mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-14 23:43:56 +01:00
feat(abs): update kde abs with common access.
This commit is contained in:
Alexandre Pujol
parent
619aa709f1
commit
cc139f1144
@ -129,7 +129,6 @@
|
||||
owner @{user_config_dirs}/gtk-3.0/servers r,
|
||||
owner @{user_share_dirs}/.@{domain}.@{rand6} rw,
|
||||
owner @{user_cache_dirs}/gtk-3.0/**/*.cache r,
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{config_dirs}/ rw,
|
||||
owner @{config_dirs}/** rwk,
|
||||
@ -137,8 +136,6 @@
|
||||
|
||||
owner @{cache_dirs}/{,**} rw,
|
||||
|
||||
owner @{user_config_dirs}/kcminputrc r,
|
||||
owner @{user_config_dirs}/kdedefaults/kcminputrc r,
|
||||
owner @{user_config_dirs}/kioslaverc r,
|
||||
owner @{user_config_dirs}/menus/applications-merged/ r,
|
||||
owner @{user_config_dirs}/menus/applications-merged/xdg-desktop-menu-dummy.menu r,
|
||||
|
||||
@ -22,13 +22,13 @@
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
/usr/{local/,}share/ r,
|
||||
/usr/{local/,}share/glib-@{int}.@{int}/schemas/** r,
|
||||
/usr/{local/,}share/glib-@{version}/schemas/** r,
|
||||
/usr/{local/,}share/gvfs/remote-volume-monitors/{,*} r,
|
||||
|
||||
/etc/gnome/* r,
|
||||
/etc/xdg/{,*-}mimeapps.list r,
|
||||
|
||||
/var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r,
|
||||
/var/cache/gio-@{version}/gnome-mimeapps.list r,
|
||||
|
||||
# else if @{DE} == kde
|
||||
|
||||
@ -36,10 +36,19 @@
|
||||
@{lib}/kde{,3,4}/plugins/*/ r,
|
||||
@{lib}/kde{,3,4}/plugins/*/*.so mr,
|
||||
|
||||
/usr/share/knotifications{5,6}/*.notifyrc r,
|
||||
|
||||
/etc/xdg/baloofilerc r,
|
||||
/etc/xdg/kcminputrc r,
|
||||
/etc/xdg/kdeglobals r,
|
||||
/etc/xdg/kwinrc r,
|
||||
|
||||
owner @{user_cache_dirs}/#@{int} rw,
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_cache_dirs}/ksycoca{5,6}_??_* rwlk,
|
||||
|
||||
owner @{user_config_dirs}/baloofilerc r,
|
||||
owner @{user_config_dirs}/dolphinrc r,
|
||||
owner @{user_config_dirs}/kcminputrc r,
|
||||
owner @{user_config_dirs}/kdedefaults/ r,
|
||||
owner @{user_config_dirs}/kdedefaults/kcminputrc r,
|
||||
@ -47,6 +56,7 @@
|
||||
owner @{user_config_dirs}/kdedefaults/kwinrc r,
|
||||
owner @{user_config_dirs}/kdeglobals r,
|
||||
owner @{user_config_dirs}/kwinrc r,
|
||||
owner @{user_config_dirs}/trashrc r,
|
||||
|
||||
# else if @{DE} == xfce
|
||||
|
||||
@ -57,6 +67,7 @@
|
||||
|
||||
# end
|
||||
|
||||
/usr/share/desktop-base/{,**} r,
|
||||
/usr/share/hwdata/*.ids r,
|
||||
/usr/share/icu/@{int}.@{int}/*.dat r,
|
||||
|
||||
|
||||
@ -13,6 +13,8 @@
|
||||
member=Introspect
|
||||
peer=(name=:*, label=gnome-shell),
|
||||
|
||||
/usr/share/desktop-base/{,**} r,
|
||||
/usr/share/hwdata/*.ids r,
|
||||
/usr/share/icu/@{int}.@{int}/*.dat r,
|
||||
|
||||
/usr/{local/,}share/ r,
|
||||
|
||||
@ -12,10 +12,12 @@
|
||||
@{lib}/kde{,3,4}/plugins/*/ r,
|
||||
@{lib}/kde{,3,4}/plugins/*/*.so mr,
|
||||
|
||||
/usr/share/hwdata/pnp.ids r,
|
||||
/usr/share/desktop-base/{,**} r,
|
||||
/usr/share/hwdata/*.ids r,
|
||||
/usr/share/icu/@{int}.@{int}/*.dat r,
|
||||
/usr/share/desktop-base/kf{5,6}-settings/kdeglobals r,
|
||||
/usr/share/knotifications{5,6}/*.notifyrc r,
|
||||
|
||||
/etc/xdg/baloofilerc r,
|
||||
/etc/xdg/kcminputrc r,
|
||||
/etc/xdg/kdeglobals r,
|
||||
/etc/xdg/kwinrc r,
|
||||
@ -25,6 +27,12 @@
|
||||
owner @{user_config_dirs}/ rw,
|
||||
owner @{user_share_dirs}/ rw,
|
||||
|
||||
owner @{user_cache_dirs}/#@{int} rw,
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_cache_dirs}/ksycoca{5,6}_??_* rwlk,
|
||||
|
||||
owner @{user_config_dirs}/baloofilerc r,
|
||||
owner @{user_config_dirs}/dolphinrc r,
|
||||
owner @{user_config_dirs}/kcminputrc r,
|
||||
owner @{user_config_dirs}/kdedefaults/ r,
|
||||
owner @{user_config_dirs}/kdedefaults/kcminputrc r,
|
||||
@ -32,6 +40,7 @@
|
||||
owner @{user_config_dirs}/kdedefaults/kwinrc r,
|
||||
owner @{user_config_dirs}/kdeglobals r,
|
||||
owner @{user_config_dirs}/kwinrc r,
|
||||
owner @{user_config_dirs}/trashrc r,
|
||||
|
||||
include if exists <abstractions/kde-strict.d>
|
||||
|
||||
|
||||
@ -15,8 +15,6 @@ profile akonadi_akonotes_resource @{exec_path} {
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/akonadi_akonotes_resource_[0-9]rc r,
|
||||
owner @{user_config_dirs}/akonadi/ rw,
|
||||
owner @{user_config_dirs}/akonadi/** rwlk -> @{user_config_dirs}/akonadi/**,
|
||||
|
||||
@ -19,8 +19,6 @@ profile akonadi_archivemail_agent @{exec_path} {
|
||||
|
||||
/etc/machine-id r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/#@{int} rw,
|
||||
owner @{user_config_dirs}/akonadi_archivemail_agentrc r,
|
||||
owner @{user_config_dirs}/akonadi/ rw,
|
||||
|
||||
@ -17,8 +17,6 @@ profile akonadi_birthdays_resource @{exec_path} {
|
||||
|
||||
/usr/share/akonadi/plugins/{,**} r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/akonadi_birthdays_resourcerc r,
|
||||
owner @{user_config_dirs}/akonadi/ rw,
|
||||
owner @{user_config_dirs}/akonadi/** rwlk -> @{user_config_dirs}/akonadi/**,
|
||||
|
||||
@ -17,8 +17,6 @@ profile akonadi_contacts_resource @{exec_path} {
|
||||
|
||||
/usr/share/akonadi/plugins/serializer/{,*.desktop} r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/akonadi_contacts_resource_[0-9]rc r,
|
||||
owner @{user_config_dirs}/akonadi/ rw,
|
||||
