File: //etc/apparmor.d/abstractions/X
# vim:syntax=apparmor
# ------------------------------------------------------------------
#
#    Copyright (C) 2002-2009 Novell/SUSE
#    Copyright (C) 2009-2011 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
  abi <abi/3.0>,
  include <abstractions/dri-common>
  # .ICEauthority files required for X authentication, per user
  owner @{HOME}/.ICEauthority r,
  owner @{run}/user/*/ICEauthority r,
  # .Xauthority files required for X connections, per user
  owner @{HOME}/.Xauthority r,
  owner @{HOME}/.local/share/sddm/.Xauthority r,
  owner @{run}/gdm{,3}/*/database r,
  owner @{run}/lightdm/authority/[0-9]* r,
  owner @{run}/lightdm/*/xauthority r,
  owner @{run}/user/*/gdm/Xauthority r,
  owner @{run}/user/*/X11/Xauthority r,
  owner @{run}/user/*/xauth_* r,
  # the unix socket to use to connect to the display
  /tmp/.X11-unix/* rw,
  unix (connect, receive, send)
       type=stream
       peer=(addr="@/tmp/.X11-unix/X[0-9]*"),
  unix (connect, receive, send)
       type=stream
       peer=(addr="@/tmp/.ICE-unix/[0-9]*"),
  /usr/include/X11/               r,
  /usr/include/X11/**             r,
  # The X tree changes and is large -- grant read access to the whole thing
  /usr/X11R6/**                   r,
  /usr/share/X11/                 r,
  /usr/share/X11/**               r,
  /usr/X11R6/**.so*               mr,
  # EGL
  /usr/lib/@{multiarch}/egl/*.so* mr,
  # Xcompose
  owner @{HOME}/.XCompose         r,
  /var/cache/libx11/compose/*     r,
  deny /var/cache/libx11/compose/* wlk,
  # mouse themes
  /etc/X11/cursors/               r,
  /etc/X11/cursors/**             r,
  # Xwayland
  owner @{run}/user/*/.mutter-Xwaylandauth.* r,
  # Include additions to the abstraction
  include if exists <abstractions/X.d>