xfce, fixes

2025-02-04 17:25:05 +01:00 · 2025-01-24 21:48:31 +00:00 · 2025-01-24 21:48:31 +00:00 · 45f5689d6a
commit 45f5689d6a
parent 39b38b9ee5
18 changed files with 24 additions and 32 deletions
--- a/apparmor.d/groups/display-manager/lightdm
+++ b/apparmor.d/groups/display-manager/lightdm
@ -37,9 +37,9 @@ profile lightdm @{exec_path} flags=(attach_disconnected) {
  signal (send) set=(term) peer=xfce-session,
  signal (send) set=(term) peer=xorg,

-  unix (bind) type=stream addr="@@{hex}/bus/lightdm/system",
+  unix (bind) type=stream addr="@@{udbus}/bus/lightdm/system",

-  dbus (bind) bus=system name=org.freedesktop.DisplayManager,
+  #aa:dbus own bus=system name=org.freedesktop.DisplayManager

  @{exec_path} mrix,

--- a/apparmor.d/groups/gvfs/gvfsd-computer
+++ b/apparmor.d/groups/gvfs/gvfsd-computer
@ -12,7 +12,7 @@ profile gvfsd-computer @{exec_path} {
  include <abstractions/base>
  include <abstractions/bus-session>

-  dbus (bind) bus=session name=org.gtk.vfs.mountpoint_@{int},
+  #aa:dbus own bus=session name=org.gtk.vfs.mountpoint_@{int}

  @{exec_path} mr,

--- a/apparmor.d/groups/gvfs/gvfsd-wsdd
+++ b/apparmor.d/groups/gvfs/gvfsd-wsdd
@ -13,7 +13,7 @@ profile gvfsd-wsdd @{exec_path} {

  network netlink raw,

-  dbus (bind) bus=session name=org.gtk.vfs.mountpoint_wsdd,
+  #aa:dbus own bus=session name=org.gtk.vfs.mountpoint_wsdd

  @{exec_path} mr,

--- a/apparmor.d/groups/xfce/thunar
+++ b/apparmor.d/groups/xfce/thunar
@ -19,9 +19,9 @@ profile thunar @{exec_path} {

  network netlink raw,

-  dbus (bind) bus=session name=org.xfce.Thunar,
-  dbus (bind) bus=session name=org.xfce.FileManager,
-  dbus (bind) bus=session name=org.freedesktop.FileManager1,
+  #aa:dbus own bus=session name=org.xfce.Thunar
+  #aa:dbus own bus=session name=org.xfce.FileManager
+  #aa:dbus own bus=session name=org.freedesktop.FileManager1

  @{exec_path} mr,

--- a/apparmor.d/groups/xfce/tumblerd
+++ b/apparmor.d/groups/xfce/tumblerd
@ -12,16 +12,13 @@ profile tumblerd @{exec_path} {
  include <abstractions/fontconfig-cache-read>
  include <abstractions/desktop>
  include <abstractions/bus-session>
-  include <abstractions/fontconfig-cache-read>
-  include <abstractions/desktop>
-  include <abstractions/bus-session>
  include <abstractions/gstreamer>
  include <abstractions/nameservice-strict>
  include <abstractions/thumbnails-cache-write>

-  dbus (bind) bus=session name=org.freedesktop.thumbnails.Cache1,
-  dbus (bind) bus=session name=org.freedesktop.thumbnails.Manager1,
-  dbus (bind) bus=session name=org.freedesktop.thumbnails.Thumbnailer1,
+  #aa:dbus own bus=session name=org.freedesktop.thumbnails.Cache1
+  #aa:dbus own bus=session name=org.freedesktop.thumbnails.Manager1
+  #aa:dbus own bus=session name=org.freedesktop.thumbnails.Thumbnailer1

  @{exec_path} mr,

--- a/apparmor.d/groups/xfce/xfce-clipman-settings
+++ b/apparmor.d/groups/xfce/xfce-clipman-settings
@ -13,7 +13,7 @@ profile xfce-clipman-settings @{exec_path} {
  include <abstractions/bus-session>
  include <abstractions/xfce>

-  dbus (bind) bus=session name=org.xfce.clipman.settings,
+  #aa:dbus own bus=session name=org.xfce.clipman.settings

  @{exec_path} mr,

--- a/apparmor.d/groups/xfce/xfce-notifyd
+++ b/apparmor.d/groups/xfce/xfce-notifyd
@ -24,8 +24,8 @@ profile xfce-notifyd @{exec_path} {
  network inet6 stream,
  network netlink raw,

-  dbus (bind) bus=session name=org.xfce.Notifyd,
-  dbus (bind) bus=session name=org.freedesktop.Notifications,
+  #aa:dbus own bus=session name=org.xfce.Notifyd
+  #aa:dbus own bus=session name=org.freedesktop.Notifications

  @{exec_path} mr,

--- a/apparmor.d/groups/xfce/xfce-panel
+++ b/apparmor.d/groups/xfce/xfce-panel
@ -22,8 +22,8 @@ profile xfce-panel @{exec_path} {

  ptrace (read) peer=xfce-terminal,

-  dbus (bind) bus=session name=org.xfce.Panel,
-  dbus (bind) bus=session name=org.kde.StatusNotifierWatcher,
+  #aa:dbus own bus=session name=org.xfce.Panel
+  #aa:dbus own bus=session name=org.kde.StatusNotifierWatcher

