diff --git a/apparmor.d/groups/bus/dbus-daemon b/apparmor.d/groups/bus/dbus-daemon index b82ab83f..c1c63185 100644 --- a/apparmor.d/groups/bus/dbus-daemon +++ b/apparmor.d/groups/bus/dbus-daemon @@ -49,16 +49,16 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) { @{bin}/* rPUx, @{bin}/dbus-launch rix, @{lib}/{,at-spi2{,-core}/}at-spi-bus-launcher rix, # See #74, #80 & #235 + @{lib}/{,kf6/}kauth/{,libexec/}* rPx, + @{lib}/@{multiarch}/libexec/ksmserver-logout-greeter rPx, @{lib}/@{multiarch}/tumbler-1/tumblerd rPUx, @{lib}/@{multiarch}/xfce[0-9]/xfconf/xfconfd rPx, - @{lib}/@{multiarch}/libexec/ksmserver-logout-greeter rPx, @{lib}/* rPUx, @{lib}/atril/atrild rPx, @{lib}/dbus-1*/dbus-daemon-launch-helper rPx, @{lib}/gnome-shell/gnome-shell-calendar-server rPx, @{lib}/ibus/ibus-* rPx, - @{lib}/kauth/{,libexec/}* rPx, - @{lib}/kf5/kiod5 rPUx, + @{lib}/kf{5,6}/kiod{5,6} rPx, @{lib}/telepathy/mission-control-5 rPx, @{lib}/xfce[0-9]/xfconf/xfconfd rPx, /usr/share/gnome-documents/org.gnome.Documents rPx, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde index a593a07a..07a82f0a 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde @@ -9,10 +9,9 @@ include @{exec_path} = @{lib}/xdg-desktop-portal-kde profile xdg-desktop-portal-kde @{exec_path} { include - include + include include include - include network inet dgram, network inet6 dgram, @@ -24,29 +23,13 @@ profile xdg-desktop-portal-kde @{exec_path} { @{exec_path} mr, - /usr/share/hwdata/pnp.ids r, - /usr/share/icu/@{int}.@{int}/*.dat r, - /usr/share/qt5/qtlogging.ini r, - - /etc/xdg/kdeglobals r, - /etc/xdg/kwinrc r, - - owner @{HOME}/.Xauthority r, owner @{user_cache_dirs}/*.kcache r, owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_config_dirs}/autostart/org.kde.*.desktop r, - owner @{user_config_dirs}/kdedefaults/kdeglobals r, - owner @{user_config_dirs}/kdedefaults/kwinrc r, - owner @{user_config_dirs}/kdeglobals r, - owner @{user_config_dirs}/kwinrc r, owner @{user_config_dirs}/xdg-desktop-portal-kderc r, - owner /tmp/xauth_@{rand6} r, - - @{run}/user/@{uid}/xauth_@{rand6} rl, - @{PROC}/sys/kernel/core_pattern r, /dev/tty r, diff --git a/apparmor.d/groups/kde/baloo b/apparmor.d/groups/kde/baloo index 45b5bc91..ad94e133 100644 --- a/apparmor.d/groups/kde/baloo +++ b/apparmor.d/groups/kde/baloo @@ -6,13 +6,15 @@ abi , include -@{exec_path} = @{bin}/baloo_file @{lib}/baloo_file +@{exec_path} = @{bin}/baloo_file @{lib}/{,kf6/}baloo_file profile baloo @{exec_path} { include include include include + include include + include include network netlink raw, @@ -21,7 +23,7 @@ profile baloo @{exec_path} { @{exec_path} mr, - @{lib}/baloo_file_extractor rix, + @{lib}/{,kf6/}baloo_file_extractor rix, /usr/share/poppler/{,**} r, diff --git a/apparmor.d/groups/kde/dolphin b/apparmor.d/groups/kde/dolphin index 62c6a31a..d1b8bab7 100644 --- a/apparmor.d/groups/kde/dolphin +++ b/apparmor.d/groups/kde/dolphin @@ -22,14 +22,16 @@ profile dolphin @{exec_path} { network netlink raw, - signal (send) set=(term) peer=kioslave5, + signal (send) set=(term) peer=kioworker, @{exec_path} mr, @{bin}/ldd rix, - @{lib}/kf5/kioslave5 rPx, - @{lib}/@{multiarch}/kf5/kioslave5 rPx, - @{lib}/@{multiarch}/libexec/kf5/kioslave5 rPx, + + @{lib}/@{multiarch}/{,libexec/}kf5/kioslave5 rPx, + @{lib}/@{multiarch}/{,libexec/}kf6/kioworker rPx, + @{lib}/kf5/kioslave5 rPx, + @{lib}/kf6/kioworker rPx, # Share functions @{lib}/thunderbird/thunderbird.sh rPx, diff --git a/apparmor.d/groups/kde/drkonqi-coredump-processor b/apparmor.d/groups/kde/drkonqi-coredump-processor new file mode 100644 index 00000000..134b8d0f --- /dev/null +++ b/apparmor.d/groups/kde/drkonqi-coredump-processor @@ -0,0 +1,21 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{lib}/drkonqi-coredump-processor +profile drkonqi-coredump-processor @{exec_path} { + include + + @{exec_path} mr, + + /{run,var}/log/journal/ r, + /{run,var}/log/journal/@{md5}/ r, + /{run,var}/log/journal/@{md5}/user-@{uid}.journal r, + /{run,var}/log/journal/@{md5}/user-@{uid}@@{uuid}.journal r, + + include if exists +} \ No newline at end of file