From c5998d37a2c89e01181cfa6cf499e9b0bf02e04e Mon Sep 17 00:00:00 2001 From: Jeroen Rijken Date: Sun, 6 Aug 2023 17:02:04 +0200 Subject: [PATCH] Add kstart, XDG KDE updates Signed-off-by: Jeroen Rijken --- apparmor.d/groups/freedesktop/xdg-mime | 1 + apparmor.d/groups/freedesktop/xdg-settings | 1 + apparmor.d/groups/kde/kglobalaccel5 | 2 +- apparmor.d/groups/kde/kstart | 25 ++++++++++++++++++++++ 4 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 apparmor.d/groups/kde/kstart diff --git a/apparmor.d/groups/freedesktop/xdg-mime b/apparmor.d/groups/freedesktop/xdg-mime index 364c6a8b..ef0e156f 100644 --- a/apparmor.d/groups/freedesktop/xdg-mime +++ b/apparmor.d/groups/freedesktop/xdg-mime @@ -21,6 +21,7 @@ profile xdg-mime @{exec_path} flags=(attach_disconnected) { @{bin}/cut rix, @{bin}/file rix, @{bin}/head rix, + @{bin}/ktraderclient5 rPUx, @{bin}/mv rix, @{bin}/readlink rix, @{bin}/sed rix, diff --git a/apparmor.d/groups/freedesktop/xdg-settings b/apparmor.d/groups/freedesktop/xdg-settings index 4153c11e..9bb6558f 100644 --- a/apparmor.d/groups/freedesktop/xdg-settings +++ b/apparmor.d/groups/freedesktop/xdg-settings @@ -19,6 +19,7 @@ profile xdg-settings @{exec_path} { @{bin}/basename rix, @{bin}/cat rix, @{bin}/cut rix, + @{bin}/kreadconfig5 rPx, @{bin}/mktemp rix, @{bin}/mv rix, @{bin}/readlink rix, diff --git a/apparmor.d/groups/kde/kglobalaccel5 b/apparmor.d/groups/kde/kglobalaccel5 index dd19481d..d2b00315 100644 --- a/apparmor.d/groups/kde/kglobalaccel5 +++ b/apparmor.d/groups/kde/kglobalaccel5 @@ -15,7 +15,7 @@ profile kglobalaccel5 @{exec_path} { @{exec_path} mr, - @{bin}/kstart rPUx, + @{bin}/kstart rPx, /usr/share/hwdata/*.ids r, /usr/share/icu/@{int}.@{int}/*.dat r, diff --git a/apparmor.d/groups/kde/kstart b/apparmor.d/groups/kde/kstart new file mode 100644 index 00000000..47ee7a9b --- /dev/null +++ b/apparmor.d/groups/kde/kstart @@ -0,0 +1,25 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Jeroen Rijken +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = /{usr/,}bin/kstart +profile kstart @{exec_path} flags=(complain,attach_disconnected) { + include + include + include + include + + unix (connect, send, receive) type=stream peer=(addr="@/tmp/.ICE-unix/4979"), + + @{exec_path} mr, + /{usr/,}bin/** rPUx, + /{usr/,}bin/konsole rUx, + + @{HOME}.Xauthority r, + + include if exists +}