owner @{user_config_dirs}/akonadi/** rwlk -> @{user_config_dirs}/akonadi/**,
|
||||
|
||||
@ -22,7 +22,6 @@ profile akonadi_control @{exec_path} {
|
||||
|
||||
/etc/machine-id r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_cache_dirs}/akonadi/{,**} rwl,
|
||||
|
||||
owner @{user_config_dirs}/akonadi/ rw,
|
||||
|
||||
@ -19,8 +19,6 @@ profile akonadi_followupreminder_agent @{exec_path} {
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/akonadi_followupreminder_agentrc r,
|
||||
owner @{user_config_dirs}/akonadi/ rw,
|
||||
owner @{user_config_dirs}/akonadi/** rwlk -> @{user_config_dirs}/akonadi/**,
|
||||
|
||||
@ -16,7 +16,6 @@ profile akonadi_ical_resource @{exec_path} {
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{user_cache_dirs}/akonadi_ical_resource_[0-9]/{,*} rwl,
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/akonadi_ical_resource_[0-9]rc rwl,
|
||||
owner @{user_config_dirs}/akonadi/ rw,
|
||||
|
||||
@ -22,8 +22,6 @@ profile akonadi_indexing_agent @{exec_path} {
|
||||
|
||||
/etc/machine-id r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/#@{int} rw,
|
||||
owner @{user_config_dirs}/akonadi_indexing_agentrc rw,
|
||||
owner @{user_config_dirs}/akonadi_indexing_agentrc.@{rand6} rwl -> @{user_config_dirs}/#@{int},
|
||||
|
||||
@ -19,8 +19,6 @@ profile akonadi_maildir_resource @{exec_path} {
|
||||
|
||||
owner @{user_mail_dirs}/{,**} rw,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/akonadi_maildir_resource_[0-9]rc r,
|
||||
owner @{user_config_dirs}/akonadi/ rw,
|
||||
owner @{user_config_dirs}/akonadi/** rwlk -> @{user_config_dirs}/akonadi/**,
|
||||
|
||||
@ -24,12 +24,9 @@ profile akonadi_maildispatcher_agent @{exec_path} {
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/akonadi/plugins/{,**} r,
|
||||
/usr/share/knotifications{5,6}/akonadi_maildispatcher_agent.notifyrc r,
|
||||
|
||||
/etc/machine-id r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/akonadi_maildispatcher_agent.notifyrc r,
|
||||
owner @{user_config_dirs}/akonadi/ rw,
|
||||
owner @{user_config_dirs}/akonadi/** rwlk -> @{user_config_dirs}/akonadi/**,
|
||||
|
||||
@ -22,8 +22,6 @@ profile akonadi_mailfilter_agent @{exec_path} {
|
||||
|
||||
/etc/machine-id r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/#@{int} rw,
|
||||
owner @{user_config_dirs}/agent_config_akonadi_mailfilter_agent r,
|
||||
owner @{user_config_dirs}/akonadi_*_resource_*rc r,
|
||||
|
||||
@ -20,8 +20,6 @@ profile akonadi_mailmerge_agent @{exec_path} {
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/akonadi/ rw,
|
||||
owner @{user_config_dirs}/akonadi/** rwlk -> @{user_config_dirs}/akonadi/**,
|
||||
|
||||
|
||||
@ -15,8 +15,6 @@ profile akonadi_migration_agent @{exec_path} {
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/akonadi-migrationrc r,
|
||||
owner @{user_config_dirs}/akonadi/ rw,
|
||||
owner @{user_config_dirs}/akonadi/** rwlk -> @{user_config_dirs}/akonadi/**,
|
||||
|
||||
@ -16,12 +16,9 @@ profile akonadi_newmailnotifier_agent @{exec_path} {
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/akonadi/plugins/serializer/{,*.desktop} r,
|
||||
/usr/share/knotifications{5,6}/akonadi_newmailnotifier_agent.notifyrc r,
|
||||
|
||||
/etc/machine-id r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/#@{int} rw,
|
||||
owner @{user_config_dirs}/akonadi_newmailnotifier_agentrc r,
|
||||
owner @{user_config_dirs}/akonadi/ rw,
|
||||
|
||||
@ -20,8 +20,6 @@ profile akonadi_notes_agent @{exec_path} {
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/akonadi_*_agentrc r,
|
||||
owner @{user_config_dirs}/akonadi/ rw,
|
||||
owner @{user_config_dirs}/akonadi/** rwlk -> @{user_config_dirs}/akonadi/**,
|
||||
|
||||
@ -20,8 +20,6 @@ profile akonadi_sendlater_agent @{exec_path} {
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/akonadi_sendlater_agentrc r,
|
||||
owner @{user_config_dirs}/akonadi/ rw,
|
||||
owner @{user_config_dirs}/akonadi/** rwlk -> @{user_config_dirs}/akonadi/**,
|
||||
|
||||
@ -15,8 +15,6 @@ profile akonadi_unifiedmailbox_agent @{exec_path} {
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner "@{user_config_dirs}/Unknown Organization/akonadi_unifiedmailbox_agent.conf_changes.dat" r, # see https://bugs.kde.org/show_bug.cgi?id=452565
|
||||
owner @{user_config_dirs}/akonadi_unifiedmailbox_agentrc r,
|
||||
owner @{user_config_dirs}/akonadi/ rw,
|
||||
|
||||
@ -25,27 +25,16 @@ profile firefox-kmozillahelper @{exec_path} {
|
||||
@{lib}/libheif/ r,
|
||||
@{lib}/libheif/*.so* rm,
|
||||
|
||||
/usr/share/hwdata/*.ids r,
|
||||
/usr/share/icu/@{int}.@{int}/*.dat r,
|
||||
/usr/share/knotifications{5,6}/*.notifyrc r,
|
||||
/usr/share/kservices{5,6}/{,**} r,
|
||||
|
||||
/etc/xdg/kdeglobals r,
|
||||
/etc/xdg/kwinrc r,
|
||||
/etc/xdg/menus/ r,
|
||||
/etc/xdg/menus/applications-merged/ r,
|
||||
|
||||
owner @{HOME}/@{XDG_DESKTOP_DIR}/ r,
|
||||
owner @{HOME}/@{XDG_DESKTOP_DIR}/*.desktop r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_cache_dirs}/ksycoca{5,6}_* r,
|
||||
|
||||
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
|
||||
owner @{user_config_dirs}/kdedefaults/kwinrc r,
|
||||
owner @{user_config_dirs}/kmozillahelperrc r,
|
||||
owner @{user_config_dirs}/kmozillahelperrc.@{rand6} rwl,
|
||||
owner @{user_config_dirs}/kwinrc r,
|
||||
owner @{user_config_dirs}/menus/ r,
|
||||
