mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-12-25 06:27:49 +01:00
more lxqt-files (#613)
* Create abstraction for lxqt desktop group first file for the LXQT 2.0 desktop group * Update lxqt * xdg-desktop abstraction added * removing tabs * Create startlxqt starter file for LXQT Desktop * Create startlxqt * fixing startlxqt I use sddm as display manager I cant remove the other file - only use graphical env., sorry After startlxqt i would add 2 lines to sddm to enable the start of LXQT desktop * Delete apparmor.d/profiles-s-z/startlxqt * indented by 2 spaces (like other entries) * Update sddm Enable sddm to start an lxqt desktop session * Create lxqt-session lxqt-session to be started by startlxqt. Display manager: sddm * Update lxqt-session * Update lxqt-session * removed trailing whitespace * Update kscreen_backend_launcher to support lxqt desktop is needed for several complaints: DENIED kscreen_backend_launcher open owner @{user_config_dirs}/lxqt/lxqt.conf comm=kscreen_backend requested_mask=r denied_mask=r DENIED kscreen_backend_launcher open /usr/share/lxqt/lxqt.conf comm=kscreen_backend requested_mask=r denied_mask=r DENIED kscreen_backend_launcher open owner @{user_config_dirs}/lxqt/session.conf comm=kscreen_backend requested_mask=r denied_mask=r DENIED kscreen_backend_launcher open /usr/share/lxqt/session.conf comm=kscreen_backend requested_mask=r denied_mask=r * Update lxqt-session * Create lxqt-panel * Update lxqt-panel * Update lxqt-panel * Update lxqt-panel * fix conflicting x * Update lxqt-panel add child-open * remove include <abstractions/app-launcher-user> you think its too permissive to have app-launcher-user here, right? * Update lxqt-panel add needed programs * Update lxqt-panel turning back to layout of corresponding xfce file. * Create lxqt-globalkeysd * Create lxqt-about * Create lxqt-leave * Create lxqt-runner * Update lxqt-leave * Update lxqt-runner * Update lxqt-globalkeysd * remove video in lxqt-about * Update lxqt-about * Update lxqt-runner * remove abstr. in lxqt-globalkeysd * remove abstr. in lxqt-runner * remove abstr. in lxqt-leave * Create lxqt-config-notificationd * Create lxqt-config-locale * Create lxqt-config-printer * Create lxqt-config-file-associations * Create lxqt-config-powermanagement * enable wayland-session for lxqt 2.1 startlxqtwayland for starting the session, support for labwc and kwin_wayland * Update lxqt-config-printer * Update lxqt-config-powermanagement * Update sddm * Update sddm * adapt pci-rules ok, havent seen this profile yet. I will change that in lxqt-powermanagement as well and check the other profiles * Update lxqt-config-powermanagement * Update lxqt-config-powermanagement * Update lxqt-config-powermanagement * Update lxqt-config-powermanagement
This commit is contained in:
parent
6dcb6c0362
commit
3721d12a5d
6 changed files with 181 additions and 0 deletions
|
@ -40,6 +40,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||||
ptrace (trace) peer=@{profile_name},
|
ptrace (trace) peer=@{profile_name},
|
||||||
|
|
||||||
signal (receive) set=(hup) peer=@{p_systemd},
|
signal (receive) set=(hup) peer=@{p_systemd},
|
||||||
|
signal (send) set=(kill, term) peer=labwc,
|
||||||
signal (send) set=(kill, term) peer=lxqt-session,
|
signal (send) set=(kill, term) peer=lxqt-session,
|
||||||
signal (send) set=(kill, term) peer=startplasma,
|
signal (send) set=(kill, term) peer=startplasma,
|
||||||
signal (send) set=(kill, term) peer=xorg,
|
signal (send) set=(kill, term) peer=xorg,
|
||||||
|
@ -47,6 +48,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||||
signal (send) set=(term) peer=kwin_wayland,
|
signal (send) set=(term) peer=kwin_wayland,
|
||||||
signal (send) set=(term) peer=sddm-greeter,
|
signal (send) set=(term) peer=sddm-greeter,
