diff --git a/apparmor.d/abstractions/flatpak-snap b/apparmor.d/abstractions/flatpak-snap index 3cc5c1ea..6df950df 100644 --- a/apparmor.d/abstractions/flatpak-snap +++ b/apparmor.d/abstractions/flatpak-snap @@ -9,9 +9,9 @@ /var/lib/flatpak/exports/share/{,**} r, /var/lib/flatpak/app/**/export/share/applications/{,*.desktop} r, - owner @{HOME}/.local/share/flatpak/exports/share/{,**} r, - owner @{HOME}/.local/share/flatpak/app/{,**.desktop} r, - deny owner @{HOME}/.local/share/flatpak/** w, + owner @{user_share_dirs}/flatpak/exports/share/{,**} r, + owner @{user_share_dirs}/flatpak/app/{,**.desktop} r, + deny owner @{user_share_dirs}/flatpak/** w, # Snap /var/lib/snapd/desktop/applications/mimeinfo.cache r, diff --git a/apparmor.d/abstractions/fontconfig-cache-read b/apparmor.d/abstractions/fontconfig-cache-read index 29c072ea..a0a437d7 100644 --- a/apparmor.d/abstractions/fontconfig-cache-read +++ b/apparmor.d/abstractions/fontconfig-cache-read @@ -36,7 +36,7 @@ deny /usr/share/**/.uuid{,.NEW,.LCK,.TMP-*} w, # For Google Fonts downloaded via font-manager - owner "@{HOME}/.local/share/fonts/Google Fonts/.uuid" r, - deny "@{HOME}/.local/share/fonts/Google Fonts/.uuid{,.NEW,.LCK,.TMP-*}" w, - owner "@{HOME}/.local/share/fonts/Google Fonts/**/.uuid" r, - deny "@{HOME}/.local/share/fonts/Google Fonts/**/.uuid{,.NEW,.LCK,.TMP-*}" w, + owner "@{user_share_dirs}/fonts/Google Fonts/.uuid" r, + deny "@{user_share_dirs}/fonts/Google Fonts/.uuid{,.NEW,.LCK,.TMP-*}" w, + owner "@{user_share_dirs}/fonts/Google Fonts/**/.uuid" r, + deny "@{user_share_dirs}/fonts/Google Fonts/**/.uuid{,.NEW,.LCK,.TMP-*}" w, diff --git a/apparmor.d/abstractions/fontconfig-cache-write b/apparmor.d/abstractions/fontconfig-cache-write index bfd16fbf..e98a4201 100644 --- a/apparmor.d/abstractions/fontconfig-cache-write +++ b/apparmor.d/abstractions/fontconfig-cache-write @@ -20,8 +20,8 @@ deny /usr/share/**/.uuid{,.NEW,.LCK,.TMP-*} w, # For Google Fonts downloaded via font-manager (###FIXME### when they fix resolving of vars) - owner "@{HOME}/.local/share/fonts/Google Fonts/.uuid{,.NEW,.LCK,.TMP-*}" rw, - link "@{HOME}/.local/share/fonts/Google Fonts/.uuid.LCK" -> "/home/*/.local/share/fonts/Google Fonts/.uuid.TMP-*", - owner "@{HOME}/.local/share/fonts/Google Fonts/**/.uuid{,.NEW,.LCK,.TMP-*}" rw, - link "@{HOME}/.local/share/fonts/Google Fonts/**/.uuid.LCK" -> "/home/*/.local/share/fonts/Google Fonts/**/.uuid.TMP-*", + owner "@{user_share_dirs}/fonts/Google Fonts/.uuid{,.NEW,.LCK,.TMP-*}" rw, + link "@{user_share_dirs}/fonts/Google Fonts/.uuid.LCK" -> "/home/*/.local/share/fonts/Google Fonts/.uuid.TMP-*", + owner "@{user_share_dirs}/fonts/Google Fonts/**/.uuid{,.NEW,.LCK,.TMP-*}" rw, + link "@{user_share_dirs}/fonts/Google Fonts/**/.uuid.LCK" -> "/home/*/.local/share/fonts/Google Fonts/**/.uuid.TMP-*", diff --git a/apparmor.d/abstractions/kde5-plasma5 b/apparmor.d/abstractions/kde5-plasma5 index d160ef27..865e54cc 100644 --- a/apparmor.d/abstractions/kde5-plasma5 +++ b/apparmor.d/abstractions/kde5-plasma5 @@ -35,9 +35,9 @@ # For bookmarks #/{usr/,}bin/keditbookmarks rPUx, - #owner @{HOME}/.local/share/kfile/ rw, - #owner @{HOME}/.local/share/kfile/#[0-9]*[0-9] rw, - #owner @{HOME}/.local/share/kfile/bookmarks.xml* rwl -> @{HOME}/.local/share/kfile/#[0-9]*[0-9], + #owner @{user_share_dirs}/kfile/ rw, + #owner @{user_share_dirs}/kfile/#[0-9]*[0-9] rw, + #owner @{user_share_dirs}/kfile/bookmarks.xml* rwl -> @{user_share_dirs}/kfile/#[0-9]*[0-9], # Common cache files #owner @{user_cache_dirs}/icon-cache.kcache rw, diff --git a/apparmor.d/abstractions/totem b/apparmor.d/abstractions/totem index 983a4142..ceb99440 100644 --- a/apparmor.d/abstractions/totem +++ b/apparmor.d/abstractions/totem @@ -38,11 +38,11 @@ owner @{user_cache_dirs}/tracker/ontologies.gvdb r, owner @{user_config_dirs}/totem/ rwk, owner @{user_config_dirs}/totem/** rwk, - owner @{HOME}/.local/share/grilo-plugins/ rwk, - owner @{HOME}/.local/share/grilo-plugins/*.db{,-shm,-journal,-wal} rwk, - owner @{HOME}/.local/share/gvfs-metadata/** r, - owner @{HOME}/.local/share/totem/ rwk, - owner @{HOME}/.local/share/tracker/data/tracker-store.journal rwk, + owner @{user_share_dirs}/grilo-plugins/ rwk, + owner @{user_share_dirs}/grilo-plugins/*.db{,-shm,-journal,-wal} rwk, + owner @{user_share_dirs}/gvfs-metadata/** r, + owner @{user_share_dirs}/totem/ rwk, + owner @{user_share_dirs}/tracker/data/tracker-store.journal rwk, owner @{PROC}/@{pid}/{mountinfo,status} r, diff --git a/apparmor.d/abstractions/trash b/apparmor.d/abstractions/trash index 6b328590..31fb4a90 100644 --- a/apparmor.d/abstractions/trash +++ b/apparmor.d/abstractions/trash @@ -13,14 +13,14 @@ owner @{run}/user/[0-9]*/trash.so*.