From f9169bc40b2d04d4a12172e2e21c2f6247d91064 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Wed, 28 Aug 2024 18:43:34 +0100 Subject: [PATCH] feat(profile): use the kde-globals-write abstaction when needed. --- apparmor.d/groups/browsers/firefox-kmozillahelper | 3 +-- apparmor.d/groups/freedesktop/xdg-desktop-portal-kde | 3 +-- apparmor.d/groups/kde/kconf_update | 4 +--- apparmor.d/groups/kde/kded | 4 +--- apparmor.d/groups/kde/startplasma | 6 ++---- 5 files changed, 6 insertions(+), 14 deletions(-) diff --git a/apparmor.d/groups/browsers/firefox-kmozillahelper b/apparmor.d/groups/browsers/firefox-kmozillahelper index cac83b36..d7162578 100644 --- a/apparmor.d/groups/browsers/firefox-kmozillahelper +++ b/apparmor.d/groups/browsers/firefox-kmozillahelper @@ -11,6 +11,7 @@ profile firefox-kmozillahelper @{exec_path} { include include include + include include include include @@ -42,8 +43,6 @@ profile firefox-kmozillahelper @{exec_path} { owner @{user_config_dirs}/kdedefaults/kdeglobals r, owner @{user_config_dirs}/kdedefaults/kwinrc r, - owner @{user_config_dirs}/kdeglobals r, - owner @{user_config_dirs}/kdeglobals.@{rand6} rwl, owner @{user_config_dirs}/kmozillahelperrc r, owner @{user_config_dirs}/kmozillahelperrc.@{rand6} rwl, owner @{user_config_dirs}/kwinrc r, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde index a5329097..3b6fa111 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde @@ -11,6 +11,7 @@ include profile xdg-desktop-portal-kde @{exec_path} { include include + include include include @@ -30,10 +31,8 @@ profile xdg-desktop-portal-kde @{exec_path} { owner @{user_cache_dirs}/icon-cache.kcache rw, - owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/autostart/org.kde.*.desktop r, owner @{user_config_dirs}/breezerc r, - owner @{user_config_dirs}/kdeglobals{,.*} rwlk, owner @{user_config_dirs}/xdg-desktop-portal-kderc{,.*} rwlk, owner @{run}/user/@{uid}/xdg-desktop-portal-kde@{rand6}.*.socket rw, diff --git a/apparmor.d/groups/kde/kconf_update b/apparmor.d/groups/kde/kconf_update index bcab6d31..5d0914b5 100644 --- a/apparmor.d/groups/kde/kconf_update +++ b/apparmor.d/groups/kde/kconf_update @@ -13,6 +13,7 @@ profile kconf_update @{exec_path} { include include include + include include include include @@ -45,7 +46,6 @@ profile kconf_update @{exec_path} { owner @{user_cache_dirs}/icon-cache.kcache rw, - owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/akregatorrc.lock rwk, owner @{user_config_dirs}/akregatorrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/dolphinrc.lock rwk, @@ -58,8 +58,6 @@ profile kconf_update @{exec_path} { owner @{user_config_dirs}/kcminputrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kconf_updaterc.lock rwk, owner @{user_config_dirs}/kconf_updaterc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, - owner @{user_config_dirs}/kdeglobals.lock rwk, - owner @{user_config_dirs}/kdeglobals{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kglobalshortcutsrc.lock rwk, owner @{user_config_dirs}/kglobalshortcutsrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/khotkeysrc.lock rwk, diff --git a/apparmor.d/groups/kde/kded b/apparmor.d/groups/kde/kded index 64fa472b..5620d7de 100644 --- a/apparmor.d/groups/kde/kded +++ b/apparmor.d/groups/kde/kded @@ -18,6 +18,7 @@ profile kded @{exec_path} { include include include + include include include include @@ -97,7 +98,6 @@ profile kded @{exec_path} { @{user_config_dirs}/kcookiejarrc.lock rwk, @{user_config_dirs}/kcookiejarrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, - owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/baloofilerc r, owner @{user_config_dirs}/bluedevilglobalrc.lock rwk, owner @{user_config_dirs}/bluedevilglobalrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, @@ -112,8 +112,6 @@ profile kded @{exec_path} { owner @{user_config_dirs}/kded{5,6}rc.lock rwk, owner @{user_config_dirs}/kded{5,6}rc{,.@{rand6}} rwl, owner @{user_config_dirs}/kdedefaults/{,**} r, - owner @{user_config_dirs}/kdeglobals.lock rwk, - owner @{user_config_dirs}/kdeglobals{,.@{rand6}} rwl, owner @{user_config_dirs}/khotkeysrc.lock rwk, owner @{user_config_dirs}/khotkeysrc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kioslaverc{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, diff --git a/apparmor.d/groups/kde/startplasma b/apparmor.d/groups/kde/startplasma index 149df769..81b1a124 100644 --- a/apparmor.d/groups/kde/startplasma +++ b/apparmor.d/groups/kde/startplasma @@ -10,8 +10,9 @@ include profile startplasma @{exec_path} { include include - include include + include + include signal (receive) set=(hup) peer=@{p_systemd}, signal (receive) set=(term) peer=sddm, @@ -50,13 +51,10 @@ profile startplasma @{exec_path} { owner @{user_cache_dirs}/kcrash-metadata/ rw, owner @{user_cache_dirs}/plasma-svgelements rw, - owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/gtkrc{,*} rwlk, owner @{user_config_dirs}/kcminputrc r, owner @{user_config_dirs}/kdedefaults/ rw, owner @{user_config_dirs}/kdedefaults/** rwkl -> @{user_config_dirs}/kdedefaults/**, - owner @{user_config_dirs}/kdeglobals.lock rwk, - owner @{user_config_dirs}/kdeglobals{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/ksplashrc r, owner @{user_config_dirs}/kwinkdeglobalsrc.lock rwk, owner @{user_config_dirs}/menus/{,**} r,