mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-15 16:03:51 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(profile): remove rule moved to the base abstraction.

Browse Source
This commit is contained in:
Alexandre Pujol 2024-03-10 20:01:58 +00:00
parent beaf1bad16
commit 7882ae2153
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
78 changed files with 0 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
apparmor.d/groups/browsers/firefox-pingsender
View File

@ -21,7 +21,6 @@ profile firefox-pingsender @{exec_path} {
network inet stream, network inet stream,
network inet6 stream, network inet6 stream,
signal (receive) set=(cont, term) peer=@{systemd_user},
signal (receive) set=(term, kill) peer=firefox, signal (receive) set=(term, kill) peer=firefox,
@{exec_path} mr, @{exec_path} mr,

2
apparmor.d/groups/bus/dbus-broker
View File

@ -18,8 +18,6 @@ profile dbus-broker @{exec_path} flags=(attach_disconnected) {
network bluetooth stream, network bluetooth stream,
network bluetooth seqpacket, network bluetooth seqpacket,
signal (receive) set=(cont, term) peer=@{systemd_user},
dbus bus=accessibility, dbus bus=accessibility,
dbus bus=session, dbus bus=session,
dbus bus=system, dbus bus=system,

1
apparmor.d/groups/bus/dbus-daemon
View File

@ -27,7 +27,6 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) {
network bluetooth stream, network bluetooth stream,
network bluetooth seqpacket, network bluetooth seqpacket,
signal (receive) set=(cont term) peer=@{systemd_user},
signal (receive) set=(term hup kill) peer=at-spi-bus-launcher, signal (receive) set=(term hup kill) peer=at-spi-bus-launcher,
signal (receive) set=(term hup kill) peer=dbus-run-session, signal (receive) set=(term hup kill) peer=dbus-run-session,
signal (receive) set=(term hup kill) peer=gdm*, signal (receive) set=(term hup kill) peer=gdm*,

1
apparmor.d/groups/bus/ibus-dconf
View File

@ -14,7 +14,6 @@ profile ibus-dconf @{exec_path} flags=(attach_disconnected) {
include <abstractions/dconf-write> include <abstractions/dconf-write>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
signal (receive) set=(cont, term) peer=@{systemd_user},
signal (receive) set=term peer=ibus-daemon, signal (receive) set=term peer=ibus-daemon,
unix (send, receive, connect) type=stream peer=(addr="@/home/*/.cache/ibus/dbus-????????", label=ibus-daemon), unix (send, receive, connect) type=stream peer=(addr="@/home/*/.cache/ibus/dbus-????????", label=ibus-daemon),

2
apparmor.d/groups/bus/ibus-x11
View File

@ -20,8 +20,6 @@ profile ibus-x11 @{exec_path} flags=(attach_disconnected) {
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/opencl> include <abstractions/opencl>
signal (receive) set=(cont, term) peer=@{systemd_user},
unix (connect, receive, send) type=stream peer=(label=ibus-daemon), unix (connect, receive, send) type=stream peer=(label=ibus-daemon),
network inet stream, network inet stream,

1
apparmor.d/groups/freedesktop/at-spi-bus-launcher
View File

@ -22,7 +22,6 @@ profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) {
network inet6 dgram, network inet6 dgram,
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term hup kill) peer=dbus-daemon, signal (receive) set=(term hup kill) peer=dbus-daemon,
signal (receive) set=(term hup kill) peer=gdm*, signal (receive) set=(term hup kill) peer=gdm*,
signal (receive) set=(term hup kill) peer=gnome-session-binary, signal (receive) set=(term hup kill) peer=gnome-session-binary,

1
apparmor.d/groups/freedesktop/at-spi2-registryd
View File

@ -17,7 +17,6 @@ profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) {
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/X-strict> include <abstractions/X-strict>
signal (receive) set=(cont, term) peer=@{systemd_user},
signal (receive) set=(term hup kill) peer=@{systemd}, signal (receive) set=(term hup kill) peer=@{systemd},
signal (receive) set=(term hup kill) peer=dbus-daemon, signal (receive) set=(term hup kill) peer=dbus-daemon,
signal (receive) set=(term hup kill) peer=gdm*, signal (receive) set=(term hup kill) peer=gdm*,

1
apparmor.d/groups/freedesktop/dconf-service
View File

@ -13,7 +13,6 @@ profile dconf-service @{exec_path} flags=(attach_disconnected) {
include <abstractions/bus-session> include <abstractions/bus-session>
include <abstractions/dconf-write> include <abstractions/dconf-write>
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term kill hup) peer=dbus-daemon, signal (receive) set=(term kill hup) peer=dbus-daemon,
signal (receive) set=(term hup) peer=gdm*, signal (receive) set=(term hup) peer=gdm*,

