diff --git a/apparmor.d/groups/akonadi/akonadi_akonotes_resource b/apparmor.d/groups/akonadi/akonadi_akonotes_resource index 1d79b24e..41d43e52 100644 --- a/apparmor.d/groups/akonadi/akonadi_akonotes_resource +++ b/apparmor.d/groups/akonadi/akonadi_akonotes_resource @@ -10,9 +10,11 @@ include profile akonadi_akonotes_resource @{exec_path} { include include + include include include include + include include @{exec_path} mr, @@ -20,12 +22,17 @@ profile akonadi_akonotes_resource @{exec_path} { /usr/share/hwdata/*.ids r, /usr/share/qt/translations/*.qm r, + /etc/xdg/kdeglobals r, + /etc/xdg/kwinrc r, + owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_config_dirs}/akonadi_akonotes_resource_[0-9]rc r, owner @{user_config_dirs}/akonadi/agent_config_akonadi_akonotes_resource_[0-9]{,_changes.dat} r, owner @{user_config_dirs}/akonadi/akonadiconnectionrc r, + owner @{user_share_dirs}/notes/**/ r, + owner @{user_config_dirs}/kdedefaults/kdeglobals r, owner @{user_config_dirs}/kdedefaults/kwinrc r, owner @{user_config_dirs}/kdeglobals r, diff --git a/apparmor.d/groups/akonadi/akonadi_archivemail_agent b/apparmor.d/groups/akonadi/akonadi_archivemail_agent index d03070f4..de850b19 100644 --- a/apparmor.d/groups/akonadi/akonadi_archivemail_agent +++ b/apparmor.d/groups/akonadi/akonadi_archivemail_agent @@ -10,28 +10,35 @@ include profile akonadi_archivemail_agent @{exec_path} { include include + include + include include include + include include @{exec_path} mr, + /usr/share/akonadi/plugins/serializer/*.desktop r, /usr/share/hwdata/*.ids r, - /usr/share/icons/{,**} r, /usr/share/mime/{,**} r, - /usr/share/qt/translations/*.qm r, + /usr/share/qt{5,}/translations/*.qm r, /etc/machine-id r, + /etc/xdg/kdeglobals r, + /etc/xdg/kwinrc r, owner @{user_cache_dirs}/icon-cache.kcache rw, - owner @{user_config_dirs}/kmail2rc r, owner @{user_config_dirs}/#[0-9]* rw, + owner @{user_config_dirs}/akonadi_archivemail_agentrc r, + owner @{user_config_dirs}/akonadi/agent_config_akonadi_archivemail_agent r, owner @{user_config_dirs}/akonadi/agent_config_akonadi_archivemail_agent_changes{,.dat} r, owner @{user_config_dirs}/akonadi/akonadiconnectionrc r, owner @{user_config_dirs}/emaildefaults r, owner @{user_config_dirs}/emailidentities.lock rwk, owner @{user_config_dirs}/emailidentities* rwl, + owner @{user_config_dirs}/kmail2rc r, owner @{user_config_dirs}/kdedefaults/kdeglobals r, owner @{user_config_dirs}/kdedefaults/kwinrc r, diff --git a/apparmor.d/groups/akonadi/akonadi_birthdays_resource b/apparmor.d/groups/akonadi/akonadi_birthdays_resource index 3dfcf8ba..4b579edd 100644 --- a/apparmor.d/groups/akonadi/akonadi_birthdays_resource +++ b/apparmor.d/groups/akonadi/akonadi_birthdays_resource @@ -10,15 +10,21 @@ include profile akonadi_birthdays_resource @{exec_path} { include include + include include include include + include include @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/qt/translations/*.qm r, + /usr/share/qt{5,}/translations/*.qm r, + /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + + /etc/xdg/kdeglobals r, + /etc/xdg/kwinrc r, owner @{user_cache_dirs}/icon-cache.kcache rw, diff --git a/apparmor.d/groups/akonadi/akonadi_contacts_resource b/apparmor.d/groups/akonadi/akonadi_contacts_resource index cc9b35b2..b332af21 100644 --- a/apparmor.d/groups/akonadi/akonadi_contacts_resource +++ b/apparmor.d/groups/akonadi/akonadi_contacts_resource @@ -10,15 +10,19 @@ include profile akonadi_contacts_resource @{exec_path} { include include + include include include include + include include @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/qt/translations/*.qm r, + + /etc/xdg/kdeglobals r, + /etc/xdg/kwinrc r, owner @{user_cache_dirs}/icon-cache.kcache rw, diff --git a/apparmor.d/groups/akonadi/akonadi_control b/apparmor.d/groups/akonadi/akonadi_control index b78005bc..0faef921 100644 --- a/apparmor.d/groups/akonadi/akonadi_control +++ b/apparmor.d/groups/akonadi/akonadi_control @@ -14,6 +14,7 @@ profile akonadi_control @{exec_path} { include include include + include @{exec_path} mr, @@ -22,7 +23,10 @@ profile akonadi_control @{exec_path} { /usr/share/akonadi/{,**} r, /usr/share/hwdata/*.ids r, - /usr/share/qt/translations/*.qm r, + /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + + /etc/xdg/kdeglobals r, + /etc/xdg/kwinrc r, owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_cache_dirs}/akonadi/{,**} rwl, diff --git a/apparmor.d/groups/akonadi/akonadi_followupreminder_agent b/apparmor.d/groups/akonadi/akonadi_followupreminder_agent index 6764978e..ff6f2f87 100644 --- a/apparmor.d/groups/akonadi/akonadi_followupreminder_agent +++ b/apparmor.d/groups/akonadi/akonadi_followupreminder_agent @@ -10,10 +10,12 @@ include profile akonadi_followupreminder_agent @{exec_path} { include include + include include include include include + include network inet dgram, network inet6 dgram, @@ -22,10 +24,14 @@ profile akonadi_followupreminder_agent @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/qt/translations/*.qm r, + /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + + /etc/xdg/kdeglobals r, + /etc/xdg/kwinrc r, owner @{user_cache_dirs}/icon-cache.kcache rw, + owner @{user_config_dirs}/akonadi_followupreminder_agentrc r, owner @{user_config_dirs}/akonadi/agent_config_akonadi_followupreminder_agent{,_changes.dat} r, owner @{user_config_dirs}/akonadi/akonadiconnectionrc r, diff --git a/apparmor.d/groups/akonadi/akonadi_indexing_agent b/apparmor.d/groups/akonadi/akonadi_indexing_agent index 7b183af6..c1720e61 100644 --- a/apparmor.d/groups/akonadi/akonadi_indexing_agent +++ b/apparmor.d/groups/akonadi/akonadi_indexing_agent @@ -10,18 +10,24 @@ include profile akonadi_indexing_agent @{exec_path} { include include + include + include include include + include + include include @{exec_path} mr, + /usr/share/akonadi/plugins/serializer/*.desktop r, /usr/share/hwdata/*.ids r, - /usr/share/icons/{,**} r, + /usr/share/icu/[0-9]*.[0-9]*/*.dat r, /usr/share/mime/{,**} r, - /usr/share/qt/translations/*.qm r, /etc/machine-id r, + /etc/xdg/kdeglobals r, + /etc/xdg/kwinrc r, owner @{user_cache_dirs}/icon-cache.kcache rw, @@ -34,7 +40,7 @@ profile akonadi_indexing_agent @{exec_path} { owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwinrc r, - owner @{user_share_dirs}/akonadi/search_db/** rwk, + owner @{user_share_dirs}/akonadi/** rwk, @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/random/boot_id r, diff --git a/apparmor.d/groups/akonadi/akonadi_maildir_resource b/apparmor.d/groups/akonadi/akonadi_maildir_resource index 3a0a27fa..f021b99e 100644 --- a/apparmor.d/groups/akonadi/akonadi_maildir_resource +++ b/apparmor.d/groups/akonadi/akonadi_maildir_resource @@ -10,30 +10,38 @@ include profile akonadi_maildir_resource @{exec_path} { include include + include + include include include + include + include include @{exec_path} mr, + /usr/share/akonadi/plugins/serializer/*.desktop r, /usr/share/hwdata/*.ids r, - /usr/share/icons/{,**} r, /usr/share/mime/{,**} r, - /usr/share/qt/translations/*.qm r, + /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + + /etc/xdg/kdeglobals r, + /etc/xdg/kwinrc r, owner @{user_cache_dirs}/icon-cache.kcache rw, - owner @{user_config_dirs}/akonadi/agent_config_akonadi_maildir_resource_[0-9]{,_changes.dat} r, - owner @{user_config_dirs}/akonadi/akonadiconnectionrc r, owner @{user_config_dirs}/akonadi_maildir_resource_[0-9]rc r, + owner @{user_config_dirs}/akonadi/agent_config_akonadi_maildir_resource_[0-9]{,_changes.dat} rw, + owner @{user_config_dirs}/akonadi/akonadiconnectionrc r, owner @{user_config_dirs}/kdedefaults/kdeglobals r, owner @{user_config_dirs}/kdedefaults/kwinrc r, owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwinrc r, - owner @{user_share_dirs}/local-mail/{,**} r, + owner @{user_share_dirs}/akonadi/{,**} rwk, + owner @{user_share_dirs}/local-mail*/{,**} rw, - @{PROC}/sys/kernel/core_pattern r, + @{PROC}/sys/kernel/core_pattern rw, /dev/tty r, diff --git a/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent b/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent index ade1975a..e82ba3b3 100644 --- a/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent +++ b/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent @@ -10,8 +10,12 @@ include profile akonadi_maildispatcher_agent @{exec_path} { include include + include + include include include + include + include include network inet dgram, @@ -23,13 +27,17 @@ profile akonadi_maildispatcher_agent @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icons/{,**} r, /usr/share/mime/{,**} r, - /usr/share/qt/translations/*.qm r, + /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + + /etc/xdg/kdeglobals r, + /etc/xdg/kwinrc r, + /etc/machine-id r, owner @{user_cache_dirs}/icon-cache.kcache rw, - owner @{user_config_dirs}/akonadi/agent_config_akonadi_maildispatcher_agent_changes.dat r, + owner @{user_config_dirs}/akonadi/#[0-9]* rw, + owner @{user_config_dirs}/akonadi/agent_config_akonadi_maildispatcher_agent* rwkl, owner @{user_config_dirs}/akonadi/akonadiconnectionrc r, owner @{user_config_dirs}/kdedefaults/kdeglobals r, owner @{user_config_dirs}/kdedefaults/kwinrc r, diff --git a/apparmor.d/groups/akonadi/akonadi_mailfilter_agent b/apparmor.d/groups/akonadi/akonadi_mailfilter_agent index 22720261..5218cf71 100644 --- a/apparmor.d/groups/akonadi/akonadi_mailfilter_agent +++ b/apparmor.d/groups/akonadi/akonadi_mailfilter_agent @@ -10,37 +10,50 @@ include profile akonadi_mailfilter_agent @{exec_path} { include include + include + include include include + include + include include ptrace (read) peer=akonadi_archivemail_agent, @{exec_path} mr, + /usr/share/akonadi/plugins/serializer/*.desktop r, /usr/share/hwdata/*.ids r, - /usr/share/icons/{,**} r, + /usr/share/icu/[0-9]*.[0-9]*/*.dat r, /usr/share/mime/{,**} r, - /usr/share/qt/translations/*.qm r, /etc/machine-id r, + /etc/xdg/kdeglobals r, + /etc/xdg/kwinrc r, owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_config_dirs}/#[0-9]* rw, + owner @{user_config_dirs}/agent_config_akonadi_mailfilter_agent r, + owner @{user_config_dirs}/akonadi_*_resource_*rc r, + owner @{user_config_dirs}/akonadi_mailfilter_agentrc r, owner @{user_config_dirs}/akonadi/agent_config_akonadi_mailfilter_agent_changes{,.dat} r, owner @{user_config_dirs}/akonadi/akonadiconnectionrc r, + owner @{user_config_dirs}/emaildefaults r, owner @{user_config_dirs}/emailidentities.lock rwk, owner @{user_config_dirs}/emailidentities* rwl, - owner @{user_config_dirs}/kmail2rc r, - owner @{user_config_dirs}/specialmailcollectionsrc r, owner @{user_config_dirs}/kdedefaults/kdeglobals r, owner @{user_config_dirs}/kdedefaults/kwinrc r, owner @{user_config_dirs}/kdeglobals r, + owner @{user_config_dirs}/kmail2rc r, owner @{user_config_dirs}/kwinrc r, + owner @{user_config_dirs}/specialmailcollectionsrc r, + + owner @{user_share_dirs}/akonadi/file_db_data/{,**} r, + @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/random/boot_id r, diff --git a/apparmor.d/groups/akonadi/akonadi_migration_agent b/apparmor.d/groups/akonadi/akonadi_migration_agent index b5c78288..db863424 100644 --- a/apparmor.d/groups/akonadi/akonadi_migration_agent +++ b/apparmor.d/groups/akonadi/akonadi_migration_agent @@ -9,20 +9,26 @@ include @{exec_path} = /{usr/,}bin/akonadi_migration_agent profile akonadi_migration_agent @{exec_path} { include - include include - include + include include + include + include + include + include @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icons/{,**} r, /usr/share/mime/{,**} r, - /usr/share/qt/translations/*.qm r, + /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + + /etc/xdg/kdeglobals r, + /etc/xdg/kwinrc r, owner @{user_cache_dirs}/icon-cache.kcache rw, + owner @{user_config_dirs}/akonadi-migrationrc r, owner @{user_config_dirs}/akonadi/agent_config_akonadi_migration_agent_changes{,.dat} r, owner @{user_config_dirs}/akonadi/akonadiconnectionrc r, owner @{user_config_dirs}/kdedefaults/kdeglobals r, diff --git a/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent b/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent index bb7196a1..fc9239aa 100644 --- a/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent +++ b/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent @@ -10,22 +10,29 @@ include profile akonadi_newmailnotifier_agent @{exec_path} { include include + include + include include include + include + include include @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icons/{,**} r, /usr/share/mime/{,**} r, - /usr/share/qt/translations/*.qm r, + /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/knotifications5/akonadi_newmailnotifier_agent.notifyrc r, /etc/machine-id r, + /etc/xdg/kdeglobals r, + /etc/xdg/kwinrc r, owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_config_dirs}/#[0-9]* rw, + owner @{user_config_dirs}/akonadi_newmailnotifier_agentrc r, owner @{user_config_dirs}/akonadi/agent_config_akonadi_newmailnotifier_agent_changes{,_changes.dat,.dat} r, owner @{user_config_dirs}/akonadi/akonadiconnectionrc r, owner @{user_config_dirs}/emaildefaults r, diff --git a/apparmor.d/groups/akonadi/akonadi_notes_agent b/apparmor.d/groups/akonadi/akonadi_notes_agent index 5e30342a..744bd1f8 100644 --- a/apparmor.d/groups/akonadi/akonadi_notes_agent +++ b/apparmor.d/groups/akonadi/akonadi_notes_agent @@ -10,8 +10,12 @@ include profile akonadi_notes_agent @{exec_path} { include include + include + include include include + include + include include network inet dgram, @@ -22,12 +26,15 @@ profile akonadi_notes_agent @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icons/{,**} r, /usr/share/mime/{,**} r, /usr/share/qt/translations/*.qm r, + /etc/xdg/kdeglobals r, + /etc/xdg/kwinrc r, + owner @{user_cache_dirs}/icon-cache.kcache rw, + owner @{user_config_dirs}/akonadi_*_agentrc r, owner @{user_config_dirs}/akonadi/agent_config_akonadi_notes_agent_changes{,.dat} r, owner @{user_config_dirs}/akonadi/akonadiconnectionrc r, owner @{user_config_dirs}/kdedefaults/kdeglobals r, diff --git a/apparmor.d/groups/akonadi/akonadi_sendlater_agent b/apparmor.d/groups/akonadi/akonadi_sendlater_agent index 2975cc50..32252992 100644 --- a/apparmor.d/groups/akonadi/akonadi_sendlater_agent +++ b/apparmor.d/groups/akonadi/akonadi_sendlater_agent @@ -9,10 +9,14 @@ include @{exec_path} = /{usr/,}bin/akonadi_sendlater_agent profile akonadi_sendlater_agent @{exec_path} { include - include include - include + include + include include + include + include + include + include network inet dgram, network inet6 dgram, @@ -22,12 +26,15 @@ profile akonadi_sendlater_agent @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icons/{,**} r, + /usr/share/icu/[0-9]*.[0-9]*/*.dat r, /usr/share/mime/{,**} r, - /usr/share/qt/translations/*.qm r, + + /etc/xdg/kdeglobals r, + /etc/xdg/kwinrc r, owner @{user_cache_dirs}/icon-cache.kcache rw, + owner @{user_config_dirs}/akonadi_sendlater_agentrc r, owner @{user_config_dirs}/akonadi/agent_config_akonadi_sendlater_agent_changes{,.dat} r, owner @{user_config_dirs}/akonadi/akonadiconnectionrc r, diff --git a/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent b/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent index 93dedbe8..d876a4fa 100644 --- a/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent +++ b/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent @@ -10,19 +10,26 @@ include profile akonadi_unifiedmailbox_agent @{exec_path} { include include + include + include include include + include + include include @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icons/{,**} r, /usr/share/mime/{,**} r, - /usr/share/qt/translations/*.qm r, + /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + + /etc/xdg/kdeglobals r, + /etc/xdg/kwinrc r, owner @{user_cache_dirs}/icon-cache.kcache rw, + owner @{user_config_dirs}/akonadi_unifiedmailbox_agentrc r, owner @{user_config_dirs}/{*,akonadi/}agent_config_akonadi_unifiedmailbox_agent{,_changes.dat,.conf_changes.dat} r, owner @{user_config_dirs}/{*,akonadi/}akonadi_unifiedmailbox_agent{,_changes.dat,.conf_changes.dat} r, owner @{user_config_dirs}/akonadi/akonadiconnectionrc r,