diff --git a/apparmor.d/abstractions/totem b/apparmor.d/abstractions/totem deleted file mode 100644 index b2815c19..00000000 --- a/apparmor.d/abstractions/totem +++ /dev/null @@ -1,56 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) Jamie Strandboge -# SPDX-License-Identifier: GPL-2.0-only - -# Limit executable access and reasonable read access. A look at -# the gconf schema files for totem-video-thumbnailer reveals at least the -# following files: -# 3gpp, ac3, acm, aiff, amr-wb, ape, asf, asx, au, avi, basic, divx, dv, flac, -# flc, fli, flic, flv, google-video-pointer, gpp, gsm, m4a, m4v, matroska, -# midi, mod, mp3, mp4, mp4es, mpeg, mpt2, msvideo, ms-wm, musepack,mxf, -# netshow, nsv, off, ogm, pict, pn-realaudio, prs.sid, quicktime, ram, -# realpix, rn, sbc, sdp, shorten, speex, theora, totem-stream, tta, ultravox, -# vivo, vorbis, wav, wavpack, wax, webm, wma, wmv, wmx, wpl, wvx, x-anim, -# x-it, xm -# -# While ideally we would narrow down our read access to the above, this is -# a maintenance problem and doesn't work for files without extensions. - - include - include - include - include - - # Allow read on all directories - /**/ r, - - # Allow read on removable media and files in /usr/share and /usr/local/share - /usr/local/share/** r, - /usr/share/** r, - /{media,mnt,opt,srv}/** r, - - owner @{user_cache_dirs}/mesa/** rwk, - owner @{user_cache_dirs}/thumbnails/** rw, - owner @{user_cache_dirs}/totem/ rw, - owner @{user_cache_dirs}/totem/** rwk, - owner @{user_cache_dirs}/totem-* rwk, - owner @{user_cache_dirs}/tracker/db-locale.txt r, - owner @{user_cache_dirs}/tracker/meta.db{,-shm,-journal,-wal} rwk, - owner @{user_cache_dirs}/tracker/ontologies.gvdb r, - owner @{user_config_dirs}/totem/ rwk, - owner @{user_config_dirs}/totem/** rwk, - owner @{user_share_dirs}/grilo-plugins/ rwk, - owner @{user_share_dirs}/grilo-plugins/*.db{,-shm,-journal,-wal} rwk, - owner @{user_share_dirs}/totem/ rwk, - owner @{user_share_dirs}/tracker/data/tracker-store.journal rwk, - - owner @{PROC}/@{pid}/{mountinfo,status} r, - - @{run}/udev/data/+drm:card* r, - @{run}/udev/data/+usb* r, - - @{sys}/devices/system/node/*/meminfo r, - - deny owner @{user_share_dirs}/gvfs-metadata/{,*} r, - - include if exists \ No newline at end of file diff --git a/apparmor.d/profiles-g-l/games-wesnoth b/apparmor.d/profiles-g-l/games-wesnoth deleted file mode 100644 index 1573af6c..00000000 --- a/apparmor.d/profiles-g-l/games-wesnoth +++ /dev/null @@ -1,35 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2019-2021 Mikhail Morfikov -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = /usr/games/wesnoth{,-[0-9]*} -profile games-wesnoth @{exec_path} { - include - include - include - include - include - include - include - include - - @{exec_path} mrix, - - /usr/share/games/wesnoth/@{int}/{,**} r, - - owner @{user_config_dirs}/wesnoth-[0-9]*/{,**} rw, - - owner @{HOME}/.Xauthority r, - - /etc/machine-id r, - /var/lib/dbus/machine-id r, - - owner @{HOME}/.icons/default/index.theme r, - /usr/share/icons/*/index.theme r, - - include if exists -} diff --git a/apparmor.d/profiles-g-l/games-wesnoth-sh b/apparmor.d/profiles-g-l/games-wesnoth-sh deleted file mode 100644 index 6c5a4b69..00000000 --- a/apparmor.d/profiles-g-l/games-wesnoth-sh +++ /dev/null @@ -1,26 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2019-2021 Mikhail Morfikov -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = /usr/games/wesnoth-[0-9]*{-nolog,-smalgui,_editor} /usr/games/wesnoth-nolog -profile games-wesnoth-sh @{exec_path} { - include - - @{exec_path} r, - @{bin}/{,ba,da}sh rix, - - /usr/games/wesnoth{,-[0-9]*} rPx, - - # For the editor - @{bin}/basename rix, - @{bin}/sed rix, - - # file_inherit - owner @{HOME}/.xsession-errors w, - - include if exists -}