|
||||||
signal (send) set=(term) peer=startplasma-wayland,
|
signal (send) set=(term) peer=startplasma-wayland,
|
||||||
|
signal (send) set=(term) peer=startlxqtwayland,
|
||||||
|
|
||||||
dbus receive bus=system path=/org/freedesktop/DisplayManager/Seat@{int}
|
dbus receive bus=system path=/org/freedesktop/DisplayManager/Seat@{int}
|
||||||
interface=org.freedesktop.DBus.Introspectable
|
interface=org.freedesktop.DBus.Introspectable
|
||||||
|
@ -95,7 +97,9 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||||
@{bin}/kwalletd{5,6} rPx,
|
@{bin}/kwalletd{5,6} rPx,
|
||||||
@{bin}/kwin_wayland rPx,
|
@{bin}/kwin_wayland rPx,
|
||||||
@{bin}/sddm-greeter{,-qt6} rPx,
|
@{bin}/sddm-greeter{,-qt6} rPx,
|
||||||
|
@{bin}/labwc rPx,
|
||||||
@{bin}/startlxqt rPx,
|
@{bin}/startlxqt rPx,
|
||||||
|
@{bin}/startlxqtwayland rPx,
|
||||||
@{bin}/startplasma-wayland rPx,
|
@{bin}/startplasma-wayland rPx,
|
||||||
@{bin}/startplasma-x11 rPx,
|
@{bin}/startplasma-x11 rPx,
|
||||||
@{bin}/sway rPUx,
|
@{bin}/sway rPUx,
|
||||||
|
|
36
apparmor.d/groups/lxqt/lxqt-config-file-associations
Normal file
36
apparmor.d/groups/lxqt/lxqt-config-file-associations
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/4.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
@{exec_path} = @{bin}/lxqt-config-file-associations
|
||||||
|
profile lxqt-config-file-associations @{exec_path} {
|
||||||
|
include <abstractions/base>
|
||||||
|
include <abstractions/lxqt>
|
||||||
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
/etc/machine-id r,
|
||||||
|
|
||||||
|
owner @{user_config_dirs}/ r,
|
||||||
|
owner @{user_config_dirs}/mimeapps* rwk,
|
||||||
|
owner @{user_config_dirs}/lxqt-* rwk,
|
||||||
|
owner @{user_config_dirs}/lxqt/ r,
|
||||||
|
owner @{user_config_dirs}/lxqt/#@{int} rwk,
|
||||||
|
owner @{user_config_dirs}/lxqt/lxqt-config-file-associations.conf.lock rwk,
|
||||||
|
owner @{user_config_dirs}/lxqt/lxqt-config-file-associations.conf kl -> @{user_config_dirs}/lxqt/#@{int},
|
||||||
|
owner @{user_config_dirs}/lxqt/lxqt-config-file-associations.conf.@{rand6} rwkl -> @{user_config_dirs}/lxqt/#@{int},
|
||||||
|
|
||||||
|
owner /tmp/#@{int} rwk,
|
||||||
|
|
||||||
|
/dev/tty rw,
|
||||||
|
|
||||||
|
include if exists <local/lxqt-config-file-associations>
|
||||||
|
}
|
||||||
|
|
||||||
|
# vim:syntax=apparmor
|
40
apparmor.d/groups/lxqt/lxqt-config-locale
Normal file
40
apparmor.d/groups/lxqt/lxqt-config-locale
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/4.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
@{exec_path} = @{bin}/lxqt-config-locale
|
||||||
|
profile lxqt-config-locale @{exec_path} {
|
||||||
|
include <abstractions/base>
|
||||||
|
include <abstractions/lxqt>
|
||||||
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
/etc/machine-id r,
|
||||||
|
|
||||||
|
owner @{user_config_dirs}/lxqt/* r,
|
||||||
|
owner @{user_config_dirs}/lxqt/#@{int} rw,
|
||||||
|
owner @{user_config_dirs}/lxqt/lxqt-config.conf.lock rwk,
|
||||||
|
owner @{user_config_dirs}/lxqt/lxqt-config.conf.@{rand6} rw,
|
||||||
|
owner @{user_config_dirs}/lxqt/lxqt-config.conf.@{rand6} l -> @{user_config_dirs}/lxqt/#@{int},
|
||||||
|
owner @{user_config_dirs}/lxqt/lxqt-config-locale.conf l -> @{user_config_dirs}/lxqt/#@{int},
|
||||||
|
owner @{user_config_dirs}/lxqt/lxqt-config-locale.conf.@{rand6} rw,
|
||||||
|
owner @{user_config_dirs}/lxqt/lxqt-config-locale.conf.@{rand6} l -> @{user_config_dirs}/lxqt/#@{int},
|
||||||
|
owner @{user_config_dirs}/lxqt/lxqt-config-locale.conf.lock rwk,
|
||||||
|
owner @{user_config_dirs}/lxqt/session.conf.lock rwk,
|
||||||
|
owner @{user_config_dirs}/lxqt/session.conf.@{rand6} rw,
|
||||||
|
owner @{user_config_dirs}/lxqt/session.conf.@{rand6} l -> @{user_config_dirs}/lxqt/#@{int},
