diff --git a/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent b/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent index b0ed5123..62a1ce53 100644 --- a/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent +++ b/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent @@ -30,7 +30,7 @@ profile akonadi_maildispatcher_agent @{exec_path} { /usr/share/akonadi/plugins/{,**} r, /usr/share/hwdata/*.ids r, /usr/share/icu/@{int}.@{int}/*.dat r, - /usr/share/knotifications5/akonadi_maildispatcher_agent.notifyrc r, + /usr/share/knotifications{5,6}/akonadi_maildispatcher_agent.notifyrc r, /etc/xdg/kdeglobals r, /etc/xdg/kwinrc r, diff --git a/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent b/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent index 1fc9e74c..f610dcad 100644 --- a/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent +++ b/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent @@ -21,7 +21,7 @@ profile akonadi_newmailnotifier_agent @{exec_path} { /usr/share/akonadi/plugins/serializer/{,*.desktop} r, /usr/share/hwdata/*.ids r, /usr/share/icu/@{int}.@{int}/*.dat r, - /usr/share/knotifications5/akonadi_newmailnotifier_agent.notifyrc r, + /usr/share/knotifications{5,6}/akonadi_newmailnotifier_agent.notifyrc r, /etc/machine-id r, /etc/xdg/kdeglobals r, diff --git a/apparmor.d/groups/browsers/firefox-kmozillahelper b/apparmor.d/groups/browsers/firefox-kmozillahelper index d1bb559c..25c9909a 100644 --- a/apparmor.d/groups/browsers/firefox-kmozillahelper +++ b/apparmor.d/groups/browsers/firefox-kmozillahelper @@ -27,8 +27,8 @@ profile firefox-kmozillahelper @{exec_path} { /usr/share/hwdata/*.ids r, /usr/share/icu/@{int}.@{int}/*.dat r, - /usr/share/knotifications5/*.notifyrc r, - /usr/share/kservices5/{,**} r, + /usr/share/knotifications{5,6}/*.notifyrc r, + /usr/share/kservices{5,6}/{,**} r, /usr/share/sounds/{,**} r, /etc/pulse/client.conf r, diff --git a/apparmor.d/groups/kde/dolphin b/apparmor.d/groups/kde/dolphin index d1b8bab7..4a9548a4 100644 --- a/apparmor.d/groups/kde/dolphin +++ b/apparmor.d/groups/kde/dolphin @@ -38,7 +38,7 @@ profile dolphin @{exec_path} { /usr/share/kf5/kmoretools/{,**} r, /usr/share/kio/{,**} r, - /usr/share/kservices5/{,**} r, + /usr/share/kservices{5,6}/{,**} r, /usr/share/kservicetypes5/{,**} r, /etc/fstab r, @@ -68,7 +68,7 @@ profile dolphin @{exec_path} { owner @{user_share_dirs}/recently-used.xbel.@{rand6} lk -> @{user_share_dirs}/#@{int}, owner @{user_config_dirs}/#@{int} rw, - owner @{user_config_dirs}/dolphinrc rw, + owner @{user_config_dirs}/dolphinrc rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/dolphinrc.@{rand6} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/dolphinrc.lock rwk, owner @{user_config_dirs}/kde.org/#@{int} rw, diff --git a/apparmor.d/groups/kde/drkonqi b/apparmor.d/groups/kde/drkonqi index fedf0cae..a3e9a81e 100644 --- a/apparmor.d/groups/kde/drkonqi +++ b/apparmor.d/groups/kde/drkonqi @@ -22,7 +22,7 @@ profile drkonqi @{exec_path} { @{exec_path} mr, /usr/share/drkonqi/{,**} r, - /usr/share/knotifications5/*.notifyrc r, + /usr/share/knotifications{5,6}/*.notifyrc r, owner @{user_cache_dirs}/kcrash-metadata/* w, diff --git a/apparmor.d/groups/kde/drkonqi-coredump-processor b/apparmor.d/groups/kde/drkonqi-coredump-processor index 37bf8c04..9caf95df 100644 --- a/apparmor.d/groups/kde/drkonqi-coredump-processor +++ b/apparmor.d/groups/kde/drkonqi-coredump-processor @@ -12,6 +12,8 @@ profile drkonqi-coredump-processor @{exec_path} { @{exec_path} mr, + /etc/machine-id r, + /{run,var}/log/journal/ r, /{run,var}/log/journal/@{md5}/ r, /{run,var}/log/journal/@{md5}/user-@{uid}.journal r, diff --git a/apparmor.d/groups/kde/kactivitymanagerd b/apparmor.d/groups/kde/kactivitymanagerd index fc8e63d8..d0a702da 100644 --- a/apparmor.d/groups/kde/kactivitymanagerd +++ b/apparmor.d/groups/kde/kactivitymanagerd @@ -19,7 +19,7 @@ profile kactivitymanagerd @{exec_path} { /etc/xdg/menus/{,*/} r, /usr/share/kf{5,6}/kactivitymanagerd/{,**} r, - /usr/share/kservices5/{,**} r, + /usr/share/kservices{5,6}/{,**} r, /etc/machine-id r, @@ -34,7 +34,7 @@ profile kactivitymanagerd @{exec_path} { owner @{user_config_dirs}/menus/{,**} r, owner @{user_share_dirs}/kactivitymanagerd/{,**} rwlk, - owner @{user_share_dirs}/kservices5/{,**} r, + owner @{user_share_dirs}/kservices{5,6}/{,**} r, owner @{user_share_dirs}/recently-used.xbel r, @{PROC}/sys/kernel/core_pattern r, diff --git a/apparmor.d/groups/kde/kalendarac b/apparmor.d/groups/kde/kalendarac index b4cd0f13..4771b819 100644 --- a/apparmor.d/groups/kde/kalendarac +++ b/apparmor.d/groups/kde/kalendarac @@ -19,7 +19,7 @@ profile kalendarac @{exec_path} { /usr/share/akonadi/firstrun/{,*} r, /usr/share/akonadi/plugins/serializer/{,*.desktop} r, - /usr/share/knotifications5/{,**} r, + /usr/share/knotifications{5,6}/{,**} r, /usr/share/sounds/{,**} r, /etc/machine-id r, diff --git a/apparmor.d/groups/kde/kded b/apparmor.d/groups/kde/kded index d7e66dad..dc39f8d9 100644 --- a/apparmor.d/groups/kde/kded +++ b/apparmor.d/groups/kde/kded @@ -62,6 +62,7 @@ profile kded @{exec_path} { @{bin}/kcminit rPx, @{bin}/pgrep rCx -> pgrep, + @{bin}/plasma-welcome rPUx, @{bin}/python3.@{int} rix, @{bin}/setxkbmap rix, @{bin}/xrdb rPx, @@ -76,7 +77,7 @@ profile kded @{exec_path} { /usr/share/kf{5,6}/kcookiejar/* r, /usr/share/khotkeys/{,**} r, /usr/share/knotifications{5,6}/{,**} r, - /usr/share/kservices5/{,**} r, + /usr/share/kservices{5,6}/{,**} r, /usr/share/kservicetypes5/{,**} r, /etc/fstab r, @@ -133,7 +134,7 @@ profile kded @{exec_path} { owner @{user_share_dirs}/kcookiejar/cookies.lock rwk, owner @{user_share_dirs}/kded{5,6}/{,**} rw, owner @{user_share_dirs}/kscreen/{,**} rwl, - owner @{user_share_dirs}/kservices5/{,**} r, + owner @{user_share_dirs}/kservices{5,6}/{,**} r, owner @{user_share_dirs}/ktp/cache.db rwk, owner @{user_share_dirs}/remoteview/ r, owner @{user_share_dirs}/services5/{,**} r, diff --git a/apparmor.d/groups/kde/ksmserver b/apparmor.d/groups/kde/ksmserver index aae75a01..1ecf6379 100644 --- a/apparmor.d/groups/kde/ksmserver +++ b/apparmor.d/groups/kde/ksmserver @@ -58,9 +58,10 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) { owner @{user_config_dirs}/ksmserverrc.