2
apparmor.d/groups/freedesktop/geoclue
View File

@ -24,8 +24,6 @@ profile geoclue @{exec_path} flags=(attach_disconnected) {
network inet6 stream, network inet6 stream,
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=@{systemd_user},
# dbus: own bus=system name=org.freedesktop.GeoClue2 # dbus: own bus=system name=org.freedesktop.GeoClue2
dbus send bus=system path=/org/freedesktop/DBus dbus send bus=system path=/org/freedesktop/DBus

2
apparmor.d/groups/freedesktop/pipewire
View File

@ -21,8 +21,6 @@ profile pipewire @{exec_path} flags=(attach_disconnected) {
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=systemd-user,
ptrace (read), ptrace (read),
# dbus: own bus=session name=org.pulseaudio.Server # dbus: own bus=session name=org.pulseaudio.Server

2
apparmor.d/groups/freedesktop/pipewire-media-session
View File

@ -23,8 +23,6 @@ profile pipewire-media-session @{exec_path} {
network bluetooth stream, network bluetooth stream,
network netlink raw, network netlink raw,
signal (receive) set=(cont term) peer=@{systemd_user},
dbus send bus=session path=/org/freedesktop/DBus dbus send bus=session path=/org/freedesktop/DBus
interface=org.freedesktop.DBus interface=org.freedesktop.DBus
member=GetConnectionUnixProcessID member=GetConnectionUnixProcessID

1
apparmor.d/groups/freedesktop/polkit-kde-authentication-agent
View File

@ -24,7 +24,6 @@ profile polkit-kde-authentication-agent @{exec_path} flags=(attach_disconnected)
network inet6 stream, network inet6 stream,
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=@{systemd_user},
signal (send) set=(term, kill) peer=polkit-agent-helper, signal (send) set=(term, kill) peer=polkit-agent-helper,
@{exec_path} mr, @{exec_path} mr,

2
apparmor.d/groups/freedesktop/xdg-desktop-portal
View File

@ -24,8 +24,6 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) {
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=systemd-user,
ptrace (read), ptrace (read),
# dbus: own bus=session name=org.freedesktop.portal.Desktop path=/org/freedesktop/portal/desktop interface={org.freedesktop.DBus.Properties,org.freedesktop{,.impl}.portal.{Settings,Background}} # dbus: own bus=session name=org.freedesktop.portal.Desktop path=/org/freedesktop/portal/desktop interface={org.freedesktop.DBus.Properties,org.freedesktop{,.impl}.portal.{Settings,Background}}

1
apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome
View File

@ -26,7 +26,6 @@ profile xdg-desktop-portal-gnome @{exec_path} {
network unix stream, network unix stream,
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=term peer=gdm, signal (receive) set=term peer=gdm,
dbus bind bus=session name=org.freedesktop.impl.portal.desktop.gnome, dbus bind bus=session name=org.freedesktop.impl.portal.desktop.gnome,

2
apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk
View File

@ -29,8 +29,6 @@ profile xdg-desktop-portal-gtk @{exec_path} {
include <abstractions/user-download> include <abstractions/user-download>
include <abstractions/user-write> include <abstractions/user-write>
signal (receive) set=(cont, term) peer=systemd-user,
unix (send, receive, connect) type=stream peer=(addr="@/tmp/.X11-unix/*", label=gnome-shell), unix (send, receive, connect) type=stream peer=(addr="@/tmp/.X11-unix/*", label=gnome-shell),
dbus bind bus=session name=org.freedesktop.impl.portal.desktop.gtk, dbus bind bus=session name=org.freedesktop.impl.portal.desktop.gtk,

2
apparmor.d/groups/freedesktop/xdg-desktop-portal-kde
View File

@ -19,8 +19,6 @@ profile xdg-desktop-portal-kde @{exec_path} {
network inet6 stream, network inet6 stream,
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=@{systemd_user},
@{exec_path} mr, @{exec_path} mr,
owner @{user_cache_dirs}/*.kcache r, owner @{user_cache_dirs}/*.kcache r,

3
apparmor.d/groups/freedesktop/xdg-document-portal
View File

@ -18,7 +18,6 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
mount fstype=fuse.portal -> @{run}/user/@{uid}/doc/, mount fstype=fuse.portal -> @{run}/user/@{uid}/doc/,
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term) peer=gdm, signal (receive) set=(term) peer=gdm,
ptrace (read) peer=xdg-desktop-portal, ptrace (read) peer=xdg-desktop-portal,
@ -65,8 +64,6 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
umount @{run}/user/@{uid}/doc/, umount @{run}/user/@{uid}/doc/,
signal (receive) set=(cont, term) peer=systemd-user,
unix (send receive) type=stream peer=(label=xdg-document-portal), unix (send receive) type=stream peer=(label=xdg-document-portal),
@{bin}/fusermount{,3} mr, @{bin}/fusermount{,3} mr,