owner @{user_config_dirs}/menus/applications-merged/ r,
|
||||
|
||||
|
||||
@ -25,7 +25,6 @@ profile lightdm-gtk-greeter @{exec_path} {
|
||||
@{lib}/{,at-spi2{,-core}/}at-spi-bus-launcher rPx,
|
||||
|
||||
/usr/share/backgrounds/xfce/{,**} r,
|
||||
/usr/share/desktop-base/{,**} r,
|
||||
/usr/share/lightdm/{,**} r,
|
||||
/usr/share/wayland-sessions/{,*.desktop} r,
|
||||
|
||||
|
||||
@ -37,7 +37,6 @@ profile polkit-kde-authentication-agent @{exec_path} flags=(attach_disconnected,
|
||||
owner @{user_config_dirs}/breezerc r,
|
||||
owner @{user_config_dirs}/kdedefaults/plasmarc r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_cache_dirs}/polkit-kde-authentication-agent-@{int}/ rw,
|
||||
owner @{user_cache_dirs}/polkit-kde-authentication-agent-@{int}/** rwk,
|
||||
owner link @{user_cache_dirs}/polkit-kde-authentication-agent-@{int}/** -> @{user_cache_dirs}/polkit-kde-authentication-agent-@{int}/**,
|
||||
|
||||
@ -27,10 +27,6 @@ profile xdg-desktop-portal-kde @{exec_path} {
|
||||
|
||||
owner @{desktop_config_dirs}/user-dirs.dirs r,
|
||||
|
||||
owner @{user_cache_dirs}/*.kcache r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/autostart/org.kde.*.desktop r,
|
||||
owner @{user_config_dirs}/breezerc r,
|
||||
owner @{user_config_dirs}/xdg-desktop-portal-kderc{,.*} rwlk,
|
||||
|
||||
@ -60,7 +60,6 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
|
||||
/usr/share/dconf/profile/gdm r,
|
||||
/usr/share/gdm/greeter-dconf-defaults r,
|
||||
/usr/share/gnome-shell/{,**} r,
|
||||
/usr/share/icu/@{int}.@{int}/*.dat r,
|
||||
|
||||
/tmp/ r,
|
||||
/var/tmp/ r,
|
||||
|
||||
@ -37,7 +37,6 @@ profile gnome-boxes @{exec_path} {
|
||||
|
||||
/usr/share/osinfo/{,**} r,
|
||||
/usr/share/gnome-boxes/{,**} r,
|
||||
/usr/share/hwdata/*.ids r,
|
||||
|
||||
/etc/qemu/bridge.conf r,
|
||||
|
||||
|
||||
@ -23,7 +23,6 @@ profile gnome-characters @{exec_path} {
|
||||
|
||||
@{open_path} rPx -> child-open-help,
|
||||
|
||||
/usr/share/icu/@{int}.@{int}/*.dat r,
|
||||
/usr/share/org.gnome.Characters/{,**} r,
|
||||
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
||||
@ -78,7 +78,6 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
|
||||
/snap/*/@{int}/**.png r,
|
||||
/usr/share/backgrounds/{,**} r,
|
||||
/usr/share/cups/data/testprint r,
|
||||
/usr/share/desktop-base/**.{xml,png,svg} r,
|
||||
/usr/share/firefox{,-esr}/browser/chrome/icons/{,**} r,
|
||||
/usr/share/gnome-background-properties/{,**} r,
|
||||
/usr/share/gnome-bluetooth{-*,}/{,**} r,
|
||||
|
||||
@ -18,7 +18,6 @@ profile gnome-extensions-app @{exec_path} {
|
||||
@{bin}/gjs-console rix,
|
||||
|
||||
/usr/share/gnome-shell/org.gnome.Extensions* r,
|
||||
/usr/share/icu/@{int}.@{int}/*.dat r,
|
||||
/usr/share/terminfo/** r,
|
||||
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
||||
@ -200,7 +200,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||
/usr/share/backgrounds/{,**} r,
|
||||
/usr/share/byobu/desktop/byobu* r,
|
||||
/usr/share/dconf/profile/gdm r,
|
||||
/usr/share/desktop-base/** r,
|
||||
/usr/share/desktop-directories/{,*.directory} r,
|
||||
/usr/share/gdm/BuiltInSessions/{,*.desktop} r,
|
||||
/usr/share/gdm/greeter-dconf-defaults r,
|
||||
|
||||
@ -48,8 +48,6 @@ profile gnome-terminal-server @{exec_path} {
|
||||
|
||||
@{open_path} rPx -> child-open,
|
||||
|
||||
/usr/share/icu/@{int}.@{int}/*.dat r,
|
||||
|
||||
/etc/shells r,
|
||||
|
||||
owner @{user_config_dirs}/*xdg-terminals.list* rw,
|
||||
|
||||
@ -66,7 +66,6 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
|
||||
|
||||
@{open_path} rPx -> child-open,
|
||||
|
||||
/usr/share/icu/@{int}.@{int}/*.dat r,
|
||||
/usr/share/nautilus/{,**} r,
|
||||
/usr/share/poppler/{,**} r,
|
||||
/usr/share/sounds/freedesktop/stereo/*.oga r,
|
||||
|
||||
@ -39,7 +39,6 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
|
||||
|
||||
/usr/share/dconf/profile/gdm r,
|
||||
/usr/share/gdm/greeter/applications/*.desktop r,
|
||||
/usr/share/hwdata/*.ids r,
|
||||
/usr/share/ladspa/rdf/{,**} r,
|
||||
/usr/share/osinfo/{,**} r,
|
||||
/usr/share/poppler/{,**} r,
|
||||
|
||||
@ -47,7 +47,6 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) {
|
||||
/usr/share/dconf/profile/gdm r,
|
||||
/usr/share/gdm/greeter/applications/{,mimeinfo.cache,*.list} r,
|
||||
/usr/share/gvfs/remote-volume-monitors/{,*.monitor} r,
|
||||
/usr/share/hwdata/*.ids r,
|
||||
/usr/share/ladspa/rdf/{,**} r,
|
||||
/usr/share/osinfo/{,**} r,
|
||||
/usr/share/poppler/{,**} r,
|
||||
|
||||
@ -31,7 +31,6 @@ profile DiscoverNotifier @{exec_path} {
|
||||
@{bin}/gpgconf rCx -> gpg,
|
||||
@{bin}/gpgsm rCx -> gpg,
|
||||
|
||||
/usr/share/knotifications{5,6}/{,**} r,
|
||||
/usr/share/metainfo/{,**} r,
|
||||
|
||||
/etc/machine-id r,
|
||||
@ -45,7 +44,6 @@ profile DiscoverNotifier @{exec_path} {
|
||||
owner @{user_cache_dirs}/appstream/ r,
|
||||
owner @{user_cache_dirs}/appstream/** rw,
|
||||
owner @{user_cache_dirs}/flatpak/{,**} rw,
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/@{int} rw,
|
||||
owner @{user_config_dirs}/breezerc r,
|
||||
|
||||
@ -25,11 +25,9 @@ profile baloo @{exec_path} {
|
||||
@{lib}/{,kf6/}baloo_file_extractor rix,
|
||||
|
||||
/usr/share/poppler/{,**} r,
|
||||
/usr/share/desktop-base/kf5-settings/baloofilerc r,
|
||||
|
||||
/etc/fstab r,
|
||||
/etc/machine-id r,
|
||||
