From cd4ad5b09c7df66d0becec1f214504f0b9039b58 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sun, 18 Apr 2021 17:54:04 +0100
Subject: [PATCH] Minor fixes.

---
 apparmor.d/groups/gnome/gsd-wacom  | 1 +
 apparmor.d/groups/gvfs/gvfsd-trash | 5 +++++
 apparmor.d/profiles-a-l/aa-notify  | 2 ++
 apparmor.d/profiles-a-l/auditd     | 1 +
 apparmor.d/profiles-a-l/freefall   | 2 +-
 profiles.manifest                  | 1 -
 6 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/apparmor.d/groups/gnome/gsd-wacom b/apparmor.d/groups/gnome/gsd-wacom
index e87dc32f..601ec28c 100644
--- a/apparmor.d/groups/gnome/gsd-wacom
+++ b/apparmor.d/groups/gnome/gsd-wacom
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}lib/gsd-wacom
 profile gsd-wacom @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/fontconfig-cache-write>
   include <abstractions/fonts>
   include <abstractions/gtk>
 
diff --git a/apparmor.d/groups/gvfs/gvfsd-trash b/apparmor.d/groups/gvfs/gvfsd-trash
index 37783436..b5d54ab8 100644
--- a/apparmor.d/groups/gvfs/gvfsd-trash
+++ b/apparmor.d/groups/gvfs/gvfsd-trash
@@ -29,5 +29,10 @@ profile gvfsd-trash @{exec_path} {
   owner @{run}/user/[0-9]*/gvfsd/ rw,
   owner @{run}/user/[0-9]*/gvfsd/socket-[a-zA-z0-9]* rw,
 
+  # Can restore all user files
+  owner @{HOME}/{,**} rw,
+  owner /media/*/{,**} rw,
+  owner /mnt/*/{,**} rw,
+
   include if exists <local/gvfsd-trash>
 }
diff --git a/apparmor.d/profiles-a-l/aa-notify b/apparmor.d/profiles-a-l/aa-notify
index 9327024b..0c4d127b 100644
--- a/apparmor.d/profiles-a-l/aa-notify
+++ b/apparmor.d/profiles-a-l/aa-notify
@@ -12,6 +12,8 @@ profile aa-notify @{exec_path} {
   include <abstractions/python>
   include <abstractions/nameservice-strict>
 
+  capability sys_ptrace,
+
   ptrace (read),
 
   @{exec_path} mr,
diff --git a/apparmor.d/profiles-a-l/auditd b/apparmor.d/profiles-a-l/auditd
index 6044e157..3fb7e2d6 100644
--- a/apparmor.d/profiles-a-l/auditd
+++ b/apparmor.d/profiles-a-l/auditd
@@ -11,6 +11,7 @@ profile auditd @{exec_path} {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
 
+  capability audit_control,
   capability fsetid,
   capability chown,
 
diff --git a/apparmor.d/profiles-a-l/freefall b/apparmor.d/profiles-a-l/freefall
index afa3ee9f..2ca9dc67 100644
--- a/apparmor.d/profiles-a-l/freefall
+++ b/apparmor.d/profiles-a-l/freefall
@@ -16,7 +16,7 @@ profile freefall @{exec_path} {
 
   @{exec_path} mr,
 
-  /dev/freefall r,
+  /dev/freefall rw,
   /dev/sd[a-z] rk,
   /dev/sd[a-z][0-9]* rk,
 
diff --git a/profiles.manifest b/profiles.manifest
index 9f4dafd3..cf048d3c 100644
--- a/profiles.manifest
+++ b/profiles.manifest
@@ -174,7 +174,6 @@ nm-initrd-generator complain
 nm-openvpn-auth-dialog complain
 nm-openvpn-service complain
 nm-openvpn-service-openvpn-helper complain
-notify-send complain
 ntfs-3g complain
 ntfs-3g-probe complain
 obex-folder-listing complain