From 7882ae215386b1dc651d59d6eae81ee155a7e847 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 10 Mar 2024 20:01:58 +0000 Subject: [PATCH] feat(profile): remove rule moved to the base abstraction. --- apparmor.d/groups/browsers/firefox-pingsender | 1 - apparmor.d/groups/bus/dbus-broker | 2 -- apparmor.d/groups/bus/dbus-daemon | 1 - apparmor.d/groups/bus/ibus-dconf | 1 - apparmor.d/groups/bus/ibus-x11 | 2 -- apparmor.d/groups/freedesktop/at-spi-bus-launcher | 1 - apparmor.d/groups/freedesktop/at-spi2-registryd | 1 - apparmor.d/groups/freedesktop/dconf-service | 1 - apparmor.d/groups/freedesktop/geoclue | 2 -- apparmor.d/groups/freedesktop/pipewire | 2 -- apparmor.d/groups/freedesktop/pipewire-media-session | 2 -- apparmor.d/groups/freedesktop/polkit-kde-authentication-agent | 1 - apparmor.d/groups/freedesktop/xdg-desktop-portal | 2 -- apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome | 1 - apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk | 2 -- apparmor.d/groups/freedesktop/xdg-desktop-portal-kde | 2 -- apparmor.d/groups/freedesktop/xdg-document-portal | 3 --- apparmor.d/groups/freedesktop/xdg-permission-store | 1 - apparmor.d/groups/freedesktop/xwayland | 1 - apparmor.d/groups/gnome/evolution-addressbook-factory | 2 -- apparmor.d/groups/gnome/evolution-alarm-notify | 2 -- apparmor.d/groups/gnome/evolution-calendar-factory | 2 -- apparmor.d/groups/gnome/evolution-source-registry | 2 -- apparmor.d/groups/gnome/gjs-console | 1 - apparmor.d/groups/gnome/gnome-keyring-daemon | 1 - apparmor.d/groups/gnome/gnome-shell | 1 - apparmor.d/groups/gnome/gnome-shell-calendar-server | 2 -- apparmor.d/groups/gnome/gnome-terminal-server | 1 - apparmor.d/groups/gnome/goa-daemon | 2 -- apparmor.d/groups/gnome/goa-identity-service | 2 -- apparmor.d/groups/gnome/gsd-a11y-settings | 1 - apparmor.d/groups/gnome/gsd-color | 1 - apparmor.d/groups/gnome/gsd-datetime | 1 - apparmor.d/groups/gnome/gsd-disk-utility-notify | 2 -- apparmor.d/groups/gnome/gsd-housekeeping | 1 - apparmor.d/groups/gnome/gsd-keyboard | 1 - apparmor.d/groups/gnome/gsd-media-keys | 1 - apparmor.d/groups/gnome/gsd-power | 1 - apparmor.d/groups/gnome/gsd-print-notifications | 1 - apparmor.d/groups/gnome/gsd-printer | 1 - apparmor.d/groups/gnome/gsd-rfkill | 1 - apparmor.d/groups/gnome/gsd-screensaver-proxy | 1 - apparmor.d/groups/gnome/gsd-sharing | 1 - apparmor.d/groups/gnome/gsd-smartcard | 1 - apparmor.d/groups/gnome/gsd-sound | 1 - apparmor.d/groups/gnome/gsd-usb-protection | 2 -- apparmor.d/groups/gnome/gsd-wacom | 1 - apparmor.d/groups/gnome/gsd-xsettings | 2 -- apparmor.d/groups/gnome/mutter-x11-frames | 2 -- apparmor.d/groups/gnome/tracker-extract | 1 - apparmor.d/groups/gnome/tracker-miner | 1 - apparmor.d/groups/gvfs/gvfs-afc-volume-monitor | 2 -- apparmor.d/groups/gvfs/gvfs-goa-volume-monitor | 2 -- apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor | 2 -- apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor | 2 -- apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor | 1 - apparmor.d/groups/gvfs/gvfsd | 2 -- apparmor.d/groups/gvfs/gvfsd-fuse | 4 ---- apparmor.d/groups/kde/DiscoverNotifier | 2 -- apparmor.d/groups/kde/baloo | 2 -- apparmor.d/groups/kde/gmenudbusmenuproxy | 2 -- apparmor.d/groups/kde/kaccess | 2 -- apparmor.d/groups/kde/kactivitymanagerd | 2 -- apparmor.d/groups/kde/kde-powerdevil | 2 -- apparmor.d/groups/kde/kded | 1 - apparmor.d/groups/kde/kscreenlocker-greet | 1 - apparmor.d/groups/kde/ksmserver | 1 - apparmor.d/groups/kde/kwin_wayland | 1 - apparmor.d/groups/kde/kwin_wayland_wrapper | 1 - apparmor.d/groups/kde/plasmashell | 1 - apparmor.d/groups/kde/xembedsniproxy | 2 -- apparmor.d/groups/ssh/gcr-ssh-agent | 2 -- apparmor.d/groups/ssh/ssh-agent | 1 - apparmor.d/groups/ubuntu/ubuntu-report | 2 -- apparmor.d/profiles-a-f/aa-notify | 2 -- apparmor.d/profiles-a-f/blueman | 2 -- apparmor.d/profiles-s-z/spice-vdagent | 2 -- apparmor.d/profiles-s-z/wireplumber | 2 -- 78 files changed, 120 deletions(-) diff --git a/apparmor.d/groups/browsers/firefox-pingsender b/apparmor.d/groups/browsers/firefox-pingsender index bc1e3f36..751f1e9f 100644 --- a/apparmor.d/groups/browsers/firefox-pingsender +++ b/apparmor.d/groups/browsers/firefox-pingsender @@ -21,7 +21,6 @@ profile firefox-pingsender @{exec_path} { network inet stream, network inet6 stream, - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (receive) set=(term, kill) peer=firefox, @{exec_path} mr, diff --git a/apparmor.d/groups/bus/dbus-broker b/apparmor.d/groups/bus/dbus-broker index 98d6a44f..3d57acf7 100644 --- a/apparmor.d/groups/bus/dbus-broker +++ b/apparmor.d/groups/bus/dbus-broker @@ -18,8 +18,6 @@ profile dbus-broker @{exec_path} flags=(attach_disconnected) { network