From c623e6921ce059f9ca5276fab5912ef85c8142ad Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Wed, 3 Apr 2024 21:18:08 +0100 Subject: [PATCH] feat(profile): add initial xfce group. --- apparmor.d/abstractions/xfce | 19 ++++++++++ apparmor.d/groups/xfce/xfce-notifyd | 21 +++++++++++ .../{profiles-s-z => groups/xfce}/xfconfd | 7 ++-- apparmor.d/profiles-s-z/xfce4-notifyd | 35 ------------------- 4 files changed, 43 insertions(+), 39 deletions(-) create mode 100644 apparmor.d/abstractions/xfce create mode 100644 apparmor.d/groups/xfce/xfce-notifyd rename apparmor.d/{profiles-s-z => groups/xfce}/xfconfd (74%) delete mode 100644 apparmor.d/profiles-s-z/xfce4-notifyd diff --git a/apparmor.d/abstractions/xfce b/apparmor.d/abstractions/xfce new file mode 100644 index 00000000..37014b2f --- /dev/null +++ b/apparmor.d/abstractions/xfce @@ -0,0 +1,19 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023-2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + + include + include + include + include + include + + owner @{user_config_dirs}/xfce4/help.rc rw, + owner @{user_config_dirs}/xfce4/help.rc.@{int}.tmp rw, + + owner @{HOME}/.local/ rw, + owner @{user_cache_dirs}/ rw, + owner @{user_config_dirs}/ rw, + owner @{user_share_dirs}/ rw, + + include if exists diff --git a/apparmor.d/groups/xfce/xfce-notifyd b/apparmor.d/groups/xfce/xfce-notifyd new file mode 100644 index 00000000..450e3472 --- /dev/null +++ b/apparmor.d/groups/xfce/xfce-notifyd @@ -0,0 +1,21 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2018-2021 Mikhail Morfikov +# Copyright (C) 2021-2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{lib}/@{multiarch}/xfce4/notifyd/xfce4-notifyd +profile xfce-notifyd @{exec_path} { + include + include + include + include + include + + @{exec_path} mr, + + include if exists +} diff --git a/apparmor.d/profiles-s-z/xfconfd b/apparmor.d/groups/xfce/xfconfd similarity index 74% rename from apparmor.d/profiles-s-z/xfconfd rename to apparmor.d/groups/xfce/xfconfd index 2d869fb0..076149e0 100644 --- a/apparmor.d/profiles-s-z/xfconfd +++ b/apparmor.d/groups/xfce/xfconfd @@ -7,18 +7,17 @@ abi , include -@{exec_path} = @{lib}/xfce[0-9]/xfconf/xfconfd -@{exec_path} += @{lib}/@{multiarch}/xfce[0-9]/xfconf/xfconfd +@{exec_path} = @{lib}/xfce4/xfconf/xfconfd +@{exec_path} += @{lib}/@{multiarch}/xfce4/xfconf/xfconfd profile xfconfd @{exec_path} { include - include + include @{exec_path} mr, /etc/xdg/xfce4/xfconf/*/*.xml r, owner @{HOME}/ r, - owner @{HOME}/.xsession-errors w, owner @{user_config_dirs}/xfce4/ r, owner @{user_config_dirs}/xfce4/xfconf/*/*.xml{,.new} rw, diff --git a/apparmor.d/profiles-s-z/xfce4-notifyd b/apparmor.d/profiles-s-z/xfce4-notifyd deleted file mode 100644 index 236a7399..00000000 --- a/apparmor.d/profiles-s-z/xfce4-notifyd +++ /dev/null @@ -1,35 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2018-2021 Mikhail Morfikov -# Copyright (C) 2021-2024 Alexandre Pujol -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{lib}/@{multiarch}/xfce4/notifyd/xfce4-notifyd -profile xfce4-notifyd @{exec_path} { - include - include - include - include - include - include - include - include - include - - @{exec_path} mr, - - /usr/share/**.png r, - - owner /tmp/.org.chromium.Chromium.* rw, - - # For calibre notifications - owner @{user_config_dirs}/calibre/resources/images/*.png r, - - # file_inherit - owner /dev/tty@{int} rw, - - include if exists -}