diff --git a/apparmor.d/groups/kde/gmenudbusmenuproxy b/apparmor.d/groups/kde/gmenudbusmenuproxy index 97628942..34e47f7f 100644 --- a/apparmor.d/groups/kde/gmenudbusmenuproxy +++ b/apparmor.d/groups/kde/gmenudbusmenuproxy @@ -13,7 +13,7 @@ profile gmenudbusmenuproxy @{exec_path} { include include - ptrace (read) peer=kded5, + ptrace (read) peer=kded, signal (receive) set=(cont, term) peer=@{systemd_user}, diff --git a/apparmor.d/groups/kde/kaccess b/apparmor.d/groups/kde/kaccess index bb95ee55..536db33d 100644 --- a/apparmor.d/groups/kde/kaccess +++ b/apparmor.d/groups/kde/kaccess @@ -27,6 +27,8 @@ profile kaccess @{exec_path} { owner @{user_share_dirs}/mime/generic-icons r, + @{PROC}/sys/kernel/core_pattern r, + /dev/tty r, include if exists diff --git a/apparmor.d/groups/kde/kactivitymanagerd b/apparmor.d/groups/kde/kactivitymanagerd index 02ad0eda..978f85f5 100644 --- a/apparmor.d/groups/kde/kactivitymanagerd +++ b/apparmor.d/groups/kde/kactivitymanagerd @@ -9,17 +9,18 @@ include @{exec_path} = @{lib}/kactivitymanagerd profile kactivitymanagerd @{exec_path} { include + include + include include include include - include signal (receive) set=(cont, term) peer=@{systemd_user}, @{exec_path} mr, /etc/xdg/menus/{,*/} r, - /usr/share/kf5/kactivitymanagerd/{,**} r, + /usr/share/kf{5,6}/kactivitymanagerd/{,**} r, /usr/share/kservices5/{,**} r, /etc/machine-id r, @@ -27,7 +28,7 @@ profile kactivitymanagerd @{exec_path} { owner @{HOME}/@{XDG_DESKTOP_DIR}/ r, owner @{HOME}/@{XDG_DESKTOP_DIR}/*.desktop r, - owner @{user_cache_dirs}/ksycoca5_* r, + owner @{user_cache_dirs}/ksycoca{5,6}_* r, owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/kactivitymanagerdrc.lock rwk, diff --git a/apparmor.d/groups/kde/kauth-backlighthelper b/apparmor.d/groups/kde/kauth-backlighthelper index 1f8beefc..569c57a5 100644 --- a/apparmor.d/groups/kde/kauth-backlighthelper +++ b/apparmor.d/groups/kde/kauth-backlighthelper @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{lib}/kauth/{,libexec/}backlighthelper +@{exec_path} = @{lib}/{,kf6/}kauth/{,libexec/}backlighthelper profile kauth-backlighthelper @{exec_path} { include include diff --git a/apparmor.d/groups/kde/kauth-chargethresholdhelper b/apparmor.d/groups/kde/kauth-chargethresholdhelper index dc0e1c6e..6332773a 100644 --- a/apparmor.d/groups/kde/kauth-chargethresholdhelper +++ b/apparmor.d/groups/kde/kauth-chargethresholdhelper @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{lib}/kauth/{,libexec/}chargethresholdhelper +@{exec_path} = @{lib}/{,kf6/}kauth/{,libexec/}chargethresholdhelper profile kauth-chargethresholdhelper @{exec_path} { include include diff --git a/apparmor.d/groups/kde/kauth-discretegpuhelper b/apparmor.d/groups/kde/kauth-discretegpuhelper index 8a2bb08e..ce5228a4 100644 --- a/apparmor.d/groups/kde/kauth-discretegpuhelper +++ b/apparmor.d/groups/kde/kauth-discretegpuhelper @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{lib}/kauth/{,libexec/}discretegpuhelper +@{exec_path} = @{lib}/{,kf6/}kauth/{,libexec/}discretegpuhelper profile kauth-discretegpuhelper @{exec_path} { include include diff --git a/apparmor.d/groups/kde/kauth-fontinst b/apparmor.d/groups/kde/kauth-fontinst index 0818f7f7..a41f3cdd 100644 --- a/apparmor.d/groups/kde/kauth-fontinst +++ b/apparmor.d/groups/kde/kauth-fontinst @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{lib}/kauth/{,libexec/}fontinst +@{exec_path} = @{lib}/{,kf6/}kauth/{,libexec/}fontinst profile kauth-fontinst @{exec_path} { include include diff --git a/apparmor.d/groups/kde/kauth-kded-smart-helper b/apparmor.d/groups/kde/kauth-kded-smart-helper index e42e9661..2bef6ae7 100644 --- a/apparmor.d/groups/kde/kauth-kded-smart-helper +++ b/apparmor.d/groups/kde/kauth-kded-smart-helper @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{lib}/kauth/{,libexec/}kded-smart-helper +@{exec_path} = @{lib}/{,kf6/}kauth/{,libexec/}kded-smart-helper profile kauth-kded-smart-helper @{exec_path} { include include diff --git a/apparmor.d/groups/kde/kauth-kinfocenter-dmidecode-helper b/apparmor.d/groups/kde/kauth-kinfocenter-dmidecode-helper