feat(profiles): add some thunderbird related profiles.

apparmor.d/profiles-s-z/thunderbird

@@ -89,9 +89,9 @@ profile thunderbird @{exec_path} {
 
   @{thunderbird_lib_dirs}/{,**}                            r,
   @{thunderbird_lib_dirs}/*.so                            mr,
-  @{thunderbird_lib_dirs}/glxtest                       rPUx,
+  @{thunderbird_lib_dirs}/glxtest                        rPx,
   @{thunderbird_lib_dirs}/thunderbird-wrapper-helper.sh  rix,
-  @{thunderbird_lib_dirs}/vaapitest                     rPUx,
+  @{thunderbird_lib_dirs}/vaapitest                      rPx,
 
   @{lib}/@{multiarch}/qt5/plugins/kf5/org.kde.kwindowsystem.platforms/KF5WindowSystemX11Plugin.so mr,
 

apparmor.d/profiles-s-z/thunderbird-glxtest

@@ -0,0 +1,36 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{thunderbird_name} = thunderbird{,-bin}
+@{thunderbird_lib_dirs} = @{lib}/@{thunderbird_name}
+@{thunderbird_config_dirs} = @{HOME}/.@{thunderbird_name}/
+
+@{exec_path} = @{thunderbird_lib_dirs}/glxtest
+profile thunderbird-glxtest @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/dri-common>
+  include <abstractions/dri-enumerate>
+  include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
+  include <abstractions/opencl-nvidia>
+  include <abstractions/vulkan>
+
+  @{exec_path} mr,
+
+  owner @{thunderbird_config_dirs}/*/.parentlock rw,
+
+  owner /tmp/thunderbird/.parentlock rw,
+
+  owner @{run}/user/@{uid}/xauth_?????? r,
+
+  @{sys}/bus/pci/devices/ r,
+  @{sys}/devices/pci[0-9]*/**/class r,
+
+
+  include if exists <local/thunderbird-glxtest>
+}

apparmor.d/profiles-s-z/thunderbird-vaapitest

@@ -0,0 +1,34 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{thunderbird_name} = thunderbird{,-bin}
+@{thunderbird_lib_dirs} = @{lib}/@{thunderbird_name}
+@{thunderbird_config_dirs} = @{HOME}/.@{thunderbird_name}/
+
+@{exec_path} = @{thunderbird_lib_dirs}/vaapitest
+profile thunderbird-vaapitest @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/dri-enumerate>
+  include <abstractions/dri-common>
+  include <abstractions/nvidia>
+  include <abstractions/vulkan>
+
+  network netlink raw,
+
+  @{exec_path} mr,
+
+  /etc/igfx_user_feature{,_next}.txt w,
+  /etc/libva.conf r,
+
+  owner @{thunderbird_config_dirs}/*/.parentlock rw,
+  owner @{thunderbird_config_dirs}/*/startupCache/*Cache* r,
+
+  owner /tmp/thunderbird/.parentlock rw,
+
+  include if exists <local/thunderbird-vaapitest>
+}

dists/flags/main.flags

@@ -268,7 +268,7 @@ ss complain
 ssh complain
 sshd attach_disconnected,complain
 ssservice complain
-startplasma-x11 complain
+startplasma complain
 startx attach_disconnected,complain
 steam attach_disconnected,mediate_deleted,complain
 steam-fossilize attach_disconnected,complain
@@ -324,6 +324,10 @@ systemd-userdbd attach_disconnected,complain
 systemd-userwork complain
 systemd-vconsole-setup complain
 systemd-xdg-autostart-generator complain
+systemsettings complain
+thunderbird complain
+thunderbird-glxtest complain
+thunderbird-vaapitest complain
 udisksctl complain
 udisksd attach_disconnected,complain
 umount complain