diff --git a/apparmor.d/groups/lxqt/lxqt-session b/apparmor.d/groups/lxqt/lxqt-session index 2a72835e..1fcced9e 100644 --- a/apparmor.d/groups/lxqt/lxqt-session +++ b/apparmor.d/groups/lxqt/lxqt-session @@ -10,17 +10,18 @@ include @{exec_path} = @{bin}/lxqt-session profile lxqt-session @{exec_path} flags=(attach_disconnected) { include - include + include + include include include include + ptrace (read), + signal (send), signal (receive) set=(kill, term) peer=startlxqt, signal (receive) set=(kill, term) peer=sddm, - ptrace (read), - network netlink raw, @{exec_path} mr, @@ -47,8 +48,6 @@ profile lxqt-session @{exec_path} flags=(attach_disconnected) { @{bin}/pavucontrol rPx, @{lib}/geoclue-2.0/demos/agent rPx, - @{bin}/python3.@{int} rPx, - @{lib}/python3.@{int} rPx, @{bin}/nm-connection-editor rPx, @{bin}/nm-applet rPx, @{bin}/pcmanfm-qt rPx, @@ -73,35 +72,29 @@ profile lxqt-session @{exec_path} flags=(attach_disconnected) { /etc/xdg/openbox/* r, /etc/udev/udev.conf r, - owner @{HOME}/.local/share/ r, - owner @{HOME}/.config/ r, - owner @{HOME}/.config/autostart/ r, - owner @{HOME}/.config/autostart/* rw, + owner @{user_config_dirs}/autostart/ r, + owner @{user_config_dirs}/autostart/*.desktop r, owner @{user_cache_dirs}/openbox/ rw, owner @{user_cache_dirs}/openbox/sessions/ rw, owner @{user_cache_dirs}/openbox/openbox.log rwk, owner @{user_config_dirs}/mimeapps.list{,.@{rand6}} rw, - owner @{user_config_dirs}/dconf/user r, owner @{user_config_dirs}/openbox/rc.xml r, - owner @{user_share_dirs}/sddm/xorg-session.log rw, + + @{att}/@{run}/systemd/inhibit/@{int}.ref rw, @{PROC}/ r, - @{PROC}/uptime r, + @{PROC}/uptime r, @{PROC}/@{pid}/stat r, owner @{PROC}/@{pid}/stat r, - @{run}/systemd/inhibit/** rw, - /dev/tty rw, - include if exists - profile systemctl { include include include if exists - + } profile dbus { include include @@ -110,6 +103,8 @@ profile lxqt-session @{exec_path} flags=(attach_disconnected) { include if exists } + + include if exists } # vim:syntax=apparmor