diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary index d3fc1162..9d9a6736 100644 --- a/apparmor.d/groups/gnome/gnome-session-binary +++ b/apparmor.d/groups/gnome/gnome-session-binary @@ -139,18 +139,19 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { @{bin}/xdg-user-dirs-update rPx, @{lib}/{,at-spi2{,-core}/}at-spi-bus-launcher rPx, @{lib}/{,gnome-shell/}gnome-shell-overrides-migration.sh rPx, - @{lib}/@{multiarch}/libexec/kdeconnectd rPUx, @{lib}/@{multiarch}/xapps/sn-watcher/xapp-sn-watcher rPUx, @{lib}/baloo_file rPx, @{lib}/caribou/caribou rPUx, @{lib}/deja-dup/deja-dup-monitor rPx, - @{lib}/evolution-data-server/{,evolution-data-server/}evolution-alarm-notify rPx, @{lib}/gsd-disk-utility-notify rPx, @{lib}/update-notifier/ubuntu-advantage-notification rPx, @{lib}/xapps/sn-watcher/* rPUx, @{thunderbird_path} rPx, /usr/share/libpam-kwallet-common/pam_kwallet_init rPUx, + #aa:exec evolution-alarm-notify + #aa:exec PU kdeconnectd + include if exists include if exists } diff --git a/apparmor.d/groups/kde/dolphin b/apparmor.d/groups/kde/dolphin index 71cbb5f5..dabc8cb4 100644 --- a/apparmor.d/groups/kde/dolphin +++ b/apparmor.d/groups/kde/dolphin @@ -27,14 +27,8 @@ profile dolphin @{exec_path} { @{exec_path} mr, @{bin}/ldd rix, - - @{lib}/@{multiarch}/{,libexec/}kf5/kioslave5 rPx, - @{lib}/@{multiarch}/{,libexec/}kf6/kioworker rPx, - @{lib}/kf5/kioslave5 rPx, - @{lib}/kf6/kioworker rPx, - - # Share functions - @{lib}/thunderbird/thunderbird.sh rPx, + @{thunderbird_path} rPx, + #aa:exec kioworker /usr/share/kf5/kmoretools/{,**} r, /usr/share/kio/{,**} r, diff --git a/apparmor.d/groups/kde/kded b/apparmor.d/groups/kde/kded index bd8e9f03..204c9499 100644 --- a/apparmor.d/groups/kde/kded +++ b/apparmor.d/groups/kde/kded @@ -68,9 +68,9 @@ profile kded @{exec_path} { @{bin}/xrdb rPx, @{bin}/xsettingsd rPx, @{lib}/drkonqi rPx, - @{lib}/kf{5,6}/kconf_update rPx, - @{lib}/{,@{multiarch}/}libexec/kf{5,6}/kconf_update rPx, - @{lib}/{,@{multiarch}/}utempter/utempter rPx, + + #aa:exec utempter + #aa:exec kconf_update /usr/share/kconf_update/ r, /usr/share/kded{5,6}/{,**} r, diff --git a/apparmor.d/groups/kde/kioworker b/apparmor.d/groups/kde/kioworker index 88cc7f7a..2fae9855 100644 --- a/apparmor.d/groups/kde/kioworker +++ b/apparmor.d/groups/kde/kioworker @@ -34,7 +34,8 @@ profile kioworker @{exec_path} { @{lib}/libheif/ r, @{lib}/libheif/*.so* rm, - @{lib}/kf{5,6}/kio_http_cache_cleaner rPx, + + #aa:exec kio_http_cache_cleaner /usr/share/kio_desktop/directory.desktop r, /usr/share/kservices{5,6}/{,**} r, diff --git a/apparmor.d/groups/kde/konsole b/apparmor.d/groups/kde/konsole index f7ddb8ea..e80e4435 100644 --- a/apparmor.d/groups/kde/konsole +++ b/apparmor.d/groups/kde/konsole @@ -26,7 +26,7 @@ profile konsole @{exec_path} flags=(attach_disconnected) { @{bin}/@{shells} rUx, @{browsers_path} rPx, - @{lib}/{,@{multiarch}/}utempter/utempter rPx, + #aa:exec utempter /usr/share/color-schemes/{,**} r, /usr/share/kf6/{,**} r, diff --git a/apparmor.d/groups/kde/kscreenlocker-greet b/apparmor.d/groups/kde/kscreenlocker_greet similarity index 97% rename from apparmor.d/groups/kde/kscreenlocker-greet rename to apparmor.d/groups/kde/kscreenlocker_greet index c96cb563..58a81659 100644 --- a/apparmor.d/groups/kde/kscreenlocker-greet +++ b/apparmor.d/groups/kde/kscreenlocker_greet @@ -9,7 +9,7 @@ include @{exec_path} = @{lib}/kscreenlocker_greet @{exec_path} += @{lib}/@{multiarch}/{,libexec/}kscreenlocker_greet -profile kscreenlocker-greet @{exec_path} { +profile kscreenlocker_greet @{exec_path} { include include include @@ -107,5 +107,5 @@ profile kscreenlocker-greet @{exec_path} { /dev/tty r, - include if exists + include if exists } diff --git a/apparmor.d/groups/kde/ksmserver b/apparmor.d/groups/kde/ksmserver index fbf45093..374eacaa 100644 --- a/apparmor.d/groups/kde/ksmserver +++ b/apparmor.d/groups/kde/ksmserver @@ -21,15 +21,12 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{exec_path} mr, - @{bin}/rm