bluetooth stream, network bluetooth seqpacket, - signal (receive) set=(cont, term) peer=@{systemd_user}, - dbus bus=accessibility, dbus bus=session, dbus bus=system, diff --git a/apparmor.d/groups/bus/dbus-daemon b/apparmor.d/groups/bus/dbus-daemon index e85a4af7..434f19b7 100644 --- a/apparmor.d/groups/bus/dbus-daemon +++ b/apparmor.d/groups/bus/dbus-daemon @@ -27,7 +27,6 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) { network bluetooth stream, network bluetooth seqpacket, - signal (receive) set=(cont term) peer=@{systemd_user}, signal (receive) set=(term hup kill) peer=at-spi-bus-launcher, signal (receive) set=(term hup kill) peer=dbus-run-session, signal (receive) set=(term hup kill) peer=gdm*, diff --git a/apparmor.d/groups/bus/ibus-dconf b/apparmor.d/groups/bus/ibus-dconf index 630ee89f..3ad8898b 100644 --- a/apparmor.d/groups/bus/ibus-dconf +++ b/apparmor.d/groups/bus/ibus-dconf @@ -14,7 +14,6 @@ profile ibus-dconf @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (receive) set=term peer=ibus-daemon, unix (send, receive, connect) type=stream peer=(addr="@/home/*/.cache/ibus/dbus-????????", label=ibus-daemon), diff --git a/apparmor.d/groups/bus/ibus-x11 b/apparmor.d/groups/bus/ibus-x11 index 74ee525f..2383fc3c 100644 --- a/apparmor.d/groups/bus/ibus-x11 +++ b/apparmor.d/groups/bus/ibus-x11 @@ -20,8 +20,6 @@ profile ibus-x11 @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=@{systemd_user}, - unix (connect, receive, send) type=stream peer=(label=ibus-daemon), network inet stream, diff --git a/apparmor.d/groups/freedesktop/at-spi-bus-launcher b/apparmor.d/groups/freedesktop/at-spi-bus-launcher index c9d1243f..8ced1788 100644 --- a/apparmor.d/groups/freedesktop/at-spi-bus-launcher +++ b/apparmor.d/groups/freedesktop/at-spi-bus-launcher @@ -22,7 +22,6 @@ profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) { network inet6 dgram, network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term hup kill) peer=dbus-daemon, signal (receive) set=(term hup kill) peer=gdm*, signal (receive) set=(term hup kill) peer=gnome-session-binary, diff --git a/apparmor.d/groups/freedesktop/at-spi2-registryd b/apparmor.d/groups/freedesktop/at-spi2-registryd index 45248857..5451b881 100644 --- a/apparmor.d/groups/freedesktop/at-spi2-registryd +++ b/apparmor.d/groups/freedesktop/at-spi2-registryd @@ -17,7 +17,6 @@ profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (receive) set=(term hup kill) peer=@{systemd}, signal (receive) set=(term hup kill) peer=dbus-daemon, signal (receive) set=(term hup kill) peer=gdm*, diff --git a/apparmor.d/groups/freedesktop/dconf-service b/apparmor.d/groups/freedesktop/dconf-service index 160ef5e6..d074a30e 100644 --- a/apparmor.d/groups/freedesktop/dconf-service +++ b/apparmor.d/groups/freedesktop/dconf-service @@ -13,7 +13,6 @@ profile dconf-service @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term kill hup) peer=dbus-daemon, signal (receive) set=(term hup) peer=gdm*, diff --git a/apparmor.d/groups/freedesktop/geoclue b/apparmor.d/groups/freedesktop/geoclue index b0aff821..0182f71b 100644 --- a/apparmor.d/groups/freedesktop/geoclue +++ b/apparmor.d/groups/freedesktop/geoclue @@ -24,8 +24,6 @@ profile geoclue @{exec_path} flags=(attach_disconnected) { network inet6 stream, network netlink raw, - signal (receive) set=(cont, term) peer=@{systemd_user}, - # dbus: own bus=system name=org.freedesktop.GeoClue2 dbus send bus=system path=/org/freedesktop/DBus diff --git a/apparmor.d/groups/freedesktop/pipewire b/apparmor.d/groups/freedesktop/pipewire index 40bb05c4..7f81d75f 100644 --- a/apparmor.d/groups/freedesktop/pipewire +++ b/apparmor.d/groups/freedesktop/pipewire @@ -21,8 +21,6 @@ profile pipewire @{exec_path} flags=(attach_disconnected) { network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - ptrace (read), # dbus: own bus=session name=org.pulseaudio.Server diff --git a/apparmor.d/groups/freedesktop/pipewire-media-session b/apparmor.d/groups/freedesktop/pipewire-media-session index a066fe11..0bb4c033 100644 --- a/apparmor.d/groups/freedesktop/pipewire-media-session +++ b/apparmor.d/groups/freedesktop/pipewire-media-session @@ -23,8 +23,6 @@ profile pipewire-media-session @{exec_path} { network bluetooth stream, network netlink raw, - signal (receive) set=(cont term) peer=@{systemd_user}, - dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetConnectionUnixProcessID diff --git a/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent b/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent index c9f674db..f5cbac88 100644 --- a/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent +++ b/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent @@ -24,7 +24,6 @@ profile polkit-kde-authentication-agent @{exec_path} flags=(attach_disconnected) network inet6 stream, network netlink raw, - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (send) set=(term, kill) peer=polkit-agent-helper, @{exec_path} mr, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal b/apparmor.d/groups/freedesktop/xdg-desktop-portal index 562d1eae..19547ad5 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal @@ -24,8 +24,6 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) { network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - ptrace (read), # dbus: own bus=session name=org.freedesktop.portal.Desktop path=/org/freedesktop/portal/desktop interface={org.freedesktop.DBus.Properties,org.freedesktop{,.impl}.portal.{Settings,Background}} diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome index 39416eeb..7ceb1ba4 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome @@ -26,7 +26,6 @@ profile xdg-desktop-portal-gnome @{exec_path} { network unix stream, - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=term peer=gdm, dbus bind bus=session name=org.freedesktop.impl.portal.desktop.gnome, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk index 2963a801..949fc987 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk @@ -29,8 +29,6 @@ profile xdg-desktop-portal-gtk @{exec_path} { include include - signal (receive) set=(cont, term) peer=systemd-user, - unix (send, receive, connect) type=stream peer=(addr="@/tmp/.X11-unix/*", label=gnome-shell), dbus bind bus=session name=org.freedesktop.impl.portal.desktop.gtk, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde index 07a82f0a..9008bf76 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde @@ -19,8 +19,6 @@ profile xdg-desktop-portal-kde @{exec_path} { network inet6 stream, network netlink raw, - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mr, owner @{user_cache_dirs}/*.kcache r, diff --git a/apparmor.d/groups/freedesktop/xdg-document-portal b/apparmor.d/groups/freedesktop/xdg-document-portal index d72e85b5..70b2cf7f 100644 --- a/apparmor.d/groups/freedesktop/xdg-document-portal +++ b/apparmor.d/groups/freedesktop/xdg-document-portal @@ -18,7 +18,6 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) { mount fstype=fuse.portal -> @{run}/user/@{uid}/doc/, - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term) peer=gdm, ptrace (read) peer=xdg-desktop-portal, @@ -65,8 +64,6 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) { umount @{run}/user/@{uid}/doc/, - signal (receive) set=(cont, term) peer=systemd-user, - unix (send receive) type=stream peer=(label=xdg-document-portal), @{bin}/fusermount{,3} mr, diff --git a/apparmor.d/groups/freedesktop/xdg-permission-store b/apparmor.d/groups/freedesktop/xdg-permission-store index bd35ddb1..cdddb22b 100644 --- a/apparmor.d/groups/freedesktop/xdg-permission-store +++ b/apparmor.d/groups/freedesktop/xdg-permission-store @@ -13,7 +13,6 @@ profile xdg-permission-store @{exec_path} flags=(attach_disconnected) { capability sys_nice, - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term hup kill) peer=dbus-daemon, signal (receive) set=(term hup kill) peer=gdm*, diff --git a/apparmor.d/groups/freedesktop/xwayland b/apparmor.d/groups/freedesktop/xwayland index 5f52fdb6..bba6a6ab 100644 --- a/apparmor.d/groups/freedesktop/xwayland +++ b/apparmor.d/groups/freedesktop/xwayland @@ -13,7 +13,6 @@ profile xwayland @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term hup) peer=gdm*, signal (receive) set=(term hup) peer=gnome-shell, signal (receive) set=(term hup) peer=kwin_wayland, diff --git a/apparmor.d/groups/gnome/evolution-addressbook-factory b/apparmor.d/groups/gnome/evolution-addressbook-factory index 623de6c5..59fc0c13 100644 --- a/apparmor.d/groups/gnome/evolution-addressbook-factory +++ b/apparmor.d/groups/gnome/evolution-addressbook-factory @@ -25,8 +25,6 @@ profile evolution-addressbook-factory @{exec_path} { network inet6 dgram, network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - dbus bind bus=session name=org.gnome.evolution.dataserver.AddressBook@{int}, dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/** diff --git a/apparmor.d/groups/gnome/evolution-alarm-notify b/apparmor.d/groups/gnome/evolution-alarm-notify index 5de607fc..2cec7f15 100644 --- a/apparmor.d/groups/gnome/evolution-alarm-notify +++ b/apparmor.d/groups/gnome/evolution-alarm-notify @@ -21,8 +21,6 @@ profile evolution-alarm-notify @{exec_path} { network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - # dbus: own bus=session name=org.gnome.Evolution-alarm-notify dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/** diff --git a/apparmor.d/groups/gnome/evolution-calendar-factory