Various updates (#271)

* Update kwin_wayland * Update plasmashell * Update pacman-hook-fontconfig * Update ksplashqml `/usr/share/qt/translations/*.qm r,` is also in the qt5 abstraction. However, it seems that all other rules therein are not needed so I didn't use that abstraction. * Update startplasma
2024-11-15 07:54:17 +01:00 · 2024-01-10 21:03:11 +01:00 · 2024-01-10 21:03:11 +01:00 · a16cbede0b
commit a16cbede0b
parent e8651dc367
5 changed files with 21 additions and 9 deletions
--- a/apparmor.d/groups/kde/ksplashqml
+++ b/apparmor.d/groups/kde/ksplashqml
@ -18,9 +18,16 @@ profile ksplashqml @{exec_path} {
  @{exec_path} mr,

  /usr/share/plasma/** r,
+  /usr/share/qt/translations/*.qm r,

+  owner @{user_cache_dirs}/icon-cache.kcache rw, 
+  owner @{user_cache_dirs}/ksplash/qmlcache/*.qmlc rwl -> @{user_cache_dirs}/ksplash/qmlcache/#@{int},
+  owner @{user_cache_dirs}/ksplash/qmlcache/#@{int} rw,
+  owner @{user_cache_dirs}/ksplash/qmlcache/*.qmlc.@{rand6} rwl -> @{user_cache_dirs}/ksplash/qmlcache/#@{int},
  owner @{user_config_dirs}/kdedefaults/* r,
  owner @{user_config_dirs}/kdeglobals r,

+  @{PROC}/sys/kernel/core_pattern r,
+
  include if exists <local/ksplashqml>
-}
+}
--- a/apparmor.d/groups/kde/kwin_wayland
+++ b/apparmor.d/groups/kde/kwin_wayland
@ -32,7 +32,10 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
  @{bin}/plasmashell          r,
  @{bin}/Xwayland             rPx,
  @{lib}/kscreenlocker_greet  rPx,
+  @{lib}/kwin_killer_helper   rix,

+  /usr/share/color-schemes/*.colors r,
+  /usr/share/desktop-directories/*.directory r,
  /usr/share/hwdata/pnp.ids r,
  /usr/share/kglobalaccel/{,**} r,
  /usr/share/knotifications5/ksmserver.notifyrc r,
@ -40,7 +43,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
  /usr/share/kservicetypes5/{,*.desktop} r,
  /usr/share/kwin/{,**} r,
  /usr/share/libinput/{,**} r,
-  /usr/share/plasma/desktoptheme/default/{metadata.json,plasmarc} r,
+  /usr/share/plasma/desktoptheme/default/** r,
  /usr/share/qt/translations/*.qm r,
  /usr/share/X11/xkb/{,**} r,

@ -48,9 +51,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
  /etc/xdg/menus/{,applications.menu} r,
  /etc/pipewire/client.conf.d/ r,
  /usr/share/pipewire/client.conf r,
-  /usr/share/plasma/desktoptheme/default/** r,
-  /usr/share/desktop-directories/*.directory r,
-  
+    
  owner /var/lib/sddm/.cache/#@{int} rwk,
  owner /var/lib/sddm/.cache/fontconfig/* rwk,
  owner /var/lib/sddm/.cache/fontconfig/*-le64.cache-@{int}{,TMP-@{rand6},NEW,LCK} w,
@ -60,6 +61,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
  owner /var/lib/sddm/.cache/ksycoca5_* rwkl  -> /var/lib/sddm/.cache/#@{int},

  owner /var/lib/sddm/.config/#@{int} rw,
+  owner /var/lib/sddm/.config/kcminputrc r,
  owner /var/lib/sddm/.config/kdeglobals r,
  owner /var/lib/sddm/.config/kglobalshortcutsrc.lock rwk,
  owner /var/lib/sddm/.config/kglobalshortcutsrc{,.@{rand6}} rwl -> /var/lib/sddm/.config/#@{int},
@ -70,11 +72,12 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
  owner @{user_cache_dirs}/#@{int} rw,
  owner @{user_cache_dirs}/icon-cache.kcache rw,
  owner @{user_cache_dirs}/ksycoca5_* r,
+  owner @{user_cache_dirs}/ksycoca5_* rwkl -> @{user_cache_dirs}/#@{int},
  owner @{user_cache_dirs}/kwin/qmlcache/*.qmlc rw,
  owner @{user_cache_dirs}/kwin/qmlcache/*.qmlc.@{rand6} rwl -> @{user_cache_dirs}/kwin/qmlcache/#@{int},
  owner @{user_cache_dirs}/kwin/qmlcache/#@{int} rw,
  owner @{user_cache_dirs}/plasma_theme_default_v*.kcache rw,
-  owner @{user_cache_dirs}/plasma-svgelements r,
+  owner @{user_cache_dirs}/plasma-svgelements rw,
  owner @{user_cache_dirs}/plasma-svgelements.@{rand6} rwl -> @{user_cache_dirs}/#@{int},
  owner @{user_cache_dirs}/plasma-svgelements.lock rwk,
  owner @{user_share_dirs}/kscreen/* r,
--- a/apparmor.d/groups/kde/plasmashell
+++ b/apparmor.d/groups/kde/plasmashell
@ -137,9 +137,10 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {

  owner @{user_share_dirs}/#@{int} rw,
  owner @{user_share_dirs}/akonadi/search_db/{,**} r,
-  owner @{user_share_dirs}/kactivitymanagerd/resources/database rk,
+  owner @{user_share_dirs}/kactivitymanagerd/resources/database rwk,
  owner @{user_share_dirs}/kactivitymanagerd/resources/database-shm rwk,
  owner @{user_share_dirs}/kactivitymanagerd/resources/database-wal rw,
+  owner @{user_share_dirs}/kio/servicemenus/{,**} r,
  owner @{user_share_dirs}/klipper/{,*} rwl,
  owner @{user_share_dirs}/konsole/ r,
  owner @{user_share_dirs}/kpeople/persondb rwk,
--- a/apparmor.d/groups/kde/startplasma
+++ b/apparmor.d/groups/kde/startplasma
@ -38,7 +38,7 @@ profile startplasma @{exec_path} {
  owner @{HOME}/.Xauthority r,

  owner @{user_cache_dirs}/ rw,
-  owner @{user_cache_dirs}/#@{int} rw,
+  owner @{user_cache_dirs}/#@{int} rwk,
  owner @{user_cache_dirs}/kcrash-metadata/ rw,
        @{user_cache_dirs}/ksycoca5_* rwkl -> @{user_cache_dirs}/#@{int},
  owner @{user_cache_dirs}/plasma-svgelements rw,
--- a/apparmor.d/groups/pacman/pacman-hook-fontconfig
+++ b/apparmor.d/groups/pacman/pacman-hook-fontconfig
@ -21,6 +21,7 @@ profile pacman-hook-fontconfig @{exec_path} {
  /etc/fonts/conf.d/* rwl,
  /usr/share/fontconfig/conf.default/* r,

+  /dev/pts/@{int} rw,
  /dev/tty rw,

  # Inherit Silencer
@ -28,4 +29,4 @@ profile pacman-hook-fontconfig @{exec_path} {
  deny network inet stream,

  include if exists <local/pacman-hook-fontconfig>
-}
+}