/etc/xdg/baloofilerc r,
|
||||
|
||||
# Allow to search user files
|
||||
owner @{HOME}/{,**} r,
|
||||
|
||||
@ -19,17 +19,11 @@ profile baloorunner @{exec_path} {
|
||||
|
||||
@{bin}/* rPx,
|
||||
|
||||
/etc/xdg/baloofilerc r,
|
||||
|
||||
# Allow to search user files
|
||||
owner @{HOME}/{,**} r,
|
||||
owner @{MOUNTS}/{,**} r,
|
||||
owner @{tmp}/*/{,**} r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/baloofilerc r,
|
||||
|
||||
owner @{user_share_dirs}/baloo/{,**} rwk,
|
||||
|
||||
/tmp/ r,
|
||||
|
||||
@ -26,7 +26,6 @@ profile drkonqi @{exec_path} {
|
||||
@{bin}/lsb_release rPx -> lsb_release,
|
||||
|
||||
/usr/share/drkonqi/{,**} r,
|
||||
/usr/share/knotifications{5,6}/*.notifyrc r,
|
||||
|
||||
owner @{user_cache_dirs}/drkonqi/ rw,
|
||||
owner @{user_cache_dirs}/drkonqi/** rwlk -> @{user_cache_dirs}/drkonqi/**,
|
||||
|
||||
@ -22,8 +22,6 @@ profile kaccess @{exec_path} {
|
||||
|
||||
/etc/machine-id r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/breezerc r,
|
||||
owner @{user_config_dirs}/kaccessrc r,
|
||||
|
||||
|
||||
@ -29,17 +29,12 @@ profile kactivitymanagerd @{exec_path} {
|
||||
owner @{HOME}/@{XDG_DESKTOP_DIR}/ r,
|
||||
owner @{HOME}/@{XDG_DESKTOP_DIR}/*.desktop r,
|
||||
|
||||
owner @{user_cache_dirs}/ksycoca{5,6}_* r,
|
||||
|
||||
owner @{user_config_dirs}/#@{int} rw,
|
||||
owner @{user_config_dirs}/baloofilerc r,
|
||||
owner @{user_config_dirs}/breezerc r,
|
||||
owner @{user_config_dirs}/dolphinrc r,
|
||||
owner @{user_config_dirs}/kactivitymanagerdrc.lock rwk,
|
||||
owner @{user_config_dirs}/kactivitymanagerdrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/libreoffice/**.xcu r,
|
||||
owner @{user_config_dirs}/menus/{,**} r,
|
||||
owner @{user_config_dirs}/trashrc r,
|
||||
|
||||
owner @{user_share_dirs}/kactivitymanagerd/{,**} rwlk,
|
||||
owner @{user_share_dirs}/kservices{5,6}/{,**} r,
|
||||
|
||||
@ -20,12 +20,9 @@ profile kalendarac @{exec_path} {
|
||||
|
||||
/usr/share/akonadi/firstrun/{,*} r,
|
||||
/usr/share/akonadi/plugins/serializer/{,*.desktop} r,
|
||||
/usr/share/knotifications{5,6}/{,**} r,
|
||||
|
||||
/etc/machine-id r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/#@{int} rw,
|
||||
owner @{user_config_dirs}/akonadi-firstrunrc r,
|
||||
owner @{user_config_dirs}/akonadi/akonadiconnectionrc r,
|
||||
|
||||
@ -15,9 +15,6 @@ profile kbuildsycoca @{exec_path} flags=(attach_disconnected) {
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{user_cache_dirs}/ksycoca{5,6}_* rw,
|
||||
owner link @{user_cache_dirs}/ksycoca5_* -> @{user_cache_dirs}/#@{int},
|
||||
|
||||
/dev/tty r,
|
||||
|
||||
include if exists <local/kbuildsycoca>
|
||||
|
||||
@ -44,44 +44,10 @@ profile kconf_update @{exec_path} {
|
||||
/etc/machine-id r,
|
||||
/var/lib/dbus/machine-id r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/akregatorrc.lock rwk,
|
||||
owner @{user_config_dirs}/akregatorrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/dolphinrc.lock rwk,
|
||||
owner @{user_config_dirs}/dolphinrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/*rc rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/*rc.@{rand6} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/*rc.lock rwk,
|
||||
owner @{user_config_dirs}/gtk-{3,4}.0/* rwlk -> @{user_config_dirs}/gtk-{3,4}.0/**,
|
||||
owner @{user_config_dirs}/kactivitymanagerd-statsrc rw,
|
||||
owner @{user_config_dirs}/kateschemarc.lock rwk,
|
||||
owner @{user_config_dirs}/kateschemarc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/kcminputrc.lock rwk,
|
||||
owner @{user_config_dirs}/kcminputrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/kconf_updaterc.lock rwk,
|
||||
owner @{user_config_dirs}/kconf_updaterc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/kglobalshortcutsrc.lock rwk,
|
||||
owner @{user_config_dirs}/kglobalshortcutsrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/khotkeysrc.lock rwk,
|
||||
owner @{user_config_dirs}/khotkeysrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/kmixrc.lock rwk,
|
||||
owner @{user_config_dirs}/kmixrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/konsolerc.lock rwk,
|
||||
owner @{user_config_dirs}/konsolerc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/krunnerrc.lock rwk,
|
||||
owner @{user_config_dirs}/krunnerrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/krunnerstaterc.lock rwk,
|
||||
owner @{user_config_dirs}/krunnerstaterc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/kscreenlockerrc.lock rwk,
|
||||
owner @{user_config_dirs}/kscreenlockerrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/ksmserverrc.lock rwk,
|
||||
owner @{user_config_dirs}/ksmserverrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/kwinrc.lock rwk,
|
||||
owner @{user_config_dirs}/kwinrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/kwinrulesrc.lock rwk,
|
||||
owner @{user_config_dirs}/kwinrulesrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/kxkbrc.lock rwk,
|
||||
owner @{user_config_dirs}/kxkbrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/plasma-org.kde.plasma.desktop-appletsrc rw,
|
||||
owner @{user_config_dirs}/plasmashellrc r,
|
||||
owner @{user_config_dirs}/sed@{rand6} rw,
|
||||
owner @{user_config_dirs}/xsettingsd/xsettingsd.conf rw,
|
||||
|
||||
|
||||
@ -30,8 +30,6 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted)
|
||||
@{bin}/xargs rix,
|
||||
@{lib}/drkonqi rPx,
|
||||
|
||||
/usr/share/knotifications{5,6}/*.notifyrc r,
|
||||
|
||||
/etc/fstab r,
|
||||
/etc/machine-id r,
|
||||
|
||||
|
||||
@ -9,13 +9,10 @@ include <tunables/global>
|
||||
@{exec_path} = @{bin}/kde-systemd-start-condition
|
||||
profile kde-systemd-start-condition @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/kde-strict>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/etc/xdg/baloofilerc r,
|
||||
/usr/share/desktop-base/kf{5,6}-settings/baloofilerc r,
|
||||
|
||||
owner @{user_config_dirs}/baloofilerc r,
|
||||
owner @{user_config_dirs}/kalendaracrc r,
|
||||
owner @{user_config_dirs}/kgpgrc r,
|
||||
owner @{user_config_dirs}/kmixrc r,
|
||||
|
||||
@ -70,14 +70,11 @@ profile kded @{exec_path} {
|
||||
/usr/share/kded{5,6}/{,**} r,
|
||||
/usr/share/kf{5,6}/kcookiejar/* r,
|
||||
/usr/share/khotkeys/{,**} r,
|
||||
/usr/share/knotifications{5,6}/{,**} r,
|
||||
/usr/share/kservices{5,6}/{,**} r,
|
||||
/usr/share/kservicetypes5/{,**} r,
|
||||
|
||||
/etc/fstab r,
|
||||
/etc/xdg/accept-languages.codes r,
|
||||
/etc/xdg/baloofilerc r,
|
||||
/etc/xdg/kcminputrc r,
|
||||
/etc/xdg/kde* r,
|
||||
/etc/xdg/kioslaverc r,
|
||||
/etc/xdg/menus/{,**} r,
|
||||
@ -91,21 +88,17 @@ profile kded @{exec_path} {
|
||||
owner @{HOME}/.gtkrc-2.0 rw,
|
||||
|
||||
@{user_cache_dirs}/ksycoca{5,6}_* rwlk -> @{user_cache_dirs}/#@{int},
|
||||
owner @{user_cache_dirs}/#@{int} rw,
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_cache_dirs}/plasmashell/ rw,
|
||||
owner @{user_cache_dirs}/plasmashell/** rwlk -> @{user_cache_dirs}/plasmashell/**,
|
||||
|
||||
@{user_config_dirs}/kcookiejarrc.lock rwk,
|
||||
@{user_config_dirs}/kcookiejarrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/baloofilerc r,
|
||||
owner @{user_config_dirs}/bluedevilglobalrc.lock rwk,
|
||||
owner @{user_config_dirs}/bluedevilglobalrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/breezerc r,
|
||||
owner @{user_config_dirs}/gtk-{3,4}.0/{,**} rwl,
|
||||
owner @{user_config_dirs}/gtk-{3,4}.0/settings.ini.lock rk,
|
||||
owner @{user_config_dirs}/gtkrc{,*} rwlk,
|
||||
owner @{user_config_dirs}/kcminputrc r,
|
||||
owner @{user_config_dirs}/kconf_updaterc rw,
|
||||
owner @{user_config_dirs}/kconf_updaterc.lock rwk,
|
||||
owner @{user_config_dirs}/kdebugrc r,
|
||||
@ -128,7 +121,6 @@ profile kded @{exec_path} {
|
||||
owner @{user_config_dirs}/networkmanagement.notifyrc r,
|
||||
owner @{user_config_dirs}/plasma* r,
|
||||
owner @{user_config_dirs}/touchpadrc r,
|
||||
owner @{user_config_dirs}/trashrc r,
|
||||
owner @{user_config_dirs}/Trolltech.conf.lock rwk,
|
||||
owner @{user_config_dirs}/Trolltech.conf{,.@{rand6}} rwl,
|
||||
owner @{user_config_dirs}/xsettingsd/{,**} rw,
|
||||
|
||||
@ -21,8 +21,6 @@ profile kglobalacceld @{exec_path} {
|
||||
/etc/xdg/menus/ r,
|
||||
/etc/xdg/menus/applications-merged/ r,
|
||||
|
||||
owner @{user_cache_dirs}/ksycoca{5,6}_* rw,
|
||||
|
||||
owner @{user_config_dirs}/#@{int} rw,
|
||||
owner @{user_config_dirs}/kglobalshortcutsrc.lock rwk,
|
||||
owner @{user_config_dirs}/kglobalshortcutsrc* rwl,
|
||||
|
||||
@ -22,8 +22,6 @@ profile kiod @{exec_path} {
|
||||
/usr/share/icons/breeze/index.theme r,
|
||||
/usr/share/mime/{,**} r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/#@{int} rw,
|
||||
owner @{user_config_dirs}/ksslcertificatemanager rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/ksslcertificatemanager.lock rwk,
|
||||
|
||||
@ -72,9 +72,7 @@ profile kioworker @{exec_path} {
|
||||
|
||||
owner @{HOME}/@{XDG_DESKTOP_DIR}/.directory l -> @{HOME}/@{XDG_DESKTOP_DIR}/#@{int},
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_cache_dirs}/kio_http/* rwl,
|
||||
owner @{user_cache_dirs}/ksycoca{5,6}_* r,
|
||||
|
||||
owner @{user_config_dirs}/kio_httprc r,
|
||||
owner @{user_config_dirs}/menus/{,**} r,
|
||||
|
||||
@ -40,8 +40,6 @@ profile konsole @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||
|
||||
/usr/share/color-schemes/{,**} r,
|
||||
/usr/share/kf6/{,**} r,
|
||||
/usr/share/knotifications{5,6}/konsole.notifyrc r,
|
||||
/usr/share/knotifications{5,6}/plasma_workspace.notifyrc r,
|
||||
/usr/share/konsole/{,**} r,
|
||||
/usr/share/sounds/** r,
|
||||
|
||||
@ -52,9 +50,6 @@ profile konsole @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||
|
||||
owner @{HOME}/@{XDG_SSH_DIR}/config r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_cache_dirs}/ksycoca{5,6}_* r,
|
||||
|
||||
owner @{user_config_dirs}/#@{int} rwl,
|
||||
owner @{user_config_dirs}/breezerc r,
|
||||
owner @{user_config_dirs}/kbookmarkrc r,
|
||||
|
||||
@ -70,7 +70,6 @@ profile kscreenlocker_greet @{exec_path} {
|
||||
owner @{user_pictures_dirs}/{,**} r,
|
||||
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_cache_dirs}/kscreenlocker_greet/ w,
|
||||
owner @{user_cache_dirs}/kscreenlocker_greet/** rwlk,
|
||||
owner @{user_cache_dirs}/ksvg-elements rw,
|
||||
|
||||
@ -32,7 +32,6 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||
#aa:exec kscreenlocker_greet
|
||||
|
||||
/usr/share/color-schemes/{,**} r,
|
||||
/usr/share/knotifications{5,6}/*.notifyrc r,
|
||||
/usr/share/kservices{5,6}/{,**} r,
|
||||
/usr/share/kservicetypes{5,6}/{,**} r,
|
||||
|
||||
