diff --git a/apparmor.d/groups/browsers/brave b/apparmor.d/groups/browsers/brave index a4765260..4d065dce 100644 --- a/apparmor.d/groups/browsers/brave +++ b/apparmor.d/groups/browsers/brave @@ -8,7 +8,7 @@ abi , include @{name} = brave{,-beta,-dev,-bin} -@{domain} = com.brave.Brave +@{domain} = com.brave.Brave org.chromium.Chromium @{lib_dirs} = /opt/brave{-bin,.com}{,/@{name}} @{config_dirs} = @{user_config_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev} @{cache_dirs} = @{user_cache_dirs}/BraveSoftware/Brave-Browser{,-Beta,-Dev} @@ -43,11 +43,6 @@ profile brave @{exec_path} { owner @{tmp}/net-export/ rw, # For brave://net-export/ - owner @{tmp}/.org.chromium.Chromium.* rwk, - owner @{tmp}/.org.chromium.Chromium*/{,**} rw, - - owner /dev/shm/.org.chromium.Chromium.* rw, - # Silencer deny /etc/opt/chrome/ w, deny /dev/disk/by-uuid/ r, diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index 29ced8dd..b6420b34 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -294,7 +294,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) { owner @{run}/user/@{uid}/snap.snap*/wayland-cursor-shared-* rw, owner @{run}/user/@{uid}/systemd/notify rw, - owner /dev/shm/.org.chromium.Chromium.* rw, + owner /dev/shm/.org.chromium.Chromium.@{rand6} rw, owner /dev/shm/wayland.mozilla.ipc.@{int} rw, /tmp/.X@{int}-lock rw, diff --git a/apparmor.d/profiles-g-l/git b/apparmor.d/profiles-g-l/git index af7fbd4d..edacd92e 100644 --- a/apparmor.d/profiles-g-l/git +++ b/apparmor.d/profiles-g-l/git @@ -105,7 +105,7 @@ profile git @{exec_path} flags=(attach_disconnected) { deny owner @{user_share_dirs}/gvfs-metadata/* r, deny owner @{user_share_dirs}/zed/**/data.mdb rw, deny /usr/share/nvidia/nvidia-application-profiles-* r, - deny /dev/shm/.org.chromium.Chromium* rw, + deny /dev/shm/.org.chromium.Chromium.@{rand6} rw, profile gpg flags=(attach_disconnected) { include