diff --git a/profiles/apparmor.d/abstractions/X b/profiles/apparmor.d/abstractions/X index 50b28b9c4..f1c3e1cbb 100644 --- a/profiles/apparmor.d/abstractions/X +++ b/profiles/apparmor.d/abstractions/X @@ -13,10 +13,10 @@ # .ICEauthority files required for X authentication, per user - @{HOME}/.ICEauthority r, + owner @{HOME}/.ICEauthority r, # .Xauthority files required for X connections, per user - @{HOME}/.Xauthority r, + owner @{HOME}/.Xauthority r, owner /{,var/}run/gdm{,3}/*/database r, owner /{,var/}run/lightdm/authority/[0-9]* r, diff --git a/profiles/apparmor.d/abstractions/audio b/profiles/apparmor.d/abstractions/audio index 2cc421831..ad334d346 100644 --- a/profiles/apparmor.d/abstractions/audio +++ b/profiles/apparmor.d/abstractions/audio @@ -40,12 +40,12 @@ /usr/share/alsa/** r, /usr/share/sounds/** r, -@{HOME}/.esd_auth r, -@{HOME}/.asoundrc r, +owner @{HOME}/.esd_auth r, +owner @{HOME}/.asoundrc r, /etc/esound/esd.conf r, # libcanberra -@{HOME}/.cache/event-sound-cache.* rwk, +owner @{HOME}/.cache/event-sound-cache.* rwk, # pulse /etc/pulse/ r, diff --git a/profiles/apparmor.d/abstractions/fonts b/profiles/apparmor.d/abstractions/fonts index 2d39e85b6..a6bec1620 100644 --- a/profiles/apparmor.d/abstractions/fonts +++ b/profiles/apparmor.d/abstractions/fonts @@ -33,14 +33,14 @@ /usr/share/texmf/{,*/}fonts/** r, /var/lib/ghostscript/** r, - @{HOME}/.fonts.conf r, - @{HOME}/.fonts/ r, - @{HOME}/.fonts/** r, - @{HOME}/.fonts.cache-2 mr, - @{HOME}/.{,cache/}fontconfig/ r, - @{HOME}/.{,cache/}fontconfig/** mrl, - @{HOME}/.fonts.conf.d/ r, - @{HOME}/.fonts.conf.d/** r, + owner @{HOME}/.fonts.conf r, + owner @{HOME}/.fonts/ r, + owner @{HOME}/.fonts/** r, + owner @{HOME}/.fonts.cache-2 mr, + owner @{HOME}/.{,cache/}fontconfig/ r, + owner @{HOME}/.{,cache/}fontconfig/** mrl, + owner @{HOME}/.fonts.conf.d/ r, + owner @{HOME}/.fonts.conf.d/** r, /usr/local/share/fonts/ r, /usr/local/share/fonts/** r, diff --git a/profiles/apparmor.d/abstractions/gnome b/profiles/apparmor.d/abstractions/gnome index 97eef04e9..71e98ca57 100644 --- a/profiles/apparmor.d/abstractions/gnome +++ b/profiles/apparmor.d/abstractions/gnome @@ -38,24 +38,24 @@ /usr/lib/@{multiarch}/gdk-pixbuf-*/** mr, # per-user gtk configuration - @{HOME}/.gnome/Gnome r, - @{HOME}/.gtk r, - @{HOME}/.gtkrc r, - @{HOME}/.gtkrc-2.0 r, - @{HOME}/.gtk-bookmarks r, - @{HOME}/.themes/ r, - @{HOME}/.themes/** r, + owner @{HOME}/.gnome/Gnome r, + owner @{HOME}/.gtk r, + owner @{HOME}/.gtkrc r, + owner @{HOME}/.gtkrc-2.0 r, + owner @{HOME}/.gtk-bookmarks r, + owner @{HOME}/.themes/ r, + owner @{HOME}/.themes/** r, # for gtk file dialog - @{HOME}/.config/gtk-2.0/** r, - @{HOME}/.config/gtk-2.0/gtkfilechooser.ini* rw, + owner @{HOME}/.config/gtk-2.0/** r, + owner @{HOME}/.config/gtk-2.0/gtkfilechooser.ini* rw, # from evolution-mail - @{HOME}/.gconfd/lock/* r, - @{HOME}/.gnome/application-info r, + owner @{HOME}/.gconfd/lock/* r, + owner @{HOME}/.gnome/application-info r, # per-user font business - @{HOME}/.fonts.cache-* rwl, + owner @{HOME}/.fonts.cache-* rwl, # icon caches /var/cache/**/icon-theme.cache r, diff --git a/profiles/apparmor.d/abstractions/gnupg b/profiles/apparmor.d/abstractions/gnupg index f4b8fa830..f976f028d 100644 --- a/profiles/apparmor.d/abstractions/gnupg +++ b/profiles/apparmor.d/abstractions/gnupg @@ -2,9 +2,9 @@ # gnupg sub-process running permissions # user configurations - @{HOME}/.gnupg/options r, - @{HOME}/.gnupg/pubring.gpg r, - @{HOME}/.gnupg/random_seed rw, - @{HOME}/.gnupg/secring.gpg r, - @{HOME}/.gnupg/so/*.x86_64 mr, - @{HOME}/.gnupg/trustdb.gpg rw, + owner @{HOME}/.gnupg/options r, + owner @{HOME}/.gnupg/pubring.gpg r, + owner @{HOME}/.gnupg/random_seed rw, + owner @{HOME}/.gnupg/secring.gpg r, + owner @{HOME}/.gnupg/so/*.x86_64 mr, + owner @{HOME}/.gnupg/trustdb.gpg rw, diff --git a/profiles/apparmor.d/abstractions/kde b/profiles/apparmor.d/abstractions/kde index 00119b350..2d61fb5f4 100644 --- a/profiles/apparmor.d/abstractions/kde +++ b/profiles/apparmor.d/abstractions/kde @@ -23,13 +23,13 @@ /etc/kde3/* r, /etc/kde4rc r, -@{HOME}/.DCOPserver_* r, -@{HOME}/.ICEauthority r, -@{HOME}/.fonts.* lrw, -@{HOME}/.kde{,4}/share/config/kdeglobals rw, -@{HOME}/.kde{,4}/share/config/*.lock rwl, -@{HOME}/.qt/** rw, -@{HOME}/.config/Trolltech.conf rwk, +owner @{HOME}/.DCOPserver_* r, +owner @{HOME}/.ICEauthority r, +owner @{HOME}/.fonts.* lrw, +owner @{HOME}/.kde{,4}/share/config/kdeglobals rw, +owner @{HOME}/.kde{,4}/share/config/*.lock rwl, +owner @{HOME}/.qt/** rw, +owner @{HOME}/.config/Trolltech.conf rwk, /usr/share/icons/ r, /usr/share/icons/** r, diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files index b9afde7a7..2b28d13ae 100644 --- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files +++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files @@ -5,7 +5,6 @@ @{HOME}/ r, @{HOME}/** r, owner @{HOME}/** w, - owner @{HOME}/Desktop/** r, # Do not allow read and/or write to particularly sensitive/problematic files #include