From a5c5ee70a2f7d38a55dfa4d50743e0070e8cee89 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 28 Jan 2024 21:09:14 +0000 Subject: [PATCH] feat(profile): general update. --- apparmor.d/groups/bus/ibus-extension-gtk3 | 7 ++++--- apparmor.d/groups/freedesktop/xdg-document-portal | 15 +++++++-------- apparmor.d/groups/gnome/gdm-xsession | 1 + apparmor.d/groups/gnome/gnome-initial-setup | 1 + .../groups/gnome/org.gnome.NautilusPreviewer | 1 + apparmor.d/profiles-s-z/switcheroo-control | 1 + 6 files changed, 15 insertions(+), 11 deletions(-) diff --git a/apparmor.d/groups/bus/ibus-extension-gtk3 b/apparmor.d/groups/bus/ibus-extension-gtk3 index e0e3d225..4774446a 100644 --- a/apparmor.d/groups/bus/ibus-extension-gtk3 +++ b/apparmor.d/groups/bus/ibus-extension-gtk3 @@ -48,12 +48,13 @@ profile ibus-extension-gtk3 @{exec_path} flags=(attach_disconnected) { /usr/share/icons/{,**} r, /usr/share/X11/xkb/** r, - owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} r, - owner @{run}/user/@{uid}/gdm/Xauthority r, - /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, /var/lib/gdm{3,}/.config/dconf/user r, /var/lib/gdm{3,}/greeter-dconf-defaults r, + /var/lib/gdm{3,}/.config/ibus/bus/ r, + + owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} r, + owner @{run}/user/@{uid}/gdm/Xauthority r, # file inherit /dev/tty@{int} rw, diff --git a/apparmor.d/groups/freedesktop/xdg-document-portal b/apparmor.d/groups/freedesktop/xdg-document-portal index d19ff4f5..f19d6657 100644 --- a/apparmor.d/groups/freedesktop/xdg-document-portal +++ b/apparmor.d/groups/freedesktop/xdg-document-portal @@ -42,15 +42,13 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/doc/ rw, - owner @{PROC}/@{pid}/fd/ r, - owner @{PROC}/@{pid}/cgroup r, @{PROC}/1/cgroup r, @{PROC}/sys/fs/pipe-max-size r, + owner @{PROC}/@{pid}/cgroup r, + owner @{PROC}/@{pid}/fd/ r, - /dev/fuse rw, - - # file inherit - owner /dev/tty@{int} rw, + /dev/fuse rw, + owner /dev/tty@{int} rw, profile fusermount { include @@ -75,8 +73,9 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) { @{PROC}/@{pids}/mounts r, - /dev/fuse rw, - + /dev/fuse rw, + owner /dev/tty@{int} rw, + include if exists } diff --git a/apparmor.d/groups/gnome/gdm-xsession b/apparmor.d/groups/gnome/gdm-xsession index a824ce8e..7bf08754 100644 --- a/apparmor.d/groups/gnome/gdm-xsession +++ b/apparmor.d/groups/gnome/gdm-xsession @@ -13,6 +13,7 @@ profile gdm-xsession @{exec_path} { include include include + include @{exec_path} mr, diff --git a/apparmor.d/groups/gnome/gnome-initial-setup b/apparmor.d/groups/gnome/gnome-initial-setup index 24a8dfc1..32c19634 100644 --- a/apparmor.d/groups/gnome/gnome-initial-setup +++ b/apparmor.d/groups/gnome/gnome-initial-setup @@ -31,6 +31,7 @@ profile gnome-initial-setup @{exec_path} { @{lib}/gnome-initial-setup-goa-helper rix, /usr/share/dconf/profile/gdm r, + /usr/share/xml/iso-codes/{,**} r, /var/lib/gdm{,3}/greeter-dconf-defaults r, diff --git a/apparmor.d/groups/gnome/org.gnome.NautilusPreviewer b/apparmor.d/groups/gnome/org.gnome.NautilusPreviewer index c285f614..a3aade65 100644 --- a/apparmor.d/groups/gnome/org.gnome.NautilusPreviewer +++ b/apparmor.d/groups/gnome/org.gnome.NautilusPreviewer @@ -26,6 +26,7 @@ profile org.gnome.NautilusPreviewer @{exec_path} { @{open_path} rPx -> child-open, + /usr/share/poppler/{,**} r, /usr/share/sushi/org.gnome.NautilusPreviewer.*.gresource r, /etc/machine-id r, diff --git a/apparmor.d/profiles-s-z/switcheroo-control b/apparmor.d/profiles-s-z/switcheroo-control index 3172aa62..b050135d 100644 --- a/apparmor.d/profiles-s-z/switcheroo-control +++ b/apparmor.d/profiles-s-z/switcheroo-control @@ -11,6 +11,7 @@ profile switcheroo-control @{exec_path} flags=(attach_disconnected) { include include + capability net_admin, capability sys_nice, network netlink raw,