feat(abs): add some files into the base abstaction.

apparmor.d/abstractions/base.d/complete

@@ -1,12 +1,8 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2020-2022 Mikhail Morfikov
-# Copyright (C) 2021-2022 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  /usr/share/locale/ r,
-
-  @{etc_rw}/localtime r,
-
   # Allow to receive some signals
   signal (receive)                           peer=htop,
   signal (receive)                           peer=sudo,
@@ -21,4 +17,10 @@
 
   ptrace (readby) peer=systemd-coredump,
 
+  /usr/share/locale/ r,
+
+  @{etc_rw}/localtime r,
+  /etc/gnutls/config r,
+  /etc/locale.conf r,
+
   @{sys}/devices/system/cpu/possible r,

apparmor.d/abstractions/chromium

@@ -104,7 +104,6 @@
 
   /etc/@{name}/{,**} r,
   /etc/fstab r,
-  /etc/gnutls/config r,
   /etc/igfx_user_feature{,_next}.txt w,
   /etc/libva.conf r,
   /etc/opensc.conf r,

apparmor.d/groups/_full/default

@@ -69,7 +69,6 @@ profile default @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   /usr/share/** r,
 
   /etc/xdg/** r,
-  /etc/gnutls/config r,
 
   # Full access to user's data
   / r,

apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome

@@ -134,8 +134,6 @@ profile xdg-desktop-portal-gnome @{exec_path} {
 
   /usr/share/X11/xkb/{,**} r,
 
-  /etc/gnutls/config r,
-
   /var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r,
   /var/lib/snapd/desktop/icons/{,**} r,
 

apparmor.d/groups/gnome/evolution-calendar-factory

@@ -47,8 +47,6 @@ profile evolution-calendar-factory @{exec_path} {
 
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
 
-  /etc/gnutls/config r,
-
   owner @{user_cache_dirs}/evolution/calendar/{,**} rwk,
   owner @{user_cache_dirs}/evolution/tasks/{,**} rwk,
 

apparmor.d/groups/gnome/evolution-source-registry

@@ -50,8 +50,6 @@ profile evolution-source-registry @{exec_path} {
 
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
 
-  /etc/gnutls/config r,
-
   owner @{user_cache_dirs}/evolution/{,**} rwk,
   owner @{user_config_dirs}/evolution/sources/{,*} rw,
   owner @{user_share_dirs}/evolution/{,**} r,

apparmor.d/groups/gnome/gnome-shell

@@ -500,7 +500,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
 
   /.flatpak-info r,
   /etc/fstab r,
-  /etc/gnutls/config r,
   /etc/pipewire/client.conf.d/{,**} r,
   /etc/timezone r,
   /etc/udev/hwdb.bin r,

apparmor.d/groups/gnome/gnome-software

@@ -53,7 +53,6 @@ profile gnome-software @{exec_path} {
 
   /etc/appstream.conf r,
   /etc/flatpak/remotes.d/{,**} r,
-  /etc/gnutls/config r,
   /etc/PackageKit/Vendor.conf r,
   /etc/pulse/client.conf r,
 

apparmor.d/groups/gnome/goa-daemon

@@ -65,8 +65,6 @@ profile goa-daemon @{exec_path} {
 
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
 
-  /etc/gnutls/config r,
-
   /var/lib/gdm{3,}/.config/dconf/user r,
 
   owner @{user_config_dirs}/goa-1.0/ rw,

apparmor.d/groups/gnome/gsd-print-notifications

@@ -80,7 +80,6 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) {
   @{lib}/gsd-printer rPx,
 
   /etc/cups/client.conf r,
-  /etc/gnutls/config r,
   /etc/machine-id r,
 
   @{run}/cups/cups.sock rw,

apparmor.d/groups/gnome/mutter-x11-frames

@@ -27,8 +27,6 @@ profile mutter-x11-frames @{exec_path} {
   /usr/share/dconf/profile/gdm r,
   /usr/share/gdm/greeter-dconf-defaults r,
 
-  /etc/gnutls/config r,
-
   /var/lib/gdm{3,}/.config/dconf/user r,
   /var/lib/gdm{3,}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,
 

apparmor.d/groups/gvfs/gvfsd-http

@@ -24,8 +24,6 @@ profile gvfsd-http @{exec_path} {
 
   @{exec_path} mr,
 
-  /etc/gnutls/config r,
-
   owner @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw,
 
   @{PROC}/sys/net/ipv{4,6}/conf/all/disable_ipv{4,6} r,

apparmor.d/groups/kde/plasma-discover

@@ -48,7 +48,6 @@ profile plasma-discover @{exec_path} {
 
   /etc/appstream.conf r,
   /etc/flatpak/remotes.d/{,**} r,
-  /etc/gnutls/config r,
   /etc/machine-id r,
   /etc/xdg/ r,
   /etc/xdg/accept-languages.codes r,

apparmor.d/groups/network/NetworkManager

@@ -118,7 +118,6 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
 
   / r,
   /etc/ r,
-  /etc/gnutls/config r,
   /etc/iproute2/* r,
   /etc/machine-id r,
   /etc/network/interfaces r,

apparmor.d/groups/virt/libvirtd

@@ -137,7 +137,6 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
 
   @{etc_rw}/apparmor.d/libvirt/libvirt-@{uuid} r,
   @{etc_rw}/libvirt/{,**} rw,
-  /etc/gnutls/config r,
   /etc/mdevctl.d/{,**} r,
   /etc/sasl2/qemu.conf r,
   /etc/xml/catalog r,

apparmor.d/profiles-a-f/fwupd

@@ -87,7 +87,6 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
   /usr/share/mime/mime.cache r,
 
   /etc/fwupd/{,**} rw,
-  /etc/gnutls/config r,
   /etc/lsb-release r,
   /etc/pki/fwupd-metadata/{,**} r,
   /etc/pki/fwupd/{,**} r,

apparmor.d/profiles-m-r/passimd

@@ -24,7 +24,6 @@ profile passimd @{exec_path} flags=(attach_disconnected) {
 
   /usr/share/dbus-1/interfaces/org.freedesktop.Passim.xml r,
 
-  /etc/gnutls/config r,
   /etc/passim.conf r,
 
   /var/lib/passim/{,**} r,

apparmor.d/profiles-s-z/spotify

@@ -42,7 +42,6 @@ profile spotify @{exec_path} {
   @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open,
   @{lib}/gio-launch-desktop                          rPx -> child-open,
 
-  /etc/gnutls/config r,
   /etc/libva.conf r,
   /etc/machine-id r,
   /etc/spotify-adblock/* r,

apparmor.d/profiles-s-z/wireplumber

@@ -37,7 +37,6 @@ profile wireplumber @{exec_path} {
   /usr/share/spa-*/bluez[0-9]*/{,*} r,
   /usr/share/wireplumber/{,**} r,
 
-  /etc/gnutls/config r,
   /etc/machine-id r,
 
   /var/lib/gdm{3,}/.local/state/wireplumber/{,**} rw,