1
apparmor.d/groups/freedesktop/xdg-permission-store
View File

@ -13,7 +13,6 @@ profile xdg-permission-store @{exec_path} flags=(attach_disconnected) {
capability sys_nice, capability sys_nice,
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term hup kill) peer=dbus-daemon, signal (receive) set=(term hup kill) peer=dbus-daemon,
signal (receive) set=(term hup kill) peer=gdm*, signal (receive) set=(term hup kill) peer=gdm*,

1
apparmor.d/groups/freedesktop/xwayland
View File

@ -13,7 +13,6 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
include <abstractions/graphics> include <abstractions/graphics>
include <abstractions/X-strict> include <abstractions/X-strict>
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term hup) peer=gdm*, signal (receive) set=(term hup) peer=gdm*,
signal (receive) set=(term hup) peer=gnome-shell, signal (receive) set=(term hup) peer=gnome-shell,
signal (receive) set=(term hup) peer=kwin_wayland, signal (receive) set=(term hup) peer=kwin_wayland,

2
apparmor.d/groups/gnome/evolution-addressbook-factory
View File

@ -25,8 +25,6 @@ profile evolution-addressbook-factory @{exec_path} {
network inet6 dgram, network inet6 dgram,
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=systemd-user,
dbus bind bus=session name=org.gnome.evolution.dataserver.AddressBook@{int}, dbus bind bus=session name=org.gnome.evolution.dataserver.AddressBook@{int},
dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/** dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**

2
apparmor.d/groups/gnome/evolution-alarm-notify
View File

@ -21,8 +21,6 @@ profile evolution-alarm-notify @{exec_path} {
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=systemd-user,
# dbus: own bus=session name=org.gnome.Evolution-alarm-notify # dbus: own bus=session name=org.gnome.Evolution-alarm-notify
dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/** dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**

2
apparmor.d/groups/gnome/evolution-calendar-factory
View File

@ -24,8 +24,6 @@ profile evolution-calendar-factory @{exec_path} {
network inet6 dgram, network inet6 dgram,
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=systemd-user,
dbus bind bus=session name=org.gnome.evolution.dataserver.Calendar@{int}, dbus bind bus=session name=org.gnome.evolution.dataserver.Calendar@{int},
dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/** dbus (send, receive) bus=session path=/org/gnome/evolution/dataserver/**

2
apparmor.d/groups/gnome/evolution-source-registry
View File

@ -22,9 +22,7 @@ profile evolution-source-registry @{exec_path} {
network inet6 dgram, network inet6 dgram,
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=systemd-user,
dbus bind bus=session name=org.gnome.evolution.dataserver.Sources@{int},
dbus receive bus=session path=/org/gnome/evolution/dataserver/SourceManager{,/**} dbus receive bus=session path=/org/gnome/evolution/dataserver/SourceManager{,/**}
interface={org.freedesktop.DBus.ObjectManager,org.freedesktop.DBus.Properties} interface={org.freedesktop.DBus.ObjectManager,org.freedesktop.DBus.Properties}
peer=(name=:*), peer=(name=:*),

1
apparmor.d/groups/gnome/gjs-console
View File

@ -27,7 +27,6 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term hup) peer=gdm*, signal (receive) set=(term hup) peer=gdm*,
# dbus: own bus=session name=org.freedesktop.Notifications # dbus: own bus=session name=org.freedesktop.Notifications

1
apparmor.d/groups/gnome/gnome-keyring-daemon
View File

@ -19,7 +19,6 @@ profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) {
capability ipc_lock, capability ipc_lock,
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term) peer=gdm, signal (receive) set=(term) peer=gdm,
signal (send) set=(term) peer=ssh-agent, signal (send) set=(term) peer=ssh-agent,

1
apparmor.d/groups/gnome/gnome-shell
View File

@ -65,7 +65,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
ptrace (read), ptrace (read),
ptrace (readby) peer=pipewire, ptrace (readby) peer=pipewire,
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gdm*,
signal (send), signal (send),

2
apparmor.d/groups/gnome/gnome-shell-calendar-server
View File

@ -13,8 +13,6 @@ profile gnome-shell-calendar-server @{exec_path} {
include <abstractions/dconf-write> include <abstractions/dconf-write>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
signal (receive) set=(cont, term) peer=systemd-user,
# dbus: own bus=session name=org.gnome.Shell.CalendarServer # dbus: own bus=session name=org.gnome.Shell.CalendarServer
dbus (send receive) bus=session path=/org/gnome/evolution/dataserver/{,**} dbus (send receive) bus=session path=/org/gnome/evolution/dataserver/{,**}

1
apparmor.d/groups/gnome/gnome-terminal-server
View File

@ -18,7 +18,6 @@ profile gnome-terminal-server @{exec_path} {
include <abstractions/dconf-write> include <abstractions/dconf-write>
include <abstractions/gnome-strict> include <abstractions/gnome-strict>
signal (receive) set=(cont, term) peer=@{systemd_user},
signal (send) set=(hup) peer=htop, signal (send) set=(hup) peer=htop,
signal (send) set=(term hup kill) peer=unconfined, signal (send) set=(term hup kill) peer=unconfined,

