diff --git a/apparmor.d/abstractions/evince b/apparmor.d/abstractions/evince index 3b16067b..efcfb03f 100644 --- a/apparmor.d/abstractions/evince +++ b/apparmor.d/abstractions/evince @@ -95,8 +95,8 @@ # from directly. include - audit deny @{HOME}/.gnupg/** mrwkl, - audit deny @{HOME}/.ssh/** mrwkl, + audit deny @{HOME}/@{XDG_GPG_DIR}/** mrwkl, + audit deny @{HOME}/@{XDG_SSH_DIR}/** mrwkl, audit deny @{HOME}/.gnome2_private/** mrwkl, audit deny @{HOME}/.gnome2/keyrings/** mrwkl, audit deny @{HOME}/.kde/share/apps/kwallet/** mrwkl, diff --git a/apparmor.d/abstractions/user-download-strict b/apparmor.d/abstractions/user-download-strict index 63e1d629..c75dd21a 100644 --- a/apparmor.d/abstractions/user-download-strict +++ b/apparmor.d/abstractions/user-download-strict @@ -4,14 +4,14 @@ abi , - owner @{HOME}/[dD]ownload{,s}/ r, - owner @{HOME}/[dD]ownload{,s}/** rwl, + owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ r, + owner @{HOME}/@{XDG_DOWNLOAD_DIR}/** rwl, - owner /media/*/[dD]ownload/ r, - owner /media/*/[dD]ownload/** rwl, + owner /media/*/@{XDG_DOWNLOAD_DIR}/ r, + owner /media/*/@{XDG_DOWNLOAD_DIR}/** rwl, - owner @{HOME}/[dD]esktop/ r, - owner @{HOME}/[dD]esktop/** rwl, + owner @{HOME}/@{XDG_DESKTOP_DIR}/ r, + owner @{HOME}/@{XDG_DESKTOP_DIR}/** rwl, # For SSHFS mounts (without owner as files in such mounts can be owned by different users) @{HOME}/mount-sshfs/ r, diff --git a/apparmor.d/groups/apps/android-studio b/apparmor.d/groups/apps/android-studio index f81a859d..a1f7e8d4 100644 --- a/apparmor.d/groups/apps/android-studio +++ b/apparmor.d/groups/apps/android-studio @@ -182,7 +182,7 @@ profile android-studio @{exec_path} { owner @{HOME}/.emulator_console_auth_token rw, - deny owner @{HOME}/Desktop/* rw, + deny owner @{HOME}/@{XDG_DESKTOP_DIR}/* rw, @{PROC}/ r, owner @{PROC}/@{pid}/mountinfo r, @@ -232,8 +232,8 @@ profile android-studio @{exec_path} { /{usr/,}bin/gpg mr, - owner @{HOME}/.gnupg/ rw, - owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, + owner @{HOME}/@{XDG_GPG_DIR}/ rw, + owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, } diff --git a/apparmor.d/groups/apps/atom b/apparmor.d/groups/apps/atom index eaf3c51b..52e870eb 100644 --- a/apparmor.d/groups/apps/atom +++ b/apparmor.d/groups/apps/atom @@ -169,8 +169,8 @@ profile atom @{exec_path} { /{usr/,}bin/gpg mr, - owner @{HOME}/.gnupg/ rw, - owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, + owner @{HOME}/@{XDG_GPG_DIR}/ rw, + owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, # file_inherit owner @{HOME}/.xsession-errors w, diff --git a/apparmor.d/groups/apps/calibre b/apparmor.d/groups/apps/calibre index 42af6751..94f49030 100644 --- a/apparmor.d/groups/apps/calibre +++ b/apparmor.d/groups/apps/calibre @@ -82,9 +82,12 @@ profile calibre @{exec_path} { /usr/share/calibre/{,**} r, - owner /media/*/Calibre_Library/ r, - owner /media/*/Calibre_Library*/ rw, - owner /media/*/Calibre_Library*/** rwkl -> /media/*/Calibre_Library*/**, + owner @{HOME}/@{XDG_BOOKS_DIR} rw, + owner @{HOME}/@{XDG_BOOKS_DIR}/** rwkl, + + owner /media/*/@{XDG_BOOKS_DIR}/ r, + owner /media/*/@{XDG_BOOKS_DIR}*/ rw, + owner /media/*/@{XDG_BOOKS_DIR}*/** rwkl -> /media/*/@{XDG_BOOKS_DIR}*/**, owner @{user_config_dirs}/calibre/ rw, owner @{user_config_dirs}/calibre/** rwk, diff --git a/apparmor.d/groups/apps/thunderbird b/apparmor.d/groups/apps/thunderbird index 43b3b8f4..3b2e3abc 100644 --- a/apparmor.d/groups/apps/thunderbird +++ b/apparmor.d/groups/apps/thunderbird @@ -204,8 +204,8 @@ profile thunderbird @{exec_path} { /{usr/,}bin/gpgsm mr, /{usr/,}bin/gpg-agent rix, - owner @{HOME}/.gnupg/ rw, - owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, + owner @{HOME}/@{XDG_GPG_DIR}/ rw, + owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, owner /tmp/nscopy.tmp w, diff --git a/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin b/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin index 797f81d9..fbdcf2fb 100644 --- a/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin +++ b/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin @@ -221,8 +221,8 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp /usr/bin/gpg rm, /usr/bin/gpgsm rm, - owner @{HOME}/.gnupg/* r, - owner @{HOME}/.gnupg/random_seed rk, + owner @{HOME}/@{XDG_GPG_DIR}/* r, + owner @{HOME}/@{XDG_GPG_DIR}/random_seed rk, } # probably should become a subprofile like gpg above, but then it doesn't diff --git a/apparmor.d/groups/gpg/dirmngr b/apparmor.d/groups/gpg/dirmngr index 8f80afc7..f50f4656 100644 --- a/apparmor.d/groups/gpg/dirmngr +++ b/apparmor.d/groups/gpg/dirmngr @@ -19,11 +19,11 @@ profile dirmngr @{exec_path} { @{exec_path} mr, - owner @{HOME}/.gnupg/ rw, - owner @{HOME}/.gnupg/dirmngr.conf r, - owner @{HOME}/.gnupg/dirmngr_ldapservers.conf r, - owner @{HOME}/.gnupg/crls.d/ rw, - owner @{HOME}/.gnupg/crls.d/DIR.txt rw, + owner @{HOME}/@{XDG_GPG_DIR}/ rw, + owner @{HOME}/@{XDG_GPG_DIR}/dirmngr.conf r, + owner @{HOME}/@{XDG_GPG_DIR}/dirmngr_ldapservers.conf r, + owner @{HOME}/@{XDG_GPG_DIR}/crls.d/ rw, + owner @{HOME}/@{XDG_GPG_DIR}/crls.d/DIR.txt rw, /usr/share/gnupg/sks-keyservers.netCA.pem r, diff --git a/apparmor.d/groups/gpg/gpg b/apparmor.d/groups/gpg/gpg index fec9929c..7e33ca20 100644 --- a/apparmor.d/groups/gpg/gpg +++ b/apparmor.d/groups/gpg/gpg @@ -24,8 +24,8 @@ profile gpg @{exec_path} { # GPG config files owner @{HOME}/ r, - owner @{HOME}/.gnupg/ rw, - owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, + owner @{HOME}/@{XDG_GPG_DIR}/ rw, + owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, owner /var/lib/*/gnupg/ rw, owner /var/lib/*/gnupg/** rwkl -> /var/lib/*/gnupg/**, diff --git a/apparmor.d/groups/gpg/gpg-agent b/apparmor.d/groups/gpg/gpg-agent index 80f06aae..04bf1429 100644 --- a/apparmor.d/groups/gpg/gpg-agent +++ b/apparmor.d/groups/gpg/gpg-agent @@ -19,10 +19,10 @@ profile gpg-agent @{exec_path} { /usr/share/gnupg/* r, - owner @{HOME}/.gnupg/ rw, - owner @{HOME}/.gnupg/gpg-agent.conf r, - owner @{HOME}/.gnupg/private-keys-v1.d/ rw, - owner @{HOME}/.gnupg/private-keys-v1.d/[0-9A-F]*.key rw, + owner @{HOME}/@{XDG_GPG_DIR}/ rw, + owner @{HOME}/@{XDG_GPG_DIR}/gpg-agent.conf r, + owner @{HOME}/@{XDG_GPG_DIR}/private-keys-v1.d/ rw, + owner @{HOME}/@{XDG_GPG_DIR}/private-keys-v1.d/[0-9A-F]*.key rw, owner /var/lib/*/.gnupg/ rw, owner /var/lib/*/.gnupg/private-keys-v1.d/ rw, diff --git a/apparmor.d/groups/gpg/gpgconf b/apparmor.d/groups/gpg/gpgconf index 90110e29..fca74cea 100644 --- a/apparmor.d/groups/gpg/gpgconf +++ b/apparmor.d/groups/gpg/gpgconf @@ -23,7 +23,7 @@ profile gpgconf @{exec_path} { /{usr/,}bin/pinentry-* rPx, - owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, + owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, owner @{PROC}/@{pid}/task/@{tid}/stat rw, owner @{PROC}/@{pid}/task/@{tid}/comm rw, diff --git a/apparmor.d/groups/gpg/gpgsm b/apparmor.d/groups/gpg/gpgsm index b32a0dcc..94b8361d 100644 --- a/apparmor.d/groups/gpg/gpgsm +++ b/apparmor.d/groups/gpg/gpgsm @@ -15,7 +15,7 @@ profile gpgsm @{exec_path} { deny /usr/bin/.gnupg/ w, - owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, + owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, owner /var/lib/*/.gnupg/** rwkl -> /var/lib/*/.gnupg/**, diff --git a/apparmor.d/groups/gpg/scdaemon b/apparmor.d/groups/gpg/scdaemon index 1634dc79..dff35cb2 100644 --- a/apparmor.d/groups/gpg/scdaemon +++ b/apparmor.d/groups/gpg/scdaemon @@ -15,7 +15,7 @@ profile scdaemon @{exec_path} { @{exec_path} mr, - owner @{HOME}/.gnupg/scdaemon.conf r, + owner @{HOME}/@{XDG_GPG_DIR}/scdaemon.conf r, owner @{run}/user/[0-9]*/gnupg/S.scdaemon rw, diff --git a/apparmor.d/groups/ssh/ssh b/apparmor.d/groups/ssh/ssh index be281fcb..e98fb958 100644 --- a/apparmor.d/groups/ssh/ssh +++ b/apparmor.d/groups/ssh/ssh @@ -20,11 +20,11 @@ profile ssh @{exec_path} { owner @{PROC}/@{pid}/fd/ r, - owner @{HOME}/.ssh/ r, - owner @{HOME}/.ssh/config r, - owner @{HOME}/.ssh/known_hosts r, - owner @{HOME}/.ssh/*_rsa{,.pub} r, - owner @{HOME}/.ssh/*_ed25519{,.pub} r, + owner @{HOME}/@{XDG_SSH_DIR}/ r, + owner @{HOME}/@{XDG_SSH_DIR}/config r, + owner @{HOME}/@{XDG_SSH_DIR}/known_hosts r, + owner @{HOME}/@{XDG_SSH_DIR}/*_rsa{,.pub} r, + owner @{HOME}/@{XDG_SSH_DIR}/*_ed25519{,.pub} r, /etc/ssh/ssh_config r, /etc/ssh/ssh_config.d/ r, diff --git a/apparmor.d/profiles-a-l/changestool b/apparmor.d/profiles-a-l/changestool index 3ace40f4..60f03af5 100644 --- a/apparmor.d/profiles-a-l/changestool +++ b/apparmor.d/profiles-a-l/changestool @@ -31,8 +31,8 @@ profile changestool @{exec_path} { /{usr/,}bin/gpgconf mr, /{usr/,}bin/gpgsm mr, - owner @{HOME}/.gnupg/ r, - owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, + owner @{HOME}/@{XDG_GPG_DIR}/ r, + owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, } diff --git a/apparmor.d/profiles-a-l/claws-mail b/apparmor.d/profiles-a-l/claws-mail index e7625e2b..f538a858 100644 --- a/apparmor.d/profiles-a-l/claws-mail +++ b/apparmor.d/profiles-a-l/claws-mail @@ -77,8 +77,8 @@ profile claws-mail @{exec_path} flags=(complain) { /{usr/,}bin/gpgsm mr, /{usr/,}bin/gpgconf mr, - owner @{HOME}/.gnupg/ rw, - owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, + owner @{HOME}/@{XDG_GPG_DIR}/ rw, + owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, } diff --git a/apparmor.d/profiles-a-l/debsign b/apparmor.d/profiles-a-l/debsign index a240fbbb..cc0728cf 100644 --- a/apparmor.d/profiles-a-l/debsign +++ b/apparmor.d/profiles-a-l/debsign @@ -52,8 +52,8 @@ profile debsign @{exec_path} { /{usr/,}bin/gpg mr, - owner @{HOME}/.gnupg/ r, - owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, + owner @{HOME}/@{XDG_GPG_DIR}/ r, + owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, owner /tmp/debsign.*/*.{dsc,changes,buildinfo} r, owner /tmp/debsign.*/*.{dsc,changes,buildinfo}.asc rw, diff --git a/apparmor.d/profiles-a-l/dino-im b/apparmor.d/profiles-a-l/dino-im index aa6c3a7d..a349f9f9 100644 --- a/apparmor.d/profiles-a-l/dino-im +++ b/apparmor.d/profiles-a-l/dino-im @@ -48,8 +48,8 @@ profile dino-im @{exec_path} { /{usr/,}bin/gpgconf mr, /{usr/,}bin/gpgsm mr, - owner @{HOME}/.gnupg/ rw, - owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, + owner @{HOME}/@{XDG_GPG_DIR}/ rw, + owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, } diff --git a/apparmor.d/profiles-a-l/execute-dput b/apparmor.d/profiles-a-l/execute-dput index 9eb789f9..9bce0357 100644 --- a/apparmor.d/profiles-a-l/execute-dput +++ b/apparmor.d/profiles-a-l/execute-dput @@ -47,8 +47,8 @@ profile execute-dput @{exec_path} flags=(complain) { /{usr/,}bin/gpg mr, /{usr/,}bin/gpgsm mr, - owner @{HOME}/.gnupg/ rw, - owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, + owner @{HOME}/@{XDG_GPG_DIR}/ rw, + owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, } diff --git a/apparmor.d/profiles-a-l/fritzing b/apparmor.d/profiles-a-l/fritzing index ef3eb4a4..e7645142 100644 --- a/apparmor.d/profiles-a-l/fritzing +++ b/apparmor.d/profiles-a-l/fritzing @@ -31,8 +31,8 @@ profile fritzing @{exec_path} { owner @{user_config_dirs}/Fritzing/ rw, owner @{user_config_dirs}/Fritzing/** rwkl -> @{user_config_dirs}/Fritzing/**, - owner @{HOME}/Documents/Fritzing/ rw, - owner @{HOME}/Documents/Fritzing/** rw, + owner @{HOME}/@{XDG_DOCUMENTS_DIR}/Fritzing/ rw, + owner @{HOME}/@{XDG_DOCUMENTS_DIR}/Fritzing/** rw, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration owner @{user_config_dirs}/qt5ct/{,**} r, diff --git a/apparmor.d/profiles-a-l/gajim b/apparmor.d/profiles-a-l/gajim index ddb3b758..bc89d1f9 100644 --- a/apparmor.d/profiles-a-l/gajim +++ b/apparmor.d/profiles-a-l/gajim @@ -98,8 +98,8 @@ profile gajim @{exec_path} { /{usr/,}bin/gpg mr, - owner @{HOME}/.gnupg/ rw, - owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, + owner @{HOME}/@{XDG_GPG_DIR}/ rw, + owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, } diff --git a/apparmor.d/profiles-a-l/git b/apparmor.d/profiles-a-l/git index fae56d56..81c28d78 100644 --- a/apparmor.d/profiles-a-l/git +++ b/apparmor.d/profiles-a-l/git @@ -99,8 +99,8 @@ profile git @{exec_path} { /{usr/,}bin/gpg mr, - owner @{HOME}/.gnupg/ rw, - owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, + owner @{HOME}/@{XDG_GPG_DIR}/ rw, + owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, owner /tmp/.git_vtag_tmp* r, @@ -121,8 +121,8 @@ profile git @{exec_path} { /etc/ssh/ssh_config.d/{,*} r, /etc/ssh/ssh_config r, - owner @{HOME}/.ssh/* r, - owner @{HOME}/.ssh/known_hosts rw, + owner @{HOME}/@{XDG_SSH_DIR}/* r, + owner @{HOME}/@{XDG_SSH_DIR}/known_hosts rw, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/profiles-a-l/gnome-keyring-daemon b/apparmor.d/profiles-a-l/gnome-keyring-daemon index c55b7dac..dcb3c745 100644 --- a/apparmor.d/profiles-a-l/gnome-keyring-daemon +++ b/apparmor.d/profiles-a-l/gnome-keyring-daemon @@ -22,8 +22,8 @@ profile gnome-keyring-daemon @{exec_path} { owner @{user_share_dirs}/keyrings/* rwl, # Seahorse and SSH keys - owner @{HOME}/.ssh/ r, - owner @{HOME}/.ssh/** r, + owner @{HOME}/@{XDG_SSH_DIR}/ r, + owner @{HOME}/@{XDG_SSH_DIR}/** r, owner @{run}/user/[0-9]*/keyring/ rw, owner @{run}/user/[0-9]*/keyring/* rw, diff --git a/apparmor.d/profiles-a-l/gpa b/apparmor.d/profiles-a-l/gpa index 40c53a4d..81550ddd 100644 --- a/apparmor.d/profiles-a-l/gpa +++ b/apparmor.d/profiles-a-l/gpa @@ -26,8 +26,8 @@ profile gpa @{exec_path} { /usr/share/gpa/{,*} r, - owner @{HOME}/.gnupg/gpa.conf rw, - owner @{HOME}/.gnupg/S.uiserver rw, + owner @{HOME}/@{XDG_GPG_DIR}/gpa.conf rw, + owner @{HOME}/@{XDG_GPG_DIR}/S.uiserver rw, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mountinfo r, diff --git a/apparmor.d/profiles-a-l/jdownloader-install b/apparmor.d/profiles-a-l/jdownloader-install index 95bbbcaa..bb0ab9e8 100644 --- a/apparmor.d/profiles-a-l/jdownloader-install +++ b/apparmor.d/profiles-a-l/jdownloader-install @@ -7,8 +7,8 @@ abi , include @{JD_INSTALLDIR} = /home/*/jd2 -@{JD_SH_PATH} = /home/*/[dD]ownload{,s} -@{JD_SH_PATH} += /home/*/[dD]esktop +@{JD_SH_PATH} = /home/*/@{XDG_DOWNLOAD_DIR}{,s} +@{JD_SH_PATH} += /home/*/@{XDG_DESKTOP_DIR} @{exec_path} = @{JD_SH_PATH}/JD2Setup_{x86,x64}.sh profile jdownloader-install @{exec_path} { diff --git a/apparmor.d/profiles-a-l/keepassxc b/apparmor.d/profiles-a-l/keepassxc index f7d585e3..c39135dc 100644 --- a/apparmor.d/profiles-a-l/keepassxc +++ b/apparmor.d/profiles-a-l/keepassxc @@ -55,10 +55,10 @@ profile keepassxc @{exec_path} { owner @{KP_DB}/*.csv rw, # For SSH keys - owner @{HOME}/.ssh/ r, - owner @{HOME}/.ssh/*_rsa r, - owner @{HOME}/.ssh/*_ed25519 