feat: support for gnome 42.

This commit is contained in:
Alexandre Pujol 2022-04-13 20:47:28 +01:00
parent 57df9ee898
commit ef9c451559
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
13 changed files with 71 additions and 57 deletions

View File

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}lib/evolution-data-server/evolution-alarm-notify
profile evolution-alarm-notify @{exec_path} {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/fontconfig-cache-read>
include <abstractions/gnome>
include <abstractions/nameservice-strict>
@ -17,9 +18,9 @@ profile evolution-alarm-notify @{exec_path} {
@{exec_path} mr,
/usr/share/evolution-data-server/{,**} r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,

View File

@ -18,6 +18,8 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
capability net_admin,
capability sys_nice,
network netlink raw,
ptrace (read) peer=unconfined,
signal (send) set=(term),
@ -45,7 +47,9 @@ profile gdm @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/sessions/[0-9]*.ref r,
@{run}/systemd/userdb/ r,
@{run}/systemd/users/@{uid} r,
@{run}/udev/tags/master-of-seat/ r,
@{sys}/devices/pci[0-9]*/**/boot_vga r,
@{sys}/devices/virtual/tty/tty[0-9]*/active r,
owner @{PROC}/@{pid}/cmdline r,

View File

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/gjs-console
profile gjs-console @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/fonts>
@ -43,22 +44,21 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
owner @{user_cache_dirs}/gstreamer-1.0/ rw,
owner @{user_cache_dirs}/gstreamer-1.0/registry.*.bin{,.tmp*} rw,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/task/ r,
owner @{PROC}/@{pid}/task/@{tid}/stat r,
owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/stat r,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
@{run}/user/@{uid}/wayland-cursor-shared-* rw,
@{sys}/devices/pci[0-9]*/**/drm/ r,
@{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/**/id r,
@{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/gt_*_mhz r,
@{sys}/devices/pci[0-9]*/**/revision r,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/task/ r,
owner @{PROC}/@{pid}/task/@{tid}/stat r,
owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/stat r,
/dev/ r,
/dev/tty rw,

View File

@ -9,7 +9,9 @@ include <tunables/global>
@{exec_path} = /{usr/,}lib/gnome-calculator-search-provider
profile gnome-calculator-search-provider @{exec_path} {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/gtk>
include <abstractions/fonts>
signal (send) set=kill peer=unconfined,
@ -20,13 +22,12 @@ profile gnome-calculator-search-provider @{exec_path} {
/usr/share/X11/xkb/{,**} r,
/usr/share/icons/{,**} r,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{PROC}/@{pid}/fd/ r,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{PROC}/@{pids}/cmdline r,
include if exists <local/gnome-calculator-search-provider>
}

View File

@ -9,12 +9,14 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/gnome-calendar
profile gnome-calendar @{exec_path} {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/gnome>
include <abstractions/nameservice-strict>
include <abstractions/opencl>
include <abstractions/openssl>
include <abstractions/p11-kit>
include <abstractions/ssl_certs>
include <abstractions/vulkan>
network netlink raw,
@ -23,10 +25,8 @@ profile gnome-calendar @{exec_path} {
/usr/share/libgweather/Locations.xml r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
include if exists <local/gnome-calendar>

View File

@ -14,6 +14,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
include <abstractions/dri-enumerate>
include <abstractions/gnome>
include <abstractions/gstreamer>
include <abstractions/mesa>
include <abstractions/nameservice-strict>
include <abstractions/opencl-nvidia>
include <abstractions/openssl>
@ -61,7 +62,6 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
owner @{HOME}/.cat_installer/ca.pem r,
owner @{HOME}/@{XDG_WALLPAPERS_DIR}/{,**} r,
owner @{user_cache_dirs}/gnome-control-center/{,**} rw,
owner @{user_cache_dirs}/mesa_shader_cache/index rw,
owner @{user_cache_dirs}/thumbnails/{,**} rw,
owner @{user_config_dirs}/gnome-control-center/{,**} rw,
owner @{user_config_dirs}/ibus/bus/{,[0-9a-f]*-unix-wayland-[0-9]} r,
@ -82,6 +82,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/sessions/ r,
@{run}/systemd/sessions/[0-9]* r,
@{run}/udev/data/+dmi:* r,
@{run}/udev/data/+input* r, # for mouse, keyboard, touchpad
@{run}/udev/data/+pci* r,
@{run}/udev/data/c13:[0-9]* r, # for /dev/input/*
@ -115,7 +116,6 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
owner @{PROC}/@{pid}/statm r,
owner @{PROC}/@{pid}/task/*/comm rw,
@{PROC}/cmdline r,
@{PROC}/sys/dev/i915/perf_stream_paranoid r,
@{PROC}/zoneinfo r,
/dev/ r,