[0-9].slave-socket rwl -> @{run}/user/[0-9]*/#[0-9]*[0-9], # Home trash location - owner @{HOME}/.local/share/Trash/ rw, - owner @{HOME}/.local/share/Trash/#[0-9]*[0-9] rw, - owner @{HOME}/.local/share/Trash/directorysizes{,.*} rwl -> @{HOME}/.local/share/Trash/#[0-9]*[0-9], - owner @{HOME}/.local/share/Trash/files/{,**} rw, - owner @{HOME}/.local/share/Trash/info/ rw, - owner @{HOME}/.local/share/Trash/info/*.trashinfo{,.*} rw, - owner @{HOME}/.local/share/Trash/expunged/ rw, - owner @{HOME}/.local/share/Trash/expunged/[0-9]* rw, + owner @{user_share_dirs}/Trash/ rw, + owner @{user_share_dirs}/Trash/#[0-9]*[0-9] rw, + owner @{user_share_dirs}/Trash/directorysizes{,.*} rwl -> @{user_share_dirs}/Trash/#[0-9]*[0-9], + owner @{user_share_dirs}/Trash/files/{,**} rw, + owner @{user_share_dirs}/Trash/info/ rw, + owner @{user_share_dirs}/Trash/info/*.trashinfo{,.*} rw, + owner @{user_share_dirs}/Trash/expunged/ rw, + owner @{user_share_dirs}/Trash/expunged/[0-9]* rw, # Partitions' trash location when the admin creates the .Trash/ folder in the top lvl dir owner /media/*/.Trash/ rw, diff --git a/apparmor.d/groups/apps/android-studio b/apparmor.d/groups/apps/android-studio index 1b4c6d86..f81a859d 100644 --- a/apparmor.d/groups/apps/android-studio +++ b/apparmor.d/groups/apps/android-studio @@ -157,14 +157,14 @@ profile android-studio @{exec_path} { owner @{HOME}/.android/ rw, owner @{HOME}/.android/** rwkl -> @{HOME}/.android/**, - owner @{HOME}/.local/share/Google/ rw, - owner @{HOME}/.local/share/Google/** rw, + owner @{user_share_dirs}/Google/ rw, + owner @{user_share_dirs}/Google/** rw, - owner @{HOME}/.local/share/kotlin/ rw, - owner @{HOME}/.local/share/kotlin/** rw, + owner @{user_share_dirs}/kotlin/ rw, + owner @{user_share_dirs}/kotlin/** rw, - owner "@{HOME}/.local/share/Android Open Source Project/" rw, - owner "@{HOME}/.local/share/Android Open Source Project/**" rwk, + owner "@{user_share_dirs}/Android Open Source Project/" rw, + owner "@{user_share_dirs}/Android Open Source Project/**" rwk, owner @{HOME}/.java/ rw, owner @{HOME}/.java/fonts/ rw, diff --git a/apparmor.d/groups/apps/calibre b/apparmor.d/groups/apps/calibre index a70cf049..42af6751 100644 --- a/apparmor.d/groups/apps/calibre +++ b/apparmor.d/groups/apps/calibre @@ -89,9 +89,9 @@ profile calibre @{exec_path} { owner @{user_config_dirs}/calibre/ rw, owner @{user_config_dirs}/calibre/** rwk, - owner @{HOME}/.local/share/calibre-ebook.com/ rw, - owner @{HOME}/.local/share/calibre-ebook.com/calibre/ rw, - owner @{HOME}/.local/share/calibre-ebook.com/calibre/** rwk, + owner @{user_share_dirs}/calibre-ebook.com/ rw, + owner @{user_share_dirs}/calibre-ebook.com/calibre/ rw, + owner @{user_share_dirs}/calibre-ebook.com/calibre/** rwk, owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/calibre/ rw, diff --git a/apparmor.d/groups/apps/freetube b/apparmor.d/groups/apps/freetube index 47337bef..5bebfb1c 100644 --- a/apparmor.d/groups/apps/freetube +++ b/apparmor.d/groups/apps/freetube @@ -89,7 +89,7 @@ profile freetube @{exec_path} { /usr/share/glib-2.0/schemas/gschemas.compiled r, - owner @{HOME}/.local/share r, + owner @{user_share_dirs} r, deny @{sys}/devices/virtual/tty/tty0/active r, deny @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r, diff --git a/apparmor.d/groups/apps/okular b/apparmor.d/groups/apps/okular index abb1662a..05ecbd95 100644 --- a/apparmor.d/groups/apps/okular +++ b/apparmor.d/groups/apps/okular @@ -52,7 +52,7 @@ profile okular @{exec_path} { owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwalletrc r, - owner @{HOME}/.local/share/okular/{,**} rw, + owner @{user_share_dirs}/okular/{,**} rw, owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, diff --git a/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin b/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin index 59f16049..797f81d9 100644 --- a/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin +++ b/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin @@ -211,7 +211,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp # firefox >= 58 owner @{HOME}/.mozilla/firefox/*/cert9.db r, - owner @{HOME}/.local/share/user-places.xbel r, + owner @{user_share_dirs}/user-places.xbel r, # there is abstractions/gnupg but that's just for gpg1... profile gpg flags=(complain) { @@ -259,10 +259,10 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp owner @{user_cache_dirs}/qt_compose_cache_{little,big}_endian_* r, # TODO: use recent-documents-write abstraction when it is available - owner @{HOME}/.local/share/RecentDocuments/** r, - owner @{HOME}/.local/share/RecentDocuments/*.desktop rwl -> @{HOME}/.local/share/RecentDocuments/#[0-9]*, - owner @{HOME}/.local/share/RecentDocuments/#[0-9]* rw, - owner @{HOME}/.local/share/RecentDocuments/*.lock rwk, + owner @{user_share_dirs}/RecentDocuments/** r, + owner @{user_share_dirs}/RecentDocuments/*.desktop rwl -> @{user_share_dirs}/RecentDocuments/#[0-9]*, + owner @{user_share_dirs}/RecentDocuments/#[0-9]* rw, + owner @{user_share_dirs}/RecentDocuments/*.lock rwk, # TODO: use kde-globals-write abstraction when it is available owner @{user_config_dirs}/kdeglobals rw, diff --git a/apparmor.d/groups/apps/vlc b/apparmor.d/groups/apps/vlc index 34008ea4..c8751640 100644 --- a/apparmor.d/groups/apps/vlc +++ b/apparmor.d/groups/apps/vlc @@ -100,7 +100,7 @@ profile vlc @{exec_path} { owner @{HOME}/ r, owner @{user_config_dirs}/vlc/ rw, owner @{user_config_dirs}/vlc/* rwkl -> @{user_config_dirs}/vlc/#[0-9]*[0-9], - owner @{HOME}/.local/share/vlc/{,*} rw, + owner @{user_share_dirs}/vlc/{,*} rw, owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/vlc/{,**} rw, diff --git a/apparmor.d/groups/browsers/brave b/apparmor.d/groups/browsers/brave index 9d6278e6..0a6b3744 100644 --- a/apparmor.d/groups/browsers/brave +++ b/apparmor.d/groups/browsers/brave @@ -154,7 +154,7 @@ profile brave @{exec_path} { /dev/bus/usb/[0-9]*/[0-9]* rw, # For downloading files - owner @{HOME}/.local/share/.org.chromium.Chromium.* rw, + owner @{user_share_dirs}/.org.chromium.Chromium.* rw, /var/lib/dbus/machine-id r, /etc/machine-id r, diff --git a/apparmor.d/groups/browsers/chromium-chromium b/apparmor.d/groups/browsers/chromium-chromium index 688ba043..69ab1757 100644 --- a/apparmor.d/groups/browsers/chromium-chromium +++ b/apparmor.d/groups/browsers/chromium-chromium @@ -88,7 +88,7 @@ profile chromium-chromium @{exec_path} { owner @{CHROMIUM_HOMEDIR}/** rwk, owner @{CHROMIUM_HOMEDIR}/WidevineCdm/*/_platform_specific/linux_*/libwidevinecdm.so mrw, - owner @{HOME}/.local/share/.org.chromium.Chromium.* rw, + owner @{user_share_dirs}/.org.chromium.Chromium.* rw, # Cache files owner @{user_cache_dirs}/ rw, diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox index ed85051e..2f6603e6 100644 --- a/apparmor.d/groups/browsers/firefox +++ b/apparmor.d/groups/browsers/firefox @@ -122,8 +122,8 @@ profile firefox @{exec_path} { # Set default browser /{usr/,}bin/update-mime-database rPUx, owner @{user_config_dirs}/mimeapps.list{,.*} rw, - owner @{HOME}/.local/share/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml rw, - owner @{HOME}/.local/share/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml.* rw, + owner @{user_share_dirs}/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml rw, + owner @{user_share_dirs}/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml.* rw, # KDE system keyring /{usr/,}lib/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemX11Plugin.so mr, diff --git a/apparmor.d/groups/browsers/google-chrome-chrome b/apparmor.d/groups/browsers/google-chrome-chrome index 8bf83a26..ca178e3f 100644 --- a/apparmor.d/groups/browsers/google-chrome-chrome +++ b/apparmor.d/groups/browsers/google-chrome-chrome @@ -84,7 +84,7 @@ profile google-chrome-chrome @{exec_path} { # Flashplayer owner @{CHROME_HOMEDIR}/PepperFlash/**/libpepflashplayer.so mr, - owner @{HOME}/.local/share/.com.google.Chrome.* rw, + owner @{user_share_dirs}/.com.google.Chrome.* rw, # Cache files owner @{user_cache_dirs}/ rw, diff --git a/apparmor.d/groups/browsers/opera b/apparmor.d/groups/browsers/opera index 0a2c9cea..0e30457b 100644 --- a/apparmor.d/groups/browsers/opera +++ b/apparmor.d/groups/browsers/opera @@ -75,7 +75,7 @@ profile opera @{exec_path} { owner @{OPERA_HOMEDIR}/ rw, owner @{OPERA_HOMEDIR}/** rwk, - owner @{HOME}/.local/share/.org.chromium.Chromium.* rw, + owner @{user_share_dirs}/.org.chromium.Chromium.* rw, # Cache files owner @{user_cache_dirs}/ rw, diff --git a/apparmor.d/groups/gnome/gio-launch-desktop b/apparmor.d/groups/gnome/gio-launch-desktop index b6c9a821..8533dce2 100644 --- a/apparmor.d/groups/gnome/gio-launch-desktop +++ b/apparmor.d/groups/gnome/gio-launch-desktop @@ -24,7 +24,7 @@ profile gio-launch-desktop @{exec_path} { # User files owner @{user_config_dirs}/mimeapps.list r, - owner @{HOME}/.local/share/applications/{,*.desktop} r, + owner @{user_share_dirs}/applications/{,*.desktop} r, owner @{PROC}/@{pid}/fd/ r, # file_inherit diff --git a/apparmor.d/groups/gpg/gpg b/apparmor.d/groups/gpg/gpg index 22e3266b..fec9929c 100644 --- a/apparmor.d/groups/gpg/gpg +++ b/apparmor.d/groups/gpg/gpg @@ -38,8 +38,8 @@ profile gpg @{exec_path} { owner /tmp/ostree-gpg-*/** rwkl -> /tmp/ostree-gpg-*/**, # For ToR Browser - owner @{HOME}/.local/share/torbrowser/gnupg_homedir/ r, - owner @{HOME}/.local/share/torbrowser/gnupg_homedir/** rwkl -> @{HOME}/.local/share/torbrowser/gnupg_homedir/**, + owner @{user_share_dirs}/torbrowser/gnupg_homedir/ r, + owner @{user_share_dirs}/torbrowser/gnupg_homedir/** rwkl -> @{user_share_dirs}/torbrowser/gnupg_homedir/**, # For