From 44dc86cd36cb4d4b467d78d97b8b997a2fa3ad37 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 30 May 2021 16:15:29 +0100 Subject: [PATCH] Small fixes. --- apparmor.d/groups/bus/dbus-daemon | 3 +++ apparmor.d/groups/desktop/blueman | 2 +- apparmor.d/groups/gnome/gsd-power | 2 ++ apparmor.d/profiles-a-l/browserpass | 1 + apparmor.d/profiles-a-l/gdk-pixbuf-query-loaders | 2 +- apparmor.d/profiles-m-z/mission-control | 2 +- apparmor.d/profiles-m-z/polkitd | 3 +++ 7 files changed, 12 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/bus/dbus-daemon b/apparmor.d/groups/bus/dbus-daemon index 99fb913f..447cefce 100644 --- a/apparmor.d/groups/bus/dbus-daemon +++ b/apparmor.d/groups/bus/dbus-daemon @@ -22,6 +22,9 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) { network netlink raw, + network bluetooth stream, + network bluetooth seqpacket, + ptrace (read) peer=unconfined, @{exec_path} mr, diff --git a/apparmor.d/groups/desktop/blueman b/apparmor.d/groups/desktop/blueman index ce34a418..30af7e3f 100644 --- a/apparmor.d/groups/desktop/blueman +++ b/apparmor.d/groups/desktop/blueman @@ -59,7 +59,7 @@ profile blueman @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mounts r, - owner @{PROC}/@{pid}/cmdline r, + @{PROC}/@{pids}/cmdline r, include owner @{run}/user/@{uid}/dconf/ rw, diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power index 9335cb8f..3583603d 100644 --- a/apparmor.d/groups/gnome/gsd-power +++ b/apparmor.d/groups/gnome/gsd-power @@ -22,11 +22,13 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { /usr/share/gdm/greeter-dconf-defaults r, /usr/share/glib-2.0/schemas/gschemas.compiled r, /usr/share/icons/{,**} r, + /usr/share/sounds/freedesktop/index.theme r, /usr/share/sounds/freedesktop/stereo/*.oga r, /usr/share/X11/xkb/** r, /etc/machine-id r, /var/lib/dbus/machine-id r, + /var/lib/gdm/.config/pulse/client.conf r, /etc/pulse/client.conf r, owner @{user_cache_dirs}/event-sound-cache.tdb.* rwk, diff --git a/apparmor.d/profiles-a-l/browserpass b/apparmor.d/profiles-a-l/browserpass index 110afe8a..2f954253 100644 --- a/apparmor.d/profiles-a-l/browserpass +++ b/apparmor.d/profiles-a-l/browserpass @@ -22,6 +22,7 @@ profile browserpass @{exec_path} { owner @{HOME}/.mozilla/firefox/[0-9a-z]*.default/extensions/* r, owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.default/startupCache/scriptCache-*.bin r, owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.default/startupCache/startupCache.*.little r, + owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.default/safebrowsing-updating/google[0-9]/goog-phish-proto-[0-9]*.vlpset rw, @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, diff --git a/apparmor.d/profiles-a-l/gdk-pixbuf-query-loaders b/apparmor.d/profiles-a-l/gdk-pixbuf-query-loaders index 043b8a8c..c1fbc4ea 100644 --- a/apparmor.d/profiles-a-l/gdk-pixbuf-query-loaders +++ b/apparmor.d/profiles-a-l/gdk-pixbuf-query-loaders @@ -12,7 +12,7 @@ profile gdk-pixbuf-query-loaders @{exec_path} { @{exec_path} mr, - /{usr/,}lib/gdk-pixbuf-[0-9].[0-9]*/*/loaders.cache.* rw, + /{usr/,}lib/gdk-pixbuf-[0-9].[0-9]*/{,*}/loaders.cache.* rw, include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-m-z/mission-control b/apparmor.d/profiles-m-z/mission-control index dcd8d6b0..27728de3 100644 --- a/apparmor.d/profiles-m-z/mission-control +++ b/apparmor.d/profiles-m-z/mission-control @@ -14,7 +14,7 @@ profile mission-control @{exec_path} { network netlink raw, @{exec_path} mr, - /usr/{lib,libexec}/* rUx, # FIXME: Needed ? + /usr/{lib,libexec}/* rPUx, # FIXME: Needed ? /usr/share/telepathy/{,**} r, /usr/share/glib-2.0/schemas/gschemas.compiled r, diff --git a/apparmor.d/profiles-m-z/polkitd b/apparmor.d/profiles-m-z/polkitd index 2a11480b..f3c4ee69 100644 --- a/apparmor.d/profiles-m-z/polkitd +++ b/apparmor.d/profiles-m-z/polkitd @@ -47,5 +47,8 @@ profile polkitd @{exec_path} { @{run}/systemd/sessions/* r, @{run}/systemd/users/@{uid} r, + # Silencer + deny /.cache/ rw, + include if exists }