From d18e012f9ed232445496a5142e9d5d7ddcf9f896 Mon Sep 17 00:00:00 2001
From: nobody43 <nobody43@users.noreply.github.com>
Date: Mon, 20 Feb 2023 21:01:05 +0000
Subject: [PATCH] fixes

---
 apparmor.d/groups/freedesktop/at-spi2-registryd    | 2 +-
 apparmor.d/groups/gnome/tracker-miner              | 2 +-
 apparmor.d/{profiles-s-z => groups/virt}/virtiofsd | 1 +
 apparmor.d/profiles-m-r/pkexec                     | 2 +-
 apparmor.d/profiles-m-r/qbittorrent                | 2 +-
 5 files changed, 5 insertions(+), 4 deletions(-)
 rename apparmor.d/{profiles-s-z => groups/virt}/virtiofsd (96%)

diff --git a/apparmor.d/groups/freedesktop/at-spi2-registryd b/apparmor.d/groups/freedesktop/at-spi2-registryd
index 049f5a39..04a64722 100644
--- a/apparmor.d/groups/freedesktop/at-spi2-registryd
+++ b/apparmor.d/groups/freedesktop/at-spi2-registryd
@@ -72,7 +72,7 @@ profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) {
   dbus send bus=session path=/org/a11y/bus
        interface=org.a11y.Bus
        member=GetAddress
-       peer=(name=org.a11y.Bus, label="{at-spi-bus-launcher,unconfined}"),
+       peer=(name=org.a11y.Bus, label=at-spi-bus-launcher),
 
   dbus receive bus=session path=/
        interface=org.freedesktop.DBus.Introspectable
diff --git a/apparmor.d/groups/gnome/tracker-miner b/apparmor.d/groups/gnome/tracker-miner
index 265f3cc7..f635929b 100644
--- a/apparmor.d/groups/gnome/tracker-miner
+++ b/apparmor.d/groups/gnome/tracker-miner
@@ -66,7 +66,7 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) {
 
   dbus receive bus=session path=/org/freedesktop/Tracker3/Miner/**
        interface=org.freedesktop.Tracker3.Miner
-       peer=(name=:*, label=tracker-extract),
+       peer=(name=:*, label=tracker-extract), # all members
 
   dbus receive bus=session path=/{,org}
        interface=org.freedesktop.DBus.Introspectable
diff --git a/apparmor.d/profiles-s-z/virtiofsd b/apparmor.d/groups/virt/virtiofsd
similarity index 96%
rename from apparmor.d/profiles-s-z/virtiofsd
rename to apparmor.d/groups/virt/virtiofsd
index e37e7c51..556e12f8 100644
--- a/apparmor.d/profiles-s-z/virtiofsd
+++ b/apparmor.d/groups/virt/virtiofsd
@@ -6,6 +6,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{LOCAL_SHARED_DIRS} = /var/lib/libvirt/shared
+include if exists <local/tunables/virtiofsd>
 
 @{exec_path} = /{,usr/}lib/qemu/virtiofsd
 profile virtiofsd @{exec_path} flags=(attach_disconnected) {
diff --git a/apparmor.d/profiles-m-r/pkexec b/apparmor.d/profiles-m-r/pkexec
index 079ec715..b9a15905 100644
--- a/apparmor.d/profiles-m-r/pkexec
+++ b/apparmor.d/profiles-m-r/pkexec
@@ -23,8 +23,8 @@ profile pkexec @{exec_path} {
   capability setgid,  # gdbus
   capability setuid,  # gmain
   capability sys_ptrace,
-  capability sys_nice,
   capability sys_resource,
+  audit deny capability sys_nice,
 
   ptrace (read),
 
diff --git a/apparmor.d/profiles-m-r/qbittorrent b/apparmor.d/profiles-m-r/qbittorrent
index 761aed48..43357b92 100644
--- a/apparmor.d/profiles-m-r/qbittorrent
+++ b/apparmor.d/profiles-m-r/qbittorrent
@@ -78,7 +78,7 @@ profile qbittorrent @{exec_path} {
        member=Get
        peer=(name=org.kde.StatusNotifierWatcher),
    
-  dbus receive bus=session path={/StatusNotifierItem,/MenuBar}
+  dbus receive bus=session path="{/StatusNotifierItem,/MenuBar}"
        interface=org.freedesktop.DBus.Properties
        member=GetAll
        peer=(name=:*),