From 620add38a6ccd0603668e06b0ea6e98d30bab787 Mon Sep 17 00:00:00 2001 From: Besanon Date: Wed, 10 Jul 2024 11:15:04 +0200 Subject: [PATCH 01/78] update lxqt-files --- apparmor.d/groups/lxqt/lximage-qt | 64 +++++++++ apparmor.d/groups/lxqt/lxqt-about | 30 ++++ apparmor.d/groups/lxqt/lxqt-admin-time | 32 +++++ apparmor.d/groups/lxqt/lxqt-admin-user | 34 +++++ apparmor.d/groups/lxqt/lxqt-admin-user-helper | 31 +++++ apparmor.d/groups/lxqt/lxqt-archiver | 28 ++++ apparmor.d/groups/lxqt/lxqt-backlight_backend | 37 +++++ apparmor.d/groups/lxqt/lxqt-config | 60 ++++++++ apparmor.d/groups/lxqt/lxqt-config-appearance | 39 ++++++ apparmor.d/groups/lxqt/lxqt-config-brightness | 37 +++++ .../groups/lxqt/lxqt-config-file-associations | 35 +++++ .../lxqt/lxqt-config-globalkeyshortcuts | 33 +++++ apparmor.d/groups/lxqt/lxqt-config-input | 64 +++++++++ apparmor.d/groups/lxqt/lxqt-config-locale | 33 +++++ apparmor.d/groups/lxqt/lxqt-config-monitor | 30 ++++ .../groups/lxqt/lxqt-config-notificationd | 36 +++++ .../groups/lxqt/lxqt-config-powermanagement | 42 ++++++ apparmor.d/groups/lxqt/lxqt-config-printer | 28 ++++ apparmor.d/groups/lxqt/lxqt-config-session | 51 +++++++ apparmor.d/groups/lxqt/lxqt-globalkeysd | 43 ++++++ apparmor.d/groups/lxqt/lxqt-leave | 29 ++++ apparmor.d/groups/lxqt/lxqt-notificationd | 58 ++++++++ apparmor.d/groups/lxqt/lxqt-openssh-askpass | 28 ++++ apparmor.d/groups/lxqt/lxqt-panel | 89 ++++++++++++ apparmor.d/groups/lxqt/lxqt-policykit-agent | 54 ++++++++ apparmor.d/groups/lxqt/lxqt-powermanagement | 38 +++++ apparmor.d/groups/lxqt/lxqt-runner | 41 ++++++ apparmor.d/groups/lxqt/lxqt-session | 130 ++++++++++++++++++ apparmor.d/groups/lxqt/startlxqt | 87 ++++++++++++ 29 files changed, 1341 insertions(+) create mode 100644 apparmor.d/groups/lxqt/lximage-qt create mode 100644 apparmor.d/groups/lxqt/lxqt-about create mode 100644 apparmor.d/groups/lxqt/lxqt-admin-time create mode 100644 apparmor.d/groups/lxqt/lxqt-admin-user create mode 100644 apparmor.d/groups/lxqt/lxqt-admin-user-helper create mode 100644 apparmor.d/groups/lxqt/lxqt-archiver create mode 100644 apparmor.d/groups/lxqt/lxqt-backlight_backend create mode 100644 apparmor.d/groups/lxqt/lxqt-config create mode 100644 apparmor.d/groups/lxqt/lxqt-config-appearance create mode 100644 apparmor.d/groups/lxqt/lxqt-config-brightness create mode 100644 apparmor.d/groups/lxqt/lxqt-config-file-associations create mode 100644 apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts create mode 100644 apparmor.d/groups/lxqt/lxqt-config-input create mode 100644 apparmor.d/groups/lxqt/lxqt-config-locale create mode 100644 apparmor.d/groups/lxqt/lxqt-config-monitor create mode 100644 apparmor.d/groups/lxqt/lxqt-config-notificationd create mode 100644 apparmor.d/groups/lxqt/lxqt-config-powermanagement create mode 100644 apparmor.d/groups/lxqt/lxqt-config-printer create mode 100644 apparmor.d/groups/lxqt/lxqt-config-session create mode 100644 apparmor.d/groups/lxqt/lxqt-globalkeysd create mode 100644 apparmor.d/groups/lxqt/lxqt-leave create mode 100644 apparmor.d/groups/lxqt/lxqt-notificationd create mode 100644 apparmor.d/groups/lxqt/lxqt-openssh-askpass create mode 100644 apparmor.d/groups/lxqt/lxqt-panel create mode 100644 apparmor.d/groups/lxqt/lxqt-policykit-agent create mode 100644 apparmor.d/groups/lxqt/lxqt-powermanagement create mode 100644 apparmor.d/groups/lxqt/lxqt-runner create mode 100644 apparmor.d/groups/lxqt/lxqt-session create mode 100644 apparmor.d/groups/lxqt/startlxqt diff --git a/apparmor.d/groups/lxqt/lximage-qt b/apparmor.d/groups/lxqt/lximage-qt new file mode 100644 index 000000000..ff5de9488 --- /dev/null +++ b/apparmor.d/groups/lxqt/lximage-qt @@ -0,0 +1,64 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathLXI} = @{bin}/lximage-qt +profile