View File

@ -13,6 +13,7 @@ profile gnome-control-center-print-renderer @{exec_path} {
include <abstractions/dri-enumerate>
include <abstractions/fonts>
include <abstractions/gtk>
include <abstractions/mesa>
include <abstractions/opencl-nvidia>
@{exec_path} mr,
@ -28,7 +29,6 @@ profile gnome-control-center-print-renderer @{exec_path} {
/var/lib/flatpak/exports/share/icons/{,**} r,
/var/lib/flatpak/exports/share/mime/mime.cache r,
owner @{user_cache_dirs}/mesa_shader_cache/index rw,
owner @{user_share_dirs}/icons/{,**} r,
owner @{run}/user/@{uid}/gdm/Xauthority r,
@ -44,7 +44,6 @@ profile gnome-control-center-print-renderer @{exec_path} {
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/comm r,
@{PROC}/sys/dev/i915/perf_stream_paranoid r,
include if exists <local/gnome-control-center-print-renderer>
}

View File

@ -9,18 +9,18 @@ include <tunables/global>
@{exec_path} = /{usr/,}lib/gnome-control-center-search-provider
profile gnome-control-center-search-provider @{exec_path} {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/freedesktop.org>
include <abstractions/gtk>
include <abstractions/fonts>
@{exec_path} mr,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/X11/xkb/{,**} r,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
include if exists <local/gnome-control-center-search-provider>

View File

@ -11,6 +11,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/app-launcher-user>
include <abstractions/audio>
include <abstractions/dconf>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/fontconfig-cache-write>
@ -43,8 +44,10 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
@{libexec}/* rPUx,
/usr/share/backgrounds/{,**} r,
/usr/share/dconf/profile/gdm r,
/usr/share/desktop-directories/{,*.directory} r,
/usr/share/egl/{,**} r,
/usr/share/evolution-data-server/icons/{,**} r,
/usr/share/gdm/greeter-dconf-defaults r,
/usr/share/gdm/greeter/applications/{,**} r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
@ -64,6 +67,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
/etc/machine-id r,
/var/lib/dbus/machine-id r,
/var/lib/gdm/.config/dconf/user r,
/var/lib/gdm/.config/ibus/ rw,
/var/lib/gdm/.config/ibus/bus/ rw,
/var/lib/gdm/.config/ibus/bus/[0-9a-f]*-unix-{,wayland-}[0-9] r,
@ -73,6 +77,9 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
/var/lib/gdm/.local/share/applications/{,**} r,
/var/lib/gdm/.local/share/gnome-shell/ rw,
/var/lib/flatpak/app/**/gnome-shell/{,**} r,
/var/lib/flatpak/exports/share/gnome-shell/{,**} r,
owner @{HOME}/.mozilla/firefox/firefox-mpris/{,*} r,
owner @{HOME}/@{XDG_MUSIC_DIR}/**/*.jpg r,
owner @{HOME}/@{XDG_WALLPAPERS_DIR}/{,**} r,
@ -96,23 +103,21 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
owner @{user_cache_dirs}/media-art/{,**} r,
owner @{user_cache_dirs}/vlc/**/*.jpg r,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
/usr/share/dconf/profile/gdm r,
/var/lib/gdm/.config/dconf/user r,
owner @{run}/user/@{uid}/gnome-shell/{,**} rw,
owner @{run}/user/@{uid}/gnome-shell-disable-extensions rw,
owner @{run}/user/@{uid}/wayland-[0-9].lock rwk,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{run}/user/@{uid}/gnome-shell-disable-extensions rw,
owner @{run}/user/@{uid}/gnome-shell/{,**} rw,
owner @{run}/user/@{uid}/wayland-[0-9].lock rwk,
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* rw,
owner /dev/shm/.org.chromium.Chromium.* rw,
owner /dev/shm/wayland.mozilla.ipc.[0-9]* rw,
/var/lib/flatpak/app/**/gnome-shell/{,**} r,
/var/lib/flatpak/exports/share/gnome-shell/{,**} r,
owner /tmp/.X[0-9]-lock rw,
owner /tmp/[0-9A-Z]*.shell-extension.zip rw,
owner /tmp/gdkpixbuf-xpm-tmp.[0-9A-Z]* rw,
/tmp/.X11-unix/X[0-9] rw,
@{run}/systemd/users/@{uid} r,
@{run}/systemd/seats/seat[0-9]* r,
@ -172,13 +177,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
@{PROC}/sys/kernel/osrelease r,
/dev/input/event[0-9]* rw,
owner /tmp/.X[0-9]-lock rw,
owner /tmp/[0-9A-Z]*.shell-extension.zip rw,
owner /tmp/gdkpixbuf-xpm-tmp.[0-9A-Z]* rw,
/tmp/.X11-unix/X[0-9] rw,
# file_inherit
/dev/tty[0-9]* rw,
include if exists <local/gnome-shell>

