feat(kde): general update.

This commit is contained in:
Alexandre Pujol 2023-04-16 19:10:14 +01:00
parent 0edde44e1d
commit 12456486f1
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
17 changed files with 58 additions and 29 deletions

View File

@ -25,7 +25,7 @@
owner @{HOME}/.Xauthority r,
owner @{run}/user/@{uid}/gdm{[1-9],}/Xauthority r,
owner @{run}/user/@{uid}/X11/Xauthority r,
owner @{run}/user/@{uid}/xauth_* r,
@{run}/user/@{uid}/xauth_* rl,
# Xwayland
owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* rw,

View File

@ -4,9 +4,9 @@
abi <abi/3.0>,
owner @{HOME}/.cache/qtshadercache/ rw,
owner @{HOME}/.cache/qtshadercache/#[0-9]*[0-9] rw,
owner @{HOME}/.cache/qtshadercache/@{hex} rwl -> @{HOME}/.cache/qtshadercache/#[0-9]*[0-9],
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/ rw,
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
owner @{HOME}/.cache/qtshadercache-*-little_endian-*/@{hex}* rwl -> @{HOME}/.cache/qtshadercache-*-little_endian-*/#[0-9]*[0-9],
owner @{user_cache_dirs}/qtshadercache/ rw,
owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw,
owner @{user_cache_dirs}/qtshadercache/@{hex} rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9],
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/ rw,
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw,
owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/@{hex}* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9],

View File

@ -31,7 +31,7 @@ profile dbus-daemon-launch-helper @{exec_path} {
/usr/share/usb-creator/usb-creator-helper rPx,
/usr/share/hplip/pkservice.py rPx,
/usr/share/dbus-1/{,**} r,
/usr/share/dbus-1*/{,**} r,
/etc/dbus-1/{,**} r,

View File

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/geoclue
@{exec_path} = @{libexec}/geoclue @{libexec}/geoclue-2.0/demos/agent
profile geoclue @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/dbus-strict>

View File

@ -40,7 +40,7 @@ profile evolution-addressbook-factory @{exec_path} {
@{exec_path}-subprocess rix,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/icu/{,**} r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
owner @{user_share_dirs}/evolution/{,**} rwk,
owner @{user_cache_dirs}/evolution/addressbook/{,**} rwk,

View File

@ -83,7 +83,7 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
/usr/share/egl/{,**} r,
/usr/share/gdm/greeter-dconf-defaults r,
/usr/share/gnome-shell/{,**} r,
/usr/share/icu/{,**} r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
/usr/share/X11/xkb/** r,
/var/lib/gdm{3,}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,

View File

@ -26,7 +26,7 @@ profile gnome-extensions-app @{exec_path} {
/{usr/,}bin/gjs-console rix,
/usr/share/gnome-shell/org.gnome.Extensions* r,
/usr/share/icu/{,**} r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
/usr/share/terminfo/x/xterm-256color r,
/usr/share/X11/xkb/{,**} r,

View File

@ -12,7 +12,7 @@ profile kreadconfig @{exec_path} {
@{exec_path} mr,
/usr/share/icu/{,**} r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
/etc/xdg/kdeglobals r,

View File

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/ksmserver
profile ksmserver @{exec_path} flags=(attach_disconnected) {
profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) {
include <abstractions/base>
include <abstractions/dri-common>
include <abstractions/nameservice-strict>
@ -26,6 +26,8 @@ profile ksmserver @{exec_path} flags=(attach_disconnected) {
/usr/share/qt/translations/*.qm r,
/usr/share/knotifications5/*.notifyrc r,
/etc/machine-id r,
owner @{HOME}/?????? rw,
owner @{HOME}/.Xauthority rw,
@ -34,7 +36,10 @@ profile ksmserver @{exec_path} flags=(attach_disconnected) {
owner @{user_config_dirs}/kdedefaults/* r,
owner @{user_config_dirs}/kdeglobals r,
owner @{user_config_dirs}/kscreenlockerrc r,
owner @{user_config_dirs}/ksmserverrc.?????? rwl,
owner @{user_config_dirs}/ksmserverrc r,
owner @{user_config_dirs}/#[0-9]* rw,
owner @{user_config_dirs}/ksmserverrc.lock rwk,
owner @{user_config_dirs}/kwinrc r,
owner @{user_config_dirs}/session/*_[0-9]*_[0-9]*_[0-9]* rw,
@ -43,7 +48,8 @@ profile ksmserver @{exec_path} flags=(attach_disconnected) {
@{run}/systemd/inhibit/[0-9]*.ref rw,
owner @{run}/user/@{uid}/KSMserver__[0-9] rw,
owner @{run}/user/@{uid}/xauth_* r,
# owner @{run}/user/@{uid}/xauth_* r,
@{run}/user/@{uid}/xauth_* rl,
@{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,