index c4c45d79..6c1974a8 100644 --- a/apparmor.d/groups/kde/kauth-kinfocenter-dmidecode-helper +++ b/apparmor.d/groups/kde/kauth-kinfocenter-dmidecode-helper @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{lib}/kauth/{,libexec/}kinfocenter-dmidecode-helper +@{exec_path} = @{lib}/{,kf6/}kauth/{,libexec/}kinfocenter-dmidecode-helper profile kauth-kinfocenter-dmidecode-helper @{exec_path} { include include diff --git a/apparmor.d/groups/kde/kcminit b/apparmor.d/groups/kde/kcminit index 0adbdcbc..0977dbe4 100644 --- a/apparmor.d/groups/kde/kcminit +++ b/apparmor.d/groups/kde/kcminit @@ -20,15 +20,12 @@ profile kcminit @{exec_path} { /etc/machine-id r, /etc/xdg/kcmdisplayrc r, - /etc/xdg/kcminputrc r, owner @{HOME}/.Xdefaults r, owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/gtkrc-2.0{,.@{rand6}} rwl, owner @{user_config_dirs}/gtkrc{,.@{rand6}} rwl, - owner @{user_config_dirs}/kcminputrc r, - owner @{user_config_dirs}/kdedefaults/kcminputrc r, owner @{user_config_dirs}/kgammarc r, owner @{user_config_dirs}/touchpadrc r, owner @{user_config_dirs}/touchpadxlibinputrc r, @@ -43,6 +40,7 @@ profile kcminit @{exec_path} { @{run}/user/@{uid}/xauth_@{rand6} rl, + @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/random/boot_id r, /dev/tty r, diff --git a/apparmor.d/groups/kde/kconf_update b/apparmor.d/groups/kde/kconf_update index 69ea74e1..62fb490b 100644 --- a/apparmor.d/groups/kde/kconf_update +++ b/apparmor.d/groups/kde/kconf_update @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{lib}/kf5/kconf_update +@{exec_path} = @{lib}/kf{5,6}/kconf_update @{lib}/{,@{multiarch}/}libexec/kf{5,6}/kconf_update profile kconf_update @{exec_path} { include include diff --git a/apparmor.d/groups/kde/kde-powerdevil b/apparmor.d/groups/kde/kde-powerdevil index d51b2a59..fa95f5aa 100644 --- a/apparmor.d/groups/kde/kde-powerdevil +++ b/apparmor.d/groups/kde/kde-powerdevil @@ -12,6 +12,7 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted) include include include + include capability wake_alarm, @@ -29,7 +30,7 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted) @{bin}/xargs rix, @{lib}/drkonqi rPx, - /usr/share/knotifications5/*.notifyrc r, + /usr/share/knotifications{5,6}/*.notifyrc r, /etc/fstab r, /etc/machine-id r, diff --git a/apparmor.d/groups/kde/kded5 b/apparmor.d/groups/kde/kded similarity index 89% rename from apparmor.d/groups/kde/kded5 rename to apparmor.d/groups/kde/kded index 2db4737d..439d4cab 100644 --- a/apparmor.d/groups/kde/kded5 +++ b/apparmor.d/groups/kde/kded @@ -6,8 +6,8 @@ abi , include -@{exec_path} = @{bin}/kded5 -profile kded5 @{exec_path} { +@{exec_path} = @{bin}/kded5 @{bin}/kded6 +profile kded @{exec_path} { include include include @@ -68,15 +68,15 @@ profile kded5 @{exec_path} { @{bin}/xrdb rPx, @{bin}/xsettingsd rPx, @{lib}/drkonqi rPx, - @{lib}/kf5/kconf_update rPx, - @{lib}/{,@{multiarch}/}libexec/kf5/kconf_update rPx, + @{lib}/kf{5,6}/kconf_update rPx, + @{lib}/{,@{multiarch}/}libexec/kf{5,6}/kconf_update rPx, @{lib}/{,@{multiarch}/}utempter/utempter rPx, /usr/share/kconf_update/ r, - /usr/share/kded5/{,**} r, - /usr/share/kf5/kcookiejar/* r, + /usr/share/kded{5,6}/{,**} r, + /usr/share/kf{5,6}/kcookiejar/* r, /usr/share/khotkeys/{,**} r, - /usr/share/knotifications5/{,**} r, + /usr/share/knotifications{5,6}/{,**} r, /usr/share/kservices5/{,**} r, /usr/share/kservicetypes5/{,**} r, @@ -90,7 +90,7 @@ profile kded5 @{exec_path} { owner @{HOME}/.gtkrc-2.0 rw, - @{user_cache_dirs}/ksycoca5_* rwlk -> @{user_cache_dirs}/#@{int}, + @{user_cache_dirs}/ksycoca{5,6}_* rwlk -> @{user_cache_dirs}/#@{int}, owner @{user_cache_dirs}/#@{int} rw, owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_cache_dirs}/plasmashell/ rw, @@ -107,8 +107,8 @@ profile kded5 @{exec_path} { owner @{user_config_dirs}/kconf_updaterc rw, owner @{user_config_dirs}/kconf_updaterc.lock rwk, owner @{user_config_dirs}/kdebugrc r, - owner @{user_config_dirs}/kded5rc.lock rwk, - owner @{user_config_dirs}/kded5rc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, + owner @{user_config_dirs}/kded{5,6}rc.lock rwk, + owner @{user_config_dirs}/kded{5,6}rc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kdedefaults/{,**} r, owner @{user_config_dirs}/khotkeysrc.lock rwk, owner @{user_config_dirs}/khotkeysrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, @@ -124,6 +124,7 @@ profile kded5 @{exec_path} { owner @{user_config_dirs}/menus/{,**} r, owner @{user_config_dirs}/networkmanagement.notifyrc r, owner @{user_config_dirs}/plasma-nm r, + owner @{user_config_dirs}/plasma-welcomerc r, owner @{user_config_dirs}/touchpadrc r, owner @{user_config_dirs}/xsettingsd/{,**} rw, @@ -131,7 +132,7 @@ profile kded5 @{exec_path} { owner @{user_share_dirs}/icc/{,edid-*} r, owner @{user_share_dirs}/kcookiejar/#@{int} rw, owner @{user_share_dirs}/kcookiejar/cookies.lock rwk, - owner @{user_share_dirs}/kded5/{,**} rw, + owner @{user_share_dirs}/kded{5,6}/{,**} rw, owner @{user_share_dirs}/kscreen/{,**} rwl, owner @{user_share_dirs}/kservices5/{,**} r, owner @{user_share_dirs}/ktp/cache.db rwk, @@ -142,7 +143,7 @@ profile kded5 @{exec_path} { @{run}/udev/data/c189:@{int} r, # for /dev/bus/usb/** @{run}/user/@{uid}/gvfs/ r, owner @{run}/user/@{uid}/#@{int} rw, - owner @{run}/user/@{uid}/kded5*kioworker.socket rwl, + owner @{run}/user/@{uid}/kded{5,6}*kioworker.socket rwl, owner /tmp/plasma-csd-generator.@{rand6}/{,**} rw, @@ -159,7 +160,7 @@ profile kded5 @{exec_path} { /dev/disk/by-label/ r, /dev/ptmx rw, - /dev/rfkill r, + /dev/rfkill rw, profile pgrep { include @@ -182,8 +183,8 @@ profile kded5 @{exec_path} { @{PROC}/tty/drivers r, @{PROC}/uptime r, - include if exists + include if exists } - include if exists + include if exists } diff --git a/apparmor.d/groups/kde/kio_http_cache_cleaner b/apparmor.d/groups/kde/kio_http_cache_cleaner index 4444b53c..a39d6716 100644 --- a/apparmor.d/groups/kde/kio_http_cache_cleaner +++ b/apparmor.d/groups/kde/kio_http_cache_cleaner @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{lib}/kf5/kio_http_cache_cleaner +@{exec_path} = @{lib}/kf{5,6}/kio_http_cache_cleaner profile kio_http_cache_cleaner @{exec_path} { include diff --git a/apparmor.d/groups/kde/kiod5 b/apparmor.d/groups/kde/kiod similarity index 88% rename from apparmor.d/groups/kde/kiod5 rename to apparmor.d/groups/kde/kiod index 0b7cabe9..bf55dcbf 100644 --- a/apparmor.d/groups/kde/kiod5 +++ b/apparmor.d/groups/kde/kiod @@ -6,8 +6,8 @@ abi , include -@{exec_path} = @{lib}/kf5/kiod5 -profile kiod5 @{exec_path} { +@{exec_path} = @{lib}/kf{5,6}/kiod{5,6} +profile kiod @{exec_path} { include include include @@ -32,5 +32,5 @@ profile kiod5 @{exec_path} { /dev/tty r, - include if exists + include if exists } \ No newline at end of file diff --git a/apparmor.d/groups/kde/kioslave5 b/apparmor.d/groups/kde/kioworker similarity index 83% rename from apparmor.d/groups/kde/kioslave5 rename to apparmor.d/groups/kde/kioworker index 36720c59..8d995ab5 100644 --- a/apparmor.d/groups/kde/kioslave5 +++ b/apparmor.d/groups/kde/kioworker @@ -6,9 +6,9 @@ abi , include -@{exec_path} = @{lib}/@{multiarch}/kf5/kioslave5 -@{exec_path} += @{lib}/kf5/kioslave5 -profile kioslave5 @{exec_path} { +@{exec_path} = @{lib}/kf6/kioworker @{lib}/@{multiarch}/{,libexec/}kf6/kioworker +@{exec_path} += @{lib}/kf5/kioslave5 @{lib}/@{multiarch}/{,libexec/}kf5/kioslave5 +profile kioworker @{exec_path} { include include include @@ -35,11 +35,11 @@ profile kioslave5 @{exec_path} { @{lib}/libheif/ r, @{lib}/libheif/*.so* rm, - @{lib}/kf5/kio_http_cache_cleaner rPx, + @{lib}/kf{5,6}/kio_http_cache_cleaner rPx, /usr/share/kio_desktop/directory.desktop r, - /usr/share/kservices5/{,**} r, - /usr/share/kservicetypes5/*.desktop r, + /usr/share/kservices{5,6}/{,**} r, + /usr/share/kservicetypes{5,6}/*.desktop r, /usr/share/remoteview/* r, /etc/fstab r, @@ -71,7 +71,7 @@ profile kioslave5 @{exec_path} { owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_cache_dirs}/kio_http/* rwl, - owner @{user_cache_dirs}/ksycoca5_* r, + owner @{user_cache_dirs}/ksycoca{5,6}_* r, owner @{user_config_dirs}/kio_httprc r, owner @{user_config_dirs}/menus/{,**} r, @@ -81,7 +81,7 @@ profile kioslave5 @{exec_path} { owner @{user_share_dirs}/kactivitymanagerd/resources/database rk, owner @{user_share_dirs}/kactivitymanagerd/resources/database-shm rwk, owner @{user_share_dirs}/kactivitymanagerd/resources/database-wal rw, - owner @{user_share_dirs}/kservices5/{,**} r, + owner @{user_share_dirs}/kservices{5,6}/{,**} r, owner /tmp/#@{int} rw, @@ -95,5 +95,5 @@ profile kioslave5 @{exec_path} { /dev/tty r, - include if exists + include if exists } diff --git a/apparmor.d/groups/kde/konsole b/apparmor.d/groups/kde/konsole index 9d59607c..b2145399 100644 --- a/apparmor.d/groups/kde/konsole +++ b/apparmor.d/groups/kde/konsole @@ -29,7 +29,8 @@ profile konsole @{exec_path} flags=(attach_disconnected) { @{lib}/{,@{multiarch}/}utempter/utempter rPx, /usr/share/color-schemes/{,**} r, - /usr/share/knotifications5/plasma_workspace.notifyrc r, + /usr/share/kf6/{,**} r, + /usr/share/knotifications{5,6}/plasma_workspace.notifyrc r, /usr/share/konsole/{,**} r, /usr/share/sounds/** r, @@ -48,7 +49,7 @@ profile konsole @{exec_path} flags=(attach_disconnected) { owner @{user_cache_dirs}/icon-cache.kcache rw, - owner @{user_share_dirs}/konsole/{,**} rw, + owner @{user_share_dirs}/konsole/{,**} rwlk, owner /tmp/#@{int} rw, owner /tmp/konsole.@{rand6} rw, diff --git a/apparmor.d/groups/kde/kscreen_backend_launcher b/apparmor.d/groups/kde/kscreen_backend_launcher index a240ce6a..8ad64af7 100644 --- a/apparmor.d/groups/kde/kscreen_backend_launcher +++ b/apparmor.d/groups/kde/kscreen_backend_launcher @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{lib}/kf5/kscreen_backend_launcher +@{exec_path} = @{lib}/kf{5,6}/kscreen_backend_launcher profile kscreen_backend_launcher @{exec_path} { include include diff --git a/apparmor.d/groups/kde/ksmserver b/apparmor.d/groups/kde/ksmserver index 3e2e35b8..bf20c1ea 100644 --- a/apparmor.d/groups/kde/ksmserver +++ b/apparmor.d/groups/kde/ksmserver @@ -34,9 +34,9 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{user_bin_dirs}/** rPUx, /usr/share/color-schemes/{,**} r, - /usr/share/knotifications5/*.notifyrc r, - /usr/share/kservices5/{,**} r, - /usr/share/kservicetypes5/{,**} r, + /usr/share/knotifications{5,6}/*.notifyrc r, + /usr/share/kservices{5,6}/{,**} r, + /usr/share/kservicetypes{5,6}/{,**} r, /etc/xdg/menus/applications-merged/ r, /etc/machine-id r, @@ -51,7 +51,7 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) { owner @{user_cache_dirs}/#@{int} rw, owner @{user_cache_dirs}/fontconfig/*-le64.cache-* r, owner @{user_cache_dirs}/icon-cache.kcache rw, - owner @{user_cache_dirs}/ksycoca5_* rwlk, + owner @{user_cache_dirs}/ksycoca{5,6}_* rwlk, owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/kscreenlockerrc r, diff --git a/apparmor.d/groups/kde/ksplashqml b/apparmor.d/groups/kde/ksplashqml index 8559520f..aa5c1030 100644 --- a/apparmor.d/groups/kde/ksplashqml +++ b/apparmor.d/groups/kde/ksplashqml @@ -18,12 +18,11 @@ profile ksplashqml @{exec_path} { /usr/share/plasma/** r, + /etc/machine-id r, + owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_cache_dirs}/ksplash/ rw, - owner @{user_cache_dirs}/ksplash/qmlcache/ rw, - owner @{user_cache_dirs}/ksplash/qmlcache/*.qmlc rwl -> @{user_cache_dirs}/ksplash/qmlcache/#@{int}, - owner @{user_cache_dirs}/ksplash/qmlcache/*.qmlc.@{rand6} rwl -> @{user_cache_dirs}/ksplash/qmlcache/#@{int}, - owner @{user_cache_dirs}/ksplash/qmlcache/#@{int} rw, + owner @{user_cache_dirs}/ksplash/** rwlk -> @{user_cache_dirs}/ksplash/**, owner @{user_config_dirs}/kdedefaults/ksplashrc r, owner @{user_config_dirs}/kdedefaults/plasmarc r, diff --git a/apparmor.d/groups/kde/kwalletd5 b/apparmor.d/groups/kde/kwalletd similarity index 89% rename from apparmor.d/groups/kde/kwalletd5 rename to apparmor.d/groups/kde/kwalletd index e645aab2..a4cfab54 100644 --- a/apparmor.d/groups/kde/kwalletd5 +++ b/apparmor.d/groups/kde/kwalletd @@ -7,8 +7,8 @@ abi , include -@{exec_path} = @{bin}/kwalletd5 -profile kwalletd5 @{exec_path} { +@{exec_path} = @{bin}/kwalletd{5,6} +profile kwalletd @{exec_path} { include include include @@ -27,7 +27,7 @@ profile kwalletd5 @{exec_path} { /usr/share/color-schemes/{,**} r, /usr/share/qt/translations/*.qm r, - /usr/share/qt5/qtlogging.ini r, + /usr/share/qt{5,6}/qtlogging.ini r, /usr/share/qt5ct/** r, /etc/machine-id r, @@ -62,8 +62,8 @@ profile kwalletd5 @{exec_path} { owner @{HOME}/@{XDG_GPG_DIR}/ rw, owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, - include if exists + include if exists } - include if exists + include if exists } diff --git a/apparmor.d/groups/kde/kwalletmanager5 b/apparmor.d/groups/kde/kwalletmanager similarity index 93% rename from apparmor.d/groups/kde/kwalletmanager5 rename to apparmor.d/groups/kde/kwalletmanager index 56ada10e..a1961314 100644 --- a/apparmor.d/groups/kde/kwalletmanager5 +++ b/apparmor.d/groups/kde/kwalletmanager @@ -7,8 +7,8 @@ abi , include -@{exec_path} = @{bin}/kwalletmanager5 -profile kwalletmanager5 @{exec_path} { +@{exec_path} = @{bin}/kwalletmanager{5,6} +profile kwalletmanager @{exec_path} { include include include @@ -53,5 +53,5 @@ profile kwalletmanager5 @{exec_path} { /dev/shm/ r, /dev/shm/#@{int} rw, - include if exists + include if exists } diff --git a/apparmor.d/groups/kde/kwin_wayland b/apparmor.d/groups/kde/kwin_wayland index fb81ccd5..506a8f67 100644 --- a/apparmor.d/groups/kde/kwin_wayland +++ b/apparmor.d/groups/kde/kwin_wayland @@ -28,6 +28,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) { @{exec_path} mr, + @{bin}/kcminit rPx, @{bin}/plasmashell r, @{bin}/Xwayland rPx, @{lib}/kscreenlocker_greet rPx, @@ -36,7 +37,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) { /usr/share/color-schemes/*.colors r, /usr/share/desktop-directories/*.directory r, /usr/share/kglobalaccel/{,**} r, - /usr/share/knotifications5/ksmserver.notifyrc r, + /usr/share/knotifications{5,6}/ksmserver.notifyrc r, /usr/share/kservices5/{,**} r, /usr/share/kservicetypes5/{,*.desktop} r, /usr/share/kwin/{,**} r, @@ -55,7 +56,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) { owner /var/lib/sddm/.cache/fontconfig/*-le64.cache-@{int}.LCK l -> /var/lib/sddm/.cache/fontconfig/*-le64.cache-@{int}.TMP-@{rand6}, owner /var/lib/sddm/.cache/mesa_shader_cache/** r, owner /var/lib/sddm/.cache/mesa_shader_cache/index rw, - owner /var/lib/sddm/.cache/ksycoca5_* rwkl -> /var/lib/sddm/.cache/#@{int}, + owner /var/lib/sddm/.cache/ksycoca{5,6}_* rwkl -> /var/lib/sddm/.cache/#@{int}, owner /var/lib/sddm/.config/#@{int} rw, owner /var/lib/sddm/.config/kcminputrc r, @@ -68,8 +69,8 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) { owner @{user_cache_dirs}/ r, owner @{user_cache_dirs}/#@{int} rw, owner @{user_cache_dirs}/icon-cache.kcache rw, - owner @{user_cache_dirs}/ksycoca5_* r, - owner @{user_cache_dirs}/ksycoca5_* rwkl -> @{user_cache_dirs}/#@{int}, + owner @{user_cache_dirs}/ksycoca{5,6}_* r, + owner @{user_cache_dirs}/ksycoca{5,6}_* rwkl -> @{user_cache_dirs}/#@{int}, owner @{user_cache_dirs}/kwin/qmlcache/*.qmlc rw, owner @{user_cache_dirs}/kwin/qmlcache/*.qmlc.@{rand6} rwl -> @{user_cache_dirs}/kwin/qmlcache/#@{int}, owner @{user_cache_dirs}/kwin/qmlcache/#@{int} rw, @@ -84,6 +85,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) { owner @{user_config_dirs}/kglobalshortcutsrc.lock rwk, owner @{user_config_dirs}/kglobalshortcutsrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kscreenlockerrc r, + owner @{user_config_dirs}/kwinoutputconfig.json rw, owner @{user_config_dirs}/kwinrc.lock rwk, owner @{user_config_dirs}/kwinrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kwinrulesrc r, diff --git a/apparmor.d/groups/kde/pam_kwallet_init b/apparmor.d/groups/kde/pam_kwallet_init index 2ba25c82..d7858ee1 100644 --- a/apparmor.d/groups/kde/pam_kwallet_init +++ b/apparmor.d/groups/kde/pam_kwallet_init @@ -14,7 +14,7 @@ profile pam_kwallet_init @{exec_path} { @{sh_path} rix, @{bin}/env rix, - @{bin}/socat rix, + @{bin}/socat{,1} rix, /dev/tty rw, diff --git a/apparmor.d/groups/kde/plasma-browser-integration-host b/apparmor.d/groups/kde/plasma-browser-integration-host index d1614a60..fb29463d 100644 --- a/apparmor.d/groups/kde/plasma-browser-integration-host +++ b/apparmor.d/groups/kde/plasma-browser-integration-host @@ -31,7 +31,7 @@ profile plasma-browser-integration-host @{exec_path} { /var/lib/flatpak/exports/share/mime/ r, owner @{user_cache_dirs}/icon-cache.kcache rw, - owner @{user_cache_dirs}/ksycoca5_* r, + owner @{user_cache_dirs}/ksycoca{5,6}_* r, owner @{user_config_dirs}/menus/ r, diff --git a/apparmor.d/groups/kde/plasma-discover b/apparmor.d/groups/kde/plasma-discover index c023d023..6f46af11 100644 --- a/apparmor.d/groups/kde/plasma-discover +++ b/apparmor.d/groups/kde/plasma-discover @@ -24,7 +24,7 @@ profile plasma-discover @{exec_path} { network netlink dgram, network netlink raw, - signal (send) set=(term) peer=kioslave5, + signal (send) set=(term) peer=kioworker, @{exec_path} mr, @@ -34,8 +34,12 @@ profile plasma-discover @{exec_path} { @{bin}/gpg rCx -> gpg, @{bin}/gpgconf rCx -> gpg, @{bin}/gpgsm rCx -> gpg, - @{lib}/kf5/kioslave5 rPx, - @{lib}/kf5/kio_http_cache_cleaner rPx, + + @{lib}/@{multiarch}/{,libexec/}kf5/kioslave5 rPx, + @{lib}/@{multiarch}/{,libexec/}kf6/kioworker rPx, + @{lib}/kf{5,6}/kio_http_cache_cleaner rPx, + @{lib}/kf5/kioslave5 rPx, + @{lib}/kf6/kioworker rPx, /usr/share/knotifications5/plasma_workspace.notifyrc r, /usr/share/knsrcfiles/{,*} r, diff --git a/apparmor.d/groups/kde/plasma_session b/apparmor.d/groups/kde/plasma_session index f55f0a70..289cc977 100644 --- a/apparmor.d/groups/kde/plasma_session +++ b/apparmor.d/groups/kde/plasma_session @@ -17,7 +17,7 @@ profile plasma_session @{exec_path} { @{bin}/gmenudbusmenuproxy rPx, @{bin}/kaccess rPx, @{bin}/kcminit rPx, - @{bin}/kded5 rPx, + @{bin}/kded{5,6} rPx, @{bin}/ksmserver rPx, @{bin}/ksplashqml rPx, @{bin}/kwin_wayland_wrapper rPx, @@ -38,7 +38,7 @@ profile plasma_session @{exec_path} { /etc/xdg/autostart/*.desktop r, /etc/xdg/menus/ r, - @{user_cache_dirs}/ksycoca5_* r, + owner @{user_cache_dirs}/ksycoca{5,6}_* r, owner @{user_config_dirs}/baloofilerc r, owner @{user_config_dirs}/kdedefaults/ksplashrc r, diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell index bcb0a156..f11edac7 100644 --- a/apparmor.d/groups/kde/plasmashell +++ b/apparmor.d/groups/kde/plasmashell @@ -36,7 +36,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { ptrace (read) peer=akonadi*, ptrace (read) peer=kalendarac, - ptrace (read) peer=kded5, + ptrace (read) peer=kded, ptrace (read) peer=ksmserver-logout-greeter, ptrace (read) peer=kwin_x11, ptrace (read) peer=libreoffice*, @@ -47,21 +47,24 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { @{exec_path} mr, - @{lib}/libheif/ r, - @{lib}/libheif/*.so* rm, - @{lib}/kf5/kioslave5 rPx, - @{lib}/kf5/kdesu{,d} rix, - @{bin}/dolphin rPUx, # TODO: rPx, + @{bin}/dolphin rPUx, @{bin}/ksysguardd rix, @{bin}/plasma-discover rPUx, @{bin}/xrdb rPx, - @{lib}/@{multiarch}/libexec/kf5/kioslave5 rPx, + @{lib}/kf{5,6}/kdesu{,d} rix, + + @{lib}/@{multiarch}/{,libexec/}kf5/kioslave5 rPx, + @{lib}/@{multiarch}/{,libexec/}kf6/kioworker rPx, + @{lib}/kf5/kioslave5 rPx, + @{lib}/kf6/kioworker rPx, /usr/share/akonadi/firstrun/{,*} r, /usr/share/akonadi/plugins/serializer/{,*.desktop} r, /usr/share/desktop-directories/kf5-*.directory r, + /usr/share/kf6/{,**} r, /usr/share/kio/servicemenus/{,*.desktop} r, - /usr/share/knotifications5/*.notifyrc r, + /usr/share/knotifications{5,6}/*.notifyrc r, + /usr/share/konsole/ r, /usr/share/krunner/{,**} r, /usr/share/kservices5/{,**} r, @@ -100,7 +103,8 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { owner @{user_cache_dirs}/bookmarksrunner/** rwkl -> @{user_cache_dirs}/bookmarksrunner/#@{int}, owner @{user_cache_dirs}/event-sound-cache.tdb.