rix, + @{bin}/rm rix, + @{thunderbird_path} rPx, - @{lib}/@{multiarch}/{,libexec/}DiscoverNotifier rPx, - @{lib}/@{multiarch}/libexec/DiscoverNotifier rPx, - @{lib}/@{multiarch}/libexec/kscreenlocker_greet rPx, - @{lib}/DiscoverNotifier rPx, - @{lib}/drkonqi rPx, - @{lib}/kscreenlocker_greet rPx, - @{thunderbird_path} rPx, + #aa:exec DiscoverNotifier + #aa:exec drkonqi + #aa:exec kscreenlocker_greet @{user_bin_dirs}/** rPUx, diff --git a/apparmor.d/groups/kde/kwin_wayland b/apparmor.d/groups/kde/kwin_wayland index 1012d84d..b764ebcf 100644 --- a/apparmor.d/groups/kde/kwin_wayland +++ b/apparmor.d/groups/kde/kwin_wayland @@ -30,10 +30,10 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) { @{bin}/kcminit rPx, @{bin}/plasmashell r, @{bin}/Xwayland rPx, - @{lib}/kscreenlocker_greet rPx, - @{lib}/@{multiarch}/libexec/kscreenlocker_greet rPx, @{lib}/kwin_killer_helper rix, + #aa:exec kscreenlocker_greet + /usr/share/color-schemes/*.colors r, /usr/share/desktop-directories/*.directory r, /usr/share/kglobalaccel/{,**} r, diff --git a/apparmor.d/groups/kde/kwin_x11 b/apparmor.d/groups/kde/kwin_x11 index d108023d..d7db0a64 100644 --- a/apparmor.d/groups/kde/kwin_x11 +++ b/apparmor.d/groups/kde/kwin_x11 @@ -25,7 +25,8 @@ profile kwin_x11 @{exec_path} { @{sh_path} rix, @{lib}/kwin_killer_helper rix, - @{lib}/drkonqi rPx, + + #aa:exec drkonqi /usr/share/kwin/{,**} r, /usr/share/plasma/desktoptheme/{,**} r, diff --git a/apparmor.d/groups/kde/plasma-discover b/apparmor.d/groups/kde/plasma-discover index e9c82cc5..c06c3c18 100644 --- a/apparmor.d/groups/kde/plasma-discover +++ b/apparmor.d/groups/kde/plasma-discover @@ -35,11 +35,8 @@ profile plasma-discover @{exec_path} { @{bin}/gpgconf rCx -> gpg, @{bin}/gpgsm rCx -> gpg, - @{lib}/@{multiarch}/{,libexec/}kf5/kioslave5 rPx, - @{lib}/@{multiarch}/{,libexec/}kf6/kioworker rPx, - @{lib}/kf{5,6}/kio_http_cache_cleaner rPx, - @{lib}/kf5/kioslave5 rPx, - @{lib}/kf6/kioworker rPx, + #aa:exec kio_http_cache_cleaner + #aa:exec kioworker /usr/share/knotifications{5,6}/plasma_workspace.notifyrc r, /usr/share/knsrcfiles/{,*} r, diff --git a/apparmor.d/groups/kde/plasma_session b/apparmor.d/groups/kde/plasma_session index 19131388..0041d753 100644 --- a/apparmor.d/groups/kde/plasma_session +++ b/apparmor.d/groups/kde/plasma_session @@ -24,15 +24,13 @@ profile plasma_session @{exec_path} { @{bin}/plasmashell rPx, @{bin}/spice-vdagent rPx, @{bin}/xembedsniproxy rPx, - @{lib}/baloo_file rPx, - @{lib}/DiscoverNotifier rPx, - @{lib}/geoclue-2.0/demos/agent rPx, - @{lib}/org_kde_powerdevil rPx, @{lib}/pam_kwallet_init rPx, - @{lib}/polkit-kde-authentication-agent-[0-9] rPx, - @{lib}/@{multiarch}/{,libexec/}org_kde_powerdevil rPx, - @{lib}/@{multiarch}/{,libexec/}polkit-kde-authentication-agent-[0-9] rPx, + #aa:exec baloo + #aa:exec DiscoverNotifier + #aa:exec geoclue + #aa:exec kde-powerdevil + #aa:exec polkit-kde-authentication-agent /usr/share/kservices{5,6}/{,**} r, /usr/share/knotifications{5,6}/{,**} r, diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell index b1273610..640b82af 100644 --- a/apparmor.d/groups/kde/plasmashell +++ b/apparmor.d/groups/kde/plasmashell @@ -2,13 +2,6 @@ # Copyright (C) 2023-2024 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -# When we have issues: - -# owner @{user_config_dirs}/#@{int} rw, -# owner @{user_config_dirs}/QtProject.conf rwl -> @{user_config_dirs}/#@{int}, -# owner @{user_config_dirs}/QtProject.conf.@{rand6} rwl -> @{user_config_dirs}/#@{int}, -# owner @{user_config_dirs}/QtProject.conf.lock rwk, - abi , include @@ -61,10 +54,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { @{bin}/xrdb rPx, @{lib}/kf{5,6}/kdesu{,d} rix, - @{lib}/@{multiarch}/{,libexec/}kf5/kioslave5 rPx, - @{lib}/@{multiarch}/{,libexec/}kf6/kioworker rPx, - @{lib}/kf5/kioslave5 rPx, - @{lib}/kf6/kioworker rPx, + #aa:exec kioworker /usr/share/akonadi/firstrun/{,*} r, /usr/share/akonadi/plugins/serializer/{,*.desktop} r,