@{rand6} rwl, owner @{user_config_dirs}/ksmserverrc.lock rwk, owner @{user_config_dirs}/menus/ r, + # owner @{user_config_dirs}/session/*_[0-9]*_[0-9]*_[0-9]* rw, - owner @{user_share_dirs}/kservices5/ r, - owner @{user_share_dirs}/kservices5/ServiceMenus/ r, + owner @{user_share_dirs}/kservices{5,6}/ r, + owner @{user_share_dirs}/kservices{5,6}/ServiceMenus/ r, owner /tmp/@{rand6} rw, diff --git a/apparmor.d/groups/kde/kstart b/apparmor.d/groups/kde/kstart index 831c7067..aca93c0e 100644 --- a/apparmor.d/groups/kde/kstart +++ b/apparmor.d/groups/kde/kstart @@ -25,8 +25,8 @@ profile kstart @{exec_path} flags=(attach_disconnected) { /var/lib/flatpak/exports/share/mime/ r, owner @{user_cache_dirs}/mesa_shader_cache/index rw, - owner @{user_share_dirs}/kservices5/ r, - owner @{user_share_dirs}/kservices5/ServiceMenus/ r, + owner @{user_share_dirs}/kservices{5,6}/ r, + owner @{user_share_dirs}/kservices{5,6}/ServiceMenus/ r, @{PROC}/sys/dev/i915/perf_stream_paranoid r, diff --git a/apparmor.d/groups/kde/kwin_wayland b/apparmor.d/groups/kde/kwin_wayland index 0a15b59b..d4d45521 100644 --- a/apparmor.d/groups/kde/kwin_wayland +++ b/apparmor.d/groups/kde/kwin_wayland @@ -37,7 +37,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) { /usr/share/desktop-directories/*.directory r, /usr/share/kglobalaccel/{,**} r, /usr/share/knotifications{5,6}/ksmserver.notifyrc r, - /usr/share/kservices5/{,**} r, + /usr/share/kservices{5,6}/{,**} r, /usr/share/kservicetypes5/{,*.desktop} r, /usr/share/kwin/{,**} r, /usr/share/libinput/{,**} r, diff --git a/apparmor.d/groups/kde/plasma-browser-integration-host b/apparmor.d/groups/kde/plasma-browser-integration-host index fb29463d..bc9b942e 100644 --- a/apparmor.d/groups/kde/plasma-browser-integration-host +++ b/apparmor.d/groups/kde/plasma-browser-integration-host @@ -23,7 +23,7 @@ profile plasma-browser-integration-host @{exec_path} { /etc/xdg/menus/applications-merged/ r, - /usr/share/kservices5/{,**} r, + /usr/share/kservices{5,6}/{,**} r, /etc/xdg/menus/ r, /etc/xdg/taskmanagerrulesrc r, @@ -35,8 +35,8 @@ profile plasma-browser-integration-host @{exec_path} { owner @{user_config_dirs}/menus/ r, - owner @{user_share_dirs}/kservices5/ r, - owner @{user_share_dirs}/kservices5/ServiceMenus/ r, + owner @{user_share_dirs}/kservices{5,6}/ r, + owner @{user_share_dirs}/kservices{5,6}/ServiceMenus/ r, @{PROC}/sys/kernel/core_pattern r, owner @{PROC}/@{pid}/cmdline r, diff --git a/apparmor.d/groups/kde/plasma-discover b/apparmor.d/groups/kde/plasma-discover index 6f46af11..029838f1 100644 --- a/apparmor.d/groups/kde/plasma-discover +++ b/apparmor.d/groups/kde/plasma-discover @@ -41,9 +41,9 @@ profile plasma-discover @{exec_path} { @{lib}/kf5/kioslave5 rPx, @{lib}/kf6/kioworker rPx, - /usr/share/knotifications5/plasma_workspace.notifyrc r, + /usr/share/knotifications{5,6}/plasma_workspace.notifyrc r, /usr/share/knsrcfiles/{,*} r, - /usr/share/kservices5/{,*} r, + /usr/share/kservices{5,6}/{,*} r, /usr/share/kservicetypes5/{,*} r, /usr/share/libdiscover/** r, /usr/share/qt/translations/*.qm r, @@ -63,9 +63,11 @@ profile plasma-discover @{exec_path} { /var/lib/flatpak/repo/{,**} r, /var/lib/flatpak/appstream/{,**} r, + /var/log/pacman.log r, + owner @{user_cache_dirs}/appstream/ r, owner @{user_cache_dirs}/appstream/*.xb rw, - owner @{user_cache_dirs}/discover/{,**} rwl, + owner @{user_cache_dirs}/discover/{,**} rwlk, owner @{user_cache_dirs}/flatpak/system-cache/{,**} rw, owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_cache_dirs}/kio_http/ w, diff --git a/apparmor.d/groups/kde/plasma_session b/apparmor.d/groups/kde/plasma_session index 289cc977..6e049e6e 100644 --- a/apparmor.d/groups/kde/plasma_session +++ b/apparmor.d/groups/kde/plasma_session @@ -31,8 +31,8 @@ profile plasma_session @{exec_path} { @{lib}/pam_kwallet_init rPx, @{lib}/polkit-kde-authentication-agent-@{int} rPx, - /usr/share/kservices5/{,**} r, - /usr/share/knotifications5/{,**} r, + /usr/share/kservices{5,6}/{,**} r, + /usr/share/knotifications{5,6}/{,**} r, /etc/xdg/autostart/ r, /etc/xdg/autostart/*.desktop r, diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell index 8dce5da4..73f0b278 100644 --- a/apparmor.d/groups/kde/plasmashell +++ b/apparmor.d/groups/kde/plasmashell @@ -66,7 +66,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { /usr/share/konsole/ r, /usr/share/krunner/{,**} r, - /usr/share/kservices5/{,**} r, + /usr/share/kservices{5,6}/{,**} r, /usr/share/kservicetypes5/{,**} r, /usr/share/lshw/artwork/logo.svg r, /usr/share/metainfo/{,**} r, @@ -153,7 +153,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { owner @{user_share_dirs}/krunnerstaterc rwl, owner @{user_share_dirs}/krunnerstaterc.@{rand6} rwl, owner @{user_share_dirs}/krunnerstaterc.lock rwk, - owner @{user_share_dirs}/kservices5/{,**} r, + owner @{user_share_dirs}/kservices{5,6}/{,**} r, owner @{user_share_dirs}/ktp/cache.db rwk, owner @{user_share_dirs}/plasma_icons/*.desktop r, owner @{user_share_dirs}/plasma/plasmoids/{,**} r, diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm index edc2bd17..bab762ea 100644 --- a/apparmor.d/groups/kde/sddm +++ b/apparmor.d/groups/kde/sddm @@ -81,7 +81,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{bin}/xmodmap rix, @{bin}/unix_chkpwd rPx, - @{bin}/dbus-run-session rPx, + @{bin}/dbus-run-session rix, @{bin}/kwin_wayland rPx, @{bin}/sddm-greeter{,-qt6} rPx, @{bin}/Xorg rPx, diff --git a/apparmor.d/groups/kde/startplasma b/apparmor.d/groups/kde/startplasma index 4b145415..f7bd7729 100644 --- a/apparmor.d/groups/kde/startplasma +++ b/apparmor.d/groups/kde/startplasma @@ -25,7 +25,7 @@ profile startplasma @{exec_path} { /usr/share/color-schemes/{,**} r, /usr/share/desktop-directories/{,**} r, /usr/share/knotifications{5,6}/{,**} r, - /usr/share/kservices5/{,**} r, + /usr/share/kservices{5,6}/{,**} r, /usr/share/kservicetypes5/{,**} r, /usr/share/plasma/{,**} r, @@ -56,7 +56,7 @@ profile startplasma @{exec_path} { owner @{user_config_dirs}/Trolltech.conf rwl, owner @{user_config_dirs}/Trolltech.conf.lock rwk, - owner @{user_share_dirs}/kservices5/{,**} r, + owner @{user_share_dirs}/kservices{5,6}/{,**} r, owner @{user_share_dirs}/sddm/wayland-session.log rw, owner @{user_share_dirs}/sddm/xorg-session.log rw, diff --git a/apparmor.d/groups/kde/systemsettings b/apparmor.d/groups/kde/systemsettings index 56cef279..b6b5c028 100644 --- a/apparmor.d/groups/kde/systemsettings +++ b/apparmor.d/groups/kde/systemsettings @@ -21,7 +21,7 @@ profile systemsettings @{exec_path} { @{bin}/kcminit rPx, /usr/share/kpackage/{,**} r, - /usr/share/kservices5/{,**} r, + /usr/share/kservices{5,6}/{,**} r, /usr/share/kservicetypes5/{,**} r, /usr/share/kxmlgui5/systemsettings/systemsettingsui.rc r, /usr/share/plasma/{,**} r, @@ -51,6 +51,9 @@ profile systemsettings @{exec_path} { owner @{user_share_dirs}/kactivitymanagerd/resources/database-shm rwk, owner @{user_share_dirs}/kactivitymanagerd/resources/database-wal rw, + owner @{user_share_dirs}/systemsettings/ rw, + owner @{user_share_dirs}/systemsettings/** rwlk, + @{sys}/bus/ r, @{sys}/bus/cpu/devices/ r, @{sys}/class/ r,