@{md5}.x86_64-pc-linux-gnu rwk, owner @{user_cache_dirs}/icon-cache.kcache rw, - owner @{user_cache_dirs}/ksycoca5_* rwlk -> @{user_cache_dirs}/#@{int}, + owner @{user_cache_dirs}/ksvg-elements* rwlk -> @{user_cache_dirs}/#@{int}, + owner @{user_cache_dirs}/ksycoca{5,6}_* rwlk -> @{user_cache_dirs}/#@{int}, owner @{user_cache_dirs}/org.kde.dirmodel-qml.kcache rw, owner @{user_cache_dirs}/plasma_theme_*.kcache rw, owner @{user_cache_dirs}/plasma-svgelements.lock rwk, @@ -118,8 +122,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { owner @{user_config_dirs}/baloofilerc r, owner @{user_config_dirs}/dolphinrc r, owner @{user_config_dirs}/eventviewsrc r, - owner @{user_config_dirs}/kactivitymanagerd-*.lock rwk, - owner @{user_config_dirs}/kactivitymanagerd-*{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, + owner @{user_config_dirs}/kactivitymanagerd* rwkl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kcookiejarrc r, owner @{user_config_dirs}/kdedefaults/plasmarc r, owner @{user_config_dirs}/kdiff3fileitemactionrc r, @@ -154,7 +157,8 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { owner @{user_share_dirs}/ktp/cache.db rwk, owner @{user_share_dirs}/plasma_icons/*.desktop r, owner @{user_share_dirs}/plasma/plasmoids/{,**} r, - owner @{user_share_dirs}/user-places.xbel{,*} rwl -> @{user_share_dirs}/#@{int}, + owner @{user_share_dirs}/plasmashell/** rwkl -> @{user_share_dirs}/plasmashell/**, + owner @{user_share_dirs}/user-places.xbel{,*} rwl, owner /tmp/#@{int} rw, /tmp/.mount_nextcl@{rand6}/{,*} r, diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm index ecbfcde5..e8c33bd7 100644 --- a/apparmor.d/groups/kde/sddm +++ b/apparmor.d/groups/kde/sddm @@ -83,7 +83,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{bin}/dbus-run-session rPx, @{bin}/kwin_wayland rPx, - @{bin}/sddm-greeter rPx, + @{bin}/sddm-greeter{,-qt6} rPx, @{bin}/Xorg rPx, /etc/sddm/Xsession rPx, @@ -94,7 +94,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{bin}/dbus-update-activation-environment rCx -> dbus, @{bin}/gnome-keyring-daemon rPx, - @{bin}/kwalletd5 rPx, + @{bin}/kwalletd{5,6} rPx, @{bin}/startplasma-wayland rPx, @{bin}/startplasma-x11 rPx, @{bin}/systemctl rPx -> child-systemctl, diff --git a/apparmor.d/groups/kde/sddm-greeter b/apparmor.d/groups/kde/sddm-greeter index 4560d6ae..ceece849 100644 --- a/apparmor.d/groups/kde/sddm-greeter +++ b/apparmor.d/groups/kde/sddm-greeter @@ -7,7 +7,7 @@ abi , include -@{exec_path} = @{bin}/sddm-greeter +@{exec_path} = @{bin}/sddm-greeter{,-qt6} profile sddm-greeter @{exec_path} { include include diff --git a/apparmor.d/groups/kde/startplasma b/apparmor.d/groups/kde/startplasma index a78a802b..4b145415 100644 --- a/apparmor.d/groups/kde/startplasma +++ b/apparmor.d/groups/kde/startplasma @@ -24,7 +24,7 @@ profile startplasma @{exec_path} { /usr/share/color-schemes/{,**} r, /usr/share/desktop-directories/{,**} r, - /usr/share/knotifications5/{,**} r, + /usr/share/knotifications{5,6}/{,**} r, /usr/share/kservices5/{,**} r, /usr/share/kservicetypes5/{,**} r, /usr/share/plasma/{,**} r, @@ -33,7 +33,7 @@ profile startplasma @{exec_path} { /etc/xdg/kcminputrc r, /etc/xdg/menus/{,**} r, - @{user_cache_dirs}/ksycoca5_* rwkl -> @{user_cache_dirs}/#@{int}, + @{user_cache_dirs}/ksycoca{5,6}_* rwkl -> @{user_cache_dirs}/#@{int}, owner @{user_cache_dirs}/#@{int} rwk, owner @{user_cache_dirs}/kcrash-metadata/ rw, owner @{user_cache_dirs}/plasma-svgelements rw, diff --git a/apparmor.d/groups/kde/systemsettings b/apparmor.d/groups/kde/systemsettings index c811e9ee..56cef279 100644 --- a/apparmor.d/groups/kde/systemsettings +++ b/apparmor.d/groups/kde/systemsettings @@ -36,9 +36,9 @@ profile systemsettings @{exec_path} { owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_cache_dirs}/kinfocenter/{,**} rwl, - owner @{user_cache_dirs}/ksycoca5_* r, + owner @{user_cache_dirs}/ksycoca{5,6}_* r, owner @{user_cache_dirs}/systemsettings/ rw, - owner @{user_cache_dirs}/systemsettings/** rwl -> @{user_cache_dirs}/systemsettings/**, + owner @{user_cache_dirs}/systemsettings/** rwlk -> @{user_cache_dirs}/systemsettings/**, owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/kde.org/{,**} rwlk, diff --git a/apparmor.d/groups/kde/xsettingsd b/apparmor.d/groups/kde/xsettingsd index 2352758a..c8cf1d5d 100644 --- a/apparmor.d/groups/kde/xsettingsd +++ b/apparmor.d/groups/kde/xsettingsd @@ -10,7 +10,7 @@ include profile xsettingsd @{exec_path} { include - signal (receive) set=hup peer=kded5, + signal (receive) set=hup peer=kded, @{exec_path} mr,