From 856a9a467efa1f9368387e5a96a2902ad740702a Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sun, 23 Jun 2024 11:17:01 +0100
Subject: [PATCH] feat(profile): improve chromium tmp file  restriction.

---
 apparmor.d/abstractions/app/chromium | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/apparmor.d/abstractions/app/chromium b/apparmor.d/abstractions/app/chromium
index d7ffd9fa..e80a7e0f 100644
--- a/apparmor.d/abstractions/app/chromium
+++ b/apparmor.d/abstractions/app/chromium
@@ -125,7 +125,7 @@
   owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw,
 
   owner @{user_config_dirs}/gtk-3.0/servers r,
-  owner @{user_share_dirs}/.@{domain}.* rw,
+  owner @{user_share_dirs}/.@{domain}.@{rand6} rw,
   owner @{user_cache_dirs}/gtk-3.0/**/*.cache r,
   owner @{user_cache_dirs}/icon-cache.kcache rw,
 
@@ -147,8 +147,8 @@
 
         /tmp/ r,
         /var/tmp/ r,
-  owner @{tmp}/.@{domain}.* rw,
-  owner @{tmp}/.@{domain}*/{,**} rw,
+  owner @{tmp}/.@{domain}.@{rand6} rw,
+  owner @{tmp}/.@{domain}.@{rand6}/{,**} rw,
   owner @{tmp}/@{name}-crashlog-@{int}-@{int}.txt rw,
   owner @{tmp}/scoped_dir@{rand6}/{,**} rw,
   owner @{tmp}/tmp.@{rand6} rw,
@@ -159,7 +159,7 @@
   owner @{run}/user/@{uid}/org.keepassxc.KeePassXC.BrowserServer rw,
 
         /dev/shm/ r,
-  owner /dev/shm/.@{domain}* rw,
+  owner /dev/shm/.@{domain}.@{rand6} rw,
 
   @{run}/udev/data/c13:@{int}  r,         # for /dev/input/*