diff --git a/apparmor.d/abstractions/app-launcher-root b/apparmor.d/abstractions/app-launcher-root index d21e49b9..c5e2f6a2 100644 --- a/apparmor.d/abstractions/app-launcher-root +++ b/apparmor.d/abstractions/app-launcher-root @@ -9,3 +9,5 @@ /usr/ r, /{usr/,}{s,}bin/ r, /{usr/,}{s,}bin/[a-z0-9]* rPUx, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/app-launcher-user b/apparmor.d/abstractions/app-launcher-user index aec6065d..a1f16248 100644 --- a/apparmor.d/abstractions/app-launcher-user +++ b/apparmor.d/abstractions/app-launcher-user @@ -36,3 +36,5 @@ /opt/FreeTube/freetube rPx, /opt/FreeTube-Vue/ r, /opt/FreeTube-Vue/freetube-vue rPx, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/apt-common b/apparmor.d/abstractions/apt-common index b774b822..f4a2ace2 100644 --- a/apparmor.d/abstractions/apt-common +++ b/apparmor.d/abstractions/apt-common @@ -26,3 +26,5 @@ owner /tmp/clearsigned.message.* rw, owner /tmp/#[0-9]*[0-9] rw, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/deny-dconf b/apparmor.d/abstractions/deny-dconf index bc31fa8f..4fb58007 100644 --- a/apparmor.d/abstractions/deny-dconf +++ b/apparmor.d/abstractions/deny-dconf @@ -19,3 +19,5 @@ deny owner @{user_config_dirs}/glib-2.0/settings/ rw, deny owner @{user_config_dirs}/glib-2.0/settings/keyfile rw, deny owner @{user_config_dirs}/glib-2.0/settings/.goutputstream-* rw, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/deny-root-dir-access b/apparmor.d/abstractions/deny-root-dir-access index 0941b56b..c76eac7a 100644 --- a/apparmor.d/abstractions/deny-root-dir-access +++ b/apparmor.d/abstractions/deny-root-dir-access @@ -14,3 +14,5 @@ # Use audit for now to see whether some apps are trying to get access to the /root/ dir. audit deny /root/{,**} rwkmlx, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/devices-usb b/apparmor.d/abstractions/devices-usb index 5ddcf713..f6f9892c 100644 --- a/apparmor.d/abstractions/devices-usb +++ b/apparmor.d/abstractions/devices-usb @@ -23,3 +23,5 @@ @{run}/udev/data/c16[6,7]* r, @{run}/udev/data/c18[0,8,9]* r, @{run}/udev/data/c8[0-9]:[0-9]* r, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/disks-read b/apparmor.d/abstractions/disks-read index eff81bf2..542b837c 100644 --- a/apparmor.d/abstractions/disks-read +++ b/apparmor.d/abstractions/disks-read @@ -81,3 +81,5 @@ @{run}/udev/data/c189:[0-9]* r, # for /dev/bus/usb/** @{run}/udev/data/+usb:* r, # for ? + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/disks-write b/apparmor.d/abstractions/disks-write index 3c09fbee..c5fc239c 100644 --- a/apparmor.d/abstractions/disks-write +++ b/apparmor.d/abstractions/disks-write @@ -82,3 +82,5 @@ @{run}/udev/data/c189:[0-9]* r, # for /dev/bus/usb/** @{run}/udev/data/+usb:* r, # for ? + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/file-browsing-strict b/apparmor.d/abstractions/file-browsing-strict index 0cfafaf0..277ca891 100644 --- a/apparmor.d/abstractions/file-browsing-strict +++ b/apparmor.d/abstractions/file-browsing-strict @@ -11,3 +11,5 @@ deny /etc/fstab r, deny /dev/disk/*/ r, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/flatpak-snap b/apparmor.d/abstractions/flatpak-snap index 6df950df..0a132289 100644 --- a/apparmor.d/abstractions/flatpak-snap +++ b/apparmor.d/abstractions/flatpak-snap @@ -17,3 +17,5 @@ /var/lib/snapd/desktop/applications/mimeinfo.cache