mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 00:48:10 +01:00
feat(kde): improve kde integration (wip).
This commit is contained in:
Alexandre Pujol
parent
9c08b36182
commit
ce7209f2a1
8 changed files with 42 additions and 8 deletions
|
|
@ -18,14 +18,17 @@ profile kactivitymanagerd @{exec_path} {
|
||||||
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
|
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
|
||||||
|
|
||||||
/etc/xdg/kdeglobals r,
|
/etc/xdg/kdeglobals r,
|
||||||
|
/etc/machine-id r,
|
||||||
|
|
||||||
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
|
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
|
||||||
owner @{user_config_dirs}/kdeglobals r,
|
owner @{user_config_dirs}/kdeglobals r,
|
||||||
owner @{user_config_dirs}/kactivitymanagerdrc r,
|
owner @{user_config_dirs}/kactivitymanagerdrc r,
|
||||||
|
owner @{user_config_dirs}/kactivitymanagerdrc.lock rwk,
|
||||||
|
|
||||||
owner @{user_share_dirs}/kactivitymanagerd/{,**} rwlk,
|
owner @{user_share_dirs}/kactivitymanagerd/{,**} rwlk,
|
||||||
|
|
||||||
@{PROC}/sys/kernel/core_pattern r,
|
@{PROC}/sys/kernel/core_pattern r,
|
||||||
|
@{PROC}/sys/kernel/random/boot_id r,
|
||||||
|
|
||||||
/dev/tty r,
|
/dev/tty r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -33,8 +33,10 @@ profile kcminit @{exec_path} {
|
||||||
owner @{user_config_dirs}/kcminputrc r,
|
owner @{user_config_dirs}/kcminputrc r,
|
||||||
owner @{user_config_dirs}/kdedefaults/kcminputrc r,
|
owner @{user_config_dirs}/kdedefaults/kcminputrc r,
|
||||||
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
|
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
|
||||||
|
owner @{user_config_dirs}/kdedefaults/kwinrc r,
|
||||||
owner @{user_config_dirs}/kdeglobals r,
|
owner @{user_config_dirs}/kdeglobals r,
|
||||||
owner @{user_config_dirs}/kgammarc r,
|
owner @{user_config_dirs}/kgammarc r,
|
||||||
|
owner @{user_config_dirs}/kwinrc r,
|
||||||
owner @{user_config_dirs}/touchpadrc r,
|
owner @{user_config_dirs}/touchpadrc r,
|
||||||
owner @{user_config_dirs}/Trolltech.conf.lock rwk,
|
owner @{user_config_dirs}/Trolltech.conf.lock rwk,
|
||||||
owner @{user_config_dirs}/Trolltech.conf{,.??????} rwl,
|
owner @{user_config_dirs}/Trolltech.conf{,.??????} rwl,
|
||||||
|
|
|
||||||
|
|
@ -9,17 +9,37 @@ include <tunables/global>
|
||||||
@{exec_path} = @{lib}/kf5/kconf_update
|
@{exec_path} = @{lib}/kf5/kconf_update
|
||||||
profile kconf_update @{exec_path} {
|
profile kconf_update @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
|
include <abstractions/perl>
|
||||||
|
include <abstractions/python>
|
||||||
|
|
||||||
@{exec_path} mr,
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
@{bin}/{,ba,da}sh rix,
|
||||||
|
@{bin}/grep rix,
|
||||||
|
@{bin}/qtpaths rix,
|
||||||
|
@{bin}/sed rix,
|
||||||
|
|
||||||
|
@{lib}/kconf_update_bin/breeze* rix,
|
||||||
|
@{lib}/kconf_update_bin/konsole_show_menubar rix,
|
||||||
|
@{lib}/kconf_update_bin/krunnerglobalshortcuts rix,
|
||||||
|
@{lib}/kconf_update_bin/krunnerhistory rix,
|
||||||
|
@{lib}/kconf_update_bin/plasmashell-* rix,
|
||||||
|
/usr/share/kconf_update/kcminputrc_migrate_repeat_value.py rix,
|
||||||
|
/usr/share/kconf_update/konsole_add_hamburgermenu_to_toolbar.sh rix,
|
||||||
|
|
||||||
/usr/share/kconf_update/{,**} r,
