diff --git a/apparmor.d/groups/akonadi/akonadi_indexing_agent b/apparmor.d/groups/akonadi/akonadi_indexing_agent index fe3507fd..1776da83 100644 --- a/apparmor.d/groups/akonadi/akonadi_indexing_agent +++ b/apparmor.d/groups/akonadi/akonadi_indexing_agent @@ -33,8 +33,10 @@ profile akonadi_indexing_agent @{exec_path} { owner @{user_cache_dirs}/icon-cache.kcache rw, - owner @{user_config_dirs}//#@{int} rw, - owner @{user_config_dirs}/akonadi_indexing_agentrc r, + owner @{user_config_dirs}/#@{int} rw, + owner @{user_config_dirs}/akonadi_indexing_agentrc rw, + owner @{user_config_dirs}/akonadi_indexing_agentrc.@{rand6} rwl -> @{user_config_dirs}/#@{int}, + owner @{user_config_dirs}/akonadi_indexing_agentrc.lock rwk, owner @{user_config_dirs}/akonadi/ rw, owner @{user_config_dirs}/akonadi/** rwlk -> @{user_config_dirs}/akonadi/**, owner @{user_config_dirs}/kdedefaults/kdeglobals r, diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox index b71e7bbc..fd509058 100644 --- a/apparmor.d/groups/browsers/firefox +++ b/apparmor.d/groups/browsers/firefox @@ -181,6 +181,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) { /etc/mailcap r, /etc/mime.types r, /etc/opensc.conf r, + /etc/sysconfig/proxy r, /etc/xdg/* r, /etc/xul-ext/kwallet5.js r, diff --git a/apparmor.d/groups/gpg/gpg b/apparmor.d/groups/gpg/gpg index b1f10217..1c971707 100644 --- a/apparmor.d/groups/gpg/gpg +++ b/apparmor.d/groups/gpg/gpg @@ -45,6 +45,10 @@ profile gpg @{exec_path} { owner /var/lib/*/.gnupg/ rw, owner /var/lib/*/.gnupg/** rwkl -> /var/lib/*/.gnupg/**, + # TODO: Remove after zypper profile is created + owner /var/tmp/zypp.@{rand6}/ rw, + owner /var/tmp/zypp.@{rand6}/** rwkl -> /var/tmp/zypp.@{rand6}/**, + owner /tmp/ostree-gpg-*/ r, owner /tmp/ostree-gpg-*/** rwkl -> /tmp/ostree-gpg-*/**, diff --git a/apparmor.d/groups/gvfs/gvfsd-smb-browse b/apparmor.d/groups/gvfs/gvfsd-smb-browse index 72b40cf9..4d4a5902 100644 --- a/apparmor.d/groups/gvfs/gvfsd-smb-browse +++ b/apparmor.d/groups/gvfs/gvfsd-smb-browse @@ -52,9 +52,10 @@ profile gvfsd-smb-browse @{exec_path} { /usr/share/glib-2.0/schemas/gschemas.compiled r, - /etc/samba/smb.conf r, + /etc/samba/* r, /var/cache/samba/ rw, + /var/lib/samba/** rwk, owner @{run}/samba/ rw, owner @{run}/samba/gencache.tdb rwk, diff --git a/apparmor.d/groups/kde/baloorunner b/apparmor.d/groups/kde/baloorunner index 0ea9eb3d..15953a04 100644 --- a/apparmor.d/groups/kde/baloorunner +++ b/apparmor.d/groups/kde/baloorunner @@ -19,6 +19,13 @@ profile baloorunner @{exec_path} { @{exec_path} mr, + /usr/share/hwdata/*.ids r, + /usr/share/icu/@{int}.@{int}/*.dat r, + + /etc/xdg/baloofilerc r, + /etc/xdg/kdeglobals r, + /etc/xdg/kwinrc r, + owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_config_dirs}/baloofilerc r, @@ -29,6 +36,9 @@ profile baloorunner @{exec_path} { owner @{user_share_dirs}/baloo/{,**} rwk, + /tmp/ r, + /tmp/xauth_@{rand6} r, + @{PROC}/sys/kernel/core_pattern r, include if exists diff --git a/apparmor.d/groups/kde/kded5 b/apparmor.d/groups/kde/kded5 index 55b8778e..26d73054 100644 --- a/apparmor.d/groups/kde/kded5 +++ b/apparmor.d/groups/kde/kded5 @@ -71,9 +71,9 @@ profile kded5 @{exec_path} { owner @{HOME}/.gtkrc-2.0 rw, + @{user_cache_dirs}/ksycoca5_* rwlk -> @{user_cache_dirs}/#@{int}, owner @{user_cache_dirs}/#@{int} rw, owner @{user_cache_dirs}/icon-cache.kcache rw, - owner @{user_cache_dirs}/ksycoca5_* rwlk -> @{user_cache_dirs}/#@{int}, owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/bluedevilglobalrc.lock rwk, @@ -106,10 +106,10 @@ profile kded5 @{exec_path} { owner @{user_config_dirs}/touchpadrc r, owner @{user_config_dirs}/xsettingsd/{,**} rw, + @{user_share_dirs}/kcookiejar/cookies{,.@{rand6}} rwkl -> @{user_share_dirs}/kcookiejar/#@{int}, owner @{user_share_dirs}/icc/{,edid-*} r, owner @{user_share_dirs}/kcookiejar/#@{int} rw, owner @{user_share_dirs}/kcookiejar/cookies.lock rwk, - owner @{user_share_dirs}/kcookiejar/cookies{,.@{rand6}} rwkl -> @{user_share_dirs}/kcookiejar/#@{int}, owner @{user_share_dirs}/kded5/{,**} rw, owner @{user_share_dirs}/kscreen/{,**} rwl, owner @{user_share_dirs}/kservices5/{,**} r,