|
||||||
|
|
||||||
|
owner /tmp/@{int} r,
|
||||||
|
|
||||||
|
/dev/tty rw,
|
||||||
|
|
||||||
|
include if exists <local/lxqt-config-locale>
|
||||||
|
}
|
||||||
|
|
||||||
|
# vim:syntax=apparmor
|
34
apparmor.d/groups/lxqt/lxqt-config-notificationd
Normal file
34
apparmor.d/groups/lxqt/lxqt-config-notificationd
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/4.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
@{exec_path} = @{bin}/lxqt-config-notificationd
|
||||||
|
profile lxqt-config-notificationd @{exec_path} {
|
||||||
|
include <abstractions/base>
|
||||||
|
include <abstractions/lxqt>
|
||||||
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
/etc/machine-id r,
|
||||||
|
|
||||||
|
/var/lib/dbus/machine-id r,
|
||||||
|
|
||||||
|
owner @{user_config_dirs}/lxqt/#@{int} rw,
|
||||||
|
owner @{user_config_dirs}/lxqt/notifications.conf.lock rwk,
|
||||||
|
owner @{user_config_dirs}/lxqt/notifications.conf.@{rand6} rw,
|
||||||
|
owner @{user_config_dirs}/lxqt/notifications.conf.@{rand6} l -> @{user_config_dirs}/lxqt/#@{int},
|
||||||
|
|
||||||
|
owner /tmp/#@{int} r,
|
||||||
|
|
||||||
|
/dev/tty rw,
|
||||||
|
|
||||||
|
include if exists <local/lxqt-config-notificationd>
|
||||||
|
}
|
||||||
|
|
||||||
|
# vim:syntax=apparmor
|
43
apparmor.d/groups/lxqt/lxqt-config-powermanagement
Normal file
43
apparmor.d/groups/lxqt/lxqt-config-powermanagement
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/4.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
@{exec_path} = @{bin}/lxqt-config-powermanagement
|
||||||
|
profile lxqt-config-powermanagement @{exec_path} {
|
||||||
|
include <abstractions/base>
|
||||||
|
include <abstractions/bus-system>
|
||||||
|
include <abstractions/lxqt>
|
||||||
|
include <abstractions/nameservice-strict>
|
||||||
|
|
||||||
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
/etc/machine-id r,
|
||||||
|
|
||||||
|
owner @{user_config_dirs}/lxqt/#@{int} rw,
|
||||||
|
owner @{user_config_dirs}/lxqt/lxqt-powermanagement.conf.lock rwk,
|
||||||
|
owner @{user_config_dirs}/lxqt/lxqt-powermanagement.conf.@{rand6} rw,
|
||||||
|
owner @{user_config_dirs}/lxqt/lxqt-powermanagement.conf.@{rand6} l -> @{user_config_dirs}/lxqt/#@{int},
|
||||||
|
|
||||||
|
@{sys}/class/leds/ r,
|
||||||
|
@{sys}/devices/@{pci}/backlight/**/{,max_,actual_}brightness rw,
|
||||||
|
@{sys}/devices/@{pci}/backlight/**/{uevent,type,enabled} r,
|
||||||
|
@{sys}/devices/@{pci}/backlight/**/brightness rw,
|
||||||
|
@{sys}/devices/@{pci}/drm/card@{int}/**/{,max_,actual_}brightness rw,
|
||||||
|
@{sys}/devices/@{pci}/drm/card@{int}/**/{uevent,type,enabled} r,
|
||||||
|
@{sys}/devices/@{pci}/drm/card@{int}/**/brightness rw,
|
||||||
|
@{sys}/devices/@{pci}/*_backlight/{,max_,actual_}brightness rw,
|
||||||
|
@{sys}/devices/@{pci}/*_backlight/{uevent,type,enabled} r,
|
||||||
|
|
||||||
|
owner /tmp/@{int} r,
|
||||||
|
|
||||||
|
/dev/tty rw,
|
||||||
|
|
||||||
|
include if exists <local/lxqt-config-powermanagement>
|
||||||
|
}
|
||||||
|
|
||||||
|
# vim:syntax=apparmor
|
24
apparmor.d/groups/lxqt/lxqt-config-printer
Normal file
24
apparmor.d/groups/lxqt/lxqt-config-printer
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/4.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
@{exec_path} = @{bin}/lxqt-config-printer
|
||||||
|
profile lxqt-config-printer @{exec_path} {
|
||||||
|
include <abstractions/base>
|
||||||
|
include <abstractions/lxqt>
|
||||||
|
|
||||||
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
owner /tmp/@{int} r,
|
||||||
|
|
||||||
|
/dev/tty rw,
|
||||||
|
|
||||||
|
include if exists <local/lxqt-config-printer>
|
||||||
|
}
|
||||||
|
|
||||||
|
# vim:syntax=apparmor
|
Loading…
Reference in a new issue