diff --git a/apparmor.d/groups/kde/kwin_wayland b/apparmor.d/groups/kde/kwin_wayland index d2cd58fa..3e9b01c4 100644 --- a/apparmor.d/groups/kde/kwin_wayland +++ b/apparmor.d/groups/kde/kwin_wayland @@ -17,6 +17,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) { include include include + include capability sys_nice, @@ -40,14 +41,30 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) { /usr/share/kwin/{,**} r, /usr/share/libinput/{,**} r, /usr/share/mime/ r, + /usr/share/plasma/desktoptheme/default/{metadata.json,plasmarc} r, /usr/share/qt/translations/*.qm r, /usr/share/X11/xkb/{,**} r, /etc/machine-id r, /etc/xdg/menus/ r, + /etc/pipewire/client.conf.d/ r, + /usr/share/pipewire/client.conf r, + + owner /var/lib/sddm/.cache/mesa_shader_cache/** r, + owner /var/lib/sddm/.cache/mesa_shader_cache/index rw, + owner /var/lib/sddm/.cache/ksycoca5_* r, + + owner /var/lib/sddm/.config/kdeglobals r, + owner /var/lib/sddm/.config/kglobalshortcutsrc r, + owner /var/lib/sddm/.config/kglobalshortcutsrc.lock rw, + owner /var/lib/sddm/.config/kwinrc r, + owner /var/lib/sddm/.config/kwinrc.lock rw, + owner /var/lib/sddm/.config/kwinrc.@{rand6} rwl -> /var/lib/sddm/.config/#@{int}, owner @{user_cache_dirs}/icon-cache.kcache rw, + owner @{user_share_dirs}/kscreen/* r, owner @{user_cache_dirs}/ksycoca5_* r, + owner @{user_cache_dirs}/plasma_theme_default_v*.kcache rw, owner @{user_config_dirs}/#@{int} rwl, owner @{user_config_dirs}/kcminputrc r, @@ -61,6 +78,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) { owner @{user_config_dirs}/kwinrc.lock rwk, owner @{user_config_dirs}/kwinrulesrc r, owner @{user_config_dirs}/kxkbrc r, + owner @{user_config_dirs}/menus/{,applications-merged/} r, @{run}/systemd/inhibit/*.ref rw, @@ -78,10 +96,16 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) { @{run}/udev/data/c13:@{int} r, # for /dev/input/* @{run}/udev/data/c226:@{int} r, # for /dev/dri/card* + @{run}/udev/data/+pci:* r, + @{run}/udev/data/+sound:card@{int} r, + @{run}/udev/data/+usb:* r, + @{run}/udev/data/c189:@{int} r, # for /dev/bus/usb/** + @{PROC}/sys/kernel/random/boot_id r, /dev/input/event@{int} rw, /dev/tty r, + /dev/tty@{int} rw, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/kde/kwin_wayland_wrapper b/apparmor.d/groups/kde/kwin_wayland_wrapper index e95bd746..1b91d08d 100644 --- a/apparmor.d/groups/kde/kwin_wayland_wrapper +++ b/apparmor.d/groups/kde/kwin_wayland_wrapper @@ -19,9 +19,10 @@ profile kwin_wayland_wrapper @{exec_path} { @{bin}/kwin_wayland rPx, owner @{run}/user/@{uid}/#@{int} rw, + owner @{run}/user/@{uid}/xauth_@{rand6} w, owner @{run}/user/@{uid}/wayland-*.lock rk, owner /tmp/.X1-lock rw, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm index b9d5f383..854a1adb 100644 --- a/apparmor.d/groups/kde/sddm +++ b/apparmor.d/groups/kde/sddm @@ -16,6 +16,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { include include include + include include include include @@ -40,6 +41,8 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { ptrace (read) peer=kwalletd5, signal (send) set=(kill, term) peer=startplasma, + signal (send) set=term peer=startplasma-wayland, + signal (send) set=term peer=sddm-greeter, signal (send) set=(kill, term) peer=xorg, @{exec_path} mr, @@ -48,6 +51,8 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{lib}/plasma-dbus-run-session-if-needed rix, @{lib}/sddm/sddm-helper rix, @{lib}/sddm/sddm-helper-start-wayland rix, + @{lib}/sddm/sddm-helper-start-x11user rix, + @{bin}/{,ba,da}sh rix, @{bin}/cat rix, @@ -121,6 +126,10 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { owner @{HOME}/.local/ w, owner @{HOME}/.Xauthority rw, + owner @{user_config_dirs}/kdeglobals r, + owner @{user_config_dirs}/kdedefaults/kdeglobals r, + owner @{user_config_dirs}/startkderc r, + owner @{user_share_dirs}/ w, owner @{user_share_dirs}/kwalletd/ rw, owner @{user_share_dirs}/kwalletd/kdewallet.salt rw,