2
apparmor.d/groups/gnome/goa-daemon
View File

@ -25,8 +25,6 @@ profile goa-daemon @{exec_path} {
network inet6 dgram, network inet6 dgram,
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=systemd-user,
# dbus: own bus=session name=org.gnome.OnlineAccounts # dbus: own bus=session name=org.gnome.OnlineAccounts
dbus send bus=session path=/org/gnome/Identity dbus send bus=session path=/org/gnome/Identity

2
apparmor.d/groups/gnome/goa-identity-service
View File

@ -12,8 +12,6 @@ profile goa-identity-service @{exec_path} {
include <abstractions/authentication> include <abstractions/authentication>
include <abstractions/bus-session> include <abstractions/bus-session>
signal (receive) set=(cont, term) peer=systemd-user,
# dbus: own bus=session name=org.gnome.Identity # dbus: own bus=session name=org.gnome.Identity
dbus send bus=session path=/org/gnome/OnlineAccounts dbus send bus=session path=/org/gnome/OnlineAccounts

1
apparmor.d/groups/gnome/gsd-a11y-settings
View File

@ -13,7 +13,6 @@ profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) {
include <abstractions/bus/org.gnome.SessionManager> include <abstractions/bus/org.gnome.SessionManager>
include <abstractions/dconf-write> include <abstractions/dconf-write>
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gdm*,
# dbus: own bus=session name=org.gnome.SettingsDaemon.A11ySettings # dbus: own bus=session name=org.gnome.SettingsDaemon.A11ySettings

1
apparmor.d/groups/gnome/gsd-color
View File

@ -21,7 +21,6 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
include <abstractions/gnome-strict> include <abstractions/gnome-strict>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gdm*,
# dbus: own bus=session name=org.gnome.SettingsDaemon.Color # dbus: own bus=session name=org.gnome.SettingsDaemon.Color

1
apparmor.d/groups/gnome/gsd-datetime
View File

@ -13,7 +13,6 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) {
include <abstractions/bus/org.gnome.SessionManager> include <abstractions/bus/org.gnome.SessionManager>
include <abstractions/dconf-write> include <abstractions/dconf-write>
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gdm*,
# dbus: own bus=session name=org.gnome.SettingsDaemon.Datetime # dbus: own bus=session name=org.gnome.SettingsDaemon.Datetime

2
apparmor.d/groups/gnome/gsd-disk-utility-notify
View File

@ -13,8 +13,6 @@ profile gsd-disk-utility-notify @{exec_path} {
include <abstractions/bus-system> include <abstractions/bus-system>
include <abstractions/bus/org.freedesktop.UDisks2> include <abstractions/bus/org.freedesktop.UDisks2>
signal (receive) set=(cont, term) peer=systemd-user,
# dbus: own bus=session name=org.gnome.Disks.NotificationMonitor # dbus: own bus=session name=org.gnome.Disks.NotificationMonitor
dbus receive bus=session dbus receive bus=session

1
apparmor.d/groups/gnome/gsd-housekeeping
View File

@ -16,7 +16,6 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) {
include <abstractions/dconf-write> include <abstractions/dconf-write>
include <abstractions/thumbnails-cache-read> include <abstractions/thumbnails-cache-read>
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gdm*,
signal (receive) set=(term, hup) peer=gnome*, signal (receive) set=(term, hup) peer=gnome*,

1
apparmor.d/groups/gnome/gsd-keyboard
View File

@ -21,7 +21,6 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) {
include <abstractions/gnome-strict> include <abstractions/gnome-strict>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gdm*,
# dbus: own bus=session name=org.gnome.SettingsDaemon.Keyboard # dbus: own bus=session name=org.gnome.SettingsDaemon.Keyboard

1
apparmor.d/groups/gnome/gsd-media-keys
View File

@ -24,7 +24,6 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) {
include <abstractions/gnome-strict> include <abstractions/gnome-strict>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gdm*,
network netlink raw, network netlink raw,

1
apparmor.d/groups/gnome/gsd-power
View File

@ -31,7 +31,6 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gdm*,
# dbus: own bus=session name=org.gnome.SettingsDaemon.Power # dbus: own bus=session name=org.gnome.SettingsDaemon.Power

1
apparmor.d/groups/gnome/gsd-print-notifications
View File

@ -18,7 +18,6 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) {
network inet stream, network inet stream,
network inet6 stream, network inet6 stream,
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gdm*,
signal (send) set=(hup) peer=gsd-printer, signal (send) set=(hup) peer=gsd-printer,

