feat(kde): add initial version for more kde profles.
This commit is contained in:
Alexandre Pujol
parent
aca0501d10
commit
1083520225
8 changed files with 254 additions and 0 deletions
27
apparmor.d/groups/kde/gmenudbusmenuproxy
Normal file
27
apparmor.d/groups/kde/gmenudbusmenuproxy
Normal file
|
|
@ -0,0 +1,27 @@
|
||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/3.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
@{exec_path} = /{usr/,}bin/gmenudbusmenuproxy
|
||||||
|
profile gmenudbusmenuproxy @{exec_path} {
|
||||||
|
include <abstractions/base>
|
||||||
|
include <abstractions/gtk>
|
||||||
|
include <abstractions/nameservice-strict>
|
||||||
|
include <abstractions/X-strict>
|
||||||
|
|
||||||
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
/usr/share/hwdata/*.ids r,
|
||||||
|
|
||||||
|
/etc/machine-id r,
|
||||||
|
|
||||||
|
owner @{HOME}/.gtkrc-2.0 rw,
|
||||||
|
|
||||||
|
@{PROC}/sys/kernel/random/boot_id r,
|
||||||
|
|
||||||
|
include if exists <local/gmenudbusmenuproxy>
|
||||||
|
}
|
||||||
30
apparmor.d/groups/kde/kactivitymanagerd
Normal file
30
apparmor.d/groups/kde/kactivitymanagerd
Normal file
|
|
@ -0,0 +1,30 @@
|
||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/3.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
@{exec_path} = /{usr/,}lib/kactivitymanagerd
|
||||||
|
profile kactivitymanagerd @{exec_path} {
|
||||||
|
include <abstractions/base>
|
||||||
|
include <abstractions/X-strict>
|
||||||
|
|
||||||
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
/usr/share/hwdata/*.ids r,
|
||||||
|
/usr/share/qt/translations/*.qm r,
|
||||||
|
|
||||||
|
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
|
||||||
|
owner @{user_config_dirs}/kdeglobals r,
|
||||||
|
owner @{user_config_dirs}/kactivitymanagerdrc r,
|
||||||
|
|
||||||
|
owner @{user_share_dirs}/kactivitymanagerd/{,**} rwl,
|
||||||
|
|
||||||
|
@{PROC}/sys/kernel/core_pattern r,
|
||||||
|
|
||||||
|
/dev/tty r,
|
||||||
|
|
||||||
|
include if exists <local/kactivitymanagerd>
|
||||||
|
}
|
||||||
18
apparmor.d/groups/kde/kauth-kinfocenter-dmidecode-helper
Normal file
18
apparmor.d/groups/kde/kauth-kinfocenter-dmidecode-helper
Normal file
|
|
@ -0,0 +1,18 @@
|
||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/3.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
@{exec_path} = @{libexec}/kauth/kinfocenter-dmidecode-helper
|
||||||
|
profile kauth-kinfocenter-dmidecode-helper @{exec_path} {
|
||||||
|
include <abstractions/base>
|
||||||
|
|
||||||
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
/{usr/,}{s,}bin/dmidecode rPx,
|
||||||
|
|
||||||
|
include if exists <local/kauth-kinfocenter-dmidecode-helper>
|
||||||
|
}
|
||||||
22
apparmor.d/groups/kde/kconf_update
Normal file
22
apparmor.d/groups/kde/kconf_update
Normal file
|
|
@ -0,0 +1,22 @@
|
||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/3.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
@{exec_path} = @{libexec}/kf5/kconf_update
|
||||||
|
profile kconf_update @{exec_path} {
|
||||||
|
include <abstractions/base>
|
||||||
|
|
||||||
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
/usr/share/kconf_update/{,**} r,
|
||||||
|
|
||||||
|
owner @{user_config_dirs}/kconf_updaterc r,
|
||||||
|
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
|
||||||
|
owner @{user_config_dirs}/kdeglobals r,
|
||||||
|
|
||||||
|
include if exists <local/kconf_update>
|
||||||
|
}
|
||||||
34
apparmor.d/groups/kde/kglobalaccel5
Normal file
34
apparmor.d/groups/kde/kglobalaccel5
Normal file
|
|
@ -0,0 +1,34 @@
|