spamassassin owner /var/lib/spamassassin/sa-update-keys/** rwkl -> /var/lib/spamassassin/sa-update-keys/**, diff --git a/apparmor.d/groups/gvfs/gvfsd-metadata b/apparmor.d/groups/gvfs/gvfsd-metadata index 43f15222..c57bb99f 100644 --- a/apparmor.d/groups/gvfs/gvfsd-metadata +++ b/apparmor.d/groups/gvfs/gvfsd-metadata @@ -16,8 +16,8 @@ profile gvfsd-metadata @{exec_path} { @{exec_path} mr, - owner @{HOME}/.local/share/gvfs-metadata/ rw, - owner @{HOME}/.local/share/gvfs-metadata/** rw, + owner @{user_share_dirs}/gvfs-metadata/ rw, + owner @{user_share_dirs}/gvfs-metadata/** rw, include if exists } diff --git a/apparmor.d/groups/gvfs/gvfsd-recent b/apparmor.d/groups/gvfs/gvfsd-recent index 6c7ebc80..58e61473 100644 --- a/apparmor.d/groups/gvfs/gvfsd-recent +++ b/apparmor.d/groups/gvfs/gvfsd-recent @@ -13,7 +13,7 @@ profile gvfsd-recent @{exec_path} { @{exec_path} mr, - owner @{HOME}/.local/share/recently-used.xbel r, + owner @{user_share_dirs}/recently-used.xbel r, include if exists } diff --git a/apparmor.d/profiles-a-l/amarok b/apparmor.d/profiles-a-l/amarok index 3d2fab0e..8d9a548e 100644 --- a/apparmor.d/profiles-a-l/amarok +++ b/apparmor.d/profiles-a-l/amarok @@ -112,7 +112,7 @@ profile amarok @{exec_path} { owner @{HOME}/.kde{,4}/share/apps/amarok/albumcovers/cache/[0-9]*@nocover.png rw, owner @{HOME}/.kde{,4}/share/apps/amarok/albumcovers/cache rw, - owner @{HOME}/.local/share/user-places.xbel rw, + owner @{user_share_dirs}/user-places.xbel rw, owner @{user_config_dirs}/Trolltech.conf rwk, diff --git a/apparmor.d/profiles-a-l/anki b/apparmor.d/profiles-a-l/anki index d0cbb1c2..a156d62e 100644 --- a/apparmor.d/profiles-a-l/anki +++ b/apparmor.d/profiles-a-l/anki @@ -57,8 +57,8 @@ profile anki @{exec_path} { /usr/share/javascript/**/*.js r, - owner @{HOME}/.local/share/Anki{,2}/ rw, - owner @{HOME}/.local/share/Anki{,2}/** rwk, + owner @{user_share_dirs}/Anki{,2}/ rw, + owner @{user_share_dirs}/Anki{,2}/** rwk, # To remove the following error: # Error initializing NSS with a persistent database @@ -144,10 +144,10 @@ profile anki @{exec_path} { owner /tmp/mpv.* rw, # For playing sets' sounds - owner @{HOME}/.local/share/Anki{,2}/*/collection.media/ r, - owner @{HOME}/.local/share/Anki{,2}/*/collection.media/*.{mp3,wav} r, - owner @{HOME}/.local/share/Anki{,2}/pulse/ r, - owner @{HOME}/.local/share/Anki{,2}/pulse/cookie rk, + owner @{user_share_dirs}/Anki{,2}/*/collection.media/ r, + owner @{user_share_dirs}/Anki{,2}/*/collection.media/*.{mp3,wav} r, + owner @{user_share_dirs}/Anki{,2}/pulse/ r, + owner @{user_share_dirs}/Anki{,2}/pulse/cookie rk, owner @{HOME}/.Xauthority r, @@ -168,7 +168,7 @@ profile anki @{exec_path} { /{usr/,}bin/lame mr, - owner @{HOME}/.local/share/Anki{,2}/*/collection.media/rec.{mp3,wav} rw, + owner @{user_share_dirs}/Anki{,2}/*/collection.media/rec.{mp3,wav} rw, } diff --git a/apparmor.d/profiles-a-l/appstreamcli b/apparmor.d/profiles-a-l/appstreamcli index f370958a..13a31e3b 100644 --- a/apparmor.d/profiles-a-l/appstreamcli +++ b/apparmor.d/profiles-a-l/appstreamcli @@ -32,7 +32,7 @@ profile appstreamcli @{exec_path} flags=(complain) { owner /tmp/appstream/ rw, owner /tmp/appstream/appcache-*.mdb rw, - owner @{HOME}/.local/share/mime/mime.cache r, + owner @{user_share_dirs}/mime/mime.cache r, /usr/share/mime/mime.cache r, /usr/share/applications/{,*.desktop} r, diff --git a/apparmor.d/profiles-a-l/dino-im b/apparmor.d/profiles-a-l/dino-im index f6e6518f..aa6c3a7d 100644 --- a/apparmor.d/profiles-a-l/dino-im +++ b/apparmor.d/profiles-a-l/dino-im @@ -33,8 +33,8 @@ profile dino-im @{exec_path} { owner @{run}/user/[0-9]*/dconf/ w, owner @{run}/user/[0-9]*/dconf/user rw, - owner @{HOME}/.local/share/dino/ rw, - owner @{HOME}/.local/share/dino/** rwk, + owner @{user_share_dirs}/dino/ rw, + owner @{user_share_dirs}/dino/** rwk, /usr/share/glib-2.0/schemas/gschemas.compiled r, diff --git a/apparmor.d/profiles-a-l/engrampa b/apparmor.d/profiles-a-l/engrampa index e8e1d5da..9bc21b6f 100644 --- a/apparmor.d/profiles-a-l/engrampa +++ b/apparmor.d/profiles-a-l/engrampa @@ -65,8 +65,8 @@ profile engrampa @{exec_path} { owner @{user_config_dirs}/ r, owner @{user_config_dirs}/mimeapps.list{,.*} rw, - owner @{HOME}/.local/share/ r, - owner @{HOME}/.local/share/gvfs-metadata/** r, + owner @{user_share_dirs}/ r, + owner @{user_share_dirs}/gvfs-metadata/** r, /usr/share/engrampa/{,**} r, diff --git a/apparmor.d/profiles-a-l/exo-helper b/apparmor.d/profiles-a-l/exo-helper index 4fa2c616..d901451b 100644 --- a/apparmor.d/profiles-a-l/exo-helper +++ b/apparmor.d/profiles-a-l/exo-helper @@ -25,16 +25,16 @@ profile exo-helper @{exec_path} { /usr/share/xfce4/helpers/ r, /usr/share/xfce4/helpers/*.desktop r, /usr/local/share/ r, - owner @{HOME}/.local/share/ r, - owner @{HOME}/.local/share/xfce4/ r, - owner @{HOME}/.local/share/xfce4/helpers/ r, + owner @{user_share_dirs}/ r, + owner @{user_share_dirs}/xfce4/ r, + owner @{user_share_dirs}/xfce4/helpers/ r, /etc/xdg/{,xdg-*/}xfce4/helpers.rc r, owner @{user_config_dirs}/xfce4/helpers.rc rw, owner @{user_config_dirs}/xfce4/helpers.rc.