@ -44,10 +43,7 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||
owner @{HOME}/@{rand6} rw,
|
||||
owner @{HOME}/.Xauthority rw,
|
||||
|
||||
owner @{user_cache_dirs}/#@{int} rw,
|
||||
owner @{user_cache_dirs}/fontconfig/*-le64.cache-* r,
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_cache_dirs}/ksycoca{5,6}_* rwlk,
|
||||
|
||||
owner @{user_config_dirs}/#@{int} rw,
|
||||
owner @{user_config_dirs}/kdedefaults/kscreenlockerrc r,
|
||||
|
||||
@ -13,7 +13,6 @@ profile ksmserver-logout-greeter @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
include <abstractions/kde-icon-cache-write>
|
||||
include <abstractions/kde-strict>
|
||||
include <abstractions/graphics>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
@ -24,7 +24,6 @@ profile ksplashqml @{exec_path} {
|
||||
/etc/machine-id r,
|
||||
/etc/xdg/plasmarc r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_cache_dirs}/ksplash/ rw,
|
||||
owner @{user_cache_dirs}/ksplash/** rwlk -> @{user_cache_dirs}/ksplash/**,
|
||||
|
||||
|
||||
@ -30,8 +30,6 @@ profile kwalletd @{exec_path} {
|
||||
/etc/machine-id r,
|
||||
/var/lib/dbus/machine-id r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{user_config_dirs}/#@{int} rw,
|
||||
owner @{user_config_dirs}/breezerc r,
|
||||
owner @{user_config_dirs}/kwalletrc r,
|
||||
|
||||
@ -29,7 +29,6 @@ profile kwalletmanager @{exec_path} {
|
||||
/etc/xdg/ui/ui_standards.rc r,
|
||||
/var/lib/dbus/machine-id r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_config_dirs}/#@{int} rw,
|
||||
owner @{user_config_dirs}/kwalletmanager5rc rw,
|
||||
owner @{user_config_dirs}/kwalletmanager5rc.* rwl -> @{user_config_dirs}/#@{int},
|
||||
|
||||
@ -32,10 +32,8 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
|
||||
#aa:exec kscreenlocker_greet
|
||||
|
||||
/usr/share/color-schemes/*.colors r,
|
||||
/usr/share/desktop-base/kf5-settings/{,**} r,
|
||||
/usr/share/desktop-directories/*.directory r,
|
||||
/usr/share/kglobalaccel/{,**} r,
|
||||
/usr/share/knotifications{5,6}/ksmserver.notifyrc r,
|
||||
/usr/share/kservices{5,6}/{,**} r,
|
||||
/usr/share/kservicetypes5/{,*.desktop} r,
|
||||
/usr/share/kwin/{,**} r,
|
||||
@ -71,11 +69,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
|
||||
owner @{sddm_config_dirs}/kwinrc{,.@{rand6}} rwl -> @{sddm_config_dirs}/#@{int},
|
||||
|
||||
owner @{user_cache_dirs}/ r,
|
||||
owner @{user_cache_dirs}/#@{int} rw,
|
||||
owner @{user_cache_dirs}/ksvg-elements r,
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_cache_dirs}/ksycoca{5,6}_* r,
|
||||
owner @{user_cache_dirs}/ksycoca{5,6}_* rwkl -> @{user_cache_dirs}/#@{int},
|
||||
owner @{user_cache_dirs}/kwin/ rw,
|
||||
owner @{user_cache_dirs}/kwin/** rwkl -> @{user_cache_dirs}/kwin/**,
|
||||
owner @{user_cache_dirs}/plasma_theme_*.kcache rw,
|
||||
@ -85,7 +79,6 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected mediate_deleted) {
|
||||
|
||||
owner @{user_config_dirs}/#@{int} rwl,
|
||||
owner @{user_config_dirs}/breezerc r,
|
||||
owner @{user_config_dirs}/kcminputrc r,
|
||||
owner @{user_config_dirs}/kdedefaults/* r,
|
||||
owner @{user_config_dirs}/kglobalshortcutsrc.lock rwk,
|
||||
owner @{user_config_dirs}/kglobalshortcutsrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
|
||||
@ -36,8 +36,6 @@ profile kwin_x11 @{exec_path} {
|
||||
/etc/xdg/plasmarc r,
|
||||
|
||||
owner @{user_cache_dirs}/ r,
|
||||
owner @{user_cache_dirs}/#@{int} rw,
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_cache_dirs}/kcrash-metadata/*.ini rw,
|
||||
owner @{user_cache_dirs}/ksvg-elements r,
|
||||
owner @{user_cache_dirs}/kwin/{,**} rwl,
|
||||
|
||||
@ -41,7 +41,6 @@ profile okular @{exec_path} {
|
||||
/usr/share/poppler/{,**} r,
|
||||
|
||||
/etc/fstab r,
|
||||
/etc/xdg/baloofilerc r,
|
||||
/etc/xdg/dolphinrc r,
|
||||
/etc/xdg/menus/ r,
|
||||
/etc/xdg/menus/applications-merged/ r,
|
||||
@ -49,7 +48,6 @@ profile okular @{exec_path} {
|
||||
/ r,
|
||||
@{MOUNTS}/ r,
|
||||
|
||||
owner @{user_cache_dirs}/ksycoca{5,6}_* r,
|
||||
owner @{user_cache_dirs}/okular/{,**} rw,
|
||||
|
||||
owner @{user_config_dirs}/#@{int} rw,
|
||||
@ -59,8 +57,6 @@ profile okular @{exec_path} {
|
||||
owner @{user_config_dirs}/okularrc rw,
|
||||
owner @{user_config_dirs}/okularrc.@{rand6} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/okularrc.lock rwk,
|
||||
owner @{user_config_dirs}/baloofilerc r,
|
||||
owner @{user_config_dirs}/dolphinrc r,
|
||||
owner @{user_config_dirs}/okular-generator-popplerrc r,
|
||||
owner @{user_config_dirs}/KDE/*.conf r,
|
||||
owner @{user_config_dirs}/kioslaverc r,
|
||||
@ -68,7 +64,6 @@ profile okular @{exec_path} {
|
||||
owner @{user_config_dirs}/kwalletrc r,
|
||||
owner @{user_config_dirs}/menus/ r,
|
||||
owner @{user_config_dirs}/menus/applications-merged/ r,
|
||||
owner @{user_config_dirs}/trashrc r,
|
||||
|
||||
owner @{user_share_dirs}/#@{int} rw,
|
||||
owner @{user_share_dirs}/kxmlgui{5,6}/okular/{,*} r,
|
||||
|
||||
@ -28,9 +28,6 @@ profile plasma-browser-integration-host @{exec_path} {
|
||||
/etc/xdg/menus/ r,
|
||||
/etc/xdg/taskmanagerrulesrc r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_cache_dirs}/ksycoca{5,6}_* r,
|
||||
|
||||
owner @{user_config_dirs}/menus/ r,
|
||||
owner @{user_config_dirs}/menus/applications-merged/ r,
|
||||
|
||||
|
||||