b/apparmor.d/groups/gnome/evolution-calendar-factory index 4cdc11fa..f1a59102 100644 --- a/apparmor.d/groups/gnome/evolution-calendar-factory +++ b/apparmor.d/groups/gnome/evolution-calendar-factory @@ -24,8 +24,6 @@ profile evolution-calendar-factory @{exec_path} { network inet6 dgram, network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - dbus bind bus=session name=org.gnome.evolution.dataserver.Calendar@{int}, dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/** diff --git a/apparmor.d/groups/gnome/evolution-source-registry b/apparmor.d/groups/gnome/evolution-source-registry index 238d53ff..0a17f366 100644 --- a/apparmor.d/groups/gnome/evolution-source-registry +++ b/apparmor.d/groups/gnome/evolution-source-registry @@ -22,9 +22,7 @@ profile evolution-source-registry @{exec_path} { network inet6 dgram, network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - dbus bind bus=session name=org.gnome.evolution.dataserver.Sources@{int}, dbus receive bus=session path=/org/gnome/evolution/dataserver/SourceManager{,/**} interface={org.freedesktop.DBus.ObjectManager,org.freedesktop.DBus.Properties} peer=(name=:*), diff --git a/apparmor.d/groups/gnome/gjs-console b/apparmor.d/groups/gnome/gjs-console index fb276acf..db4a703f 100644 --- a/apparmor.d/groups/gnome/gjs-console +++ b/apparmor.d/groups/gnome/gjs-console @@ -27,7 +27,6 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) { network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term hup) peer=gdm*, # dbus: own bus=session name=org.freedesktop.Notifications diff --git a/apparmor.d/groups/gnome/gnome-keyring-daemon b/apparmor.d/groups/gnome/gnome-keyring-daemon index 365be69d..a2829ee6 100644 --- a/apparmor.d/groups/gnome/gnome-keyring-daemon +++ b/apparmor.d/groups/gnome/gnome-keyring-daemon @@ -19,7 +19,6 @@ profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) { capability ipc_lock, - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term) peer=gdm, signal (send) set=(term) peer=ssh-agent, diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index 4246341b..a0d7a733 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -65,7 +65,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { ptrace (read), ptrace (readby) peer=pipewire, - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, signal (send), diff --git a/apparmor.d/groups/gnome/gnome-shell-calendar-server b/apparmor.d/groups/gnome/gnome-shell-calendar-server index 15bb651f..6f3d3ce9 100644 --- a/apparmor.d/groups/gnome/gnome-shell-calendar-server +++ b/apparmor.d/groups/gnome/gnome-shell-calendar-server @@ -13,8 +13,6 @@ profile gnome-shell-calendar-server @{exec_path} { include include - signal (receive) set=(cont, term) peer=systemd-user, - # dbus: own bus=session name=org.gnome.Shell.CalendarServer dbus (send receive) bus=session path=/org/gnome/evolution/dataserver/{,**} diff --git a/apparmor.d/groups/gnome/gnome-terminal-server b/apparmor.d/groups/gnome/gnome-terminal-server index 7c076809..178e50e4 100644 --- a/apparmor.d/groups/gnome/gnome-terminal-server +++ b/apparmor.d/groups/gnome/gnome-terminal-server @@ -18,7 +18,6 @@ profile gnome-terminal-server @{exec_path} { include include - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (send) set=(hup) peer=htop, signal (send) set=(term hup kill) peer=unconfined, diff --git a/apparmor.d/groups/gnome/goa-daemon b/apparmor.d/groups/gnome/goa-daemon index ba37f78d..68a49045 100644 --- a/apparmor.d/groups/gnome/goa-daemon +++ b/apparmor.d/groups/gnome/goa-daemon @@ -25,8 +25,6 @@ profile goa-daemon @{exec_path} { network inet6 dgram, network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - # dbus: own bus=session name=org.gnome.OnlineAccounts dbus send bus=session path=/org/gnome/Identity diff --git a/apparmor.d/groups/gnome/goa-identity-service b/apparmor.d/groups/gnome/goa-identity-service index 50983587..5bdf6de6 100644 --- a/apparmor.d/groups/gnome/goa-identity-service +++ b/apparmor.d/groups/gnome/goa-identity-service @@ -12,8 +12,6 @@ profile goa-identity-service @{exec_path} { include include - signal (receive) set=(cont, term) peer=systemd-user, - # dbus: own bus=session name=org.gnome.Identity dbus send bus=session path=/org/gnome/OnlineAccounts diff --git a/apparmor.d/groups/gnome/gsd-a11y-settings b/apparmor.d/groups/gnome/gsd-a11y-settings index 50ff4c57..a002792e 100644 --- a/apparmor.d/groups/gnome/gsd-a11y-settings +++ b/apparmor.d/groups/gnome/gsd-a11y-settings @@ -13,7 +13,6 @@ profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, # dbus: own bus=session name=org.gnome.SettingsDaemon.A11ySettings diff --git a/apparmor.d/groups/gnome/gsd-color b/apparmor.d/groups/gnome/gsd-color index 474180e3..661e561a 100644 --- a/apparmor.d/groups/gnome/gsd-color +++ b/apparmor.d/groups/gnome/gsd-color @@ -21,7 +21,6 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, # dbus: own bus=session name=org.gnome.SettingsDaemon.Color diff --git a/apparmor.d/groups/gnome/gsd-datetime b/apparmor.d/groups/gnome/gsd-datetime index f6bf3c64..047e5229 100644 --- a/apparmor.d/groups/gnome/gsd-datetime +++ b/apparmor.d/groups/gnome/gsd-datetime @@ -13,7 +13,6 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, # dbus: own bus=session name=org.gnome.SettingsDaemon.Datetime diff --git a/apparmor.d/groups/gnome/gsd-disk-utility-notify b/apparmor.d/groups/gnome/gsd-disk-utility-notify index e910bfb8..f0647415 100644 --- a/apparmor.d/groups/gnome/gsd-disk-utility-notify +++ b/apparmor.d/groups/gnome/gsd-disk-utility-notify @@ -13,8 +13,6 @@ profile gsd-disk-utility-notify @{exec_path} { include include - signal (receive) set=(cont, term) peer=systemd-user, - # dbus: own bus=session name=org.gnome.Disks.NotificationMonitor dbus receive bus=session diff --git a/apparmor.d/groups/gnome/gsd-housekeeping b/apparmor.d/groups/gnome/gsd-housekeeping index 00b97fe5..0545fdd9 100644 --- a/apparmor.d/groups/gnome/gsd-housekeeping +++ b/apparmor.d/groups/gnome/gsd-housekeeping @@ -16,7 +16,6 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gnome*, diff --git a/apparmor.d/groups/gnome/gsd-keyboard b/apparmor.d/groups/gnome/gsd-keyboard index aefedf2b..b34a984e 100644 --- a/apparmor.d/groups/gnome/gsd-keyboard +++ b/apparmor.d/groups/gnome/gsd-keyboard @@ -21,7 +21,6 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, # dbus: own bus=session name=org.gnome.SettingsDaemon.Keyboard diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys index c38fe81a..7ffa86d5 100644 --- a/apparmor.d/groups/gnome/gsd-media-keys +++ b/apparmor.d/groups/gnome/gsd-media-keys @@ -24,7 +24,6 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, network netlink raw, diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power index 2b883fcb..f1f24bff 100644 --- a/apparmor.d/groups/gnome/gsd-power +++ b/apparmor.d/groups/gnome/gsd-power @@ -31,7 +31,6 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, # dbus: own bus=session name=org.gnome.SettingsDaemon.Power diff --git a/apparmor.d/groups/gnome/gsd-print-notifications b/apparmor.d/groups/gnome/gsd-print-notifications index f1e980c6..cce83323 100644 --- a/apparmor.d/groups/gnome/gsd-print-notifications +++ b/apparmor.d/groups/gnome/gsd-print-notifications @@ -18,7 +18,6 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) { network inet stream, network inet6 stream, - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, signal (send) set=(hup) peer=gsd-printer, diff --git a/apparmor.d/groups/gnome/gsd-printer b/apparmor.d/groups/gnome/gsd-printer index b8ac31f3..b9ecce18 100644 --- a/apparmor.d/groups/gnome/gsd-printer +++ b/apparmor.d/groups/gnome/gsd-printer @@ -14,7 +14,6 @@ profile gsd-printer @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(hup) peer=gsd-print-notifications, diff --git a/apparmor.d/groups/gnome/gsd-rfkill b/apparmor.d/groups/gnome/gsd-rfkill index 36130dd1..7a38625a 100644 --- a/apparmor.d/groups/gnome/gsd-rfkill +++ b/apparmor.d/groups/gnome/gsd-rfkill @@ -16,7 +16,6 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, network netlink raw, diff --git a/apparmor.d/groups/gnome/gsd-screensaver-proxy b/apparmor.d/groups/gnome/gsd-screensaver-proxy index 93896dfa..9fe94692 100644 --- a/apparmor.d/groups/gnome/gsd-screensaver-proxy +++ b/apparmor.d/groups/gnome/gsd-screensaver-proxy @@ -12,7 +12,6 @@ profile gsd-screensaver-proxy @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, # dbus: own bus=session name=org.freedesktop.ScreenSaver diff --git a/apparmor.d/groups/gnome/gsd-sharing b/apparmor.d/groups/gnome/gsd-sharing index b72a3c27..640e9bf4 100644 --- a/apparmor.d/groups/gnome/gsd-sharing +++ b/apparmor.d/groups/gnome/gsd-sharing @@ -15,7 +15,6 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, # dbus: own bus=session name=org.gnome.SettingsDaemon.Sharing diff --git a/apparmor.d/groups/gnome/gsd-smartcard b/apparmor.d/groups/gnome/gsd-smartcard index 5a8bdfe2..51564e8e 100644 --- a/apparmor.d/groups/gnome/gsd-smartcard +++ b/apparmor.d/groups/gnome/gsd-smartcard @@ -15,7 +15,6 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, # dbus: own bus=session name=org.gnome.SettingsDaemon.Smartcard diff --git a/apparmor.d/groups/gnome/gsd-sound b/apparmor.d/groups/gnome/gsd-sound index 08c6fac1..2db9cefc 100644 --- a/apparmor.d/groups/gnome/gsd-sound +++ b/apparmor.d/groups/gnome/gsd-sound @@ -15,7 +15,6 @@ profile gsd-sound @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, # dbus: own bus=session