1
apparmor.d/groups/gnome/gsd-printer
View File

@ -14,7 +14,6 @@ profile gsd-printer @{exec_path} flags=(attach_disconnected) {
include <abstractions/bus/org.gnome.SessionManager> include <abstractions/bus/org.gnome.SessionManager>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gdm*,
signal (receive) set=(hup) peer=gsd-print-notifications, signal (receive) set=(hup) peer=gsd-print-notifications,

1
apparmor.d/groups/gnome/gsd-rfkill
View File

@ -16,7 +16,6 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) {
include <abstractions/bus/org.freedesktop.NetworkManager> include <abstractions/bus/org.freedesktop.NetworkManager>
include <abstractions/bus/org.gnome.SessionManager> include <abstractions/bus/org.gnome.SessionManager>
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gdm*,
network netlink raw, network netlink raw,

1
apparmor.d/groups/gnome/gsd-screensaver-proxy
View File

@ -12,7 +12,6 @@ profile gsd-screensaver-proxy @{exec_path} flags=(attach_disconnected) {
include <abstractions/bus-session> include <abstractions/bus-session>
include <abstractions/bus/org.gnome.SessionManager> include <abstractions/bus/org.gnome.SessionManager>
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gdm*,
# dbus: own bus=session name=org.freedesktop.ScreenSaver # dbus: own bus=session name=org.freedesktop.ScreenSaver

1
apparmor.d/groups/gnome/gsd-sharing
View File

@ -15,7 +15,6 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) {
include <abstractions/bus/org.gnome.SessionManager> include <abstractions/bus/org.gnome.SessionManager>
include <abstractions/dconf-write> include <abstractions/dconf-write>
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gdm*,
# dbus: own bus=session name=org.gnome.SettingsDaemon.Sharing # dbus: own bus=session name=org.gnome.SettingsDaemon.Sharing

1
apparmor.d/groups/gnome/gsd-smartcard
View File

@ -15,7 +15,6 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) {
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/p11-kit> include <abstractions/p11-kit>
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gdm*,
# dbus: own bus=session name=org.gnome.SettingsDaemon.Smartcard # dbus: own bus=session name=org.gnome.SettingsDaemon.Smartcard

1
apparmor.d/groups/gnome/gsd-sound
View File

@ -15,7 +15,6 @@ profile gsd-sound @{exec_path} flags=(attach_disconnected) {
include <abstractions/bus/org.gtk.vfs.MountTracker> include <abstractions/bus/org.gtk.vfs.MountTracker>
include <abstractions/dconf-write> include <abstractions/dconf-write>
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gdm*,
# dbus: own bus=session name=org.gnome.SettingsDaemon.Sound # dbus: own bus=session name=org.gnome.SettingsDaemon.Sound

2
apparmor.d/groups/gnome/gsd-usb-protection
View File

@ -11,8 +11,6 @@ profile gsd-usb-protection @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/dconf-write> include <abstractions/dconf-write>
signal (receive) set=(cont, term) peer=systemd-user,
@{exec_path} mr, @{exec_path} mr,
/usr/share/glib-2.0/schemas/gschemas.compiled r, /usr/share/glib-2.0/schemas/gschemas.compiled r,

1
apparmor.d/groups/gnome/gsd-wacom
View File

@ -19,7 +19,6 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) {
include <abstractions/gnome-strict> include <abstractions/gnome-strict>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
signal (receive) set=(cont, term) peer=systemd-user,
signal (receive) set=(term, hup) peer=gdm*, signal (receive) set=(term, hup) peer=gdm*,
# dbus: own bus=session name=org.gnome.SettingsDaemon.Wacom # dbus: own bus=session name=org.gnome.SettingsDaemon.Wacom

2
apparmor.d/groups/gnome/gsd-xsettings
View File

@ -30,8 +30,6 @@ profile gsd-xsettings @{exec_path} {
network inet6 dgram, network inet6 dgram,
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=systemd-user,
# dbus: own bus=session name=org.gnome.SettingsDaemon.XSettings # dbus: own bus=session name=org.gnome.SettingsDaemon.XSettings
# dbus: own bus=session name=org.gtk.Settings # dbus: own bus=session name=org.gtk.Settings

2
apparmor.d/groups/gnome/mutter-x11-frames
View File

@ -17,8 +17,6 @@ profile mutter-x11-frames @{exec_path} {
include <abstractions/graphics> include <abstractions/graphics>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
signal (receive) set=(cont, term) peer=systemd-user,
@{exec_path} mr, @{exec_path} mr,
/usr/share/dconf/profile/gdm r, /usr/share/dconf/profile/gdm r,

1
apparmor.d/groups/gnome/tracker-extract
View File

@ -25,7 +25,6 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
network netlink raw, network netlink raw,
signal (receive) set=(cont term) peer=@{systemd_user},
signal (receive) set=(term) peer=gdm, signal (receive) set=(term) peer=gdm,
# dbus: own bus=session name=org.freedesktop.Tracker3.Miner.Extract # dbus: own bus=session name=org.freedesktop.Tracker3.Miner.Extract

