnails-cache-write
+++ b/apparmor.d/abstractions/thumbnails-cache-write
@ -13,3 +13,5 @@
  owner @{user_cache_dirs}/thumbnails/{large,normal}/ rw,
  owner @{user_cache_dirs}/thumbnails/{large,normal}/#[0-9]*[0-9] rw,
  owner @{user_cache_dirs}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{user_cache_dirs}/thumbnails/{large,normal}/#[0-9]*[0-9],
+
+  include if exists <abstractions/thumbnails-cache-write.d>
--- a/apparmor.d/abstractions/tor
+++ b/apparmor.d/abstractions/tor
@ -29,3 +29,5 @@

  /usr/bin/obfsproxy PUx,
  /usr/bin/obfs4proxy Pix,
+
+  include if exists <abstractions/tor.d>
--- a/apparmor.d/abstractions/totem
+++ b/apparmor.d/abstractions/totem
@ -51,3 +51,5 @@
  /run/udev/data/+usb* r,

  /sys/devices/system/node/*/meminfo r,
+
+  include if exists <abstractions/totem.d>
--- a/apparmor.d/abstractions/trash
+++ b/apparmor.d/abstractions/trash
@ -74,3 +74,5 @@
  owner /{media,mnt}/*/*/.Trash-[0-9]*/expunged/[0-9]* rw,
  owner /{media,mnt}/*/*/.Trash-[0-9]*/expunged/[0-9]*/ rw,
  owner /{media,mnt}/*/*/.Trash-[0-9]*/expunged/[0-9]*/** rw,
+
+  include if exists <abstractions/trash.d>
--- a/apparmor.d/abstractions/user-download-strict
+++ b/apparmor.d/abstractions/user-download-strict
@ -19,3 +19,5 @@
  # For SSHFS mounts (without owner as files in such mounts can be owned by different users)
        @{HOME}/mount-sshfs/ r,
        @{HOME}/mount-sshfs/** rwl,
+
+  include if exists <abstractions/user-download-strict.d>
--- a/apparmor.d/abstractions/user-read
+++ b/apparmor.d/abstractions/user-read
@ -8,3 +8,5 @@
  owner @{HOME}/@{XDG_VIDEOS_DIR}/{,**} r,
  owner @{HOME}/@{XDG_PROJECTS_DIR}/{,**} r,
  owner @{HOME}/@{XDG_BOOKS_DIR}/{,**} r,
+
+  include if exists <abstractions/user-read.d>
--- a/apparmor.d/abstractions/vlc-art-cache-write
+++ b/apparmor.d/abstractions/vlc-art-cache-write
@ -12,3 +12,4 @@
  owner @{user_cache_dirs}/vlc/art/artistalbum/**/art rw,
  owner @{user_cache_dirs}/vlc/art/artistalbum/**/art.jpg rw,

+  include if exists <abstractions/vlc-art-cache-write.d>
--- a/apparmor.d/abstractions/zsh
+++ b/apparmor.d/abstractions/zsh
@ -25,3 +25,5 @@

  owner @{HOME}/.zcompdump-* rw,
  owner @{user_config_dirs}/zsh/{,**} r,
+
+  include if exists <abstractions/zsh.d>