@ -38,7 +38,6 @@ profile plasma-discover @{exec_path} {
|
||||
#aa:exec kio_http_cache_cleaner
|
||||
#aa:exec kioworker
|
||||
|
||||
/usr/share/knotifications{5,6}/plasma_workspace.notifyrc r,
|
||||
/usr/share/knsrcfiles/{,*} r,
|
||||
/usr/share/kservices{5,6}/{,*} r,
|
||||
/usr/share/kservicetypes5/{,*} r,
|
||||
@ -65,7 +64,6 @@ profile plasma-discover @{exec_path} {
|
||||
owner @{user_cache_dirs}/appstream/*.xb rw,
|
||||
owner @{user_cache_dirs}/discover/{,**} rwlk,
|
||||
owner @{user_cache_dirs}/flatpak/system-cache/{,**} rw,
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_cache_dirs}/kio_http/ w,
|
||||
|
||||
owner @{user_config_dirs}/ r,
|
||||
|
||||
@ -33,15 +33,11 @@ profile plasma_session @{exec_path} {
|
||||
#aa:exec polkit-kde-authentication-agent
|
||||
|
||||
/usr/share/kservices{5,6}/{,**} r,
|
||||
/usr/share/knotifications{5,6}/{,**} r,
|
||||
|
||||
/etc/xdg/autostart/ r,
|
||||
/etc/xdg/autostart/*.desktop r,
|
||||
/etc/xdg/menus/ r,
|
||||
|
||||
owner @{user_cache_dirs}/ksycoca{5,6}_* r,
|
||||
|
||||
owner @{user_config_dirs}/baloofilerc r,
|
||||
owner @{user_config_dirs}/kdedefaults/ksplashrc r,
|
||||
owner @{user_config_dirs}/plasma-welcomerc r,
|
||||
|
||||
|
||||
@ -61,11 +61,9 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
|
||||
/opt/*/**/*.png r,
|
||||
/usr/share/*/icons/{,**} r,
|
||||
/usr/share/akonadi/{,**} r,
|
||||
/usr/share/desktop-base/{,**} r,
|
||||
/usr/share/desktop-directories/kf5-*.directory r,
|
||||
/usr/share/kf{5,6}/{,**} r,
|
||||
/usr/share/kio/servicemenus/{,*.desktop} r,
|
||||
/usr/share/knotifications{5,6}/*.notifyrc r,
|
||||
/usr/share/konsole/ r,
|
||||
/usr/share/krunner/{,**} r,
|
||||
/usr/share/kservices{5,6}/{,**} r,
|
||||
@ -97,6 +95,8 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
|
||||
owner @{HOME}/.var/app/**.{png,jpg,svg} r,
|
||||
owner @{HOME}/@{XDG_DESKTOP_DIR}/*.desktop r,
|
||||
owner @{HOME}/@{XDG_WALLPAPERS_DIR}/{,**} r,
|
||||
owner @{user_games_dirs}/**.{png,jpg,svg} r,
|
||||
owner @{user_music_dirs}/**.{png,jpg,svg} r,
|
||||
owner @{user_pictures_dirs}/{,**} r,
|
||||
|
||||
owner @{user_templates_dirs}/ r,
|
||||
@ -107,12 +107,10 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
|
||||
owner @{user_cache_dirs}/appstream/*.xb rw,
|
||||
owner @{user_cache_dirs}/bookmarksrunner/ rw,
|
||||
owner @{user_cache_dirs}/bookmarksrunner/** rwkl -> @{user_cache_dirs}/bookmarksrunner/#@{int},
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_cache_dirs}/kcrash-metadata/plasmashell.*.ini w,
|
||||
owner @{user_cache_dirs}/ksvg-elements rw,
|
||||
owner @{user_cache_dirs}/ksvg-elements.@{rand6} rwlk -> @{user_cache_dirs}/#@{int},
|
||||
owner @{user_cache_dirs}/ksvg-elements.lock rwlk,
|
||||
owner @{user_cache_dirs}/ksycoca{5,6}_* rwlk -> @{user_cache_dirs}/#@{int},
|
||||
owner @{user_cache_dirs}/org.kde.dirmodel-qml.kcache rw,
|
||||
owner @{user_cache_dirs}/plasma_engine_potd/{,**} rw,
|
||||
owner @{user_cache_dirs}/plasma_theme_*.kcache rw,
|
||||
@ -132,9 +130,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
|
||||
owner @{user_config_dirs}/akonadi/akonadi*rc r,
|
||||
owner @{user_config_dirs}/arkrc r,
|
||||
owner @{user_config_dirs}/baloofileinformationrc r,
|
||||
owner @{user_config_dirs}/baloofilerc r,
|
||||
owner @{user_config_dirs}/breezerc r,
|
||||
owner @{user_config_dirs}/dolphinrc r,
|
||||
owner @{user_config_dirs}/eventviewsrc r,
|
||||
owner @{user_config_dirs}/kactivitymanagerd* rwkl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/kcookiejarrc r,
|
||||
@ -151,7 +147,6 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
|
||||
owner @{user_config_dirs}/menus/{,**} r,
|
||||
owner @{user_config_dirs}/networkmanagement.notifyrc r,
|
||||
owner @{user_config_dirs}/plasma* rwlk,
|
||||
owner @{user_config_dirs}/trashrc r,
|
||||
|
||||
owner @{user_share_dirs}/*/sessions/ r,
|
||||
owner @{user_share_dirs}/#@{int} rw,
|
||||
|
||||
@ -113,7 +113,6 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||
/usr/share/sddm/scripts/Xsetup rix,
|
||||
/usr/share/sddm/scripts/Xstop rix,
|
||||
|
||||
/usr/share/desktop-base/softwaves-theme/login/*.svg r,
|
||||
/usr/share/plasma/desktoptheme/** r,
|
||||
/usr/share/sddm/faces/.*.icon r,
|
||||
/usr/share/sddm/themes/** r,
|
||||
|
||||
@ -28,7 +28,6 @@ profile sddm-greeter @{exec_path} {
|
||||
@{lib}/libheif/ r,
|
||||
@{lib}/libheif/*.so* rm,
|
||||
|
||||
/usr/share/desktop-base/*-theme/login/*.svg r,
|
||||
/usr/share/endeavouros/backgrounds/** r,
|
||||
/usr/share/hunspell/** r,
|
||||
/usr/share/plasma/desktoptheme/** r,
|
||||
@ -53,7 +52,6 @@ profile sddm-greeter @{exec_path} {
|
||||
@{HOME}/.face.icon r,
|
||||
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_cache_dirs}/plasma_theme_*.kcache rw,
|
||||
owner @{user_cache_dirs}/plasma-svgelements rw,
|
||||
owner @{user_cache_dirs}/plasma-svgelements.@{rand6} rw,
|
||||
|
||||
@ -33,14 +33,12 @@ profile startplasma @{exec_path} {
|
||||
|
||||
/usr/share/color-schemes/{,**} r,
|
||||
/usr/share/desktop-directories/{,**} r,
|
||||
/usr/share/knotifications{5,6}/{,**} r,
|
||||
/usr/share/kservices{5,6}/{,**} r,
|
||||
/usr/share/kservicetypes5/{,**} r,
|
||||
/usr/share/plasma/{,**} r,
|
||||
|
||||
/etc/locale.alias r,
|
||||
/etc/machine-id r,
|
||||
/etc/xdg/kcminputrc r,
|
||||
/etc/xdg/menus/{,**} r,
|
||||