@{pid}.tmp rw, - owner @{HOME}/.local/share/xfce4/helpers/*.desktop rw, - owner @{HOME}/.local/share/xfce4/helpers/*.desktop.@{pid}.tmp rw, + owner @{user_share_dirs}/xfce4/helpers/*.desktop rw, + owner @{user_share_dirs}/xfce4/helpers/*.desktop.@{pid}.tmp rw, owner @{user_config_dirs}/mimeapps.list{,.*} rw, diff --git a/apparmor.d/profiles-a-l/font-manager b/apparmor.d/profiles-a-l/font-manager index 09ddcd81..61192e96 100644 --- a/apparmor.d/profiles-a-l/font-manager +++ b/apparmor.d/profiles-a-l/font-manager @@ -43,12 +43,12 @@ profile font-manager @{exec_path} { owner @{user_config_dirs}/fontconfig/conf.d/ rw, owner @{user_config_dirs}/fontconfig/conf.d/* rw, - owner @{HOME}/.local/share/fonts/ rw, - owner "@{HOME}/.local/share/fonts/Google Fonts/" rw, - owner "@{HOME}/.local/share/fonts/Google Fonts/**" rw, + owner @{user_share_dirs}/fonts/ rw, + owner "@{user_share_dirs}/fonts/Google Fonts/" rw, + owner "@{user_share_dirs}/fonts/Google Fonts/**" rw, - owner @{HOME}/.local/share/ r, - owner @{HOME}/.local/share/gvfs-metadata/** r, + owner @{user_share_dirs}/ r, + owner @{user_share_dirs}/gvfs-metadata/** r, /usr/share/glib-2.0/schemas/gschemas.compiled r, diff --git a/apparmor.d/profiles-a-l/gajim b/apparmor.d/profiles-a-l/gajim index adad513d..ddb3b758 100644 --- a/apparmor.d/profiles-a-l/gajim +++ b/apparmor.d/profiles-a-l/gajim @@ -54,8 +54,8 @@ profile gajim @{exec_path} { # Gajim home files owner @{HOME}/ r, owner @{user_config_dirs}/gajim/{,**} rw, - owner @{HOME}/.local/share/gajim/ rw, - owner @{HOME}/.local/share/gajim/** rwk, + owner @{user_share_dirs}/gajim/ rw, + owner @{user_share_dirs}/gajim/** rwk, # Cache owner @{user_cache_dirs}/ rw, diff --git a/apparmor.d/profiles-a-l/gnome-keyring-daemon b/apparmor.d/profiles-a-l/gnome-keyring-daemon index ec134ab3..c55b7dac 100644 --- a/apparmor.d/profiles-a-l/gnome-keyring-daemon +++ b/apparmor.d/profiles-a-l/gnome-keyring-daemon @@ -18,8 +18,8 @@ profile gnome-keyring-daemon @{exec_path} { @{exec_path} mr, # Keyrings location - owner @{HOME}/.local/share/keyrings/ rw, - owner @{HOME}/.local/share/keyrings/* rwl, + owner @{user_share_dirs}/keyrings/ rw, + owner @{user_share_dirs}/keyrings/* rwl, # Seahorse and SSH keys owner @{HOME}/.ssh/ r, diff --git a/apparmor.d/profiles-a-l/inxi b/apparmor.d/profiles-a-l/inxi index 9b318a06..f9167e41 100644 --- a/apparmor.d/profiles-a-l/inxi +++ b/apparmor.d/profiles-a-l/inxi @@ -76,8 +76,8 @@ profile inxi @{exec_path} { /var/log/Xorg.[0-9]*.log r, /home/ r, - @{HOME}/.local/share/xorg/ r, - @{HOME}/.local/share/xorg/Xorg.[0-9]*.log r, + @{user_share_dirs}/xorg/ r, + @{user_share_dirs}/xorg/Xorg.[0-9]*.log r, # For shell pwd /root/ r, diff --git a/apparmor.d/profiles-a-l/jdownloader-install b/apparmor.d/profiles-a-l/jdownloader-install index cd39706e..95bbbcaa 100644 --- a/apparmor.d/profiles-a-l/jdownloader-install +++ b/apparmor.d/profiles-a-l/jdownloader-install @@ -60,8 +60,8 @@ profile jdownloader-install @{exec_path} { owner @{HOME}/.install4j rw, # While creating the desktop icon - owner @{HOME}/.local/share/applications/i4j[0-9]*.tmp rw, - owner @{HOME}/.local/share/applications/JDownloader*.desktop rw, + owner @{user_share_dirs}/applications/i4j[0-9]*.tmp rw, + owner @{user_share_dirs}/applications/JDownloader*.desktop rw, /tmp/ r, owner /tmp/_jdinstall/ rw, diff --git a/apparmor.d/profiles-a-l/kwalletd5 b/apparmor.d/profiles-a-l/kwalletd5 index 9144b32e..c377a879 100644 --- a/apparmor.d/profiles-a-l/kwalletd5 +++ b/apparmor.d/profiles-a-l/kwalletd5 @@ -32,11 +32,11 @@ profile kwalletd5 @{exec_path} { owner @{user_config_dirs}/kdeglobals r, owner @{user_cache_dirs}/icon-cache.kcache rw, - owner @{HOME}/.local/share/kwalletd/ rw, - owner @{HOME}/.local/share/kwalletd/#[0-9]*[0-9] rw, - owner @{HOME}/.local/share/kwalletd/*.salt rw, - owner @{HOME}/.local/share/kwalletd/*.kwl rw, - owner @{HOME}/.local/share/kwalletd/*.kwl.* rwl -> @{HOME}/.local/share/kwalletd/#[0-9]*[0-9], + owner @{user_share_dirs}/kwalletd/ rw, + owner @{user_share_dirs}/kwalletd/#[0-9]*[0-9] rw, + owner @{user_share_dirs}/kwalletd/*.salt rw, + owner @{user_share_dirs}/kwalletd/*.kwl rw, + owner @{user_share_dirs}/kwalletd/*.kwl.