|
/usr/share/kconf_update/{,**} r,
|
||||||
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
|
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
|
||||||
|
|
||||||
/etc/xdg/kdeglobals r,
|
/etc/xdg/kdeglobals r,
|
||||||
|
|
||||||
|
owner @{user_config_dirs}/#[0-9]* rw,
|
||||||
owner @{user_config_dirs}/kconf_updaterc r,
|
owner @{user_config_dirs}/kconf_updaterc r,
|
||||||
|
owner @{user_config_dirs}/kconf_updaterc* rwl,
|
||||||
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
|
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
|
||||||
owner @{user_config_dirs}/kdeglobals r,
|
owner @{user_config_dirs}/kdeglobals* rwl,
|
||||||
|
|
||||||
|
owner /tmp/#[0-9]* rw,
|
||||||
|
owner /tmp/kconf_update.?????? rw,
|
||||||
|
|
||||||
include if exists <local/kconf_update>
|
include if exists <local/kconf_update>
|
||||||
}
|
}
|
||||||
|
|
@ -25,13 +25,16 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected) {
|
||||||
|
|
||||||
/etc/fstab r,
|
/etc/fstab r,
|
||||||
/etc/xdg/kdeglobals r,
|
/etc/xdg/kdeglobals r,
|
||||||
|
/etc/machine-id r,
|
||||||
|
|
||||||
owner @{user_cache_dirs}/kcrash-metadata/{,*} rw,
|
owner @{user_cache_dirs}/kcrash-metadata/{,*} rw,
|
||||||
|
|
||||||
|
owner @{user_config_dirs}/#[0-9]* rw,
|
||||||
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
|
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
|
||||||
owner @{user_config_dirs}/kdeglobals r,
|
owner @{user_config_dirs}/kdeglobals r,
|
||||||
owner @{user_config_dirs}/powerdevilrc r,
|
owner @{user_config_dirs}/powerdevilrc rwl,
|
||||||
owner @{user_config_dirs}/powermanagementprofilesrc r,
|
owner @{user_config_dirs}/powermanagementprofilesrc r,
|
||||||
|
owner @{user_config_dirs}/powermanagementprofilesrc.lock rwk,
|
||||||
|
|
||||||
@{run}/systemd/inhibit/*.ref rw,
|
@{run}/systemd/inhibit/*.ref rw,
|
||||||
owner @{run}/user/@{uid}kcrash_[0-9]* rw,
|
owner @{run}/user/@{uid}kcrash_[0-9]* rw,
|
||||||
|
|
|
||||||
|
|
@ -69,15 +69,18 @@ profile kded5 @{exec_path} {
|
||||||
owner @{user_config_dirs}/gtk-{3,4}.0/{,**} rwl,
|
owner @{user_config_dirs}/gtk-{3,4}.0/{,**} rwl,
|
||||||
owner @{user_config_dirs}/kcminputrc r,
|
owner @{user_config_dirs}/kcminputrc r,
|
||||||
owner @{user_config_dirs}/kconf_updaterc r,
|
owner @{user_config_dirs}/kconf_updaterc r,
|
||||||
owner @{user_config_dirs}/kded5rc r,
|
owner @{user_config_dirs}/kded5rc* rwl,
|
||||||
|
owner @{user_config_dirs}/kded5rc.lock rwk,
|
||||||
owner @{user_config_dirs}/kdedefaults/{,**} r,
|
owner @{user_config_dirs}/kdedefaults/{,**} r,
|
||||||
owner @{user_config_dirs}/kdeglobals r,
|
owner @{user_config_dirs}/kdeglobals r,
|
||||||
owner @{user_config_dirs}/khotkeysrc.lock rwk,
|
owner @{user_config_dirs}/khotkeysrc.lock rwk,
|
||||||
owner @{user_config_dirs}/khotkeysrc* rwl,
|
owner @{user_config_dirs}/khotkeysrc* rwl,
|
||||||
owner @{user_config_dirs}/ktimezonedrc r,
|
owner @{user_config_dirs}/ktimezonedrc r,
|
||||||
owner @{user_config_dirs}/kwinrc r,
|
owner @{user_config_dirs}/kwinrc* rwl,
|
||||||
|
owner @{user_config_dirs}/kwinrc.lock rwk,
|
||||||
owner @{user_config_dirs}/kxkbrc r,
|
owner @{user_config_dirs}/kxkbrc r,
|
||||||
owner @{user_config_dirs}/libaccounts-glib/accounts.db{,-shm,-wal} rwk,
|
owner @{user_config_dirs}/libaccounts-glib/ rw,
|
