feat(profile): cleanup xsession logs.

apparmor.d/abstractions/X-strict

@@ -12,14 +12,15 @@
   /usr/share/xsessions/{,*.desktop} r,  # Available Xsessions
 
   /etc/X11/cursors/{,**} r,
-  
-  owner @{HOME}/.ICEauthority r,  # ICEauthority files required for X authentication, per user
-  owner @{HOME}/.Xauthority r,  # Xauthority files required for X connections, per user
- 
+
+  owner @{HOME}/.ICEauthority rw,  # ICEauthority files required for X authentication, per user
+  owner @{HOME}/.Xauthority rw,  # Xauthority files required for X connections, per user
+  owner @{HOME}/.xsession-errors rw,
+
         /tmp/.ICE-unix/* rw,
         /tmp/.X@{int}-lock rw,
         /tmp/.X11-unix/* rw,
-  owner @{tmp}/xauth_@{rand6} rl -> /tmp/#@{int},
+  owner @{tmp}/xauth_@{rand6} rl -> @{tmp}/#@{int},
 
   owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} rw,  # Xwayland
   owner @{run}/user/@{uid}/gdm{[1-9],}/Xauthority r,

apparmor.d/groups/display-manager/lightdm

@@ -68,8 +68,6 @@ profile lightdm @{exec_path} flags=(attach_disconnected) {
   /var/log/lightdm/{,**} rw,
 
   owner @{HOME}/.dmrc r,
-  owner @{HOME}/.Xauthority rw,
-  owner @{HOME}/.xsession-errors{,.old} rw,
 
         @{run}/faillock/ rw,
         @{run}/faillock/user rwk,

apparmor.d/groups/display-manager/x11-xsession

@@ -63,8 +63,6 @@ profile x11-xsession @{exec_path} {
   /etc/profile.d/*.sh r,
   /etc/X11/{,**} r,
 
-  owner @{HOME}/.xsession-errors w,
-
   owner @{tmp}/file* rw,
   owner @{tmp}/tmp.@{rand10} rw,
 

apparmor.d/groups/freedesktop/pulseaudio

@@ -115,7 +115,6 @@ profile pulseaudio @{exec_path} {
 
   # file_inherit
   owner /dev/tty@{int} rw,
-  owner @{HOME}/.xsession-errors w,
 
   include if exists <local/pulseaudio>
 }

apparmor.d/groups/freedesktop/xhost

@@ -15,8 +15,6 @@ profile xhost @{exec_path} {
 
   @{exec_path} mr,
 
-  owner @{HOME}/.xsession-errors w,
-
   /dev/tty@{int} rw,
 
   # Silencer

apparmor.d/groups/freedesktop/xorg

@@ -63,7 +63,6 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
   /etc/X11/{,**} r,
 
   owner @{HOME}/ r,
-  owner @{HOME}/.xsession-errors w,
 
   owner @{user_share_dirs}/xorg/ rw,
   owner @{user_share_dirs}/xorg/Xorg.@{int}.log{,.old} rw,
@@ -84,7 +83,7 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
         /tmp/ r,
         /tmp/server-@{int}.xkm rw,
   owner @{tmp}/.tX@{int}-lock rwk,
-  owner @{tmp}/.X@{int}-lock rwkl -> /tmp/.tX@{int}-lock,
+  owner @{tmp}/.X@{int}-lock rwkl -> @{tmp}/.tX@{int}-lock,
   owner @{tmp}/server-* rwk,
   owner @{tmp}/serverauth.* r,
 

apparmor.d/groups/freedesktop/xsetroot

@@ -20,17 +20,11 @@ profile xsetroot @{exec_path} {
 
   /usr/share/icons/{,**} r,
 
-  /etc/X11/cursors/*.theme r,
-
   owner @{HOME}/.icons/** r,
-  owner @{HOME}/.Xauthority r,
-  owner @{HOME}/.xsession-errors w,
 
   owner @{user_share_dirs}/sddm/xorg-session.log w,
   owner @{user_share_dirs}/sddm/wayland-session.log w,
 
-  owner @{tmp}/xauth_@{rand6} r,
-
   @{run}/sddm/\{@{uuid}\} r,
   @{run}/user/@{uid}/xauth_@{rand6} rl,
   @{run}/sddm/xauth_@{rand6} r,

apparmor.d/groups/kde/kscreenlocker_greet

@@ -67,7 +67,6 @@ profile kscreenlocker_greet @{exec_path} {
   /var/lib/dbus/machine-id r,
 
   owner @{HOME}/.face.icon r,
-  owner @{HOME}/.xsession-errors w,
   owner @{user_pictures_dirs}/{,**} r,
 
   owner @{user_cache_dirs}/ rw,

apparmor.d/groups/xfce/xfpm-power-backlight-helper

@@ -13,8 +13,6 @@ profile xfpm-power-backlight-helper @{exec_path} {
 
   @{exec_path} mr,
 
-  owner @{HOME}/.xsession-errors w,
-
   @{sys}/class/backlight/ r,
   @{sys}/class/leds/ r,
   @{sys}/devices/@{pci}/backlight/**/{max_brightness,actual_brightness} r,

apparmor.d/profiles-s-z/thunderbird

@@ -167,7 +167,6 @@ profile thunderbird @{exec_path} {
 
   # file_inherit
   owner /dev/tty@{int} rw,
-  owner @{HOME}/.xsession-errors w,
 
   # Silencer
   deny @{HOME}/.mozilla/** mrwkl,