update apparmor.d rules

common/graphics/qt.nix

@@ -11,18 +11,19 @@ in
   config = lib.mkIf (enable && graphical) {
     qt = {
       enable = true;
-      style = "kvantum";
+      style = "breeze";
-      platformTheme = "qt5ct";
+      platformTheme = "lxqt";
     };
 
     environment.systemPackages =
       with pkgs;
       with kdePackages;
       [
-        qtstyleplugin-kvantum
+#        qtstyleplugin-kvantum
         catppuccin-sddm-corners
         libsForQt5.qtgraphicaleffects
-        catppuccin-kvantum
+#        catppuccin-kvantum
+        breeze
         kdePackages.audiocd-kio
         kdePackages.kio-extras
         kdePackages.kio
@@ -32,7 +33,7 @@ in
         qtwayland
       ];
 
-    environment.pathsToLink = [ "/share/Kvantum" ];
+#    environment.pathsToLink = [ "/share/Kvantum" ];
 
     services.displayManager = {
       sddm = {
@@ -44,6 +45,10 @@ in
       defaultSession = lib.optionalString sway.enable "sway";
     };
 
+    xdg.portal.lxqt.styles = with pkgs; [
+        kdePackages.breeze-qt5
+      ];
+
     boot.plymouth = {
       themePackages = with pkgs; [ catppuccin-plymouth ];
       theme = "catppuccin-macchiato";

common/tooling/apparmor/apparmor-d-package.nix

@@ -4,10 +4,10 @@ buildGoModule {
   version = "unstable-2024-10-12";
 
   src = fetchFromGitHub {
-    rev = "04df7052725b4ac473f1bdcd1e1644b8163ff0d2";
+    rev = "93269e0596a8d416a9ee647146c983115da2f346";
     owner = "roddhjav";
     repo = "apparmor.d";
-    hash = "sha256-USDbCBx6+exHJM834f+dr9fmF9hx3Xo/ddhGJVpYjC0=";
+    hash = "sha256-x8vnKEx/HZOweVX2Fu8ydGVpnS4gxsVJBbUWtKuwMUM=";
   };
 
   vendorHash = "sha256-YkOcpzn5AKFMDWUYbKY8DzGMiIMSyaDfexFmXv5HNQI=";

common/tooling/apparmor/apparmor-d-paths.patch

@@ -1,5 +1,5 @@
 diff --git a/apparmor.d/tunables/multiarch.d/system b/apparmor.d/tunables/multiarch.d/system
-index be37123f..9166eaee 100644
+index be37123f..908951af 100644
 --- a/apparmor.d/tunables/multiarch.d/system
 +++ b/apparmor.d/tunables/multiarch.d/system
 @@ -106,8 +106,21 @@
@@ -21,8 +21,8 @@ index be37123f..9166eaee 100644
 +
 +@{nix_store}=/nix/store/@{rand32}-@{nix_package_name}
 +@{base_paths}={@{nix_store},/run/current-system/sw,/etc/profiles/per-user/@{user}}
-+@{bin}={@{base_paths}/bin,/{,usr/}{,s}bin}
++@{bin}={@{base_paths}/{bin,libexec},/{,usr/}{,s}bin}
-+@{lib}=@{base_paths}/lib
++@{lib}=@{base_paths}/lib{exec,}
  
  # Common places for temporary files
  @{tmp}=/tmp/ /tmp/user/@{uid}/

common/tooling/apparmor/default.nix

@@ -110,11 +110,10 @@ in
         /sys/devices/@{pci}/boot_vga r,
         /sys/devices/@{pci}/**/id{Vendor,Product} r,
         /dev/ r,
-        /run/current-system/sw/bin/xdg-open rPx,
+        @{bin}/xdg-open rPx,
       '';
 
       "local/sudo" = ''
-        @{nix_store}/libexec/sudo/** m,
         /run/wrappers/wrappers.*/unix_chkpwd rPx -> unix-chkpwd,
       '';
 

common/xdg/portals.nix

@@ -34,6 +34,7 @@ in
         xdg-desktop-portal-wlr
         xdg-desktop-portal-kde
         xdg-desktop-portal-gtk
+        lxqt.xdg-desktop-portal-lxqt
       ];
 
       wlr.enable = true;