||||||
|
owner @{user_config_dirs}/libaccounts-glib/accounts.db{,-shm,-wal,-journal} rwk,
|
||||||
owner @{user_config_dirs}/xsettingsd/{,**} rw,
|
owner @{user_config_dirs}/xsettingsd/{,**} rw,
|
||||||
|
|
||||||
owner @{user_share_dirs}/icc/{,edid-*} r,
|
owner @{user_share_dirs}/icc/{,edid-*} r,
|
||||||
|
|
@ -117,6 +120,7 @@ profile kded5 @{exec_path} {
|
||||||
@{PROC}/@{pids}/stat r,
|
@{PROC}/@{pids}/stat r,
|
||||||
@{PROC}/sys/kernel/osrelease r,
|
@{PROC}/sys/kernel/osrelease r,
|
||||||
@{PROC}/uptime r,
|
@{PROC}/uptime r,
|
||||||
|
@{PROC}/@{pids}/cgroup r,
|
||||||
|
|
||||||
include if exists <local/kded5_pgrep>
|
include if exists <local/kded5_pgrep>
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -28,7 +28,7 @@ profile kwin_x11 @{exec_path} {
|
||||||
|
|
||||||
@{bin}/{,ba,da}sh rix,
|
@{bin}/{,ba,da}sh rix,
|
||||||
@{lib}/kwin_killer_helper rix,
|
@{lib}/kwin_killer_helper rix,
|
||||||
@{lib}/drkonqi rPx,
|
@{lib}/drkonqi rPx,
|
||||||
|
|
||||||
/usr/share/hwdata/pnp.ids r,
|
/usr/share/hwdata/pnp.ids r,
|
||||||
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
|
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
||||||
@{exec_path} = @{bin}/plasma-discover
|
@{exec_path} = @{bin}/plasma-discover
|
||||||
profile plasma-discover @{exec_path} {
|
profile plasma-discover @{exec_path} {
|
||||||
include <abstractions/base>
|
include <abstractions/base>
|
||||||
|
include <abstractions/fonts>
|
||||||
include <abstractions/mesa>
|
include <abstractions/mesa>
|
||||||
include <abstractions/nameservice-strict>
|
include <abstractions/nameservice-strict>
|
||||||
include <abstractions/openssl>
|
include <abstractions/openssl>
|
||||||
|
|
@ -43,7 +44,7 @@ profile plasma-discover @{exec_path} {
|
||||||
/var/lib/flatpak/repo/{,**} r,
|
/var/lib/flatpak/repo/{,**} r,
|
||||||
/var/lib/flatpak/appstream/{,**} r,
|
/var/lib/flatpak/appstream/{,**} r,
|
||||||
|
|
||||||
owner @{user_cache_dirs}/discover/{,**} rw,
|
owner @{user_cache_dirs}/discover/{,**} rwl,
|
||||||
owner @{user_cache_dirs}/appstream/*.xb r,
|
owner @{user_cache_dirs}/appstream/*.xb r,
|
||||||
owner @{user_cache_dirs}/appstream/ r,
|
owner @{user_cache_dirs}/appstream/ r,
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -60,14 +60,15 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
|
||||||
@{bin}/xauth rCx -> xauth,
|
@{bin}/xauth rCx -> xauth,
|
||||||
@{bin}/xsetroot rPx,
|
@{bin}/xsetroot rPx,
|
||||||
|
|
||||||
@{etc_ro}/X11/xdm/Xsession rPx,
|
|
||||||
@{bin}/dbus-update-activation-environment rCx -> dbus,
|
@{bin}/dbus-update-activation-environment rCx -> dbus,
|
||||||
@{bin}/gnome-keyring-daemon rPx,
|
@{bin}/gnome-keyring-daemon rPx,
|
||||||
@{bin}/kwalletd5 rPx,
|
@{bin}/kwalletd5 rPx,
|
||||||
|
@{bin}/startplasma-wayland rPx,
|
||||||
@{bin}/startplasma-x11 rPx,
|
@{bin}/startplasma-x11 rPx,
|
||||||
@{bin}/systemctl rPx -> child-systemctl,
|
@{bin}/systemctl rPx -> child-systemctl,
|
||||||
@{bin}/xrdb rPx,
|
@{bin}/xrdb rPx,
|
||||||
@{bin}/xset rPx,
|
@{bin}/xset rPx,
|
||||||
|
@{etc_ro}/X11/xdm/Xsession rPx,
|
||||||
|
|
||||||
/usr/etc/X11/xdm/Xsetup rix,
|
/usr/etc/X11/xdm/Xsetup rix,
|
||||||
/usr/share/sddm/scripts/wayland-session rix,
|
/usr/share/sddm/scripts/wayland-session rix,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue