chore: remove unneeded abi definition in abstraction.

roddhjav · Feb 11, 2024 · 804bde0 · 804bde0
1 parent 7269ac6
commit 804bde0
Show file tree

Hide file tree

Showing 25 changed files with 9 additions and 64 deletions.
diff --git a/apparmor.d/abstractions/app-launcher-root b/apparmor.d/abstractions/app-launcher-root
@@ -3,8 +3,6 @@
 # Copyright (C) 2022-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   @{bin}/*                      rPUx,
   /usr/local/{s,}bin/*          rPUx,
 

diff --git a/apparmor.d/abstractions/app-launcher-user b/apparmor.d/abstractions/app-launcher-user
@@ -3,8 +3,6 @@
 # Copyright (C) 2022-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   @{bin}/*                      rPUx,
   /opt/*/**                     rPUx,
   /usr/share/*/*                rPUx,

diff --git a/apparmor.d/abstractions/apt-common b/apparmor.d/abstractions/apt-common
@@ -3,8 +3,6 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   /usr/share/dpkg/cputable r,
   /usr/share/dpkg/tupletable r,
 

diff --git a/apparmor.d/abstractions/chromium b/apparmor.d/abstractions/chromium
@@ -12,8 +12,6 @@
 # @{config_dirs} = @{user_config_dirs}/chromium
 # @{cache_dirs} = @{user_cache_dirs}/chromium
 
-  abi <abi/3.0>,
-
   include <abstractions/audio>
   include <abstractions/dconf-write>
   include <abstractions/desktop>

diff --git a/apparmor.d/abstractions/chromium-common b/apparmor.d/abstractions/chromium-common
@@ -6,10 +6,7 @@
 # This abstraction is for chromium based application. Chromium based browsers
 # need to use abstractions/chromium instead.
 
-  abi <abi/3.0>,
-
-  # The following rules are needed only when the kernel.unprivileged_userns_clone option is set
-  # to "1".
+  # Only needed when kernel.unprivileged_userns_clone is set to "1"
   capability sys_admin,
   capability sys_chroot,
   capability setuid,
@@ -18,6 +15,14 @@
   owner @{PROC}/@{pid}/gid_map w,
   owner @{PROC}/@{pid}/uid_map w,
 
+  owner @{HOME}/.pki/ rw,
+  owner @{HOME}/.pki/nssdb/ rw,
+  owner @{HOME}/.pki/nssdb/pkcs11.txt rw,
+  owner @{HOME}/.pki/nssdb/{cert9,key4}.db rwk,
+  owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw,
+
+  owner @{user_share_dirs}/.org.chromium.Chromium.* rw,
+
         /tmp/ r,
         /var/tmp/ r,
   owner /tmp/.org.chromium.Chromium.* rw,
@@ -30,15 +35,4 @@
         /dev/shm/ r,
   owner /dev/shm/.org.chromium.Chromium.* rw,
 
-  owner @{user_share_dirs}/.org.chromium.Chromium.* rw,
-
-  # Should this be read-only? (##FIXME##)
-  # To remove the following error:
-  #  Error initializing NSS with a persistent database
-  owner @{HOME}/.pki/ rw,
-  owner @{HOME}/.pki/nssdb/ rw,
-  owner @{HOME}/.pki/nssdb/pkcs11.txt rw,
-  owner @{HOME}/.pki/nssdb/{cert9,key4}.db rwk,
-  owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw,
-
   include if exists <abstractions/chromium-common.d>
diff --git a/apparmor.d/abstractions/desktop b/apparmor.d/abstractions/desktop
@@ -2,8 +2,6 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
   include <abstractions/gtk>

diff --git a/apparmor.d/abstractions/devices-usb b/apparmor.d/abstractions/devices-usb
@@ -3,8 +3,6 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   /dev/ r,
   /dev/bus/usb/ r,
   /dev/bus/usb/@{int}/ r,

diff --git a/apparmor.d/abstractions/disks-read b/apparmor.d/abstractions/disks-read
@@ -3,8 +3,6 @@
 # Copyright (C) 2022-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   # The /sys/ entries probably should be tightened
 
   /dev/ r,

diff --git a/apparmor.d/abstractions/disks-write b/apparmor.d/abstractions/disks-write
@@ -3,8 +3,6 @@
 # Copyright (C) 2022-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   # The /sys/ entries probably should be tightened
 