r, /var/lib/snapd/desktop/applications/*.desktop r, /var/lib/snapd/desktop/applications/ r, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/fontconfig-cache-read b/apparmor.d/abstractions/fontconfig-cache-read index a0a437d7..d5fdf844 100644 --- a/apparmor.d/abstractions/fontconfig-cache-read +++ b/apparmor.d/abstractions/fontconfig-cache-read @@ -40,3 +40,5 @@ deny "@{user_share_dirs}/fonts/Google Fonts/.uuid{,.NEW,.LCK,.TMP-*}" w, owner "@{user_share_dirs}/fonts/Google Fonts/**/.uuid" r, deny "@{user_share_dirs}/fonts/Google Fonts/**/.uuid{,.NEW,.LCK,.TMP-*}" w, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/fontconfig-cache-write b/apparmor.d/abstractions/fontconfig-cache-write index e98a4201..534f521c 100644 --- a/apparmor.d/abstractions/fontconfig-cache-write +++ b/apparmor.d/abstractions/fontconfig-cache-write @@ -25,3 +25,4 @@ owner "@{user_share_dirs}/fonts/Google Fonts/**/.uuid{,.NEW,.LCK,.TMP-*}" rw, link "@{user_share_dirs}/fonts/Google Fonts/**/.uuid.LCK" -> "/home/*/.local/share/fonts/Google Fonts/**/.uuid.TMP-*", + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/fzf b/apparmor.d/abstractions/fzf index 02f98ef8..4a2b899c 100644 --- a/apparmor.d/abstractions/fzf +++ b/apparmor.d/abstractions/fzf @@ -7,3 +7,5 @@ owner @{HOME}/.fzf/{,**} r, owner @{HOME}/.fzf.* r, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/gstreamer b/apparmor.d/abstractions/gstreamer index 14d9f17e..b2cd5c44 100644 --- a/apparmor.d/abstractions/gstreamer +++ b/apparmor.d/abstractions/gstreamer @@ -51,3 +51,5 @@ owner @{HOME}/{.cache/,.}gstreamer-[0-9]*/ rw, owner @{HOME}/{.cache/,.}gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/gtk b/apparmor.d/abstractions/gtk index 70ca0752..bf92d8ea 100644 --- a/apparmor.d/abstractions/gtk +++ b/apparmor.d/abstractions/gtk @@ -42,3 +42,5 @@ # Xsession errors file owner @{HOME}/.xsession-errors w, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/kde4 b/apparmor.d/abstractions/kde4 index cb98f0a1..548e7034 100644 --- a/apparmor.d/abstractions/kde4 +++ b/apparmor.d/abstractions/kde4 @@ -29,3 +29,5 @@ owner /var/tmp/kdecache-*/ r, owner /var/tmp/kdecache-*/** r, owner /var/tmp/kdecache-*/*.kcache rw, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/kde5-plasma5 b/apparmor.d/abstractions/kde5-plasma5 index 865e54cc..c9a932cd 100644 --- a/apparmor.d/abstractions/kde5-plasma5 +++ b/apparmor.d/abstractions/kde5-plasma5 @@ -58,3 +58,5 @@ #/usr/share/mime/ r, #owner @{user_config_dirs}/menus/ r, #owner @{user_config_dirs}/menus/applications-merged/ r, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/nameservice-strict b/apparmor.d/abstractions/nameservice-strict index 13965028..72babfb9 100644 --- a/apparmor.d/abstractions/nameservice-strict +++ b/apparmor.d/abstractions/nameservice-strict @@ -20,3 +20,4 @@ /{var,}run/systemd/userdb/io.systemd.