From 6f586f1f46376f15c806e9d3f15066d1c97265d5 Mon Sep 17 00:00:00 2001 From: Besanon Date: Mon, 28 Oct 2024 15:39:41 +0100 Subject: [PATCH] Add lxqt-session, enable start in sddm (#580) --- .../groups/kde/kscreen_backend_launcher | 1 + apparmor.d/groups/kde/sddm | 2 + apparmor.d/groups/lxqt/lxqt-session | 98 +++++++++++++++++++ 3 files changed, 101 insertions(+) create mode 100644 apparmor.d/groups/lxqt/lxqt-session diff --git a/apparmor.d/groups/kde/kscreen_backend_launcher b/apparmor.d/groups/kde/kscreen_backend_launcher index 5e09b0cb..d4b547c7 100644 --- a/apparmor.d/groups/kde/kscreen_backend_launcher +++ b/apparmor.d/groups/kde/kscreen_backend_launcher @@ -10,6 +10,7 @@ include @{exec_path} += @{lib}/@{multiarch}/{,libexec/}kf{5,6}/kscreen_backend_launcher profile kscreen_backend_launcher @{exec_path} { include + include include @{exec_path} mr, diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm index 5e024adf..d8adff56 100644 --- a/apparmor.d/groups/kde/sddm +++ b/apparmor.d/groups/kde/sddm @@ -40,6 +40,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { ptrace (trace) peer=@{profile_name}, signal (receive) set=(hup) peer=@{p_systemd}, + signal (send) set=(kill, term) peer=lxqt-session, signal (send) set=(kill, term) peer=startplasma, signal (send) set=(kill, term) peer=xorg, signal (send) set=(kill, term) peer=xsetroot, @@ -94,6 +95,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{bin}/kwalletd{5,6} rPx, @{bin}/kwin_wayland rPx, @{bin}/sddm-greeter{,-qt6} rPx, + @{bin}/startlxqt rPx, @{bin}/startplasma-wayland rPx, @{bin}/startplasma-x11 rPx, @{bin}/sway rPUx, diff --git a/apparmor.d/groups/lxqt/lxqt-session b/apparmor.d/groups/lxqt/lxqt-session new file mode 100644 index 00000000..3a4a6cd6 --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-session @@ -0,0 +1,98 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/lxqt-session +profile lxqt-session @{exec_path} flags=(attach_disconnected) { + include + include + include + include + include + include + include + + network netlink raw, + + signal (send), + signal (receive) set=(kill, term) peer=startlxqt, + signal (receive) set=(kill, term) peer=sddm, + + ptrace (read), + + @{exec_path} mr, + + @{sh_path} rix, + @{bin}/sed rix, + @{bin}/readlink rix, + @{bin}/dirname rix, + @{bin}/system-config-printer-applet rPx, + @{bin}/dbus-update-activation-environment rCx -> dbus, + @{bin}/systemctl rCx -> systemctl, + + @{bin}/pavucontrol rPx, + @{lib}/geoclue-2.0/demos/agent rPx, + @{bin}/nm-connection-editor rPx, + @{bin}/nm-applet rPx, + @{bin}/openbox rix, + @{bin}/dconf-editor rPx, + @{bin}/setxkbmap rix, + @{bin}/start-pulseaudio-x11 rPx, + @{bin}/xrdb rPx, + @{bin}/xdg-user-dirs-update rPx, + + /usr/share/ r, + /usr/share/mime/ r, + /usr/share/cursors/ r, + /usr/share/backintime/common/* r, + /usr/share/desktop-directories/* r, + /usr/share/system-config-printer/* r, + + /etc/xdg/ r, + /etc/xdg/autostart/ r, + /etc/xdg/autostart/*.desktop r, + /etc/xdg/menus/lxqt-* r, + /etc/xdg/openbox/* r, + /etc/udev/udev.conf r, + + owner @{user_config_dirs}/autostart/ r, + owner @{user_config_dirs}/autostart/*.desktop r, + owner @{user_cache_dirs}/openbox/ rw, + owner @{user_cache_dirs}/openbox/sessions/ rw, + owner @{user_cache_dirs}/openbox/openbox.log rwk, + owner @{user_config_dirs}/mimeapps.list{,.@{rand6}} rw, + owner @{user_config_dirs}/openbox/rc.xml r, + + @{att}/@{run}/systemd/inhibit/@{int}.ref rw, + + @{PROC}/ r, + @{PROC}/uptime r, + @{PROC}/@{pid}/stat r, + owner @{PROC}/@{pid}/stat r, + + /dev/tty rw, + + profile systemctl { + include + include + + include if exists + } + profile dbus { + include + include + + @{bin}/dbus-update-activation-environment mr, + + include if exists + } + + include if exists +} + +# vim:syntax=apparmor