From feee34ef7e9fe0baaab6c2680e8ac90c0cec991d Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 26 Jan 2025 21:17:18 +0100 Subject: [PATCH] feat(profile): allow drkonqi to read logs. fix #655 --- apparmor.d/groups/kde/drkonqi | 17 +++++++++++++++++ .../groups/kde/drkonqi-coredump-processor | 1 + 2 files changed, 18 insertions(+) diff --git a/apparmor.d/groups/kde/drkonqi b/apparmor.d/groups/kde/drkonqi index 961c18cf..83fd0718 100644 --- a/apparmor.d/groups/kde/drkonqi +++ b/apparmor.d/groups/kde/drkonqi @@ -23,18 +23,35 @@ profile drkonqi @{exec_path} { @{exec_path} mr, + @{bin}/plasmashell r, @{bin}/lsb_release rPx -> lsb_release, /usr/share/drkonqi/{,**} r, + /etc/machine-id r, + + / r, + owner @{user_cache_dirs}/drkonqi/ rw, owner @{user_cache_dirs}/drkonqi/** rwlk -> @{user_cache_dirs}/drkonqi/**, owner @{user_cache_dirs}/kcrash-metadata/* w, + owner @{user_config_dirs}/breezerc r, owner @{user_config_dirs}/drkonqirc r, + /{run,var}/log/journal/ r, + /{run,var}/log/journal/@{hex32}/ r, + /{run,var}/log/journal/@{hex32}/system.journal r, + /{run,var}/log/journal/@{hex32}/system@@{hex32}-@{hex16}-@{hex16}.journal* r, + /{run,var}/log/journal/@{hex32}/user-@{uid}.journal r, + /{run,var}/log/journal/@{hex32}/user-@{uid}@@{hex32}-@{hex16}-@{hex16}.journal* r, + /{run,var}/log/journal/remote/ r, + /dev/tty r, + owner @{PROC}/@{pid}/cmdline r, + owner @{PROC}/@{pid}/mountinfo r, + include if exists } diff --git a/apparmor.d/groups/kde/drkonqi-coredump-processor b/apparmor.d/groups/kde/drkonqi-coredump-processor index e07a6c1d..9b1e6c37 100644 --- a/apparmor.d/groups/kde/drkonqi-coredump-processor +++ b/apparmor.d/groups/kde/drkonqi-coredump-processor @@ -10,6 +10,7 @@ include @{exec_path} += @{lib}/@{multiarch}/{,libexec/}drkonqi-coredump-processor profile drkonqi-coredump-processor @{exec_path} { include + include include capability dac_override,