diff --git a/apparmor.d/groups/kde/kioslave5 b/apparmor.d/groups/kde/kioslave5 index b7795ffc..5dbed1b8 100644 --- a/apparmor.d/groups/kde/kioslave5 +++ b/apparmor.d/groups/kde/kioslave5 @@ -32,6 +32,7 @@ profile kioslave5 @{exec_path} { signal (receive) set=term peer=dolphin, signal (receive) set=term peer=firefox-kmozillahelper, + signal (receive) set=term peer=plasma-discover, signal (receive) set=term peer=plasmashell, @{exec_path} mr, @@ -46,6 +47,7 @@ profile kioslave5 @{exec_path} { /usr/share/kservices5/{,**} r, /usr/share/kservicetypes5/*.desktop r, /usr/share/mime/ r, + /usr/share/remoteview/* r, /etc/fstab r, /etc/xdg/kdeglobals r, diff --git a/apparmor.d/groups/kde/plasma-discover b/apparmor.d/groups/kde/plasma-discover index f8efa942..032f21b2 100644 --- a/apparmor.d/groups/kde/plasma-discover +++ b/apparmor.d/groups/kde/plasma-discover @@ -34,15 +34,21 @@ profile plasma-discover @{exec_path} { @{bin}/{,ba,da}sh rix, @{bin}/kreadconfig5 rPx, - @{lib}/kf5/kioslave5 rPx, - @{lib}/kf5/kio_http_cache_cleaner rPx, + @{bin}/gpg rCx -> gpg, + @{bin}/gpgconf rCx -> gpg, + @{bin}/gpgsm rCx -> gpg, + @{lib}/kf5/kioslave5 rPx, + @{lib}/kf5/kio_http_cache_cleaner rPx, - /usr/share/kservices5/{,*} r, + /usr/share/knotifications5/plasma_workspace.notifyrc r, /usr/share/knsrcfiles/{,*} r, + /usr/share/kservices5/{,*} r, + /usr/share/libdiscover/** r, /usr/share/qt/translations/*.qm r, /etc/appstream.conf r, /etc/flatpak/remotes.d/{,**} r, + /etc/gnutls/config r, /etc/machine-id r, /etc/xdg/ r, /etc/xdg/accept-languages.codes r, @@ -56,9 +62,10 @@ profile plasma-discover @{exec_path} { /var/lib/flatpak/repo/{,**} r, /var/lib/flatpak/appstream/{,**} r, - owner @{user_cache_dirs}/discover/{,**} rwl, - owner @{user_cache_dirs}/appstream/*.xb r, owner @{user_cache_dirs}/appstream/ r, + owner @{user_cache_dirs}/appstream/*.xb rw, + owner @{user_cache_dirs}/discover/{,**} rwl, + owner @{user_cache_dirs}/flatpak/system-cache/{,**} rw, owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_cache_dirs}/kio_http/ w, @@ -80,6 +87,13 @@ profile plasma-discover @{exec_path} { owner @{user_share_dirs}/knewstuff3/ r, owner @{user_share_dirs}/knewstuff3/ w, + owner /tmp/ostree-gpg-*/ rw, + owner /tmp/ostree-gpg-*/** rwkl -> /tmp/ostree-gpg-*/**, + owner /tmp/#@{int} rw, + + owner @{run}/user/@{uid}/.flatpak-cache rw, + owner @{run}/user/@{uid}/.flatpak/{,**} rw, + owner @{run}/user/@{uid}/.flatpak/**/*.ref rwk, owner @{run}/user/@{uid}/#@{int} rw, owner @{run}/user/@{uid}/discover@{rand6}.* rwl -> @{run}/user/@{uid}/#@{int}, @@ -89,5 +103,20 @@ profile plasma-discover @{exec_path} { /dev/tty r, + profile gpg { + include + + @{bin}/gpg{,2} mr, + @{bin}/gpgconf mr, + @{bin}/gpgsm mr, + + @{HOME}/@{XDG_GPG_DIR}/*.conf r, + + owner /tmp/ostree-gpg-*/ r, + owner /tmp/ostree-gpg-*/** rwkl -> /tmp/ostree-gpg-*/**, + + include if exists + } + include if exists } \ No newline at end of file diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm index 973e6b9f..06ac23af 100644 --- a/apparmor.d/groups/kde/sddm +++ b/apparmor.d/groups/kde/sddm @@ -77,7 +77,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{bin}/dbus-update-activation-environment rCx -> dbus, @{bin}/gnome-keyring-daemon rPx, @{bin}/kwalletd5 rPx, - @{bin}/startplasma-wayland rPUx, + @{bin}/startplasma-wayland rPx, @{bin}/startplasma-x11 rPx, @{bin}/systemctl rPx -> child-systemctl, @{bin}/xrdb rPx, diff --git a/apparmor.d/groups/kde/startplasma b/apparmor.d/groups/kde/startplasma index b4f32b3f..35d7a0c3 100644 --- a/apparmor.d/groups/kde/startplasma +++ b/apparmor.d/groups/kde/startplasma @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{bin}/startplasma-{wayland,x11} +@{exec_path} = @{bin}/startplasma-wayland @{bin}/startplasma-x11 profile startplasma @{exec_path} { include include