Merge branch 'EmersonBernier/socket_read-only' into 'master'

profiles/apparmor.d/abstractions/X: make x11 socket read-only

Write access isn't needed for connecting to x11 socket. Also clear some duplicate and redundant rules in other abstractions.

PR: https://gitlab.com/apparmor/apparmor/merge_requests/281

Acked-by: John Johansen <john.johansen@canonical.com>

profiles/apparmor.d/abstractions/X

@@ -26,7 +26,7 @@
   owner /{,var/}run/user/*/X11/Xauthority r,
 
   # the unix socket to use to connect to the display
-  /tmp/.X11-unix/* rw,
+  /tmp/.X11-unix/* r,
   unix (connect, receive, send)
        type=stream
        peer=(addr="@/tmp/.X11-unix/X[0-9]*"),

profiles/apparmor.d/abstractions/dbus-session-strict

@@ -12,7 +12,6 @@
   # unique per-machine identifier
   /etc/machine-id r,
   /var/lib/dbus/machine-id r,
-  owner /run/user/*/bus rw,
 
   unix (connect, receive, send)
        type=stream

profiles/apparmor.d/abstractions/wayland

@@ -9,6 +9,5 @@
 #
 # ------------------------------------------------------------------
 
-  owner /var/run/user/*/weston-shared-* rw,
   owner /run/user/*/wayland-[0-9]* rw,
   owner /run/user/*/{mesa,mutter,sdl,wayland-cursor,weston,xwayland}-shared-* rw,