From ef1023156eadad7e67789d48e48313690a18d581 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Thu, 23 Nov 2023 11:19:38 +0000 Subject: [PATCH] feat(profile): minor kde improvment on opensuse. see #208 --- apparmor.d/groups/gpg/gpg | 2 +- apparmor.d/groups/gpg/gpg-agent | 2 +- apparmor.d/groups/gpg/gpgconf | 2 +- apparmor.d/groups/gpg/scdaemon | 2 +- apparmor.d/groups/kde/kded5 | 4 ++-- apparmor.d/groups/kde/sddm | 8 ++++---- apparmor.d/groups/kde/xdm-xsession | 4 ++-- apparmor.d/profiles-g-l/gajim | 4 ++-- 8 files changed, 14 insertions(+), 14 deletions(-) diff --git a/apparmor.d/groups/gpg/gpg b/apparmor.d/groups/gpg/gpg index 1c971707..9fe2e668 100644 --- a/apparmor.d/groups/gpg/gpg +++ b/apparmor.d/groups/gpg/gpg @@ -26,7 +26,7 @@ profile gpg @{exec_path} { @{bin}/gpg-connect-agent rPx, @{bin}/gpgconf rPx, @{bin}/gpgsm rPx, - @{lib}/gnupg/scdaemon rPx, + @{lib}/{,gnupg/}scdaemon rPx, /etc/inputrc r, diff --git a/apparmor.d/groups/gpg/gpg-agent b/apparmor.d/groups/gpg/gpg-agent index 1cd3091c..4bfda821 100644 --- a/apparmor.d/groups/gpg/gpg-agent +++ b/apparmor.d/groups/gpg/gpg-agent @@ -19,7 +19,7 @@ profile gpg-agent @{exec_path} { @{bin}/pinentry{,-*} rPx, @{bin}/scdaemon rPx, - @{lib}/gnupg/scdaemon rPx, + @{lib}/{,gnupg/}scdaemon rPx, /usr/share/gnupg/* r, diff --git a/apparmor.d/groups/gpg/gpgconf b/apparmor.d/groups/gpg/gpgconf index 7543e238..97c41d0e 100644 --- a/apparmor.d/groups/gpg/gpgconf +++ b/apparmor.d/groups/gpg/gpgconf @@ -24,7 +24,7 @@ profile gpgconf @{exec_path} { @{bin}/gpgsm rPx, @{bin}/pinentry-* rPx, @{bin}/scdaemon rPx, - @{lib}/gnupg/scdaemon rPx, + @{lib}/{,gnupg/}scdaemon rPx, @{lib}/keyboxd rPUx, /etc/gcrypt/hwf.deny r, diff --git a/apparmor.d/groups/gpg/scdaemon b/apparmor.d/groups/gpg/scdaemon index 8757c68e..4c166718 100644 --- a/apparmor.d/groups/gpg/scdaemon +++ b/apparmor.d/groups/gpg/scdaemon @@ -7,7 +7,7 @@ abi , include -@{exec_path} = @{bin}/scdaemon @{lib}/gnupg/scdaemon +@{exec_path} = @{bin}/scdaemon @{lib}/{,gnupg/}scdaemon profile scdaemon @{exec_path} { include include diff --git a/apparmor.d/groups/kde/kded5 b/apparmor.d/groups/kde/kded5 index 26d73054..480df077 100644 --- a/apparmor.d/groups/kde/kded5 +++ b/apparmor.d/groups/kde/kded5 @@ -75,6 +75,8 @@ profile kded5 @{exec_path} { owner @{user_cache_dirs}/#@{int} rw, owner @{user_cache_dirs}/icon-cache.kcache rw, + @{user_config_dirs}/kcookiejarrc.lock rwk, + @{user_config_dirs}/kcookiejarrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/bluedevilglobalrc.lock rwk, owner @{user_config_dirs}/bluedevilglobalrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, @@ -83,8 +85,6 @@ profile kded5 @{exec_path} { owner @{user_config_dirs}/kcminputrc r, owner @{user_config_dirs}/kconf_updaterc rw, owner @{user_config_dirs}/kconf_updaterc.lock rwk, - owner @{user_config_dirs}/kcookiejarrc.lock rwk, - owner @{user_config_dirs}/kcookiejarrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kdebugrc r, owner @{user_config_dirs}/kded5rc.lock rwk, owner @{user_config_dirs}/kded5rc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm index c1d5aa8e..973e6b9f 100644 --- a/apparmor.d/groups/kde/sddm +++ b/apparmor.d/groups/kde/sddm @@ -39,10 +39,10 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { ptrace (read), ptrace (trace) peer=@{profile_name}, - signal (send) set=term peer=kwin_wayland, + signal (send) set=(term) peer=kwin_wayland, signal (send) set=(kill, term) peer=startplasma, - signal (send) set=term peer=startplasma-wayland, - signal (send) set=term peer=sddm-greeter, + signal (send) set=(term) peer=startplasma-wayland, + signal (send) set=(term) peer=sddm-greeter, signal (send) set=(kill, term) peer=xorg, @{exec_path} mr, @@ -77,7 +77,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{bin}/dbus-update-activation-environment rCx -> dbus, @{bin}/gnome-keyring-daemon rPx, @{bin}/kwalletd5 rPx, - @{bin}/startplasma-wayland rPx, + @{bin}/startplasma-wayland rPUx, @{bin}/startplasma-x11 rPx, @{bin}/systemctl rPx -> child-systemctl, @{bin}/xrdb rPx, diff --git a/apparmor.d/groups/kde/xdm-xsession b/apparmor.d/groups/kde/xdm-xsession index c2e47bf9..82872c72 100644 --- a/apparmor.d/groups/kde/xdm-xsession +++ b/apparmor.d/groups/kde/xdm-xsession @@ -22,8 +22,8 @@ profile xdm-xsession @{exec_path} { @{bin}/basename rix, @{bin}/cat rix, @{bin}/dirname rix, - @{bin}/gpg-agent rix, - @{bin}/gpg-connect-agent rix, + @{bin}/gpg-agent rPx, + @{bin}/gpg-connect-agent rPx, @{bin}/grep rix, @{bin}/locale rix, @{bin}/manpath rix, diff --git a/apparmor.d/profiles-g-l/gajim b/apparmor.d/profiles-g-l/gajim index 73a1f73c..0b94ec00 100644 --- a/apparmor.d/profiles-g-l/gajim +++ b/apparmor.d/profiles-g-l/gajim @@ -125,8 +125,8 @@ profile gajim @{exec_path} { @{bin}/gpgconf mr, @{bin}/gpgsm mr, - @{bin}/gpg-agent rix, - @{lib}/gnupg/scdaemon rix, + @{bin}/gpg-agent rix, + @{lib}/{,gnupg/}scdaemon rix, owner @{run}/user/@{uid}/gnupg/d.*/ rw, owner @{run}/user/@{uid}/gnupg/d.*/S.gpg-agent{,.extra,.browser,.ssh} w,