||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/3.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
@{exec_path} = /{usr/,}bin/kglobalaccel5
|
||||||
|
profile kglobalaccel5 @{exec_path} {
|
||||||
|
include <abstractions/base>
|
||||||
|
include <abstractions/freedesktop.org>
|
||||||
|
include <abstractions/X-strict>
|
||||||
|
|
||||||
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
/usr/share/hwdata/*.ids r,
|
||||||
|
/usr/share/kglobalaccel/{,**} r,
|
||||||
|
/usr/share/qt/translations/*.qm r,
|
||||||
|
/usr/share/mime/{,**} r,
|
||||||
|
|
||||||
|
/etc/machine-id r,
|
||||||
|
|
||||||
|
owner @{user_config_dirs}/kglobalshortcutsrc* rwl,
|
||||||
|
owner @{user_config_dirs}/kglobalshortcutsrc.lock rwk,
|
||||||
|
owner @{user_config_dirs}/#[0-9]* rw,
|
||||||
|
|
||||||
|
@{PROC}/sys/kernel/random/boot_id r,
|
||||||
|
@{PROC}/sys/kernel/core_pattern r,
|
||||||
|
|
||||||
|
/dev/tty r,
|
||||||
|
|
||||||
|
include if exists <local/kglobalaccel5>
|
||||||
|
}
|
||||||
30
apparmor.d/groups/kde/plasma-discover
Normal file
30
apparmor.d/groups/kde/plasma-discover
Normal file
|
|
@ -0,0 +1,30 @@
|
||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/3.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
@{exec_path} = /{usr/,}bin/plasma-discover
|
||||||
|
profile plasma-discover @{exec_path} {
|
||||||
|
include <abstractions/base>
|
||||||
|
|
||||||
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
/{usr/,}lib/kf5/kioslave5 rPUx, # TODO: rPx,
|
||||||
|
/{usr/,}lib/kf5/kio_http_cache_cleaner rPUx, # TODO: rPx,
|
||||||
|
|
||||||
|
/etc/machine-id r,
|
||||||
|
|
||||||
|
/var/tmp/flatpak-cache-*/ rw,
|
||||||
|
/var/tmp/flatpak-cache-*/** rwkl,
|
||||||
|
/var/tmp/#[0-9]* rw,
|
||||||
|
|
||||||
|
owner @{user_config_dirs}/kde.org/{,**} rwlk,
|
||||||
|
owner @{user_config_dirs}/discoverrc rwl,
|
||||||
|
owner @{user_config_dirs}/#[0-9]* rwl,
|
||||||
|
owner @{user_config_dirs}/discoverrc.lock rwk,
|
||||||
|
|
||||||
|
include if exists <local/plasma-discover>
|
||||||
|
}
|
||||||
88
apparmor.d/groups/kde/plasmashell
Normal file
88
apparmor.d/groups/kde/plasmashell
Normal file
|
|
@ -0,0 +1,88 @@
|
||||||
|
# apparmor.d - Full set of apparmor profiles
|
||||||
|
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-only
|
||||||
|
|
||||||
|
abi <abi/3.0>,
|
||||||
|
|
||||||
|
include <tunables/global>
|
||||||
|
|
||||||
|
@{exec_path} = /{usr/,}bin/plasmashell
|
||||||
|
profile plasmashell @{exec_path} {
|
||||||
|
include <abstractions/base>
|
||||||
|
include <abstractions/app-launcher-user>
|
||||||
|
include <abstractions/disks-read>
|
||||||
|
include <abstractions/dri-common>
|
||||||
|
include <abstractions/fonts>
|
||||||
|
include <abstractions/freedesktop.org>
|
||||||
|
include <abstractions/mesa>
|
||||||
|
include <abstractions/nameservice-strict>
|
||||||
|
include <abstractions/qt5-shader-cache>
|
||||||
|
include <abstractions/X-strict>
|
||||||
|
|
||||||
|
network inet stream,
|
||||||
|
network inet6 stream,
|
||||||
|
network netlink raw,
|
||||||
|
|
||||||
|
signal (send),
|
||||||
|
|
||||||
|
@{exec_path} mr,
|
||||||
|
|
||||||
|
/{usr/,}bin/plasma-discover rPx,
|
||||||
|
/{usr/,}lib/kf5/kioslave5 rPUx, # TODO: rPx,
|
||||||
|
/{usr/,}bin/dolphin rPUx, # TODO: rPx,
|
||||||
|
|
||||||
|
/usr/share/hwdata/*.ids r,
|
||||||
|
/usr/share/kservices5/{,**} r,
|
||||||
|
/usr/share/kservicetypes5/{,**} r,
|
||||||
|
/usr/share/plasma/{,**} r,
|
||||||
|
/usr/share/qt/translations/*.qm r,
|
||||||
|
/usr/share/solid/actions/{,**} r,
|
||||||
|
/usr/share/wallpapers/{,**} r,
|
||||||
|
/usr/share/krunner/{,**} r,
|
||||||
|
/usr/share/konsole/ r,
