diff --git a/apparmor.d/abstractions/bus/org.freedesktop.login1 b/apparmor.d/abstractions/bus/org.freedesktop.login1 index f958300f..21d0c894 100644 --- a/apparmor.d/abstractions/bus/org.freedesktop.login1 +++ b/apparmor.d/abstractions/bus/org.freedesktop.login1 @@ -22,4 +22,9 @@ member={SessionNew,SessionRemoved,UserNew,UserRemoved,PrepareFor*} peer=(name=:*, label=systemd-logind), + dbus send bus=system path=/org/freedesktop/login1 + interface=org.freedesktop.DBus.Introspectable + member=Introspect + peer=(name=:*, label=systemd-logind), + include if exists diff --git a/apparmor.d/groups/gnome/evolution-calendar-factory b/apparmor.d/groups/gnome/evolution-calendar-factory index b2ccdf06..df0d12bd 100644 --- a/apparmor.d/groups/gnome/evolution-calendar-factory +++ b/apparmor.d/groups/gnome/evolution-calendar-factory @@ -57,6 +57,11 @@ profile evolution-calendar-factory @{exec_path} { member=Complete peer=(name=org.freedesktop.DBus, label=gnome-calendar), + dbus send bus=session path=/org/gtk/vfs/metadata + interface=org.gtk.vfs.Metadata + member=Move + peer=(name=:*, label=gvfsd-metadata), + dbus receive bus=session interface=org.freedesktop.DBus.Introspectable member=Introspect diff --git a/apparmor.d/groups/gnome/gnome-keyring-daemon b/apparmor.d/groups/gnome/gnome-keyring-daemon index 7d0f55f9..c349fa99 100644 --- a/apparmor.d/groups/gnome/gnome-keyring-daemon +++ b/apparmor.d/groups/gnome/gnome-keyring-daemon @@ -14,6 +14,7 @@ profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) { include include include + include include include diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index e9fb387b..2f5ce3aa 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -79,7 +79,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { interface={org.gnome.*,org.freedesktop.{Application,DBus.Properties,DBus.ObjectManager},org.gtk.{Actions,Application}} peer=(name="{:*,org.gnome.*,org.freedesktop.DBus}"), - # dbus: own bus=session name=com.canonical.Unity path=/com/canonical/unity + # dbus: own bus=session name=com.canonical.Unity path=/com/canonical/{U,u}nity # dbus: own bus=session name=com.rastersoft.dingextension # dbus: own bus=session name=org.gtk.MountOperationHandler # dbus: own bus=session name=org.gtk.Notifications diff --git a/apparmor.d/groups/gvfs/gvfsd-metadata b/apparmor.d/groups/gvfs/gvfsd-metadata index d49e533c..d955d6d1 100644 --- a/apparmor.d/groups/gvfs/gvfsd-metadata +++ b/apparmor.d/groups/gvfs/gvfsd-metadata @@ -17,19 +17,7 @@ profile gvfsd-metadata @{exec_path} { signal (receive) set=(usr1) peer=pacman, - dbus bind bus=session name=org.gtk.vfs.Metadata, - dbus receive bus=session path=/org/gtk/vfs/metadata - interface=org.freedesktop.DBus.Properties - member=GetAll - peer=(name=:*), - dbus send bus=session path=/org/gtk/vfs/metadata - interface=org.gtk.vfs.Metadata - member=AttributeChanged - peer=(name=org.freedesktop.DBus), - dbus receive bus=session path=/org/gtk/vfs/metadata - interface=org.gtk.vfs.Metadata - member={GetTreeFromDevice,Remove} - peer=(name=:*), + # dbus: own bus=session name=org.gtk.vfs.Metadata path=/org/gtk/vfs/{m,M}etadata dbus receive bus=session interface=org.freedesktop.DBus.Introspectable diff --git a/apparmor.d/groups/ubuntu/apport-gtk b/apparmor.d/groups/ubuntu/apport-gtk index eefd2cfe..6cd1b9bb 100644 --- a/apparmor.d/groups/ubuntu/apport-gtk +++ b/apparmor.d/groups/ubuntu/apport-gtk @@ -10,7 +10,9 @@ include profile apport-gtk @{exec_path} { include include + include include + include include include include diff --git a/apparmor.d/profiles-s-z/terminator b/apparmor.d/profiles-s-z/terminator index 41b7d32d..20b8c1fb 100644 --- a/apparmor.d/profiles-s-z/terminator +++ b/apparmor.d/profiles-s-z/terminator @@ -9,6 +9,9 @@ include @{exec_path} = @{bin}/terminator profile terminator @{exec_path} flags=(attach_disconnected) { include + include + include + include include include include @@ -23,6 +26,8 @@ profile terminator @{exec_path} flags=(attach_disconnected) { ptrace, + # dbus: own bus=session name=net.tenshu.Terminator@{hex} + @{exec_path} mr, @{bin}/ r,