1
apparmor.d/groups/gnome/tracker-miner
View File

@ -25,7 +25,6 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) {
network netlink raw, network netlink raw,
signal (receive) set=(cont term) peer=@{systemd_user},
signal (receive) set=(term, kill) peer=gdm, signal (receive) set=(term, kill) peer=gdm,
signal (receive) set=(hup) peer=gdm-session-worker, signal (receive) set=(hup) peer=gdm-session-worker,

2
apparmor.d/groups/gvfs/gvfs-afc-volume-monitor
View File

@ -12,8 +12,6 @@ profile gvfs-afc-volume-monitor @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/bus-session> include <abstractions/bus-session>
signal (receive) set=(cont, term) peer=systemd-user,
# dbus: own bus=session name=org.gtk.vfs.AfcVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor # dbus: own bus=session name=org.gtk.vfs.AfcVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor path=/org/gtk/Private/RemoteVolumeMonitor
dbus receive bus=session dbus receive bus=session

2
apparmor.d/groups/gvfs/gvfs-goa-volume-monitor
View File

@ -12,8 +12,6 @@ profile gvfs-goa-volume-monitor @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/bus-session> include <abstractions/bus-session>
signal (receive) set=(cont, term) peer=systemd-user,
dbus bind bus=session name=org.gtk.vfs.GoaVolumeMonitor, dbus bind bus=session name=org.gtk.vfs.GoaVolumeMonitor,
dbus (send, receive) bus=session path=/org/gtk/Private/RemoteVolumeMonitor dbus (send, receive) bus=session path=/org/gtk/Private/RemoteVolumeMonitor
interface=org.gtk.Private.RemoteVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor

2
apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor
View File

@ -16,8 +16,6 @@ profile gvfs-gphoto2-volume-monitor @{exec_path} {
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=systemd-user,
dbus bind bus=session name=org.gtk.vfs.GPhoto2VolumeMonitor, dbus bind bus=session name=org.gtk.vfs.GPhoto2VolumeMonitor,
dbus (send, receive) bus=session path=/org/gtk/Private/RemoteVolumeMonitor dbus (send, receive) bus=session path=/org/gtk/Private/RemoteVolumeMonitor
interface=org.gtk.Private.RemoteVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor

2
apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor
View File

@ -15,8 +15,6 @@ profile gvfs-mtp-volume-monitor @{exec_path} {
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=systemd-user,
dbus bind bus=session name=org.gtk.vfs.MTPVolumeMonitor, dbus bind bus=session name=org.gtk.vfs.MTPVolumeMonitor,
dbus (send, receive) bus=session path=/org/gtk/Private/RemoteVolumeMonitor dbus (send, receive) bus=session path=/org/gtk/Private/RemoteVolumeMonitor
interface=org.gtk.Private.RemoteVolumeMonitor interface=org.gtk.Private.RemoteVolumeMonitor

1
apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor
View File

@ -26,7 +26,6 @@ profile gvfs-udisks2-volume-monitor @{exec_path} flags=(attach_disconnected) {
network inet6 stream, network inet6 stream,
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=systemd-user,
signal (send) set=(term, kill) peer=mount, signal (send) set=(term, kill) peer=mount,
ptrace (read), ptrace (read),

2
apparmor.d/groups/gvfs/gvfsd
View File

@ -12,8 +12,6 @@ profile gvfsd @{exec_path} {
include <abstractions/base> include <abstractions/base>
include <abstractions/bus-session> include <abstractions/bus-session>
signal (receive) set=(cont, term) peer=systemd-user,
dbus bind bus=session name=org.gtk.vfs.Daemon, dbus bind bus=session name=org.gtk.vfs.Daemon,
dbus send bus=session path=/org/gtk/vfs/mounttracker dbus send bus=session path=/org/gtk/vfs/mounttracker

4
apparmor.d/groups/gvfs/gvfsd-fuse
View File

@ -15,8 +15,6 @@ profile gvfsd-fuse @{exec_path} {
mount fstype={fuse,fuse.*} -> @{run}/user/@{uid}/gvfs/, mount fstype={fuse,fuse.*} -> @{run}/user/@{uid}/gvfs/,
signal (receive) set=(cont, term) peer=systemd-user,
unix (send,receive) type=stream addr=none peer=(label=gvfsd-fuse//fusermount), unix (send,receive) type=stream addr=none peer=(label=gvfsd-fuse//fusermount),
dbus send bus=session path=/org/gtk/vfs/mounttracker dbus send bus=session path=/org/gtk/vfs/mounttracker
@ -47,8 +45,6 @@ profile gvfsd-fuse @{exec_path} {
mount fstype={fuse,fuse.*} -> @{run}/user/@{uid}/gvfs/, mount fstype={fuse,fuse.*} -> @{run}/user/@{uid}/gvfs/,
umount @{run}/user/@{uid}/**/, umount @{run}/user/@{uid}/**/,
signal (receive) set=(cont, term) peer=systemd-user,
unix (send,receive) type=stream addr=none peer=(label=gvfsd-fuse), unix (send,receive) type=stream addr=none peer=(label=gvfsd-fuse),
@{bin}/fusermount{,3} mr, @{bin}/fusermount{,3} mr,

