Replace nodbus with dbus-* filters

See
- 07fac58 for new dbus filters
- #3326 (comment)

Except for ocenaudio, access/restrictions on dbus options should
be unchanged

Ocenaudio profile: dbus filters were sandboxed (initially `nodbus`
was enabled) since comments indicated blocking dbus meant
preferences were broken

etc/0ad.profile

@@ -30,7 +30,6 @@ include whitelist-var-common.inc
 
 caps.drop all
 netfilter
-nodbus
 nodvd
 nogroups
 nonewprivs
@@ -49,3 +48,5 @@ private-cache
 private-dev
 private-tmp
 
+dbus-user none
+dbus-system none

etc/7z.profile

@@ -23,7 +23,6 @@ ipc-namespace
 machine-id
 net none
 no3d
-nodbus
 nodvd
 #nogroups
 nonewprivs
@@ -42,4 +41,7 @@ x11 none
 private-cache
 private-dev
 
+dbus-user none
+dbus-system none
+
 memory-deny-write-execute

etc/JDownloader.profile

@@ -28,7 +28,6 @@ caps.drop all
 ipc-namespace
 netfilter
 no3d
-nodbus
 nodvd
 nogroups
 nonewprivs
@@ -45,3 +44,5 @@ private-cache
 private-dev
 private-tmp
 
+dbus-user none
+dbus-system none

etc/Maelstrom.profile

@@ -23,7 +23,6 @@ include whitelist-var-common.inc
 caps.drop all
 ipc-namespace
 net none
-nodbus
 nodvd
 nogroups
 #nonewprivs
@@ -41,3 +40,6 @@ private-bin Maelstrom
 private-cache
 private-dev
 private-tmp
+
+dbus-user none
+dbus-system none

etc/QMediathekView.profile

@@ -34,7 +34,6 @@ include whitelist-var-common.inc
 caps.drop all
 netfilter
 # no3d
-# nodbus
 nodvd
 nogroups
 nonewprivs
@@ -53,4 +52,7 @@ private-cache
 private-dev
 private-tmp
 
+# dbus-user none
+# dbus-system none
+
 #memory-deny-write-execute - breaks on Arch (see issue #1803)

etc/abiword.profile

@@ -25,7 +25,6 @@ caps.drop all
 machine-id
 net none
 no3d
-#nodbus
 nodvd
 nogroups
 nonewprivs
@@ -44,3 +43,6 @@ private-cache
 private-dev
 private-etc fonts,gtk-3.0,passwd
 private-tmp
+
+# dbus-user none
+# dbus-system none

etc/anki.profile

@@ -32,7 +32,6 @@ caps.drop all
 machine-id
 netfilter
 no3d
-nodbus
 nodvd
 nogroups
 nonewprivs
@@ -53,3 +52,6 @@ private-cache
 private-dev
 private-etc alternatives,ca-certificates,fonts,gtk-2.0,hostname,hosts,machine-id,pki,resolv.conf,ssl,Trolltech.conf
 private-tmp
+
+dbus-user none
+dbus-system none

etc/apktool.profile

@@ -18,7 +18,6 @@ include whitelist-var-common.inc
 caps.drop all
 net none
 no3d
-nodbus
 nodvd
 nogroups
 nonewprivs
@@ -34,3 +33,6 @@ shell none
 private-bin apktool,basename,bash,dirname,expr,java,sh
 private-cache
 private-dev
+
+dbus-user none
+dbus-system none

etc/ar.profile

@@ -23,7 +23,6 @@ ipc-namespace
 machine-id
 net none
 no3d
-nodbus
 nodvd
 nogroups
 nonewprivs
@@ -42,4 +41,7 @@ private-bin ar
 private-cache
 private-dev
 
+dbus-user none
+dbus-system none
+
 memory-deny-write-execute

etc/arch-audit.profile

@@ -26,7 +26,6 @@ ipc-namespace
 machine-id
 netfilter
 no3d
-nodbus
 nodvd
 nogroups
 nonewprivs
@@ -46,4 +45,7 @@ private-cache
 private-dev
 private-tmp
 
+dbus-user none
+dbus-system none
+
 memory-deny-write-execute

etc/ardour5.profile

@@ -23,7 +23,6 @@ include disable-xdg.inc
 caps.drop all
 ipc-namespace
 net none
-nodbus
 nodvd
 nogroups
 nonewprivs
@@ -40,3 +39,5 @@ private-dev
 #private-etc alternatives,ardour4,ardour5,asound.conf,fonts,machine-id,pulse,X11
 private-tmp
 
+dbus-user none
+dbus-system none

etc/aria2c.profile

@@ -27,7 +27,6 @@ caps.drop all
 ipc-namespace
 netfilter
 no3d
-nodbus
 nodvd
 nogroups
 nonewprivs
@@ -50,4 +49,7 @@ private-etc alternatives,ca-certificates,crypto-policies,groups,login.defs,machi
 private-lib libreadline.so.*
 private-tmp
 
+dbus-user none
+dbus-system none
+
 memory-deny-write-execute

etc/ark.profile

@@ -23,7 +23,6 @@ apparmor
 caps.drop all
 # net none
 netfilter
-# nodbus
 nodvd
 nogroups
 nonewprivs
@@ -42,3 +41,5 @@ private-bin 7z,ark,bash,lrzip,lsar,lz4,lzop,p7zip,rar,sh,tclsh,unar,unrar,unzip,
 private-dev
 private-tmp
 