{NameServiceSwitch,Multiplexer,DynamicUser,Home} r, @{PROC}/sys/kernel/random/boot_id r, + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/systemd-common b/apparmor.d/abstractions/systemd-common index 3a44fc15..18f47b4b 100644 --- a/apparmor.d/abstractions/systemd-common +++ b/apparmor.d/abstractions/systemd-common @@ -17,3 +17,5 @@ /dev/kmsg w, @{sys}/firmware/efi/efivars/SecureBoot-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* r, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/thumbnails-cache-read b/apparmor.d/abstractions/thumbnails-cache-read index 48851717..171e4f80 100644 --- a/apparmor.d/abstractions/thumbnails-cache-read +++ b/apparmor.d/abstractions/thumbnails-cache-read @@ -11,3 +11,5 @@ owner @{user_cache_dirs}/thumbnails/ r, owner @{user_cache_dirs}/thumbnails/{large,normal}/ r, owner @{user_cache_dirs}/thumbnails/{large,normal}/[a-f0-9]*.png r, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/thumbnails-cache-write b/apparmor.d/abstractions/thumbnails-cache-write index 540afbbd..172072e1 100644 --- a/apparmor.d/abstractions/thumbnails-cache-write +++ b/apparmor.d/abstractions/thumbnails-cache-write @@ -13,3 +13,5 @@ owner @{user_cache_dirs}/thumbnails/{large,normal}/ rw, owner @{user_cache_dirs}/thumbnails/{large,normal}/#[0-9]*[0-9] rw, owner @{user_cache_dirs}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{user_cache_dirs}/thumbnails/{large,normal}/#[0-9]*[0-9], + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/tor b/apparmor.d/abstractions/tor index eb375573..a6719b95 100644 --- a/apparmor.d/abstractions/tor +++ b/apparmor.d/abstractions/tor @@ -29,3 +29,5 @@ /usr/bin/obfsproxy PUx, /usr/bin/obfs4proxy Pix, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/totem b/apparmor.d/abstractions/totem index ceb99440..546ab8bd 100644 --- a/apparmor.d/abstractions/totem +++ b/apparmor.d/abstractions/totem @@ -51,3 +51,5 @@ /run/udev/data/+usb* r, /sys/devices/system/node/*/meminfo r, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/trash b/apparmor.d/abstractions/trash index 8dc6e4c6..a8c7085e 100644 --- a/apparmor.d/abstractions/trash +++ b/apparmor.d/abstractions/trash @@ -74,3 +74,5 @@ owner /{media,mnt}/*/*/.Trash-[0-9]*/expunged/[0-9]* rw, owner /{media,mnt}/*/*/.Trash-[0-9]*/expunged/[0-9]*/ rw, owner /{media,mnt}/*/*/.Trash-[0-9]*/expunged/[0-9]*/** rw, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/user-download-strict b/apparmor.d/abstractions/user-download-strict index f9a59239..1786d10a 100644 --- a/apparmor.d/abstractions/user-download-strict +++ b/apparmor.d/abstractions/user-download-strict @@ -19,3 +19,5 @@ # For SSHFS mounts (without owner as files in such mounts can be owned by different users) @{HOME}/mount-sshfs/ r, @{HOME}/mount-sshfs/** rwl, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/user-read b/apparmor.d/abstractions/user-read index 6cbf86ba..2f049866 100644 --- a/apparmor.d/abstractions/user-read +++ b/apparmor.d/abstractions/user-read @@ -8,3 +8,5 @@ owner @{HOME}/@{XDG_VIDEOS_DIR}/{,**} r, owner @{HOME}/@{XDG_PROJECTS_DIR}/{,**} r, owner @{HOME}/@{XDG_BOOKS_DIR}/{,**} r, + + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/vlc-art-cache-write b/apparmor.d/abstractions/vlc-art-cache-write index e3d6e62b..1acb215e 100644 --- a/apparmor.d/abstractions/vlc-art-cache-write +++ b/apparmor.d/abstractions/vlc-art-cache-write @@ -12,3 +12,4 @@ owner @{user_cache_dirs}/vlc/art/artistalbum/**/art rw, owner @{user_cache_dirs}/vlc/art/artistalbum/**/art.jpg rw, + include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/zsh b/apparmor.d/abstractions/zsh index 8df08518..c9d582fe 100644 --- a/apparmor.d/abstractions/zsh +++ b/apparmor.d/abstractions/zsh @@ -25,3 +25,5 @@ owner @{HOME}/.zcompdump-* rw, owner @{user_config_dirs}/zsh/{,**} r, + + include if exists \ No newline at end of file