View File

@ -10,6 +10,7 @@ include <tunables/global>
profile gnome-tweaks @{exec_path} {
include <abstractions/base>
include <abstractions/audio>
include <abstractions/dconf>
include <abstractions/gnome>
include <abstractions/python>
@ -19,17 +20,21 @@ profile gnome-tweaks @{exec_path} {
/{usr/,}bin/ps rPx,
/{usr/,}bin/python3.[0-9]* rix,
/{usr/,}lib/python3.[0-9]*/site-packages/gtweak/{*/,**/}__pycache__/*pyc* w,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/gnome-tweaks/{,**} r,
/etc/xdg/autostart/{,**} r,
owner @{user_cache_dirs}/thumbnails/{,**} r,
owner @{user_config_dirs}/autostart/{,*.desktop} r,
owner @{user_share_dirs}/backgrounds/{,**} r,
owner @{user_share_dirs}/gnome-shell/extensions/**/schemas/* r,
owner @{user_share_dirs}/gvfs-metadata/{,*} r,
owner @{user_share_dirs}/recently-used.xbel* rw,
owner @{user_share_dirs}/sounds/ r,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,

View File

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}lib/gsd-keyboard
profile gsd-keyboard @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/fonts>
include <abstractions/fontconfig-cache-read>
include <abstractions/gtk>
@ -17,20 +18,21 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) {
@{exec_path} mr,
/usr/share/dconf/profile/gdm r,
/usr/share/gdm/greeter-dconf-defaults r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/icons/{,**} r,
/usr/share/X11/xkb/** r,
/var/lib/gdm/.config/dconf/user r,
/var/lib/gdm/.config/.gsd-keyboard.settings-ported* rw,
owner @{user_config_dirs}/.gsd-keyboard.settings-ported* rw,
owner @{user_share_dirs}/gnome-settings-daemon/ rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
/usr/share/dconf/profile/gdm r,
/var/lib/gdm/.config/dconf/user r,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner /dev/tty[0-9]* rw,

View File

@ -9,23 +9,26 @@ include <tunables/global>
@{exec_path} = /{usr/,}lib/gsd-sound
profile gsd-sound @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/audio>
include <abstractions/dconf>
signal (receive) set=(term, hup) peer=gdm*,
@{exec_path} mr,
/usr/share/dconf/profile/gdm r,
/usr/share/gdm/greeter-dconf-defaults r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/etc/machine-id r,
/var/lib/gdm/.local/share/sounds/ rw,
/var/lib/gdm/.config/dconf/user r,
owner @{user_share_dirs}/sounds/ rw,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
/usr/share/dconf/profile/gdm r,
/var/lib/gdm/.config/dconf/user r,
owner /dev/tty[0-9]* rw,

View File

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}lib/gsd-xsettings
profile gsd-xsettings @{exec_path} {
include <abstractions/base>
include <abstractions/dconf>
include <abstractions/dri-common>
include <abstractions/dri-enumerate>
include <abstractions/fontconfig-cache-read>
@ -25,26 +26,26 @@ profile gsd-xsettings @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/busctl rPx,
/{usr/,}bin/pactl rPx,
/{usr/,}bin/xrdb rPx,
/{usr/,}bin/busctl rPx,
/{usr/,}bin/pactl rPx,
/{usr/,}bin/xrdb rPx,
/{usr/,}lib/ibus/ibus-x11 rPx,
/usr/share/dconf/profile/gdm r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/gdm/greeter-dconf-defaults r,
/etc/xdg/Xwayland-session.d/ r,
/etc/xdg/Xwayland-session.d/* rix,
owner @{user_cache_dirs}/mesa_shader_cache/index rw,
include <abstractions/dconf>
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
/usr/share/dconf/profile/gdm r,
/var/lib/gdm/.config/dconf/user r,
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[a-zA-z0-9]* r,
owner @{user_cache_dirs}/mesa_shader_cache/index rw,
owner @{run}/user/@{uid}/dconf/ rw,
owner @{run}/user/@{uid}/dconf/user rw,
owner @{run}/user/@{uid}/gdm/Xauthority r,
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[a-zA-z0-9]* r,
owner @{PROC}/@{pid}/fd/ r,