Comment 3 for bug 1191858

There's really two issues here; first is the new permissions Skype is requesting. I can't see why Skype would care about init's command line, so I think I'd just add a 'deny' rule for it to quiet the messages. Or leave it alone, if you'd rather be reminded that Skype is doing funny things. The other permissions it is requesting could be handled like this:

deny /proc/1/cmdline r,
owner /proc/*/status r,
/proc/modules r,
/sys/devices/*/*/usb*/*/* r,

/usr/share/icons/gnome/index.theme k,
/usr/share/icons/hicolor/index.theme k,

owner @{HOME}/.config/Skype/Skype.conf rw,

I've guessed at a very broad /sys/devices/*/*/usb*/*/* r, line, on the assumption that Skype should legitimately be able to query information about every USB device on the system. This might not be perfect, but will allow it to discover usual webcams and the like.

I don't know why Skype wants to lock the icon themes but on its own it feels harmless. If an update operation is hung due to Skype not releasing the lock in a timely fashion, an admin can always just kill Skype and be done with it.

Perhaps the above lines should be added to the default Skype profile. I'd like your feedback on what else might be needed once these lines are added.

The second issue is your changed location. The following lines will address your very specific error messages and allow you to use "~/New Folder/" as a download location:

@{HOMEDIRS} r,
@{HOME} r,
"@{HOME}/New Folder/" r,
"@{HOME}/New Folder/**" rw,

If you want the file browser to generally work everywhere, you'll probably want to add a line like:

@{HOME}/**/ r,

Of course, this still denies actually writing to nearly everything. If you _really_ want to allow downloading anywhere in a home directory, you could add something like:

#include <abstractions/private-files-strict>

@{HOME}/** rw,

Be aware that this is extremely permissive.

Thanks