   /dev/ r,

diff --git a/apparmor.d/abstractions/flatpak-snap b/apparmor.d/abstractions/flatpak-snap
@@ -4,8 +4,6 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   # Flatpak
   /var/lib/flatpak/exports/share/{,**} r,
   /var/lib/flatpak/app/**/export/share/applications/{,*.desktop} r,

diff --git a/apparmor.d/abstractions/fontconfig-cache-read b/apparmor.d/abstractions/fontconfig-cache-read
@@ -3,8 +3,6 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   # The fontconfig cache can be generated via the following command:
   #   $ fc-cache -f -v
   # There's no need to give apps the ability to create cache for their own. Apps can generate the

diff --git a/apparmor.d/abstractions/fontconfig-cache-write b/apparmor.d/abstractions/fontconfig-cache-write
@@ -3,8 +3,6 @@
 # Copyright (C) 2022-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   owner @{user_cache_dirs}/fontconfig/ rw,
   owner @{user_cache_dirs}/fontconfig/CACHEDIR.TAG{,.NEW,.LCK,.TMP-*} rw,
   owner @{user_cache_dirs}/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rwk,

diff --git a/apparmor.d/abstractions/fzf b/apparmor.d/abstractions/fzf
@@ -3,8 +3,6 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   owner @{HOME}/.fzf/{,**} r,
 
   owner @{HOME}/.fzf.* r,

diff --git a/apparmor.d/abstractions/gnome-strict b/apparmor.d/abstractions/gnome-strict
@@ -2,8 +2,6 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
   include <abstractions/gtk>

diff --git a/apparmor.d/abstractions/graphics b/apparmor.d/abstractions/graphics
@@ -2,8 +2,6 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   include <abstractions/dri>
   include <abstractions/mesa>
   include <abstractions/nvidia-strict>

diff --git a/apparmor.d/abstractions/graphics-full b/apparmor.d/abstractions/graphics-full
@@ -2,8 +2,6 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   include <abstractions/graphics>
 
   @{bin}/nvidia-modprobe Px -> nvidia_modprobe,

diff --git a/apparmor.d/abstractions/kde-strict b/apparmor.d/abstractions/kde-strict
@@ -2,8 +2,6 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
   include <abstractions/qt5>

diff --git a/apparmor.d/abstractions/kde4 b/apparmor.d/abstractions/kde4
@@ -3,8 +3,6 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   /usr/share/kde4/** r,
 
   @{lib}/kde4/*.so mr,

diff --git a/apparmor.d/abstractions/nameservice-strict b/apparmor.d/abstractions/nameservice-strict
@@ -3,8 +3,6 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   @{etc_ro}/default/nss r,
   @{etc_ro}/gai.conf r,
   @{etc_ro}/group r,

diff --git a/apparmor.d/abstractions/nvidia-strict b/apparmor.d/abstractions/nvidia-strict
@@ -2,9 +2,6 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
-
   /usr/share/nvidia/nvidia-application-profiles-* r,
 
   /etc/nvidia/nvidia-application-profiles-* r,

diff --git a/apparmor.d/abstractions/qt5-shader-cache b/apparmor.d/abstractions/qt5-shader-cache
@@ -3,8 +3,6 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   owner @{user_cache_dirs}/ w,
   owner @{user_cache_dirs}/qtshadercache/ rw,
   owner @{user_cache_dirs}/qtshadercache/#@{int} rw,

diff --git a/apparmor.d/abstractions/thumbnails-cache-read b/apparmor.d/abstractions/thumbnails-cache-read
@@ -3,8 +3,6 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   owner @{HOME}/thumbnails/ r,
   owner @{HOME}/thumbnails/{large,normal}/ r,
   owner @{HOME}/thumbnails/{large,normal}/@{hex}.png r,

diff --git a/apparmor.d/abstractions/thumbnails-cache-write b/apparmor.d/abstractions/thumbnails-cache-write
@@ -3,8 +3,6 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   owner @{HOME}/thumbnails/ rw,
   owner @{HOME}/thumbnails/{large,normal}/ rw,
   owner @{HOME}/thumbnails/{large,normal}/#@{int} rw,

diff --git a/apparmor.d/abstractions/user-download-strict b/apparmor.d/abstractions/user-download-strict
@@ -3,8 +3,6 @@
 # Copyright (C) 2021-2024 Alexandre Pujol <[email protected]>
 # SPDX-License-Identifier: GPL-2.0-only
 
-  abi <abi/3.0>,
-
   owner @{HOME}/@{XDG_DESKTOP_DIR}/ w,
   owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ w,
 

diff --git a/apparmor.d/abstractions/zsh b/apparmor.d/abstractions/zsh
@@ -6,8 +6,6 @@
 # This abstraction is only required when an interactive shell is started.
 # Classic shell scripts do not need it.
 
-  abi <abi/3.0>,
-
   @{lib}/@{multiarch}/zsh/@{int}/zsh/*.so mr,
 
   /usr/share/zsh/{,**} r,