|
||||||
|
/usr/share/akonadi/firstrun/{,*} r,
|
||||||
|
|
||||||
|
/etc/appstream.conf r,
|
||||||
|
/etc/xdg/taskmanagerrulesrc r,
|
||||||
|
/etc/xdg/menus/ r,
|
||||||
|
/etc/machine-id r,
|
||||||
|
/etc/fstab r,
|
||||||
|
|
||||||
|
owner @{user_templates_dirs}/ r,
|
||||||
|
|
||||||
|
owner @{user_cache_dirs}/#[0-9]* rw,
|
||||||
|
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||||
|
owner @{user_cache_dirs}/ksycoca5_* r,
|
||||||
|
owner @{user_cache_dirs}/plasma-svgelements* rwl,
|
||||||
|
owner @{user_cache_dirs}/plasmashell/qmlcache/{,**} rwl,
|
||||||
|
|
||||||
|
owner @{user_config_dirs}/*kde*.desktop* r,
|
||||||
|
owner @{user_config_dirs}/#[0-9]* rw,
|
||||||
|
owner @{user_config_dirs}/baloofilerc r,
|
||||||
|
owner @{user_config_dirs}/dolphinrc r,
|
||||||
|
owner @{user_config_dirs}/kde.org/{,**} rwlk,
|
||||||
|
owner @{user_config_dirs}/KDE/{,**} r,
|
||||||
|
owner @{user_config_dirs}/kdedefaults/kdeglobals r,
|
||||||
|
owner @{user_config_dirs}/kdedefaults/kwinrc r,
|
||||||
|
owner @{user_config_dirs}/kdedefaults/plasmarc r,
|
||||||
|
owner @{user_config_dirs}/kdeglobals r,
|
||||||
|
owner @{user_config_dirs}/ksmserverrc r,
|
||||||
|
owner @{user_config_dirs}/kwinrc r,
|
||||||
|
owner @{user_config_dirs}/plasma*desktop* rwlk,
|
||||||
|
owner @{user_config_dirs}/plasmashellrc r,
|
||||||
|
|
||||||
|
owner @{user_share_dirs}/#[0-9]* rw,
|
||||||
|
owner @{user_share_dirs}/akonadi/search_db/{,**} r,
|
||||||
|
owner @{user_share_dirs}/klipper/{,*} rwl,
|
||||||
|
owner @{user_share_dirs}/krunnerstaterc.lock rwk,
|
||||||
|
owner @{user_share_dirs}/krunnerstaterc* rwk,
|
||||||
|
|
||||||
|
owner @{run}/user/@{uid}/#[0-9]* rw,
|
||||||
|
owner @{run}/user/@{uid}/plasmashell??????.[0-9].kioworker.socket rwl,
|
||||||
|
|
||||||
|
@{PROC}/sys/kernel/core_pattern r,
|
||||||
|
@{PROC}/sys/kernel/random/boot_id r,
|
||||||
|
owner @{PROC}/@{pid}/mounts r,
|
||||||
|
|
||||||
|
include if exists <local/plasmashell>
|
||||||
|
}
|
||||||
|
|
@ -108,6 +108,7 @@ gdm-runtime-config complain
|
||||||
gdm-x-session attach_disconnected,complain
|
gdm-x-session attach_disconnected,complain
|
||||||
gdm-xsession complain
|
gdm-xsession complain
|
||||||
glib-compile-resources complain
|
glib-compile-resources complain
|
||||||
|
gmenudbusmenuproxy complain
|
||||||
gnome-browser-connector-host complain
|
gnome-browser-connector-host complain
|
||||||
gnome-characters complain
|
gnome-characters complain
|
||||||
gnome-control-center attach_disconnected,complain
|
gnome-control-center attach_disconnected,complain
|
||||||
|
|
@ -164,12 +165,16 @@ irqbalance complain
|
||||||
iwctl complain
|
iwctl complain
|
||||||
iwd complain
|
iwd complain
|
||||||
kaccess complain
|
kaccess complain
|
||||||
|
kactivitymanagerd complain
|
||||||
kauth-backlighthelper complain
|
kauth-backlighthelper complain
|
||||||
kauth-chargethresholdhelper complain
|
kauth-chargethresholdhelper complain
|
||||||
kauth-discretegpuhelper complain
|
kauth-discretegpuhelper complain
|
||||||
kauth-kded-smart-helper complain
|
kauth-kded-smart-helper complain
|
||||||
|
kauth-kinfocenter-dmidecode-helper complain
|
||||||
|
kconf_update complain
|
||||||
kded5 complain
|
kded5 complain
|
||||||
kernel-install complain
|
kernel-install complain
|
||||||
|
kglobalaccel5 complain
|
||||||
kgx complain
|
kgx complain
|
||||||
kmod attach_disconnected,complain
|
kmod attach_disconnected,complain
|
||||||
ksmserver attach_disconnected,mediate_deleted,complain
|
ksmserver attach_disconnected,mediate_deleted,complain
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue