diff --git a/apparmor.d/abstractions/chromium b/apparmor.d/abstractions/chromium index 3e35b78b..49333001 100644 --- a/apparmor.d/abstractions/chromium +++ b/apparmor.d/abstractions/chromium @@ -24,6 +24,7 @@ include include include + include include include include @@ -101,7 +102,6 @@ /usr/share/hwdata/pnp.ids r, /usr/share/mozilla/extensions/{,**} r, /usr/share/qt{5,}/translations/*.qm r, - /usr/share/uim/* r, /usr/share/webext/{,**} r, /etc/@{name}/{,**} r, @@ -112,8 +112,6 @@ /var/lib/dbus/machine-id r, /etc/machine-id r, - /var/lib/uim/* r, - owner @{HOME}/ r, owner @{HOME}/.pki/ rw, @@ -121,8 +119,6 @@ owner @{HOME}/.pki/nssdb/pkcs11.txt rw, owner @{HOME}/.pki/nssdb/{cert9,key4}.db rwk, owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw, - owner @{HOME}/.uim.d/customs/* r, - owner @{HOME}/.XCompose r, owner @{user_config_dirs}/gtk-3.0/servers r, owner @{user_share_dirs}/.@{domain}.* rw, @@ -167,7 +163,6 @@ owner @{run}/user/@{uid}/app/org.keepassxc.KeePassXC/org.keepassxc.KeePassXC.BrowserServer rw, owner @{run}/user/@{uid}/org.keepassxc.KeePassXC.BrowserServer rw, - owner @{run}/user/@{uid}/uim/socket/uim-helper rw, @{sys}/bus/ r, @{sys}/bus/**/devices/ r, diff --git a/apparmor.d/abstractions/uim b/apparmor.d/abstractions/uim new file mode 100644 index 00000000..24b430b1 --- /dev/null +++ b/apparmor.d/abstractions/uim @@ -0,0 +1,15 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Jeroen Rijken +# SPDX-License-Identifier: GPL-2.0-only + + /usr/share/uim/* r, + + /var/lib/uim/* r, + + owner @{HOME}/.uim.d/customs/* r, + owner @{HOME}/.XCompose r, + + owner @{run}/user/@{uid}/uim/socket/uim-helper rw, + + include if exists \ No newline at end of file diff --git a/apparmor.d/profiles-s-z/thunderbird b/apparmor.d/profiles-s-z/thunderbird index 79b24034..8cd85666 100644 --- a/apparmor.d/profiles-s-z/thunderbird +++ b/apparmor.d/profiles-s-z/thunderbird @@ -30,6 +30,7 @@ profile thunderbird @{exec_path} { include include include + include include # userns, @@ -96,7 +97,6 @@ profile thunderbird @{exec_path} { /usr/share/qt5ct/** r, /usr/share/sounds/freedesktop/stereo/*.oga r, /usr/share/xul-ext/kwallet5/* r, - /usr/share/uim/* r, /etc/@{name}/{,**} r, /etc/fstab r, @@ -105,12 +105,9 @@ profile thunderbird @{exec_path} { /etc/timezone r, /etc/xul-ext/kwallet5.js r, - /var/lib/uim/* r, owner /var/mail/* rwk, owner @{HOME}/ r, - owner @{HOME}/.uim.d/customs/* r, - owner @{HOME}/.XCompose r, owner @{user_config_dirs}/kwalletrc r, owner @{user_config_dirs}/mimeapps.list.* rw, @@ -141,8 +138,7 @@ profile thunderbird @{exec_path} { owner /tmp/MozillaMailnews/*.msf rw, owner /tmp/Temp-@{uuid}/ rw, - @{run}/mount/utab r, - owner @{run}/user/@{uid}/uim/socket/uim-helper rw, + @{run}/mount/utab r, @{sys}/cgroup/cpu,cpuacct/user.slice/cpu.cfs_quota_us r, @{sys}/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us r,