name=org.gnome.SettingsDaemon.Sound diff --git a/apparmor.d/groups/gnome/gsd-usb-protection b/apparmor.d/groups/gnome/gsd-usb-protection index b4fb1007..30f150d2 100644 --- a/apparmor.d/groups/gnome/gsd-usb-protection +++ b/apparmor.d/groups/gnome/gsd-usb-protection @@ -11,8 +11,6 @@ profile gsd-usb-protection @{exec_path} { include include - signal (receive) set=(cont, term) peer=systemd-user, - @{exec_path} mr, /usr/share/glib-2.0/schemas/gschemas.compiled r, diff --git a/apparmor.d/groups/gnome/gsd-wacom b/apparmor.d/groups/gnome/gsd-wacom index fa2f5da0..7bfee223 100644 --- a/apparmor.d/groups/gnome/gsd-wacom +++ b/apparmor.d/groups/gnome/gsd-wacom @@ -19,7 +19,6 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, signal (receive) set=(term, hup) peer=gdm*, # dbus: own bus=session name=org.gnome.SettingsDaemon.Wacom diff --git a/apparmor.d/groups/gnome/gsd-xsettings b/apparmor.d/groups/gnome/gsd-xsettings index 7ee95cb2..dac3c6a4 100644 --- a/apparmor.d/groups/gnome/gsd-xsettings +++ b/apparmor.d/groups/gnome/gsd-xsettings @@ -30,8 +30,6 @@ profile gsd-xsettings @{exec_path} { network inet6 dgram, network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - # dbus: own bus=session name=org.gnome.SettingsDaemon.XSettings # dbus: own bus=session name=org.gtk.Settings diff --git a/apparmor.d/groups/gnome/mutter-x11-frames b/apparmor.d/groups/gnome/mutter-x11-frames index fd9d4fc2..1363f3d0 100644 --- a/apparmor.d/groups/gnome/mutter-x11-frames +++ b/apparmor.d/groups/gnome/mutter-x11-frames @@ -17,8 +17,6 @@ profile mutter-x11-frames @{exec_path} { include include - signal (receive) set=(cont, term) peer=systemd-user, - @{exec_path} mr, /usr/share/dconf/profile/gdm r, diff --git a/apparmor.d/groups/gnome/tracker-extract b/apparmor.d/groups/gnome/tracker-extract index d3b1ad2b..b41f0731 100644 --- a/apparmor.d/groups/gnome/tracker-extract +++ b/apparmor.d/groups/gnome/tracker-extract @@ -25,7 +25,6 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) { network netlink raw, - signal (receive) set=(cont term) peer=@{systemd_user}, signal (receive) set=(term) peer=gdm, # dbus: own bus=session name=org.freedesktop.Tracker3.Miner.Extract diff --git a/apparmor.d/groups/gnome/tracker-miner b/apparmor.d/groups/gnome/tracker-miner index 0a98a387..554e4e44 100644 --- a/apparmor.d/groups/gnome/tracker-miner +++ b/apparmor.d/groups/gnome/tracker-miner @@ -25,7 +25,6 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) { network netlink raw, - signal (receive) set=(cont term) peer=@{systemd_user}, signal (receive) set=(term, kill) peer=gdm, signal (receive) set=(hup) peer=gdm-session-worker, diff --git a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor index 5dd480c2..60ae7984 100644 --- a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor @@ -12,8 +12,6 @@ profile gvfs-afc-volume-monitor @{exec_path} { include include - signal (receive) set=(cont, term) peer=systemd-user, - # dbus: own bus=session name=org.gtk.vfs.AfcVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor dbus receive bus=session diff --git a/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor b/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor index a9865e1a..efe6f3ec 100644 --- a/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor @@ -12,8 +12,6 @@ profile gvfs-goa-volume-monitor @{exec_path} { include include - signal (receive) set=(cont, term) peer=systemd-user, - dbus bind bus=session name=org.gtk.vfs.GoaVolumeMonitor, dbus (send, receive) bus=session path=/org/gtk/Private/RemoteVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor diff --git a/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor index 7c9a2d3d..7d9f93fb 100644 --- a/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor @@ -16,8 +16,6 @@ profile gvfs-gphoto2-volume-monitor @{exec_path} { network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - dbus bind bus=session name=org.gtk.vfs.GPhoto2VolumeMonitor, dbus (send, receive) bus=session path=/org/gtk/Private/RemoteVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor diff --git a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor index d09e2885..e145a24d 100644 --- a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor @@ -15,8 +15,6 @@ profile gvfs-mtp-volume-monitor @{exec_path} { network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - dbus bind bus=session name=org.gtk.vfs.MTPVolumeMonitor, dbus (send, receive) bus=session path=/org/gtk/Private/RemoteVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor diff --git a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor index 35154585..78eb32b4 100644 --- a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor @@ -26,7 +26,6 @@ profile