r, - owner @{HOME}/.ssh/*.pub r, + owner @{HOME}/@{XDG_SSH_DIR}/ r, + owner @{HOME}/@{XDG_SSH_DIR}/*_rsa r, + owner @{HOME}/@{XDG_SSH_DIR}/*_ed25519 r, + owner @{HOME}/@{XDG_SSH_DIR}/*.pub r, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration owner @{user_config_dirs}/qt5ct/{,**} r, diff --git a/apparmor.d/profiles-a-l/kwalletd5 b/apparmor.d/profiles-a-l/kwalletd5 index c377a879..b76bf6b7 100644 --- a/apparmor.d/profiles-a-l/kwalletd5 +++ b/apparmor.d/profiles-a-l/kwalletd5 @@ -69,8 +69,8 @@ profile kwalletd5 @{exec_path} { /{usr/,}bin/gpg mr, /{usr/,}bin/gpgsm mr, - owner @{HOME}/.gnupg/ rw, - owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, + owner @{HOME}/@{XDG_GPG_DIR}/ rw, + owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, } diff --git a/apparmor.d/profiles-m-z/minitube b/apparmor.d/profiles-m-z/minitube index 2d01ffc4..0523825b 100644 --- a/apparmor.d/profiles-m-z/minitube +++ b/apparmor.d/profiles-m-z/minitube @@ -42,7 +42,7 @@ profile minitube @{exec_path} { owner "@{user_share_dirs}/Flavio Tordini/Minitube/*" rwk, # Snapshot - owner @{HOME}/Pictures/*.png rw, + owner @{HOME}/@{XDG_PICTURES_DIR}/*.png rw, owner @{HOME}/vlcsnap-.png rw, /usr/share/minitube/{,**} r, diff --git a/apparmor.d/profiles-m-z/ntfscp b/apparmor.d/profiles-m-z/ntfscp index c98f8f85..b22b21c5 100644 --- a/apparmor.d/profiles-m-z/ntfscp +++ b/apparmor.d/profiles-m-z/ntfscp @@ -17,10 +17,10 @@ profile ntfscp @{exec_path} { # For writing files owned by users other than root, since ntfscp has to be started as root. capability dac_read_search, - @{HOME}/[dD]ownload{,s}/ r, - @{HOME}/[dD]ownload{,s}/** rwl -> @{HOME}/[dD]ownload{,s}/**, - @{HOME}/[dD]esktop/ r, - @{HOME}/[dD]esktop/** rwl -> @{HOME}/[dD]esktop/**, + @{HOME}/@{XDG_DOWNLOAD_DIR}/ r, + @{HOME}/@{XDG_DOWNLOAD_DIR}/** rwl -> @{HOME}/@{XDG_DOWNLOAD_DIR}/**, + @{HOME}/@{XDG_DESKTOP_DIR}/ r, + @{HOME}/@{XDG_DESKTOP_DIR}/** rwl -> @{HOME}/@{XDG_DESKTOP_DIR}/**, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-m-z/psi-plus b/apparmor.d/profiles-m-z/psi-plus index 09c1159d..be01d350 100644 --- a/apparmor.d/profiles-m-z/psi-plus +++ b/apparmor.d/profiles-m-z/psi-plus @@ -126,8 +126,8 @@ profile psi-plus @{exec_path} { /{usr/,}bin/gpg mr, - owner @{HOME}/.gnupg/ rw, - owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, + owner @{HOME}/@{XDG_GPG_DIR}/ rw, + owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, # file_inherit /dev/dri/card[0-9]* rw, diff --git a/apparmor.d/profiles-m-z/reportbug b/apparmor.d/profiles-m-z/reportbug index f83bb95d..b7eb99cd 100644 --- a/apparmor.d/profiles-m-z/reportbug +++ b/apparmor.d/profiles-m-z/reportbug @@ -111,8 +111,8 @@ profile reportbug @{exec_path} { /{usr/,}bin/gpg mr, - owner @{HOME}/.gnupg/ rw, - owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, + owner @{HOME}/@{XDG_GPG_DIR}/ rw, + owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, owner /tmp/reportbug-*-{signed,unsigned}-[0-9]*-[0-9]*-* rw, diff --git a/apparmor.d/profiles-m-z/reprepro b/apparmor.d/profiles-m-z/reprepro index 1828edd1..9d5ec0bf 100644 --- a/apparmor.d/profiles-m-z/reprepro +++ b/apparmor.d/profiles-m-z/reprepro @@ -62,8 +62,8 @@ profile reprepro @{exec_path} { /{usr/,}bin/gpg mr, /{usr/,}bin/gpgsm mr, - owner @{HOME}/.gnupg/ rw, - owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, + owner @{HOME}/@{XDG_GPG_DIR}/ rw, + owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, } diff --git a/apparmor.d/profiles-m-z/sddm-xsession b/apparmor.d/profiles-m-z/sddm-xsession index 3d29fa22..63058f85 100644 --- a/apparmor.d/profiles-m-z/sddm-xsession +++ b/apparmor.d/profiles-m-z/sddm-xsession @@ -101,8 +101,8 @@ profile sddm-xsession @{exec_path} { /{usr/,}bin/gpg-agent rix, - owner @{HOME}/.gnupg/ rw, - owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, + owner @{HOME}/@{XDG_GPG_DIR}/ rw, + owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/profiles-m-z/uscan b/apparmor.d/profiles-m-z/uscan index 8c8ccaa0..cff02812 100644 --- a/apparmor.d/profiles-m-z/uscan +++ b/apparmor.d/profiles-m-z/uscan @@ -62,8 +62,8 @@ profile uscan @{exec_path} { /{usr/,}bin/gpg mr, /{usr/,}bin/gpgv mr, - owner @{HOME}/.gnupg/gpg.conf r, - owner @{HOME}/.gnupg/pubring.{gpg,kbx} r, + owner @{HOME}/@{XDG_GPG_DIR}/gpg.conf r, + owner @{HOME}/@{XDG_GPG_DIR}/pubring.{gpg,kbx} r, owner /tmp/*/trustedkeys.gpg rw, diff --git a/apparmor.d/profiles-m-z/virt-manager b/apparmor.d/profiles-m-z/virt-manager index 9b9c8595..33033286 100644 --- a/apparmor.d/profiles-m-z/virt-manager +++ b/apparmor.d/profiles-m-z/virt-manager @@ -66,9 +66,8 @@ profile virt-manager @{exec_path} { #owner /var/lib/libvirt/images/ r, # User VM images - #owner @{user_share_dirs}/libvirt/ rw, - #owner @{user_share_dirs}/libvirt/images/ rw, - #owner @{user_share_dirs}/libvirt/images/* rw, + owner @{user_share_dirs}/libvirt/{,**} rw, + owner @{HOME}/@{XDG_VM_DIR}/{,**} rw, #owner /media/*/VM/ r, diff --git a/apparmor.d/profiles-m-z/x11-xsession b/apparmor.d/profiles-m-z/x11-xsession index 3a1452ec..07a1bee7 100644 --- a/apparmor.d/profiles-m-z/x11-xsession +++ b/apparmor.d/profiles-m-z/x11-xsession @@ -90,8 +90,8 @@ profile x11-xsession @{exec_path} { /{usr/,}bin/gpg-agent rix, - owner @{HOME}/.gnupg/ rw, - owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, + owner @{HOME}/@{XDG_GPG_DIR}/ rw, + owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/profiles-m-z/xinit b/apparmor.d/profiles-m-z/xinit index 959b3959..98af981f 100644 --- a/apparmor.d/profiles-m-z/xinit +++ b/apparmor.d/profiles-m-z/xinit @@ -92,8 +92,8 @@ profile xinit @{exec_path} { /{usr/,}bin/gpg-agent rix, - owner @{HOME}/.gnupg/ rw, - owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, + owner @{HOME}/@{XDG_GPG_DIR}/ rw, + owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, @{PROC}/@{pid}/fd/ r,