2
apparmor.d/groups/kde/DiscoverNotifier
View File

@ -17,8 +17,6 @@ profile DiscoverNotifier @{exec_path} {
network inet6 dgram, network inet6 dgram,
network netlink dgram, network netlink dgram,
signal (receive) set=(cont, term) peer=@{systemd_user},
@{exec_path} mr, @{exec_path} mr,
/etc/flatpak/remotes.d/ r, /etc/flatpak/remotes.d/ r,

2
apparmor.d/groups/kde/baloo
View File

@ -19,8 +19,6 @@ profile baloo @{exec_path} {
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=@{systemd_user},
@{exec_path} mr, @{exec_path} mr,
@{lib}/{,kf6/}baloo_file_extractor rix, @{lib}/{,kf6/}baloo_file_extractor rix,

2
apparmor.d/groups/kde/gmenudbusmenuproxy
View File

@ -15,8 +15,6 @@ profile gmenudbusmenuproxy @{exec_path} {
ptrace (read) peer=kded, ptrace (read) peer=kded,
signal (receive) set=(cont, term) peer=@{systemd_user},
@{exec_path} mr, @{exec_path} mr,
/etc/machine-id r, /etc/machine-id r,

2
apparmor.d/groups/kde/kaccess
View File

@ -13,8 +13,6 @@ profile kaccess @{exec_path} {
include <abstractions/kde-strict> include <abstractions/kde-strict>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
signal (receive) set=(cont, term) peer=@{systemd_user},
@{exec_path} mr, @{exec_path} mr,
@{bin}/gsettings rPx, @{bin}/gsettings rPx,

2
apparmor.d/groups/kde/kactivitymanagerd
View File

@ -15,8 +15,6 @@ profile kactivitymanagerd @{exec_path} {
include <abstractions/recent-documents-write> include <abstractions/recent-documents-write>
include <abstractions/user-read> include <abstractions/user-read>
signal (receive) set=(cont, term) peer=@{systemd_user},
@{exec_path} mr, @{exec_path} mr,
/etc/xdg/menus/{,*/} r, /etc/xdg/menus/{,*/} r,

2
apparmor.d/groups/kde/kde-powerdevil
View File

@ -18,8 +18,6 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted)
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=@{systemd_user},
@{exec_path} mrix, @{exec_path} mrix,
@{sh_path} rix, @{sh_path} rix,

1
apparmor.d/groups/kde/kded
View File

@ -32,7 +32,6 @@ profile kded @{exec_path} {
ptrace (read), ptrace (read),
signal (receive) set=(cont, term) peer=@{systemd_user},
signal (send) set=hup peer=xsettingsd, signal (send) set=hup peer=xsettingsd,
dbus receive bus=system path=/org/freedesktop/NetworkManager/SecretAgent dbus receive bus=system path=/org/freedesktop/NetworkManager/SecretAgent

1
apparmor.d/groups/kde/kscreenlocker-greet
View File

@ -25,7 +25,6 @@ profile kscreenlocker-greet @{exec_path} {
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=@{systemd_user},
signal (receive) set=(term) peer=kwin_wayland, signal (receive) set=(term) peer=kwin_wayland,
signal (receive) set=(usr1, term) peer=ksmserver, signal (receive) set=(usr1, term) peer=ksmserver,
signal (send) peer=kcheckpass, signal (send) peer=kcheckpass,

1
apparmor.d/groups/kde/ksmserver
View File

@ -15,7 +15,6 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) {
include <abstractions/kde-strict> include <abstractions/kde-strict>
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
signal (receive) set=(cont, term) peer=@{systemd_user},
signal (send) set=(usr1,term) peer=kscreenlocker-greet, signal (send) set=(usr1,term) peer=kscreenlocker-greet,
unix (send, receive) type=stream peer=(label="kscreenlocker-greet",addr=none), unix (send, receive) type=stream peer=(label="kscreenlocker-greet",addr=none),

1
apparmor.d/groups/kde/kwin_wayland
View File

@ -19,7 +19,6 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
ptrace (read), ptrace (read),
signal (receive) set=(cont, term) peer=@{systemd_user},
signal (receive) set=term peer=sddm, signal (receive) set=term peer=sddm,
signal (receive) set=(kill, term) peer=kwin_wayland_wrapper, signal (receive) set=(kill, term) peer=kwin_wayland_wrapper,
signal (send) set=(kill, term) peer=xwayland, signal (send) set=(kill, term) peer=xwayland,