+# dbus-user none
+# dbus-system none

etc/artha.profile

@@ -38,7 +38,6 @@ caps.drop all
 ipc-namespace
 # net none - breaks on Ubuntu
 no3d
-# nodbus
 nodvd
 nogroups
 nonewprivs
@@ -60,4 +59,7 @@ private-etc alternatives,fonts,machine-id
 private-lib libnotify.so.*
 private-tmp
 
+# dbus-user none
+# dbus-system none
+
 memory-deny-write-execute

etc/assogiate.profile

@@ -26,7 +26,6 @@ caps.drop all
 machine-id
 net none
 no3d
-nodbus
 nodvd
 nogroups
 nonewprivs
@@ -47,4 +46,7 @@ private-dev
 private-lib gnome-vfs-2.0,libacl.so.*,libattr.so.*,libfam.so.*
 private-tmp
 
+dbus-user none
+dbus-system none
+
 memory-deny-write-execute

etc/asunder.profile

@@ -27,7 +27,6 @@ apparmor
 caps.drop all
 netfilter
 no3d
-nodbus
 # nogroups
 nonewprivs
 noroot
@@ -42,5 +41,8 @@ private-cache
 private-dev
 private-tmp
 
+dbus-user none
+dbus-system none
+
 # mdwe is disabled due to breaking hardware accelerated decoding
 # memory-deny-write-execute

etc/atom.profile

@@ -20,7 +20,6 @@ include disable-programs.inc
 caps.drop all
 # net none
 netfilter
-nodbus
 nodvd
 nogroups
 nonewprivs
@@ -36,3 +35,6 @@ shell none
 private-cache
 private-dev
 private-tmp
+
+dbus-user none
+dbus-system none

etc/atool.profile

@@ -27,7 +27,6 @@ machine-id
 net none
 no3d
 nodvd
-nodbus
 nogroups
 nonewprivs
 noroot
@@ -48,4 +47,7 @@ private-dev
 private-etc alternatives,group,login.defs,passwd
 private-tmp
 
+dbus-user none
+dbus-system none
+
 memory-deny-write-execute

etc/audacious.profile

@@ -23,7 +23,6 @@ include whitelist-var-common.inc
 apparmor
 caps.drop all
 netfilter
-#nodbus - dbus needed for MPRIS
 nogroups
 nonewprivs
 noroot
@@ -39,3 +38,7 @@ tracelog
 private-cache
 private-dev
 private-tmp
+
+# dbus needed for MPRIS
+# dbus-user none
+# dbus-system none

etc/audacity.profile

@@ -24,7 +24,6 @@ apparmor
 caps.drop all
 net none
 no3d
-# nodbus - problems on Fedora 27
 nodvd
 nogroups
 nonewprivs
@@ -40,3 +39,7 @@ tracelog
 private-bin audacity
 private-dev
 private-tmp
+
+# problems on Fedora 27
+# dbus-user none
+# dbus-system none

etc/authenticator.profile

@@ -24,7 +24,6 @@ include disable-programs.inc
 caps.drop all
 netfilter
 no3d
-# nodbus - makes settings immutable
 nodvd
 nogroups
 nonewprivs
@@ -43,4 +42,8 @@ private-dev
 private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,pki,resolv.conf,ssl
 private-tmp
 
+# makes settings immutable
+# dbus-user none
+# dbus-system none
+
 #memory-deny-write-execute - breaks on Arch (see issue #1803)

etc/baobab.profile

@@ -19,7 +19,6 @@ include whitelist-runuser-common.inc
 caps.drop all
 net none
 no3d
-#nodbus
 nodvd
 nogroups
 nonewprivs
@@ -37,4 +36,7 @@ private-bin baobab
 private-dev
 private-tmp
 
+# dbus-user none
+# dbus-system none
+
 read-only ${HOME}

etc/bibletime.profile

@@ -35,7 +35,6 @@ apparmor
 caps.drop all
 machine-id
 netfilter
-nodbus
 nodvd
 nogroups
 nonewprivs
@@ -54,3 +53,6 @@ private-cache
 private-dev
 private-etc alternatives,ca-certificates,crypto-policies,fonts,login.defs,machine-id,passwd,pki,resolv.conf,ssl,sword,sword.conf
 private-tmp
+
+dbus-user none
+dbus-system none

etc/bitwarden.profile

@@ -29,7 +29,6 @@ caps.drop all
 machine-id
 netfilter
 no3d
-#nodbus - breaks appindicator (tray) functionality
 nodvd
 nogroups
 nonewprivs
@@ -51,4 +50,8 @@ private-etc alternatives,ca-certificates,crypto-policies,fonts,hosts,nsswitch.co
 private-opt Bitwarden
 private-tmp
 
+# breaks appindicator (tray) functionality
+# dbus-user none
+# dbus-system none
+
 #memory-deny-write-execute - breaks on Arch (see issue #1803)

etc/bleachbit.profile

@@ -20,7 +20,6 @@ include disable-passwdmgr.inc
 caps.drop all
 net none
 no3d
-nodbus
 nodvd
 nogroups
 nonewprivs
@@ -36,5 +35,8 @@ shell none
 private-dev
 # private-tmp
 
+dbus-user none
+dbus-system none
+
 # memory-deny-write-execute breaks some systems, see issue #1850
 # memory-deny-write-execute