gvfs-udisks2-volume-monitor @{exec_path} flags=(attach_disconnected) { network inet6 stream, network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, signal (send) set=(term, kill) peer=mount, ptrace (read), diff --git a/apparmor.d/groups/gvfs/gvfsd b/apparmor.d/groups/gvfs/gvfsd index ca821bfb..e7e5f491 100644 --- a/apparmor.d/groups/gvfs/gvfsd +++ b/apparmor.d/groups/gvfs/gvfsd @@ -12,8 +12,6 @@ profile gvfsd @{exec_path} { include include - signal (receive) set=(cont, term) peer=systemd-user, - dbus bind bus=session name=org.gtk.vfs.Daemon, dbus send bus=session path=/org/gtk/vfs/mounttracker diff --git a/apparmor.d/groups/gvfs/gvfsd-fuse b/apparmor.d/groups/gvfs/gvfsd-fuse index b87b4cf1..b29faeea 100644 --- a/apparmor.d/groups/gvfs/gvfsd-fuse +++ b/apparmor.d/groups/gvfs/gvfsd-fuse @@ -15,8 +15,6 @@ profile gvfsd-fuse @{exec_path} { mount fstype={fuse,fuse.*} -> @{run}/user/@{uid}/gvfs/, - signal (receive) set=(cont, term) peer=systemd-user, - unix (send,receive) type=stream addr=none peer=(label=gvfsd-fuse//fusermount), dbus send bus=session path=/org/gtk/vfs/mounttracker @@ -47,8 +45,6 @@ profile gvfsd-fuse @{exec_path} { mount fstype={fuse,fuse.*} -> @{run}/user/@{uid}/gvfs/, umount @{run}/user/@{uid}/**/, - signal (receive) set=(cont, term) peer=systemd-user, - unix (send,receive) type=stream addr=none peer=(label=gvfsd-fuse), @{bin}/fusermount{,3} mr, diff --git a/apparmor.d/groups/kde/DiscoverNotifier b/apparmor.d/groups/kde/DiscoverNotifier index 8829b727..9b1707e9 100644 --- a/apparmor.d/groups/kde/DiscoverNotifier +++ b/apparmor.d/groups/kde/DiscoverNotifier @@ -17,8 +17,6 @@ profile DiscoverNotifier @{exec_path} { network inet6 dgram, network netlink dgram, - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mr, /etc/flatpak/remotes.d/ r, diff --git a/apparmor.d/groups/kde/baloo b/apparmor.d/groups/kde/baloo index ad94e133..297906b4 100644 --- a/apparmor.d/groups/kde/baloo +++ b/apparmor.d/groups/kde/baloo @@ -19,8 +19,6 @@ profile baloo @{exec_path} { network netlink raw, - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mr, @{lib}/{,kf6/}baloo_file_extractor rix, diff --git a/apparmor.d/groups/kde/gmenudbusmenuproxy b/apparmor.d/groups/kde/gmenudbusmenuproxy index 34e47f7f..8818aeaf 100644 --- a/apparmor.d/groups/kde/gmenudbusmenuproxy +++ b/apparmor.d/groups/kde/gmenudbusmenuproxy @@ -15,8 +15,6 @@ profile gmenudbusmenuproxy @{exec_path} { ptrace (read) peer=kded, - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mr, /etc/machine-id r, diff --git a/apparmor.d/groups/kde/kaccess b/apparmor.d/groups/kde/kaccess index 536db33d..02a095c8 100644 --- a/apparmor.d/groups/kde/kaccess +++ b/apparmor.d/groups/kde/kaccess @@ -13,8 +13,6 @@ profile kaccess @{exec_path} { include include - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mr, @{bin}/gsettings rPx, diff --git a/apparmor.d/groups/kde/kactivitymanagerd b/apparmor.d/groups/kde/kactivitymanagerd index 978f85f5..fc8e63d8 100644 --- a/apparmor.d/groups/kde/kactivitymanagerd +++ b/apparmor.d/groups/kde/kactivitymanagerd @@ -15,8 +15,6 @@ profile kactivitymanagerd @{exec_path} { include include - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mr, /etc/xdg/menus/{,*/} r, diff --git a/apparmor.d/groups/kde/kde-powerdevil b/apparmor.d/groups/kde/kde-powerdevil index fa95f5aa..7bea54a8 100644 --- a/apparmor.d/groups/kde/kde-powerdevil +++ b/apparmor.d/groups/kde/kde-powerdevil @@ -18,8 +18,6 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted) network netlink raw, - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mrix, @{sh_path} rix, diff --git a/apparmor.d/groups/kde/kded b/apparmor.d/groups/kde/kded index 439d4cab..d7e66dad 100644 --- a/apparmor.d/groups/kde/kded +++ b/apparmor.d/groups/kde/kded @@ -32,7 +32,6 @@ profile kded @{exec_path} { ptrace (read), - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (send) set=hup peer=xsettingsd, dbus receive bus=system path=/org/freedesktop/NetworkManager/SecretAgent diff --git a/apparmor.d/groups/kde/kscreenlocker-greet b/apparmor.d/groups/kde/kscreenlocker-greet index d438600c..96b15583 100644 --- a/apparmor.d/groups/kde/kscreenlocker-greet +++ b/apparmor.d/groups/kde/kscreenlocker-greet @@ -25,7 +25,6 @@ profile kscreenlocker-greet @{exec_path} { network netlink raw, - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (receive) set=(term) peer=kwin_wayland, signal (receive) set=(usr1, term) peer=ksmserver, signal (send) peer=kcheckpass, diff --git a/apparmor.d/groups/kde/ksmserver b/apparmor.d/groups/kde/ksmserver index bf20c1ea..aae75a01 100644 --- a/apparmor.d/groups/kde/ksmserver +++ b/apparmor.d/groups/kde/ksmserver @@ -15,7 +15,6 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) { include include - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (send) set=(usr1,term) peer=kscreenlocker-greet, unix (send, receive) type=stream peer=(label="kscreenlocker-greet",addr=none), diff --git a/apparmor.d/groups/kde/kwin_wayland b/apparmor.d/groups/kde/kwin_wayland index 506a8f67..0a15b59b 100644 --- a/apparmor.d/groups/kde/kwin_wayland +++ b/apparmor.d/groups/kde/kwin_wayland @@ -19,7 +19,6 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) { ptrace (read), - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (receive) set=term peer=sddm, signal (receive) set=(kill, term) peer=kwin_wayland_wrapper, signal (send) set=(kill, term) peer=xwayland, diff --git a/apparmor.d/groups/kde/kwin_wayland_wrapper b/apparmor.d/groups/kde/kwin_wayland_wrapper index 924c0f4b..6690d447 100644 --- a/apparmor.d/groups/kde/kwin_wayland_wrapper +++ b/apparmor.d/groups/kde/kwin_wayland_wrapper @@ -12,7 +12,6 @@ profile kwin_wayland_wrapper @{exec_path} { include include - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (send) set=(term, kill) peer=kwin_wayland, @{exec_path} mr, diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell index 250e18e3..8dce5da4 100644 --- a/apparmor.d/groups/kde/plasmashell +++ b/apparmor.d/groups/kde/plasmashell @@ -42,7 +42,6 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { ptrace (read) peer=libreoffice*, ptrace (read) peer=pinentry-qt, - signal (receive) set=(cont, term) peer=@{systemd_user}, signal (send), @{exec_path} mr, diff --git a/apparmor.d/groups/kde/xembedsniproxy b/apparmor.d/groups/kde/xembedsniproxy index 1de9e6fe..cc96b067 100644 --- a/apparmor.d/groups/kde/xembedsniproxy +++ b/apparmor.d/groups/kde/xembedsniproxy @@ -13,8 +13,6 @@ profile xembedsniproxy @{exec_path} { include include - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mr, /usr/share/hwdata/*.ids r, diff --git a/apparmor.d/groups/ssh/gcr-ssh-agent b/apparmor.d/groups/ssh/gcr-ssh-agent index c2d7acda..261ab8d9 100644 --- a/apparmor.d/groups/ssh/gcr-ssh-agent +++ b/apparmor.d/groups/ssh/gcr-ssh-agent @@ -10,8 +10,6 @@ include profile gcr-ssh-agent @{exec_path} { include - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mr, @{bin}/ssh-agent rPx, diff --git a/apparmor.d/groups/ssh/ssh-agent b/apparmor.d/groups/ssh/ssh-agent index 6cb27bba..0070d955 100644 --- a/apparmor.d/groups/ssh/ssh-agent +++ b/apparmor.d/groups/ssh/ssh-agent @@ -13,7 +13,6 @@ profile ssh-agent @{exec_path} { include include - signal (receive) set=(cont term) peer=@{systemd_user}, signal (receive) set=term peer=cockpit-bridge, signal (receive) set=term peer=gnome-keyring-daemon, diff --git a/apparmor.d/groups/ubuntu/ubuntu-report b/apparmor.d/groups/ubuntu/ubuntu-report index 6bf0e6aa..c29ef321 100644 --- a/apparmor.d/groups/ubuntu/ubuntu-report +++ b/apparmor.d/groups/ubuntu/ubuntu-report @@ -17,8 +17,6 @@ profile ubuntu-report @{exec_path} { network inet dgram, network inet6 dgram, - signal (receive) set=(cont term) peer=@{systemd_user}, - @{exec_path} mr, @{bin}/dpkg rPx -> child-dpkg, diff --git a/apparmor.d/profiles-a-f/aa-notify b/apparmor.d/profiles-a-f/aa-notify index 5dda75fc..51835f9d 100644 --- a/apparmor.d/profiles-a-f/aa-notify +++ b/apparmor.d/profiles-a-f/aa-notify @@ -19,8 +19,6 @@ profile aa-notify @{exec_path} { ptrace (read), - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mr, @{bin}/ r, diff --git a/apparmor.d/profiles-a-f/blueman b/apparmor.d/profiles-a-f/blueman index 49ac837b..aa0333e7 100644 --- a/apparmor.d/profiles-a-f/blueman +++ b/apparmor.d/profiles-a-f/blueman @@ -29,8 +29,6 @@ profile blueman @{exec_path} flags=(attach_disconnected) { ptrace (read) peer=gjs-console, - signal (receive) set=(cont, term) peer=@{systemd_user}, - @{exec_path} mrix, @{sh_path} rix, diff --git a/apparmor.d/profiles-s-z/spice-vdagent b/apparmor.d/profiles-s-z/spice-vdagent index 8a81a90e..28e5e357 100644 --- a/apparmor.d/profiles-s-z/spice-vdagent +++ b/apparmor.d/profiles-s-z/spice-vdagent @@ -24,8 +24,6 @@ profile spice-vdagent @{exec_path} flags=(attach_disconnected) { include include - signal (receive) set=(cont, term) peer=systemd-user, - dbus send bus=session path=/org/freedesktop/portal/desktop interface=org.freedesktop.portal.Realtime member=MakeThreadRealtimeWithPID diff --git a/apparmor.d/profiles-s-z/wireplumber b/apparmor.d/profiles-s-z/wireplumber index 267d3aa6..19084dfd 100644 --- a/apparmor.d/profiles-s-z/wireplumber +++ b/apparmor.d/profiles-s-z/wireplumber @@ -23,8 +23,6 @@ profile wireplumber @{exec_path} { network bluetooth stream, network netlink raw, - signal (receive) set=(cont, term) peer=systemd-user, - dbus bind bus=session name=org.freedesktop.ReserveDevice1.Audio0, dbus receive bus=session