update apparmor.d rules

2024-10-17 23:23:50 +02:00 · 2024-10-17 23:23:50 +02:00 · 0fc6f9d53b
commit 0fc6f9d53b
parent 513d99ab68
5 changed files with 17 additions and 12 deletions
--- a/common/graphics/qt.nix
+++ b/common/graphics/qt.nix
@ -11,18 +11,19 @@ in
  config = lib.mkIf (enable && graphical) {
    qt = {
      enable = true;
-      style = "kvantum";
-      platformTheme = "qt5ct";
+      style = "breeze";
+      platformTheme = "lxqt";
    };

    environment.systemPackages =
      with pkgs;
      with kdePackages;
      [
-        qtstyleplugin-kvantum
+#        qtstyleplugin-kvantum
        catppuccin-sddm-corners
        libsForQt5.qtgraphicaleffects
-        catppuccin-kvantum
+#        catppuccin-kvantum
+        breeze
        kdePackages.audiocd-kio
        kdePackages.kio-extras
        kdePackages.kio
@ -32,7 +33,7 @@ in
        qtwayland
      ];

-    environment.pathsToLink = [ "/share/Kvantum" ];
+#    environment.pathsToLink = [ "/share/Kvantum" ];

    services.displayManager = {
      sddm = {
@ -44,6 +45,10 @@ in
      defaultSession = lib.optionalString sway.enable "sway";
    };

+    xdg.portal.lxqt.styles = with pkgs; [
+        kdePackages.breeze-qt5
+      ];
+
    boot.plymouth = {
      themePackages = with pkgs; [ catppuccin-plymouth ];
      theme = "catppuccin-macchiato";
--- a/common/tooling/apparmor/apparmor-d-package.nix
+++ b/common/tooling/apparmor/apparmor-d-package.nix
@ -4,10 +4,10 @@ buildGoModule {
  version = "unstable-2024-10-12";

  src = fetchFromGitHub {
-    rev = "04df7052725b4ac473f1bdcd1e1644b8163ff0d2";
+    rev = "93269e0596a8d416a9ee647146c983115da2f346";
    owner = "roddhjav";
    repo = "apparmor.d";
-    hash = "sha256-USDbCBx6+exHJM834f+dr9fmF9hx3Xo/ddhGJVpYjC0=";
+    hash = "sha256-x8vnKEx/HZOweVX2Fu8ydGVpnS4gxsVJBbUWtKuwMUM=";
  };

  vendorHash = "sha256-YkOcpzn5AKFMDWUYbKY8DzGMiIMSyaDfexFmXv5HNQI=";
--- a/common/tooling/apparmor/apparmor-d-paths.patch
+++ b/common/tooling/apparmor/apparmor-d-paths.patch
@ -1,5 +1,5 @@
 diff --git a/apparmor.d/tunables/multiarch.d/system b/apparmor.d/tunables/multiarch.d/system
-index be37123f..9166eaee 100644
+index be37123f..908951af 100644
 --- a/apparmor.d/tunables/multiarch.d/system
 +++ b/apparmor.d/tunables/multiarch.d/system
@@ -106,8 +106,21 @@
@ -21,8 +21,8 @@ index be37123f..9166eaee 100644
 +
 +@{nix_store}=/nix/store/@{rand32}-@{nix_package_name}
 +@{base_paths}={@{nix_store},/run/current-system/sw,/etc/profiles/per-user/@{user}}
-+@{bin}={@{base_paths}/bin,/{,usr/}{,s}bin}
-+@{lib}=@{base_paths}/lib
+@{bin}={@{base_paths}/{bin,libexec},/{,usr/}{,s}bin}
+@{lib}=@{base_paths}/lib{exec,}
 
 # Common places for temporary files
 @{tmp}=/tmp/ /tmp/user/@{uid}/
--- a/common/tooling/apparmor/default.nix
+++ b/common/tooling/apparmor/default.nix
@ -110,11 +110,10 @@ in
        /sys/devices/@{pci}/boot_vga r,
        /sys/devices/@{pci}/**/id{Vendor,Product} r,
        /dev/ r,
-        /run/current-system/sw/bin/xdg-open rPx,
+        @{bin}/xdg-open rPx,
      '';

      "local/sudo" = ''
-        @{nix_store}/libexec/sudo/** m,
        /run/wrappers/wrappers.*/unix_chkpwd rPx -> unix-chkpwd,
      '';

--- a/common/xdg/portals.nix
+++ b/common/xdg/portals.nix
@ -34,6 +34,7 @@ in
        xdg-desktop-portal-wlr
        xdg-desktop-portal-kde
        xdg-desktop-portal-gtk
+        lxqt.xdg-desktop-portal-lxqt
      ];

      wlr.enable = true;