* rwl -> @{user_share_dirs}/kwalletd/#[0-9]*[0-9], # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration owner @{user_config_dirs}/qt5ct/{,**} r, diff --git a/apparmor.d/profiles-m-z/megasync b/apparmor.d/profiles-m-z/megasync index 48f316eb..174092bb 100644 --- a/apparmor.d/profiles-m-z/megasync +++ b/apparmor.d/profiles-m-z/megasync @@ -46,8 +46,8 @@ profile megasync @{exec_path} { # Megasync home files owner @{HOME}/ r, - owner "@{HOME}/.local/share/data/Mega Limited/" rw, - owner "@{HOME}/.local/share/data/Mega Limited/**" rwkl -> "@{HOME}/.local/share/data/Mega Limited/MEGAsync/#[0-9]*[0-9]", + owner "@{user_share_dirs}/data/Mega Limited/" rw, + owner "@{user_share_dirs}/data/Mega Limited/**" rwkl -> "@{user_share_dirs}/data/Mega Limited/MEGAsync/#[0-9]*[0-9]", # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration owner @{user_config_dirs}/qt5ct/{,**} r, @@ -101,7 +101,7 @@ profile megasync @{exec_path} { /{usr/,}bin/basename rix, owner @{HOME}/ r, - owner "@{HOME}/.local/share/data/Mega Limited/MEGAsync/" r, + owner "@{user_share_dirs}/data/Mega Limited/MEGAsync/" r, owner @{run}/user/[0-9]*/ r, @@ -110,7 +110,7 @@ profile megasync @{exec_path} { /{usr/,}bin/spacefm rPx, # file_inherit - owner "@{HOME}/.local/share/data/Mega Limited/MEGAsync/logs/MEGAsync.log" rw, + owner "@{user_share_dirs}/data/Mega Limited/MEGAsync/logs/MEGAsync.log" rw, owner @{HOME}/.xsession-errors w, } diff --git a/apparmor.d/profiles-m-z/mimetype b/apparmor.d/profiles-m-z/mimetype index 1f85aeb1..5d37c4a2 100644 --- a/apparmor.d/profiles-m-z/mimetype +++ b/apparmor.d/profiles-m-z/mimetype @@ -19,10 +19,10 @@ profile mimetype @{exec_path} { /usr/share/mime/aliases r, /usr/share/mime/magic r, - owner @{HOME}/.local/share/mime/**.xml r, - owner @{HOME}/.local/share/mime/globs r, - owner @{HOME}/.local/share/mime/aliases r, - owner @{HOME}/.local/share/mime/magic r, + owner @{user_share_dirs}/mime/**.xml r, + owner @{user_share_dirs}/mime/globs r, + owner @{user_share_dirs}/mime/aliases r, + owner @{user_share_dirs}/mime/magic r, # To read files /** r, diff --git a/apparmor.d/profiles-m-z/minitube b/apparmor.d/profiles-m-z/minitube index 303a799b..2d01ffc4 100644 --- a/apparmor.d/profiles-m-z/minitube +++ b/apparmor.d/profiles-m-z/minitube @@ -37,9 +37,9 @@ profile minitube @{exec_path} { # Minitube home files owner "@{user_config_dirs}/Flavio Tordini/" rw, owner "@{user_config_dirs}/Flavio Tordini/*" rwkl -> "@{user_config_dirs}/Flavio Tordini/#[0-9]*[0-9]", - owner "@{HOME}/.local/share/Flavio Tordini/" rw, - owner "@{HOME}/.local/share/Flavio Tordini/Minitube/" rw, - owner "@{HOME}/.local/share/Flavio Tordini/Minitube/*" rwk, + owner "@{user_share_dirs}/Flavio Tordini/" rw, + owner "@{user_share_dirs}/Flavio Tordini/Minitube/" rw, + owner "@{user_share_dirs}/Flavio Tordini/Minitube/*" rwk, # Snapshot owner @{HOME}/Pictures/*.png rw, diff --git a/apparmor.d/profiles-m-z/mumble b/apparmor.d/profiles-m-z/mumble index 121c7b9f..cd5c387c 100644 --- a/apparmor.d/profiles-m-z/mumble +++ b/apparmor.d/profiles-m-z/mumble @@ -42,8 +42,8 @@ profile mumble @{exec_path} { owner @{HOME}/ r, owner @{user_config_dirs}/Mumble/ rw, owner @{user_config_dirs}/Mumble/** rwkl -> @{user_config_dirs}/Mumble/#[0-9]*[0-9], - owner @{HOME}/.local/share/Mumble/ rw, - owner @{HOME}/.local/share/Mumble/** rwk, + owner @{user_share_dirs}/Mumble/ rw, + owner @{user_share_dirs}/Mumble/** rwk, owner @{HOME}/.MumbleOverlayPipe rw, owner @{HOME}/.MumbleSocket rw, diff --git a/apparmor.d/profiles-m-z/orage b/apparmor.d/profiles-m-z/orage index 2f52101b..15073888 100644 --- a/apparmor.d/profiles-m-z/orage +++ b/apparmor.d/profiles-m-z/orage @@ -28,8 +28,8 @@ profile orage @{exec_path} { owner @{user_config_dirs}/orage/ rw, owner @{user_config_dirs}/orage/* rw, - owner @{HOME}/.local/share/orage/ rw, - owner @{HOME}/.local/share/orage/* rwk, + owner @{user_share_dirs}/orage/ rw, + owner @{user_share_dirs}/orage/* rwk, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mountinfo r, diff --git a/apparmor.d/profiles-m-z/psi-plus b/apparmor.d/profiles-m-z/psi-plus index 4da212e0..09c1159d 100644 --- a/apparmor.d/profiles-m-z/psi-plus +++ b/apparmor.d/profiles-m-z/psi-plus @@ -54,8 +54,8 @@ profile psi-plus @{exec_path} { owner @{user_config_dirs}/psi+/ rw, owner @{user_config_dirs}/psi+/** rwkl -> @{user_config_dirs}/psi+/#[0-9]*[0-9], - owner @{HOME}/.local/share/psi+/ rw, - owner @{HOME}/.local/share/psi+/** rwk, + owner @{user_share_dirs}/psi+/ rw, + owner @{user_share_dirs}/psi+/** rwk, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration owner @{user_config_dirs}/qt5ct/{,**} r, diff --git a/apparmor.d/profiles-m-z/qbittorrent b/apparmor.d/profiles-m-z/qbittorrent index d90044b3..3b72dd67 100644 --- a/apparmor.d/profiles-m-z/qbittorrent +++ b/apparmor.d/profiles-m-z/qbittorrent @@ -45,8 +45,8 @@ profile qbittorrent @{exec_path} { # Qbittorrent home dirs owner @{user_config_dirs}/qBittorrent/ rw, owner @{user_config_dirs}/qBittorrent/** rwkl -> @{user_config_dirs}/qBittorrent/#[0-9]*[0-9], - owner @{HOME}/.local/share/data/qBittorrent/ rw, - owner @{HOME}/.local/share/data/qBittorrent/** rwl -> @{HOME}/.local/share/data/qBittorrent/**/#[0-9]*[0-9], + owner @{user_share_dirs}/data/qBittorrent/ rw, + owner @{user_share_dirs}/data/qBittorrent/** rwl -> @{user_share_dirs}/data/qBittorrent/**/#[0-9]*[0-9], # Cache dir owner @{user_cache_dirs}/ rw, @@ -129,7 +129,7 @@ profile qbittorrent @{exec_path} { /{usr/,}bin/python3.