From 68da315ac23f03e98a4129b81a192e7b9b89844d Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 14 Jul 2024 12:34:12 +0100 Subject: [PATCH] fix(profile): minor fixes. see #410 --- apparmor.d/groups/gpg/gpg | 6 +++--- apparmor.d/profiles-a-f/btrfs | 1 + apparmor.d/profiles-a-f/dunstify | 2 ++ apparmor.d/profiles-m-r/run-parts | 2 +- apparmor.d/profiles-s-z/wmctrl | 1 + apparmor.d/profiles-s-z/xsel | 4 +--- dists/ignore/main.ignore | 1 + 7 files changed, 10 insertions(+), 7 deletions(-) diff --git a/apparmor.d/groups/gpg/gpg b/apparmor.d/groups/gpg/gpg index c108215f..9d23622d 100644 --- a/apparmor.d/groups/gpg/gpg +++ b/apparmor.d/groups/gpg/gpg @@ -44,9 +44,9 @@ profile gpg @{exec_path} { owner /etc/apt/keyrings/** rwkl -> /etc/apt/keyrings/**, #aa:only pacman - owner /etc/pacman.d/gnupg/gpg.conf r, - owner /etc/pacman.d/gnupg/pubring.gpg r, - owner /etc/pacman.d/gnupg/trustdb.gpg r, + /etc/pacman.d/gnupg/gpg.conf r, + /etc/pacman.d/gnupg/pubring.gpg r, + /etc/pacman.d/gnupg/trustdb.gpg r, owner /var/lib/*/gnupg/ rw, owner /var/lib/*/gnupg/** rwkl -> /var/lib/*/gnupg/**, diff --git a/apparmor.d/profiles-a-f/btrfs b/apparmor.d/profiles-a-f/btrfs index f056d12c..45e50da9 100644 --- a/apparmor.d/profiles-a-f/btrfs +++ b/apparmor.d/profiles-a-f/btrfs @@ -25,6 +25,7 @@ profile btrfs @{exec_path} flags=(attach_disconnected) { / r, /boot/ r, + /home/ r, /.snapshots/ r, @{MOUNTS}/ r, @{MOUNTS}/ext2_saved/ rw, diff --git a/apparmor.d/profiles-a-f/dunstify b/apparmor.d/profiles-a-f/dunstify index 3a8f16c2..42a8be4a 100644 --- a/apparmor.d/profiles-a-f/dunstify +++ b/apparmor.d/profiles-a-f/dunstify @@ -13,6 +13,8 @@ profile dunstify @{exec_path} { @{exec_path} mr, + owner @{PROC}/@{pid}/cgroup r, + # file_inherit owner /dev/tty@{int} rw, diff --git a/apparmor.d/profiles-m-r/run-parts b/apparmor.d/profiles-m-r/run-parts index f166e0fd..b3717224 100644 --- a/apparmor.d/profiles-m-r/run-parts +++ b/apparmor.d/profiles-m-r/run-parts @@ -45,7 +45,6 @@ profile run-parts @{exec_path} { /etc/cron.{hourly,daily,weekly,monthly}/aptitude rPx, /etc/cron.{hourly,daily,weekly,monthly}/bsdmainutils rPUx, /etc/cron.{hourly,daily,weekly,monthly}/checksecurity rPUx, - /etc/cron.{hourly,daily,weekly,monthly}/cracklib-runtime rPx, /etc/cron.{hourly,daily,weekly,monthly}/debsums rPx, /etc/cron.{hourly,daily,weekly,monthly}/debtags rPx, /etc/cron.{hourly,daily,weekly,monthly}/dlocate rPx, @@ -58,6 +57,7 @@ profile run-parts @{exec_path} { /etc/cron.{hourly,daily,weekly,monthly}/passwd rPUx, /etc/cron.{hourly,daily,weekly,monthly}/plocate rPx, /etc/cron.{hourly,daily,weekly,monthly}/popularity-contest rPx, + /etc/cron.{hourly,daily,weekly,monthly}/snapper rPUx, /etc/cron.{hourly,daily,weekly,monthly}/spamassassin rPUx, /etc/cron.{hourly,daily,weekly,monthly}/sysstat rPx, /etc/cron.{hourly,daily,weekly,monthly}/tor rPUx, diff --git a/apparmor.d/profiles-s-z/wmctrl b/apparmor.d/profiles-s-z/wmctrl index 8d99da35..47a17669 100644 --- a/apparmor.d/profiles-s-z/wmctrl +++ b/apparmor.d/profiles-s-z/wmctrl @@ -10,6 +10,7 @@ include @{exec_path} = @{bin}/wmctrl profile wmctrl @{exec_path} { include + include @{exec_path} mr, diff --git a/apparmor.d/profiles-s-z/xsel b/apparmor.d/profiles-s-z/xsel index 949aa19f..5f97c83f 100644 --- a/apparmor.d/profiles-s-z/xsel +++ b/apparmor.d/profiles-s-z/xsel @@ -11,6 +11,7 @@ include profile xsel @{exec_path} { include include + include @{exec_path} mr, @@ -18,9 +19,6 @@ profile xsel @{exec_path} { owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/xsel.log rw, - owner @{HOME}/.Xauthority r, - owner @{tmp}/xauth-@{int}-_[0-9] r, - # file_inherit owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, diff --git a/dists/ignore/main.ignore b/dists/ignore/main.ignore index 0e89a76c..fe61aaf2 100644 --- a/dists/ignore/main.ignore +++ b/dists/ignore/main.ignore @@ -14,6 +14,7 @@ code-wrapper man # Work in progress profiles +dunst plasma-discover steam steam-fossilize