diff --git a/apparmor.d/groups/desktop/dbus-run-session b/apparmor.d/groups/desktop/dbus-run-session index cb970525..1acbf607 100644 --- a/apparmor.d/groups/desktop/dbus-run-session +++ b/apparmor.d/groups/desktop/dbus-run-session @@ -10,6 +10,7 @@ include profile dbus-run-session @{exec_path} { include + signal (receive) set=term peer=gdm, signal (receive) set=(term, kill) peer=gdm-wayland-session, @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gdm-session-worker b/apparmor.d/groups/gnome/gdm-session-worker index e91c4cca..cebf8550 100644 --- a/apparmor.d/groups/gnome/gdm-session-worker +++ b/apparmor.d/groups/gnome/gdm-session-worker @@ -12,6 +12,7 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) { include include + signal (receive) set=term peer=gdm, signal (send) set=term peer=gdm-wayland-session, capability audit_write, @@ -30,7 +31,7 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) { network netlink raw, - @{exec_path} mr, + @{exec_path} mrix, /{usr/,}bin/gnome-keyring-daemon rPx, /{usr/,}lib/gdm-wayland-session rPx, diff --git a/apparmor.d/groups/gnome/gjs-console b/apparmor.d/groups/gnome/gjs-console index 6a3cc7e0..3fbea9e2 100644 --- a/apparmor.d/groups/gnome/gjs-console +++ b/apparmor.d/groups/gnome/gjs-console @@ -19,6 +19,8 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) { network netlink raw, + signal (receive) set=term peer=gdm, + @{exec_path} mr, /{usr/,}bin/ r, /{usr/,}bin/[a-z0-9]* rPUx, diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary index c993478b..45969e97 100644 --- a/apparmor.d/groups/gnome/gnome-session-binary +++ b/apparmor.d/groups/gnome/gnome-session-binary @@ -14,6 +14,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { signal (send) set=(term) peer=gsd-*, signal (receive) set=(term) peer=gdm-wayland-session, + signal (receive) set=(term) peer=gdm, @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gsd-a11y-settings b/apparmor.d/groups/gnome/gsd-a11y-settings index 28fce66e..8ada3b11 100644 --- a/apparmor.d/groups/gnome/gsd-a11y-settings +++ b/apparmor.d/groups/gnome/gsd-a11y-settings @@ -10,6 +10,8 @@ include profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) { include + signal (receive) set=term peer=gdm, + @{exec_path} mr, /usr/share/gdm/greeter-dconf-defaults r, diff --git a/apparmor.d/groups/gnome/gsd-color b/apparmor.d/groups/gnome/gsd-color index 3aaf89a2..eeac838b 100644 --- a/apparmor.d/groups/gnome/gsd-color +++ b/apparmor.d/groups/gnome/gsd-color @@ -12,6 +12,8 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) { include include + signal (receive) set=term peer=gdm, + @{exec_path} mr, /usr/share/gdm/greeter-dconf-defaults r, diff --git a/apparmor.d/groups/gnome/gsd-datetime b/apparmor.d/groups/gnome/gsd-datetime index 78405ea8..30a11e1e 100644 --- a/apparmor.d/groups/gnome/gsd-datetime +++ b/apparmor.d/groups/gnome/gsd-datetime @@ -10,6 +10,8 @@ include profile gsd-datetime @{exec_path} flags=(attach_disconnected) { include + signal (receive) set=term peer=gdm, + @{exec_path} mr, /usr/share/gdm/greeter-dconf-defaults r, diff --git a/apparmor.d/groups/gnome/gsd-housekeeping b/apparmor.d/groups/gnome/gsd-housekeeping index 734c0e42..2328fb1f 100644 --- a/apparmor.d/groups/gnome/gsd-housekeeping +++ b/apparmor.d/groups/gnome/gsd-housekeeping @@ -11,6 +11,8 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) { include include + signal (receive) set=term peer=gdm, + @{exec_path} mr, /etc/fstab r, diff --git a/apparmor.d/groups/gnome/gsd-keyboard b/apparmor.d/groups/gnome/gsd-keyboard index 1760310b..95ef8668 100644 --- a/apparmor.d/groups/gnome/gsd-keyboard +++ b/apparmor.d/groups/gnome/gsd-keyboard @@ -12,6 +12,8 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) { include include + signal (receive) set=term peer=gdm, + @{exec_path} mr, /usr/share/gdm/greeter-dconf-defaults r, diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys index 2757b12e..88760e72 100644 --- a/apparmor.d/groups/gnome/gsd-media-keys +++ b/apparmor.d/groups/gnome/gsd-media-keys @@ -13,6 +13,8 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { include include + signal (receive) set=term peer=gdm, + network netlink raw, @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power index 6420c809..d3b8e9f8 100644 --- a/apparmor.d/groups/gnome/gsd-power +++ b/apparmor.d/groups/gnome/gsd-power @@ -15,6 +15,8 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { network netlink raw, + signal (receive) set=term peer=gdm, + @{exec_path} mr, /usr/share/gdm/greeter-dconf-defaults r, diff --git a/apparmor.d/groups/gnome/gsd-print-notifications b/apparmor.d/groups/gnome/gsd-print-notifications index 9ead3e78..1870a2f8 100644 --- a/apparmor.d/groups/gnome/gsd-print-notifications +++ b/apparmor.d/groups/gnome/gsd-print-notifications @@ -14,6 +14,7 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) { network inet stream, network inet6 stream, + signal (receive) set=term peer=gdm, signal (send) set=(hup) peer=gsd-printer, @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gsd-printer b/apparmor.d/groups/gnome/gsd-printer index db34f7d2..7c338f36 100644 --- a/apparmor.d/groups/gnome/gsd-printer +++ b/apparmor.d/groups/gnome/gsd-printer @@ -10,6 +10,7 @@ include profile gsd-printer @{exec_path} flags=(attach_disconnected) { include + signal (receive) set=term peer=gdm, signal (receive) set=(hup) peer=gsd-print-notifications, @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gsd-rfkill b/apparmor.d/groups/gnome/gsd-rfkill index d979a565..c7b413f6 100644 --- a/apparmor.d/groups/gnome/gsd-rfkill +++ b/apparmor.d/groups/gnome/gsd-rfkill @@ -10,6 +10,8 @@ include profile gsd-rfkill @{exec_path} flags=(attach_disconnected) { include + signal (receive) set=term peer=gdm, + network netlink raw, @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gsd-screensaver-proxy b/apparmor.d/groups/gnome/gsd-screensaver-proxy index 090bd5b9..730783ea 100644 --- a/apparmor.d/groups/gnome/gsd-screensaver-proxy +++ b/apparmor.d/groups/gnome/gsd-screensaver-proxy @@ -10,6 +10,8 @@ include profile gsd-screensaver-proxy @{exec_path} flags=(attach_disconnected) { include + signal (receive) set=term peer=gdm, + @{exec_path} mr, owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/gnome/gsd-sharing b/apparmor.d/groups/gnome/gsd-sharing index 821144d5..52807085 100644 --- a/apparmor.d/groups/gnome/gsd-sharing +++ b/apparmor.d/groups/gnome/gsd-sharing @@ -10,6 +10,8 @@ include profile gsd-sharing @{exec_path} flags=(attach_disconnected) { include + signal (receive) set=term peer=gdm, + @{exec_path} mr, /usr/share/gdm/greeter-dconf-defaults r, diff --git a/apparmor.d/groups/gnome/gsd-smartcard b/apparmor.d/groups/gnome/gsd-smartcard index d181b138..82c75858 100644 --- a/apparmor.d/groups/gnome/gsd-smartcard +++ b/apparmor.d/groups/gnome/gsd-smartcard @@ -10,6 +10,8 @@ include profile gsd-smartcard @{exec_path} flags=(attach_disconnected) { include + signal (receive) set=term peer=gdm, + @{exec_path} mr, /usr/share/gdm/greeter-dconf-defaults r, diff --git a/apparmor.d/groups/gnome/gsd-sound b/apparmor.d/groups/gnome/gsd-sound index fefb784e..6b6fb15f 100644 --- a/apparmor.d/groups/gnome/gsd-sound +++ b/apparmor.d/groups/gnome/gsd-sound @@ -10,6 +10,8 @@ include profile gsd-sound @{exec_path} flags=(attach_disconnected) { include + signal (receive) set=term peer=gdm, + @{exec_path} mr, /usr/share/gdm/greeter-dconf-defaults r, diff --git a/apparmor.d/groups/gnome/gsd-wacom b/apparmor.d/groups/gnome/gsd-wacom index f47202c6..e87dc32f 100644 --- a/apparmor.d/groups/gnome/gsd-wacom +++ b/apparmor.d/groups/gnome/gsd-wacom @@ -12,6 +12,8 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) { include include + signal (receive) set=term peer=gdm, + @{exec_path} mr, /etc/machine-id r,