View File

@ -33,7 +33,7 @@ profile kwalletd5 @{exec_path} {
/usr/share/color-schemes/{,**} r,
/usr/share/hwdata/pnp.ids r,
/usr/share/icu/72.1/icudt72l.dat r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
/usr/share/qt/translations/*.qm r,
/usr/share/qt5/qtlogging.ini r,
/usr/share/qt5ct/** r,

View File

@ -41,6 +41,7 @@ profile kwin_x11 @{exec_path} {
owner @{user_cache_dirs}/plasma-svgelements.lock rwk,
owner @{user_cache_dirs}/plasma-svgelements{,.??????} rwl,
owner @{user_cache_dirs}/qtshadercache-*/@{hex} r,
owner @{user_cache_dirs}/session/#[0-9]* rw,
owner @{user_config_dirs}/#[0-9]* rw,
owner @{user_config_dirs}/kcminputrc r,
@ -50,6 +51,7 @@ profile kwin_x11 @{exec_path} {
owner @{user_config_dirs}/kwinrc{,.??????} rwl,
owner @{user_config_dirs}/kwinrulesrc r,
owner @{user_config_dirs}/kxkbrc r,
owner @{user_config_dirs}/session/kwin_* rwk,
@{PROC}/sys/kernel/core_pattern r,

View File

@ -8,9 +8,10 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/sddm
profile sddm @{exec_path} flags=(attach_disconnected) {
profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
include <abstractions/base>
include <abstractions/authentication>
include <abstractions/bash>
include <abstractions/dri-common>
include <abstractions/fontconfig-cache-read>
include <abstractions/fonts>
@ -18,7 +19,7 @@ profile sddm @{exec_path} flags=(attach_disconnected) {
include <abstractions/nameservice-strict>
include <abstractions/qt5>
include <abstractions/wutmp>
include <abstractions/bash>
include <abstractions/X-strict>
capability audit_write,
capability chown,
@ -77,6 +78,7 @@ profile sddm @{exec_path} flags=(attach_disconnected) {
/usr/share/plasma/desktoptheme/** r,
/usr/share/sddm/faces/.*.icon r,
/usr/share/sddm/themes/** r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
/usr/share/wayland-sessions/{,*.desktop} r,
/usr/share/xsessions/{,*.desktop} r,
/var/lib/AccountsService/icons/*.icon r,
@ -119,10 +121,13 @@ profile sddm @{exec_path} flags=(attach_disconnected) {
@{run}/faillock/[a-zA-z0-9]* rwk,
@{run}/sddm.pid rw,
@{run}/sddm/* w,
@{run}/sddm/\{@{uuid}\} rw,
# @{run}/sddm/* w,
@{run}/systemd/sessions/*.ref rw,
owner @{run}/sddm/ rw,
owner @{run}/user/@{uid}/kwallet5.socket rw,
@{run}/user/@{uid}/xauth_* rl,
owner @{run}/user/@{uid}/#[0-9]* rw,
@{PROC}/sys/kernel/core_pattern r,
owner @{PROC}/@{pid}/loginuid rw,

View File

@ -20,20 +20,30 @@ profile sddm-greeter @{exec_path} {
include <abstractions/qt5>
include <abstractions/qt5-compose-cache-write>
network netlink raw,
@{exec_path} mr,
/usr/share/sddm/{,**} r,
@{libexec}/libheif/ r,
@{libexec}/libheif/*.so* rm,
/usr/share/desktop-base/softwaves-theme/login/*.svg r,
/usr/share/hwdata/pnp.ids r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
/usr/share/plasma/desktoptheme/** r,
/usr/share/qt5ct/** r,
/usr/share/sddm/{,**} r,
/usr/share/wayland-sessions/{,*.desktop} r,
/usr/share/xsessions/{,*.desktop} r,
/usr/share/hwdata/pnp.ids r,
/usr/share/wallpapers/{,**} r,
/usr/share/hunspell/** r,
/etc/sddm.conf.d/{,*} r,
/etc/sddm.conf r,
/etc/fstab r,
/etc/machine-id r,
/etc/sddm.conf r,
/etc/sddm.conf.d/{,*} r,
/etc/xdg/kdeglobals r,
/etc/xdg/plasmarc r,
/var/lib/AccountsService/icons/*.icon r,
/var/lib/dbus/machine-id r,

