Small fixes.

2025-01-29 22:35:15 +01:00 · 2021-05-30 16:15:29 +01:00 · 2021-05-30 16:15:29 +01:00 · 44dc86cd36
commit 44dc86cd36
parent 9b7ab9cbc3
7 changed files with 12 additions and 3 deletions
--- a/apparmor.d/groups/bus/dbus-daemon
+++ b/apparmor.d/groups/bus/dbus-daemon
@ -22,6 +22,9 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) {

  network netlink raw,

+  network bluetooth stream,
+  network bluetooth seqpacket,
+
  ptrace (read) peer=unconfined,

  @{exec_path} mr,
--- a/apparmor.d/groups/desktop/blueman
+++ b/apparmor.d/groups/desktop/blueman
@ -59,7 +59,7 @@ profile blueman @{exec_path} flags=(attach_disconnected) {

  owner @{PROC}/@{pid}/fd/ r,
  owner @{PROC}/@{pid}/mounts r,
-  owner @{PROC}/@{pid}/cmdline r,
+        @{PROC}/@{pids}/cmdline r,

  include <abstractions/dconf>
  owner @{run}/user/@{uid}/dconf/ rw,
--- a/apparmor.d/groups/gnome/gsd-power
+++ b/apparmor.d/groups/gnome/gsd-power
@ -22,11 +22,13 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
  /usr/share/gdm/greeter-dconf-defaults r,
  /usr/share/glib-2.0/schemas/gschemas.compiled r,
  /usr/share/icons/{,**} r,
+  /usr/share/sounds/freedesktop/index.theme r,
  /usr/share/sounds/freedesktop/stereo/*.oga r,
  /usr/share/X11/xkb/** r,

  /etc/machine-id r,
  /var/lib/dbus/machine-id r,
+  /var/lib/gdm/.config/pulse/client.conf r,
  /etc/pulse/client.conf r,

  owner @{user_cache_dirs}/event-sound-cache.tdb.* rwk,
--- a/apparmor.d/profiles-a-l/browserpass
+++ b/apparmor.d/profiles-a-l/browserpass
@ -22,6 +22,7 @@ profile browserpass @{exec_path} {
  owner @{HOME}/.mozilla/firefox/[0-9a-z]*.default/extensions/* r,
  owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.default/startupCache/scriptCache-*.bin r,
  owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.default/startupCache/startupCache.*.little r,
+  owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.default/safebrowsing-updating/google[0-9]/goog-phish-proto-[0-9]*.vlpset rw,

  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,

--- a/apparmor.d/profiles-a-l/gdk-pixbuf-query-loaders
+++ b/apparmor.d/profiles-a-l/gdk-pixbuf-query-loaders
@ -12,7 +12,7 @@ profile gdk-pixbuf-query-loaders @{exec_path} {

  @{exec_path} mr,

-  /{usr/,}lib/gdk-pixbuf-[0-9].[0-9]*/*/loaders.cache.* rw,
+  /{usr/,}lib/gdk-pixbuf-[0-9].[0-9]*/{,*}/loaders.cache.* rw,

  include if exists <local/gdk-pixbuf-query-loaders>
 }
--- a/apparmor.d/profiles-m-z/mission-control
+++ b/apparmor.d/profiles-m-z/mission-control
@ -14,7 +14,7 @@ profile mission-control @{exec_path} {
  network netlink raw,

  @{exec_path} mr,
-  /usr/{lib,libexec}/* rUx,  # FIXME: Needed ?
+  /usr/{lib,libexec}/* rPUx,  # FIXME: Needed ?

  /usr/share/telepathy/{,**} r,
  /usr/share/glib-2.0/schemas/gschemas.compiled r,
--- a/apparmor.d/profiles-m-z/polkitd
+++ b/apparmor.d/profiles-m-z/polkitd
@ -47,5 +47,8 @@ profile polkitd @{exec_path} {
  @{run}/systemd/sessions/* r,
  @{run}/systemd/users/@{uid} r,

+  # Silencer
+  deny /.cache/ rw,
+
  include if exists <local/polkitd>
 }