1
apparmor.d/groups/kde/kwin_wayland_wrapper
View File

@ -12,7 +12,6 @@ profile kwin_wayland_wrapper @{exec_path} {
include <abstractions/wayland> include <abstractions/wayland>
include <abstractions/X-strict> include <abstractions/X-strict>
signal (receive) set=(cont, term) peer=@{systemd_user},
signal (send) set=(term, kill) peer=kwin_wayland, signal (send) set=(term, kill) peer=kwin_wayland,
@{exec_path} mr, @{exec_path} mr,

1
apparmor.d/groups/kde/plasmashell
View File

@ -42,7 +42,6 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
ptrace (read) peer=libreoffice*, ptrace (read) peer=libreoffice*,
ptrace (read) peer=pinentry-qt, ptrace (read) peer=pinentry-qt,
signal (receive) set=(cont, term) peer=@{systemd_user},
signal (send), signal (send),
@{exec_path} mr, @{exec_path} mr,

2
apparmor.d/groups/kde/xembedsniproxy
View File

@ -13,8 +13,6 @@ profile xembedsniproxy @{exec_path} {
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/qt5> include <abstractions/qt5>
signal (receive) set=(cont, term) peer=@{systemd_user},
@{exec_path} mr, @{exec_path} mr,
/usr/share/hwdata/*.ids r, /usr/share/hwdata/*.ids r,

2
apparmor.d/groups/ssh/gcr-ssh-agent
View File

@ -10,8 +10,6 @@ include <tunables/global>
profile gcr-ssh-agent @{exec_path} { profile gcr-ssh-agent @{exec_path} {
include <abstractions/base> include <abstractions/base>
signal (receive) set=(cont, term) peer=@{systemd_user},
@{exec_path} mr, @{exec_path} mr,
@{bin}/ssh-agent rPx, @{bin}/ssh-agent rPx,

1
apparmor.d/groups/ssh/ssh-agent
View File

@ -13,7 +13,6 @@ profile ssh-agent @{exec_path} {
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/openssl> include <abstractions/openssl>
signal (receive) set=(cont term) peer=@{systemd_user},
signal (receive) set=term peer=cockpit-bridge, signal (receive) set=term peer=cockpit-bridge,
signal (receive) set=term peer=gnome-keyring-daemon, signal (receive) set=term peer=gnome-keyring-daemon,

2
apparmor.d/groups/ubuntu/ubuntu-report
View File

@ -17,8 +17,6 @@ profile ubuntu-report @{exec_path} {
network inet dgram, network inet dgram,
network inet6 dgram, network inet6 dgram,
signal (receive) set=(cont term) peer=@{systemd_user},
@{exec_path} mr, @{exec_path} mr,
@{bin}/dpkg rPx -> child-dpkg, @{bin}/dpkg rPx -> child-dpkg,

2
apparmor.d/profiles-a-f/aa-notify
View File

@ -19,8 +19,6 @@ profile aa-notify @{exec_path} {
ptrace (read), ptrace (read),
signal (receive) set=(cont, term) peer=@{systemd_user},
@{exec_path} mr, @{exec_path} mr,
@{bin}/ r, @{bin}/ r,

2
apparmor.d/profiles-a-f/blueman
View File

@ -29,8 +29,6 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
ptrace (read) peer=gjs-console, ptrace (read) peer=gjs-console,
signal (receive) set=(cont, term) peer=@{systemd_user},
@{exec_path} mrix, @{exec_path} mrix,
@{sh_path} rix, @{sh_path} rix,

2
apparmor.d/profiles-s-z/spice-vdagent
View File

@ -24,8 +24,6 @@ profile spice-vdagent @{exec_path} flags=(attach_disconnected) {
include <abstractions/nameservice-strict> include <abstractions/nameservice-strict>
include <abstractions/X-strict> include <abstractions/X-strict>
signal (receive) set=(cont, term) peer=systemd-user,
dbus send bus=session path=/org/freedesktop/portal/desktop dbus send bus=session path=/org/freedesktop/portal/desktop
interface=org.freedesktop.portal.Realtime interface=org.freedesktop.portal.Realtime
member=MakeThreadRealtimeWithPID member=MakeThreadRealtimeWithPID

2
apparmor.d/profiles-s-z/wireplumber
View File

@ -23,8 +23,6 @@ profile wireplumber @{exec_path} {
network bluetooth stream, network bluetooth stream,
network netlink raw, network netlink raw,
signal (receive) set=(cont, term) peer=systemd-user,
dbus bind bus=session name=org.freedesktop.ReserveDevice1.Audio0, dbus bind bus=session name=org.freedesktop.ReserveDevice1.Audio0,
dbus receive bus=session dbus receive bus=session