/etc/xdg/plasma-workspace/env/{,*} r,
|
||||
|
||||
@ -52,7 +50,6 @@ profile startplasma @{exec_path} {
|
||||
owner @{user_cache_dirs}/plasma-svgelements rw,
|
||||
|
||||
owner @{user_config_dirs}/gtkrc{,*} rwlk,
|
||||
owner @{user_config_dirs}/kcminputrc r,
|
||||
owner @{user_config_dirs}/kdedefaults/ rw,
|
||||
owner @{user_config_dirs}/kdedefaults/** rwkl -> @{user_config_dirs}/kdedefaults/**,
|
||||
owner @{user_config_dirs}/ksplashrc r,
|
||||
|
||||
@ -43,7 +43,6 @@ profile systemsettings @{exec_path} {
|
||||
/usr/share/kcmkeys/{,*.kksrc} r,
|
||||
/usr/share/kglobalaccel/* r,
|
||||
/usr/share/kinfocenter/{,**} r,
|
||||
/usr/share/knotifications{5,6}/{,**} r,
|
||||
/usr/share/solid/{,**} r,
|
||||
/usr/share/kpackage/{,**} r,
|
||||
/usr/share/kservices{5,6}/{,**} r,
|
||||
@ -71,14 +70,11 @@ profile systemsettings @{exec_path} {
|
||||
|
||||
owner @{HOME}/@{XDG_WALLPAPERS_DIR}/{,**} r,
|
||||
|
||||
owner @{user_cache_dirs}/#@{int} rw,
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_cache_dirs}/kcrash-metadata/*.ini rw,
|
||||
owner @{user_cache_dirs}/kinfocenter/{,**} rwlk,
|
||||
owner @{user_cache_dirs}/ksvg-elements rw,
|
||||
owner @{user_cache_dirs}/ksvg-elements.@{rand6} rwlk -> @{user_cache_dirs}/#@{int},
|
||||
owner @{user_cache_dirs}/ksvg-elements.lock rwlk,
|
||||
owner @{user_cache_dirs}/ksycoca{5,6}_* r,
|
||||
owner @{user_cache_dirs}/plasma_theme_*.kcache rw,
|
||||
owner @{user_cache_dirs}/systemsettings/ rw,
|
||||
owner @{user_cache_dirs}/systemsettings/** rwlk -> @{user_cache_dirs}/systemsettings/**,
|
||||
|
||||
@ -38,7 +38,6 @@ profile keepassxc @{exec_path} {
|
||||
@{lib}/firefox/firefox rPx,
|
||||
@{open_path} rPx -> child-open,
|
||||
|
||||
/usr/share/hwdata/pnp.ids r,
|
||||
/usr/share/keepassxc/{,**} r,
|
||||
|
||||
/etc/fstab r,
|
||||
|
||||
@ -61,7 +61,6 @@ profile libreoffice @{exec_path} {
|
||||
@{lib}/libreoffice/share/extensions/{,**/}__pycache__/ w,
|
||||
|
||||
/usr/share/hyphen/{,**} r,
|
||||
/usr/share/knotifications{5,6}/plasma_workspace.notifyrc r,
|
||||
/usr/share/libexttextcat/{,**} r,
|
||||
/usr/share/liblangtag/{,**} r,
|
||||
/usr/share/libreoffice/{,**} r,
|
||||
@ -77,7 +76,6 @@ profile libreoffice @{exec_path} {
|
||||
owner @{user_config_dirs}/libreoffice/ rw,
|
||||
owner @{user_config_dirs}/libreoffice/** rwk,
|
||||
owner @{user_config_dirs}/soffice.*.lock rwk,
|
||||
owner @{user_config_dirs}/trashrc r,
|
||||
owner @{user_config_dirs}/plasma_workspace.notifyrc r,
|
||||
owner @{user_config_dirs}/kservicemenurc r,
|
||||
|
||||
|
||||
@ -22,9 +22,6 @@ profile pinentry-qt @{exec_path} {
|
||||
/etc/machine-id r,
|
||||
/var/lib/dbus/machine-id r,
|
||||
|
||||
owner @{user_cache_dirs}/#@{int} rw,
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{tmp}/xauth_@{rand6} r,
|
||||
owner /dev/shm/#@{int} rw,
|
||||
|
||||
|
||||
@ -46,8 +46,6 @@ profile psi @{exec_path} {
|
||||
/var/lib/dbus/machine-id r,
|
||||
|
||||
owner @{HOME}/ r,
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{user_cache_dirs}/#@{int} rw,
|
||||
owner @{user_cache_dirs}/psi/{,**} rw,
|
||||
owner @{user_config_dirs}/autostart/psi.desktop rw,
|
||||
owner @{user_config_dirs}/psi/ rw,
|
||||
|
||||
@ -46,8 +46,6 @@ profile psi-plus @{exec_path} {
|
||||
/var/lib/dbus/machine-id r,
|
||||
|
||||
owner @{HOME}/ r,
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{user_cache_dirs}/#@{int} rw,
|
||||
owner @{user_cache_dirs}/psi+/{,**} rw,
|
||||
owner @{user_config_dirs}/autostart/psi-plus.desktop rw,
|
||||
owner @{user_config_dirs}/psi+/ rw,
|
||||
|
||||
@ -85,8 +85,6 @@ profile qbittorrent @{exec_path} {
|
||||
/usr/share/GeoIP/GeoIP.dat r,
|
||||
/usr/share/gvfs/remote-volume-monitors/{,*} r,
|
||||
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{user_cache_dirs}/#@{int} rw,
|
||||
owner @{user_cache_dirs}/qBittorrent/{,**} rw,
|
||||
|
||||
owner @{user_config_dirs}/qBittorrent/ rw,
|
||||
|
||||
@ -28,9 +28,6 @@ profile qt5ct @{exec_path} {
|
||||
owner @{user_config_dirs}/fontconfig/** rw,
|
||||
owner @{user_config_dirs}/fontconfig/fonts.conf.back rwl -> @{user_config_dirs}/fontconfig/#@{int},
|
||||
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
|
||||
owner @{PROC}/@{pid}/cmdline r,
|
||||
|
||||
/dev/shm/#@{int} rw,
|
||||
|
||||
@ -53,8 +53,6 @@ profile smplayer @{exec_path} {
|
||||
owner @{user_config_dirs}/smplayer/ rw,
|
||||
owner @{user_config_dirs}/smplayer/* rwkl -> @{user_config_dirs}/smplayer/#@{int},
|
||||
|
||||
owner @{user_cache_dirs}/#@{int} rw,
|
||||
|
||||
owner @{tmp}/qtsingleapp-smplay-* rw,
|
||||
owner @{tmp}/qtsingleapp-smplay-*-lockfile rwk,
|
||||
owner @{tmp}/smplayer_preview/ rw,
|
||||
|
||||
@ -46,7 +46,6 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) {
|
||||
@{open_path} rPx -> child-open,
|
||||
|
||||
/usr/share/gtksourceview-4/{,**} r,
|
||||
/usr/share/hwdata/*.ids r,
|
||||
/usr/share/ladspa/rdf/{,ladspa.rdfs} r,
|
||||
/usr/share/misc/*.ids r,
|
||||
/usr/share/osinfo/{,**} r,
|
||||
|
||||
@ -56,7 +56,6 @@ profile vlc @{exec_path} {
|
||||
owner @{user_torrents_dirs}/{,**} rw,
|
||||
owner @{user_videos_dirs}/{,**} rw,
|
||||
|
||||
owner @{user_cache_dirs}/#@{int} rw,
|
||||
owner @{user_cache_dirs}/vlc/ rw,
|
||||
owner @{user_cache_dirs}/vlc/{,**} rw,
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user