diff --git a/apparmor/mysqld_akonadi b/apparmor/mysqld_akonadi index 7677da293..c769d87ac 100644 --- a/apparmor/mysqld_akonadi +++ b/apparmor/mysqld_akonadi @@ -1,31 +1,33 @@ #include +@{xdg_data_home}=@{HOME}/.local/share + profile mysqld_akonadi { #include #include #include capability setgid, capability setuid, signal receive set=kill peer=/usr/bin/akonadiserver, signal receive set=term peer=/usr/bin/akonadiserver, /etc/mysql/ r, /etc/mysql/** r, @{sys}/devices/system/cpu/ r, /{usr/,}bin/cat mrix, /{usr/,}bin/chmod mrix, /{usr/,}bin/dirname mrix, /{usr/,}bin/hostname mrix, /{usr/,}bin/mkdir mrix, /{usr/,}bin/sed mrix, /usr/bin/my_print_defaults mrix, /usr/bin/mysql_install_db mrix, /usr/bin/mysqladmin mrix, /usr/bin/mysqlcheck mrix, /usr/sbin/mysqld mrix, /usr/share/mysql/** r, - owner @{HOME}/.local/share/akonadi/** rwk, + owner @{xdg_data_home}/akonadi/** rwk, owner @{PROC}/@{pid}/loginuid r, } diff --git a/apparmor/postgresql_akonadi b/apparmor/postgresql_akonadi index b0309092b..399220419 100644 --- a/apparmor/postgresql_akonadi +++ b/apparmor/postgresql_akonadi @@ -1,20 +1,22 @@ #include +@{xdg_data_home}=@{HOME}/.local/share + profile postgresql_akonadi { #include #include capability setgid, capability setuid, /etc/passwd r, /{usr/,}bin/dash mrix, /{usr/,}bin/locale mrix, /usr/lib/postgresql/*/bin/initdb mrix, /usr/lib/postgresql/*/bin/pg_ctl mrix, /usr/lib/postgresql/*/bin/postgres mrix, /usr/share/postgresql/** r, owner /dev/shm/PostgreSQL.* rw, - owner @{HOME}/.local/share/akonadi/** rwlk, - owner @{HOME}/.local/share/akonadi/db_data/** l, + owner @{xdg_data_home}/akonadi/** rwlk, + owner @{xdg_data_home}/akonadi/db_data/** l, } diff --git a/apparmor/usr.bin.akonadiserver b/apparmor/usr.bin.akonadiserver index 53d334fd4..7acaa067a 100644 --- a/apparmor/usr.bin.akonadiserver +++ b/apparmor/usr.bin.akonadiserver @@ -1,42 +1,46 @@ #include +@{xdg_data_home}=@{HOME}/.local/share + +@{xdg_config_home}=@{HOME}/.config + /usr/bin/akonadiserver { #include #include #include #include #include signal send set=kill peer=mysqld_akonadi, signal send set=term peer=mysqld_akonadi, /etc/xdg/** r, /usr/bin/akonadiserver mr, /usr/bin/mysql_install_db PUx -> mysqld_akonadi, /usr/bin/mysqladmin PUx -> mysqld_akonadi, /usr/bin/mysqlcheck PUx -> mysqld_akonadi, /usr/lib/postgresql/*/bin/initdb PUx -> postgresql_akonadi, /usr/lib/postgresql/*/bin/pg_ctl PUx -> postgresql_akonadi, /usr/sbin/mysqld PUx -> mysqld_akonadi, /usr/share/mime/mime.cache r, /usr/share/mime/packages/ r, /usr/share/mime/types r, @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/random/boot_id r, - owner @{HOME}/.local/share/mime/mime.cache r, - owner @{HOME}/.local/share/mime/packages/ r, - owner @{HOME}/.local/share/mime/types r, - owner @{HOME}/.config/* r, - owner @{HOME}/.config/QtProject/qtlogging.ini r, - owner @{HOME}/.config/akonadi* rw, - owner @{HOME}/.config/akonadi/ rw, - owner @{HOME}/.config/akonadi/* rwl, - owner @{HOME}/.config/akonadi/akonadiconnectionrc wl, - owner @{HOME}/.config/akonadi/akonadiconnectionrc.lock rwk, - owner @{HOME}/.config/akonadi/akonadiserverrc.lock rwk, - owner @{HOME}/.local/share/akonadi/ rw, - owner @{HOME}/.local/share/akonadi/* rwlk, - owner @{HOME}/.local/share/akonadi/** rwk, + owner @{xdg_config_home}/* r, + owner @{xdg_config_home}/akonadi* rw, + owner @{xdg_config_home}/QtProject/qtlogging.ini r, + owner @{xdg_config_home}/akonadi/ rw, + owner @{xdg_config_home}/akonadi/* rwl, + owner @{xdg_config_home}/akonadi/akonadiconnectionrc wl, + owner @{xdg_config_home}/akonadi/akonadiconnectionrc.lock rwk, + owner @{xdg_config_home}/akonadi/akonadiserverrc.lock rwk, + owner @{xdg_data_home}/mime/mime.cache r, + owner @{xdg_data_home}/mime/packages/ r, + owner @{xdg_data_home}/mime/types r, + owner @{xdg_data_home}/akonadi/ rw, + owner @{xdg_data_home}/akonadi/* rwlk, + owner @{xdg_data_home}/akonadi/** rwk, owner @{PROC}/@{pid}/loginuid r, owner @{PROC}/@{pid}/mounts r, }