  @{exec_path} mr,

--- a/apparmor.d/groups/xfce/xfce-power-manager
+++ b/apparmor.d/groups/xfce/xfce-power-manager
@ -16,8 +16,8 @@ profile xfce-power-manager @{exec_path} flags=(attach_disconnected) {
  include <abstractions/xfce>
  include <abstractions/nameservice-strict>

-  dbus (bind) bus=session name=org.xfce.PowerManager,
-  dbus (bind) bus=session name=org.freedesktop.PowerManagement,
+  #aa:dbus own bus=session name=org.xfce.PowerManager
+  #aa:dbus own bus=session name=org.freedesktop.PowerManagement

  @{exec_path} mr,

--- a/apparmor.d/groups/xfce/xfce-screensaver
+++ b/apparmor.d/groups/xfce/xfce-screensaver
@ -16,7 +16,7 @@ profile xfce-screensaver @{exec_path} flags=(attach_disconnected) {
  include <abstractions/xfce>
  include <abstractions/nameservice-strict>

-  dbus (bind) bus=session name=org.xfce.ScreenSaver,
+  #aa:dbus own bus=session name=org.xfce.ScreenSaver

  @{exec_path} mr,

--- a/apparmor.d/groups/xfce/xfce-session
+++ b/apparmor.d/groups/xfce/xfce-session
@ -20,7 +20,7 @@ profile xfce-session @{exec_path} flags=(attach_disconnected) {

  signal (receive) set=(term) peer=lightdm,

-  dbus (bind) bus=session name=org.xfce.SessionManager,
+  #aa:dbus own bus=session name=org.xfce.SessionManager

  @{exec_path} mr,

--- a/apparmor.d/groups/xfce/xfce-terminal
+++ b/apparmor.d/groups/xfce/xfce-terminal
@ -21,7 +21,7 @@ profile xfce-terminal @{exec_path} {

  signal (send),

-  dbus (bind) bus=session name=org.xfce.Terminal5,
+  #aa:dbus own bus=session name=org.xfce.Terminal5

  @{exec_path} mr,

@ -35,7 +35,7 @@ profile xfce-terminal @{exec_path} {
  @{bin}/micro               rPUx,
  @{bin}/nvtop                rPx,

-  @{bin}/vim{,.basic} rPUx,
+  @{editor_path} rPUx,

  /usr/share/ r,
  /usr/share/desktop-base/profiles/xdg-config/ r,
--- a/apparmor.d/groups/xfce/xfconfd
+++ b/apparmor.d/groups/xfce/xfconfd
@ -13,7 +13,7 @@ profile xfconfd @{exec_path} {
  include <abstractions/bus-session>
  include <abstractions/xfce>

-  dbus (bind) bus=session name=org.xfce.Xfconf,
+  #aa:dbus own bus=session name=org.xfce.Xfconf

  @{exec_path} mr,

--- a/apparmor.d/groups/xfce/xfdesktop
+++ b/apparmor.d/groups/xfce/xfdesktop
@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = @{bin}/xfdesktop
 profile xfdesktop @{exec_path} {
  include <abstractions/base>
-  include <abstractions/desktop>
  include <abstractions/fontconfig-cache-read>
  include <abstractions/bus-accessibility>
  include <abstractions/bus-session>
@ -18,7 +17,7 @@ profile xfdesktop @{exec_path} {
  include <abstractions/thumbnails-cache-read>
  include <abstractions/xfce>

-  dbus (bind) bus=session name=org.xfce.xfdesktop,
+  #aa:dbus own bus=session name=org.xfce.xfdesktop

  @{exec_path} mr,

--- a/apparmor.d/groups/xfce/xfsettingsd
+++ b/apparmor.d/groups/xfce/xfsettingsd
@ -16,7 +16,7 @@ profile xfsettingsd @{exec_path} {
  include <abstractions/fontconfig-cache-read>
  include <abstractions/xfce>

-  dbus (bind) bus=session name=org.xfce.SettingsDaemon,
+  #aa:dbus own bus=session name=org.xfce.SettingsDaemon

  @{exec_path} mr,

--- a/apparmor.d/profiles-a-f/blueman
+++ b/apparmor.d/profiles-a-f/blueman
@ -62,7 +62,6 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
  /dev/shm/ r,
  /dev/tty rw,

-  deny @{lib}/python3/dist-packages/blueman/__pycache__/** w,
  deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,

  include if exists <local/blueman>
--- a/apparmor.d/profiles-s-z/system-config-printer-applet
+++ b/apparmor.d/profiles-s-z/system-config-printer-applet
@ -30,8 +30,6 @@ profile system-config-printer-applet @{exec_path} {

  /dev/tty rw,

-  deny @{lib}/python3/dist-packages/cupshelpers/__pycache__/** w,
-
  include if exists <local/system-config-printer-applet>
 }

--- a/apparmor.d/profiles-s-z/xarchiver
+++ b/apparmor.d/profiles-s-z/xarchiver
@ -55,7 +55,6 @@ profile xarchiver @{exec_path} {
        /home/ r,
  #owner @{HOME}/ r,
  #owner @{HOME}/** rw,
-  owner @{HOME}/@{XDG_DOWNLOAD_DIR}/{,**} rwl,
        @{MOUNTS}/ r,
        @{MOUNTS}/** rw,
        /tmp/ r,