[0-9]* r, - owner @{HOME}/.local/share/data/qBittorrent/nova[0-9]/{,**} rw, + owner @{user_share_dirs}/data/qBittorrent/nova[0-9]/{,**} rw, # Used while searching for torrents owner /dev/shm/sem.mp-* rwl -> /dev/shm/[0-9]*[0-9], diff --git a/apparmor.d/profiles-m-z/qbittorrent-nox b/apparmor.d/profiles-m-z/qbittorrent-nox index 585bfd7b..8d1149b5 100644 --- a/apparmor.d/profiles-m-z/qbittorrent-nox +++ b/apparmor.d/profiles-m-z/qbittorrent-nox @@ -28,8 +28,8 @@ profile qbittorrent-nox @{exec_path} { # Qbittorrent home dirs owner @{user_config_dirs}/qBittorrent/ rw, owner @{user_config_dirs}/qBittorrent/** rwkl -> @{user_config_dirs}/qBittorrent/#[0-9]*[0-9], - owner @{HOME}/.local/share/data/qBittorrent/ rw, - owner @{HOME}/.local/share/data/qBittorrent/** rwl -> @{HOME}/.local/share/data/qBittorrent/**/#[0-9]*[0-9], + owner @{user_share_dirs}/data/qBittorrent/ rw, + owner @{user_share_dirs}/data/qBittorrent/** rwl -> @{user_share_dirs}/data/qBittorrent/**/#[0-9]*[0-9], # Cache dir owner @{user_cache_dirs}/ rw, @@ -56,8 +56,8 @@ profile qbittorrent-nox @{exec_path} { /usr/share/mime/mime.cache r, /usr/share/mime/types r, - owner @{HOME}/.local/share/mime/mime.cache r, - owner @{HOME}/.local/share/mime/types r, + owner @{user_share_dirs}/mime/mime.cache r, + owner @{user_share_dirs}/mime/types r, # TMP owner /tmp/qtsingleapp-qBitto-* rw, diff --git a/apparmor.d/profiles-m-z/qpdfview b/apparmor.d/profiles-m-z/qpdfview index 018e8efe..cc60f543 100644 --- a/apparmor.d/profiles-m-z/qpdfview +++ b/apparmor.d/profiles-m-z/qpdfview @@ -52,8 +52,8 @@ profile qpdfview @{exec_path} { owner @{user_config_dirs}/qpdfview/ rw, owner @{user_config_dirs}/qpdfview/* rwkl -> @{user_config_dirs}/qpdfview/#[0-9]*[0-9], - owner @{HOME}/.local/share/qpdfview/ rw, - owner @{HOME}/.local/share/qpdfview/** rwk, + owner @{user_share_dirs}/qpdfview/ rw, + owner @{user_share_dirs}/qpdfview/** rwk, owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, diff --git a/apparmor.d/profiles-m-z/quiterss b/apparmor.d/profiles-m-z/quiterss index 8bf04826..bfe928b1 100644 --- a/apparmor.d/profiles-m-z/quiterss +++ b/apparmor.d/profiles-m-z/quiterss @@ -48,8 +48,8 @@ profile quiterss @{exec_path} { /usr/share/quiterss/** r, owner @{user_config_dirs}/QuiteRss/ rw, owner @{user_config_dirs}/QuiteRss/** rwkl -> @{user_config_dirs}/QuiteRss/**, - owner @{HOME}/.local/share/QuiteRss/ rw, - owner @{HOME}/.local/share/QuiteRss/** rwkl -> @{HOME}/.local/share/QuiteRss/QuiteRss/**, + owner @{user_share_dirs}/QuiteRss/ rw, + owner @{user_share_dirs}/QuiteRss/** rwkl -> @{user_share_dirs}/QuiteRss/QuiteRss/**, owner @{user_cache_dirs}/QuiteRss/ rw, owner @{user_cache_dirs}/QuiteRss/** rwl -> @{user_cache_dirs}/QuiteRss/**, diff --git a/apparmor.d/profiles-m-z/sddm b/apparmor.d/profiles-m-z/sddm index d6f26c4f..b2a1aea8 100644 --- a/apparmor.d/profiles-m-z/sddm +++ b/apparmor.d/profiles-m-z/sddm @@ -90,9 +90,9 @@ profile sddm @{exec_path} { #/usr/share/sddm/scripts/Xsession rCx -> sddm-scripts, # Create kwallet dirs and files - owner @{HOME}/.local/share/kwalletd/ rw, - owner @{HOME}/.local/share/kwalletd/kdewallet.salt rw, - @{HOME}/.local/share/kwalletd/kdewallet.salt r, + owner @{user_share_dirs}/kwalletd/ rw, + owner @{user_share_dirs}/kwalletd/kdewallet.salt rw, + @{user_share_dirs}/kwalletd/kdewallet.salt r, owner @{run}/user/[0-9]*/kwallet5.socket rw, # Themes @@ -134,8 +134,8 @@ profile sddm @{exec_path} { # Creating the dir structure is needed when a new user is logging in for the very first time # using SDDM. owner @{HOME}/.local/ w, - owner @{HOME}/.local/share/ w, - owner @{HOME}/.local/share/sddm/ w, + owner @{user_share_dirs}/ w, + owner @{user_share_dirs}/sddm/ w, /{usr/,}lib/@{multiarch}/ld-*.so mr, diff --git a/apparmor.d/profiles-m-z/sddm-xsession b/apparmor.d/profiles-m-z/sddm-xsession index 335bb64f..3d29fa22 100644 --- a/apparmor.d/profiles-m-z/sddm-xsession +++ b/apparmor.d/profiles-m-z/sddm-xsession @@ -65,7 +65,7 @@ profile sddm-xsession @{exec_path} { owner @{PROC}/@{pid}/loginuid r, # Xsession logs - owner @{HOME}/.local/share/sddm/xorg-session.log w, + owner @{user_share_dirs}/sddm/xorg-session.log w, owner @{HOME}/.xsession-errors w, /etc/zsh/* r, diff --git a/apparmor.d/profiles-m-z/strawberry b/apparmor.d/profiles-m-z/strawberry index d8ac3cb3..2666cda0 100644 --- a/apparmor.d/profiles-m-z/strawberry +++ b/apparmor.d/profiles-m-z/strawberry @@ -61,8 +61,8 @@ profile strawberry @{exec_path} { owner @{user_config_dirs}/strawberry/ rw, owner @{user_config_dirs}/strawberry/* rwkl -> @{user_config_dirs}/strawberry/#[0-9]*[0-9], - owner @{HOME}/.local/share/strawberry/ rw, - owner @{HOME}/.local/share/strawberry/** rwk, + owner @{user_share_dirs}/strawberry/ rw, + owner @{user_share_dirs}/strawberry/** rwk, owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/strawberry/ rw, diff --git a/apparmor.d/profiles-m-z/usr.bin.pidgin b/apparmor.d/profiles-m-z/usr.bin.pidgin index b77a8bde..dab7ac95 100644 --- a/apparmor.d/profiles-m-z/usr.bin.pidgin +++ b/apparmor.d/profiles-m-z/usr.bin.pidgin @@ -36,14 +36,14 @@ include deny ptrace, deny capability sys_ptrace, - deny @{HOME}/.local/share/applications/wine/ r, + deny @{user_share_dirs}/applications/wine/ r, owner @{HOME}/.purple/ rw, owner @{HOME}/.purple/** rwk, owner @{HOME}/.purple/plugins/*.so m, owner @{user_config_dirs}/indicators/ rw, owner @{user_config_dirs}/indicators/** rw, - owner @{HOME}/.local/share/applications/ r, + owner @{user_share_dirs}/applications/ r, # Uncomment the two following lines if you want to allow Pidgin to update # any DConf setting: diff --git a/apparmor.d/profiles-m-z/virt-manager b/apparmor.d/profiles-m-z/virt-manager index c3aef0bb..9b9c8595 100644 --- a/apparmor.d/profiles-m-z/virt-manager +++ b/apparmor.d/profiles-m-z/virt-manager @@ -66,9 +66,9 @@ profile virt-manager @{exec_path} { #owner /var/lib/libvirt/images/ r, # User VM images - #owner @{HOME}/.local/share/libvirt/ rw, - #owner @{HOME}/.local/share/libvirt/images/ rw, - #owner @{HOME}/.local/share/libvirt/images/* rw, + #owner @{user_share_dirs}/libvirt/ rw, + #owner @{user_share_dirs}/libvirt/images/ rw, + #owner @{user_share_dirs}/libvirt/images/* rw, #owner /media/*/VM/ r, diff --git a/apparmor.d/profiles-m-z/xdg-desktop-menu b/apparmor.d/profiles-m-z/xdg-desktop-menu index c8518e25..a4968b3b 100644 --- a/apparmor.d/profiles-m-z/xdg-desktop-menu +++ b/apparmor.d/profiles-m-z/xdg-desktop-menu @@ -33,7 +33,7 @@ profile xdg-desktop-menu @{exec_path} flags=(complain) { /{usr/,}bin/update-desktop-database rPx, owner @{user_config_dirs}/menus/applications-merged/xdg-desktop-menu-dummy.menu rw, - owner @{HOME}/.local/share/applications/chrome-*.desktop rw, + owner @{user_share_dirs}/applications/chrome-*.desktop rw, owner @{HOME}/.gnome/apps/chrome-*.desktop rw, /usr/share/applications/*.desktop rw, diff --git a/apparmor.d/profiles-m-z/xdg-icon-resource b/apparmor.d/profiles-m-z/xdg-icon-resource index 485a60bb..ec3dda5a 100644 --- a/apparmor.d/profiles-m-z/xdg-icon-resource +++ b/apparmor.d/profiles-m-z/xdg-icon-resource @@ -35,8 +35,8 @@ profile xdg-icon-resource @{exec_path} flags=(complain) { owner /tmp/.com.google.Chrome.*/chrome-*.png r, - owner @{HOME}/.local/share/icons/**/apps/chrome-*.png rw, - owner @{HOME}/.local/share/icons/**/.xdg-icon-resource-dummy rw, + owner @{user_share_dirs}/icons/**/apps/chrome-*.png rw, + owner @{user_share_dirs}/icons/**/.xdg-icon-resource-dummy rw, /opt/**/*.png r, include if exists diff --git a/apparmor.d/profiles-m-z/xdg-open b/apparmor.d/profiles-m-z/xdg-open index 20b67ad5..fbe67d02 100644 --- a/apparmor.d/profiles-m-z/xdg-open +++ b/apparmor.d/profiles-m-z/xdg-open @@ -40,7 +40,7 @@ profile xdg-open @{exec_path} { deny /{usr/,}bin/dbus-send rx, /usr/share/applications/*.desktop r, - owner @{HOME}/.local/share/applications/ r, + owner @{user_share_dirs}/applications/ r, owner @{HOME}/.Xauthority r, diff --git a/apparmor.d/profiles-m-z/xkbcomp b/apparmor.d/profiles-m-z/xkbcomp index b069e8cc..a1fa497a 100644 --- a/apparmor.d/profiles-m-z/xkbcomp +++ b/apparmor.d/profiles-m-z/xkbcomp @@ -27,7 +27,7 @@ profile xkbcomp @{exec_path} { owner /dev/tty[0-9]* rw, deny /var/log/Xorg.[0-9]*.log w, deny /dev/input/event[0-9]* rw, - owner @{HOME}/.local/share/xorg/Xorg.[0-9].log w, + owner @{user_share_dirs}/xorg/Xorg.[0-9].log w, owner /var/log/lightdm/x-[0-9]*.log w, /dev/dri/card[0-9]* rw, diff --git a/apparmor.d/profiles-m-z/xorg b/apparmor.d/profiles-m-z/xorg index 43751899..610d1222 100644 --- a/apparmor.d/profiles-m-z/xorg +++ b/apparmor.d/profiles-m-z/xorg @@ -80,9 +80,9 @@ profile xorg @{exec_path} flags=(attach_disconnected) { owner /var/log/Xorg.[0-9].log{,.old} rw, owner /var/log/Xorg.pid-@{pid}.log{,.old} rw, owner @{HOME}/ r, - owner @{HOME}/.local/share/xorg/ rw, - owner @{HOME}/.local/share/xorg/Xorg.[0-9].log{,.old} rw, - owner @{HOME}/.local/share/xorg/Xorg.pid-@{pid}.log{,.old} rw, + owner @{user_share_dirs}/xorg/ rw, + owner @{user_share_dirs}/xorg/Xorg.[0-9].log{,.old} rw, + owner @{user_share_dirs}/xorg/Xorg.pid-@{pid}.log{,.old} rw, owner @{HOME}/.xsession-errors w, # TMP files