View File

@ -10,6 +10,7 @@ include <tunables/global>
profile startplasma-x11 @{exec_path} {
include <abstractions/base>
include <abstractions/freedesktop.org>
include <abstractions/X-strict>
@{exec_path} mr,
@ -20,7 +21,7 @@ profile startplasma-x11 @{exec_path} {
/usr/share/color-schemes/{,**} r,
/usr/share/desktop-directories/{,**} r,
/usr/share/icu/{,**} r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
/usr/share/knotifications5/{,**} r,
/usr/share/kservices5/{,**} r,
/usr/share/kservicetypes5/{,**} r,
@ -39,12 +40,13 @@ profile startplasma-x11 @{exec_path} {
owner @{user_cache_dirs}/ksycoca5_* rwkl,
owner @{user_cache_dirs}/plasma-svgelements rw,
owner @{user_config_dirs}/#[0-9]* rw,
owner @{user_config_dirs}/gtkrc rl,
owner @{user_config_dirs}/gtkrc-2.0 rl,
owner @{user_config_dirs}/kcminputrc r,
owner @{user_config_dirs}/kdedefaults/ rw,
owner @{user_config_dirs}/kdedefaults/** rwkl -> @{user_config_dirs}/kdedefaults/**,
owner @{user_config_dirs}/kdeglobals{,.??????} rwl,
owner @{user_config_dirs}/kdeglobals* rwl,
owner @{user_config_dirs}/kwinkdeglobalsrc.lock rwk,
owner @{user_config_dirs}/plasma-localerc rwl,
owner @{user_config_dirs}/plasma-localerc.lock rwk,
@ -56,6 +58,8 @@ profile startplasma-x11 @{exec_path} {
owner /tmp/#[0-9][0-9] rw,
owner /tmp/startplasma-x11.?????? rwl,
@{run}/user/@{uid}/xauth_* rl,
@{PROC}/sys/kernel/core_pattern r,
@{PROC}/sys/kernel/random/boot_id r,

View File

@ -12,6 +12,7 @@ profile xdm-xsession @{exec_path} {
include <abstractions/bash>
include <abstractions/dconf-write>
include <abstractions/openssl>
include <abstractions/X-strict>
@{exec_path} mr,
@ -73,6 +74,7 @@ profile xdm-xsession @{exec_path} {
owner @{run}/user/@{uid}/gnupg/private-keys-v1.d/@{hex}.key rw,
owner @{run}/user/@{uid}/gnupg/{,d.*/}S.gpg-agent{,.ssh,.browser,.extra} rw,
owner @{run}/user/@{uid}/gnupg/sshcontrol r,
@{run}/user/@{uid}/xauth_* rl,
owner /tmp/ssh-*/ rw,
owner /tmp/ssh-*/agent.* rw,

View File

@ -31,8 +31,8 @@ profile xauth @{exec_path} {
owner /tmp/serverauth.*-n rw,
owner /tmp/serverauth.* rwl -> /tmp/serverauth.*-n,
owner @{run}/user/@{uid}/xauth_?????? rw,
owner /tmp/runtime-*/xauth_?????? r,
@{run}/user/@{uid}/xauth_?????? rw,
include if exists <local/xauth>
}

View File

@ -134,7 +134,7 @@ kauth-kded-smart-helper complain
kernel-install complain
kgx complain
kmod attach_disconnected,complain
ksmserver attach_disconnected,complain
ksmserver attach_disconnected,mediate_deleted,complain
kwin_x11 complain
landscape-sysinfo complain
landscape-sysinfo.wrapper complain
@ -275,7 +275,7 @@ virt-manager attach_disconnected,complain
virtinterfaced attach_disconnected,complain
virtiofsd complain,attach_disconnected
virtlockd complain
virtnetworkd complain
virtnetworkd complain,attach_disconnected
virtnodedevd attach_disconnected,complain
virtsecretd attach_disconnected,complain
virtstoraged attach_disconnected,complain