lximage-qt @{exec_pathLXI} { + include + include + include + include + include + include + include + include + include + include + + @{exec_pathLXI} mr, + @{lib}exec/menu-cache/menu-cached mr, + + /usr/share/icons/{,**} r, + /usr/share/desktop-directories/{,**} r, + /usr/share/lximage-qt/translations/{,**} r, + /usr/share/libfm-qt6/translations/libfm-qt_de.qm r, + /usr/share/thumbnailers/{,**} r, + /usr/share/gvfs/remote-volume-monitors/ r, + /usr/share/gvfs/remote-volume-monitors/udisks2.monitor r, + + /etc/fstab r, + /etc/nsswitch.conf r, + /etc/xdg/menus/lxqt-applications.menu r, + + owner @{user_cache_dirs}/thumbnails/normal/** rwk, + owner @{user_config_dirs}/#@{int} rwk, + owner @{user_config_dirs}/QtProject.conf rw, + owner @{user_config_dirs}/QtProject.conf.lock rwk, + owner @{user_config_dirs}/QtProject.conf.@{rand6} rwkl -> @{user_config_dirs}/#@{int}, + owner @{user_config_dirs}/lximage-qt/settings.conf rw, + owner @{user_config_dirs}/lximage-qt/settings.conf.lock rwk, + owner @{user_config_dirs}/lximage-qt/QtProject.conf.@{rand6} rwkl -> @{user_config_dirs}/lximage-qt/#@{int}, + owner @{user_config_dirs}/lximage-qt/#@{int} rw, + + @{PROC}/sys/kernel/random/boot_id r, + owner @{PROC}/@{pid}/mountinfo r, + owner @{PROC}/@{pid}/mounts r, + + owner @{HOME}/.inputrc r, + owner @{HOME}/.bashrc r, + owner @{HOME}/.bash_profile r, + owner @{HOME}/.bash_logout r, + owner @{HOME}/.bash_history r, + owner @{HOME}/.xscreensaver r, + + owner /tmp/@{int} r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-about b/apparmor.d/groups/lxqt/lxqt-about new file mode 100644 index 000000000..d94c192a5 --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-about @@ -0,0 +1,30 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx1} = @{bin}/lxqt-about +profile lxqt-about @{exec_pathlx1} { + include + include + include + include + include + + @{exec_pathlx1} mr, + + /usr/share/icons/{,**} r, + /usr/share/desktop-directories/{,**} r, + + /etc/xdg/menus/lxqt-applications.menu r, + + /dev/tty rw, + + owner /tmp/@{int} r, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-admin-time b/apparmor.d/groups/lxqt/lxqt-admin-time new file mode 100644 index 000000000..c363bbef8 --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-admin-time @@ -0,0 +1,32 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx2} = @{bin}/lxqt-admin-time +profile lxqt-admin-time @{exec_pathlx2} { + include + include + include + include + include + include + include + include + + @{exec_pathlx2} mr, + + owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, + + owner /tmp/@{int} r, + + @{PROC}/sys/kernel/random/boot_id r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-admin-user b/apparmor.d/groups/lxqt/lxqt-admin-user new file mode 100644 index 000000000..cc77562b4 --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-admin-user @@ -0,0 +1,34 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx3} = @{bin}/lxqt-admin-user +profile lxqt-admin-user @{exec_pathlx3} { + include + include + include + include + include + include + include + include + include + + @{exec_pathlx3} mr, + + @{bin}/pkexec rPx, + @{bin}/usermod rPx, + + /etc/shells r, + + owner /tmp/@{int} r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-admin-user-helper b/apparmor.d/groups/lxqt/lxqt-admin-user-helper new file mode 100644 index 000000000..0f39b7d35 --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-admin-user-helper @@ -0,0 +1,31 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx4} = @{bin}/lxqt-admin-user-helper +profile lxqt-admin-user-helper @{exec_pathlx4} { + include + include + include + include + include + include + include + include + + @{exec_pathlx4} mr, + + @{bin}/usermod rPx, + + owner @{sh_path} r, + owner /tmp/@{int} r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-archiver b/apparmor.d/groups/lxqt/lxqt-archiver new file mode 100644 index 000000000..9aaf3f32e --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-archiver @@ -0,0 +1,28 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path995} = @{bin}/lxqt-archiver +profile lxqt-archiver @{exec_path995} { + include + include + include + include + include + include + include + include + + @{exec_path995} mr, + + owner /tmp/@{int} r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-backlight_backend b/apparmor.d/groups/lxqt/lxqt-backlight_backend new file mode 100644 index 000000000..37a1be5de --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-backlight_backend @@ -0,0 +1,37 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path998} = @{bin}/lxqt-backlight_backend +profile lxqt-backlight_backend @{exec_path998} { + include + include + include + include + include + include + include + include + + @{exec_path998} mr, + + @{sys}/class/backlight/ r, + @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/ r, + @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/max_brightness r, + @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/bl_power r, + @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/actual_brightness r, + owner @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/brightness rw, + @{sys}/devices/@{pci_bus}/**/**/drm/card@{int}/card@{int}-eDP-1/amdgpu_bl@{int}/* r, + owner @{sys}/devices/@{pci_bus}/**/**/drm/card@{int}/card@{int}-eDP-1/amdgpu_bl@{int}/brightness rw, + + owner /tmp/@{int} r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-config b/apparmor.d/groups/lxqt/lxqt-config new file mode 100644 index 000000000..b3f5d9e22 --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-config @@ -0,0 +1,60 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx5} = @{bin}/lxqt-config +profile lxqt-config @{exec_pathlx5} { + include + include + include + include + include + include + include + include + include + + @{exec_pathlx5} mr, + + @{bin}/lxqt-admin-user rPx, + @{bin}/ibus-setup rPx, + @{bin}/lxqt-config-monitor rPx, + @{bin}/pcmanfm-qt rPx, + @{bin}/lxqt-admin-time rPx, + @{bin}/lxqt-config-input rPx, + @{bin}/lxqt-config-locale rPx, + @{bin}/lxqt-config-brightness rPx, + @{bin}/lxqt-config-session rPx, + @{bin}/lxqt-config-file-associations rPx, + @{bin}/lxqt-config-powermanagement rPx, + @{bin}/lxqt-config-appearance rPx, + @{bin}/lxqt-config-globalkeyshortcuts rPx, + @{bin}/lxqt-config-notificationd rPx, + @{bin}/obconf-qt rPx, + @{bin}/nm-connection-editor rPx, + @{bin}/pavucontrol rPx, + @{bin}/pavucontrol-qt rPx, + @{bin}/system-config-printer rPx, + @{bin}/nm-connection-editor rPx, + @{bin}/ControlPanel rPx, + + /etc/xdg/menus/lxqt-config.menu r, + + /usr/share/desktop-directories/lxqt-* r, + + owner @{user_config_dirs}/lxqt/lxqt-config.conf.lock rwk, + owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, + + @{PROC}/sys/kernel/random/boot_id r, + + owner /tmp/@{int} r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-config-appearance b/apparmor.d/groups/lxqt/lxqt-config-appearance new file mode 100644 index 000000000..b21b357d8 --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-config-appearance @@ -0,0 +1,39 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx6} = @{bin}/lxqt-config-appearance +profile lxqt-config-appearance @{exec_pathlx6} { + include + include + include + include + include + include + include + include + include + include + include + + @{exec_pathlx6} mr, + @{bin}/gsettings rPx, + @{bin}/pcmanfm-qt rPx, + + owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, + owner @{user_config_dirs}/pcmanfm-qt/lxqt/settings.conf r, + + owner /tmp/#@{int} rw, + owner /tmp/lxqt-config-appearance.@{rand6} rwl -> /tmp/#@{int}, + + @{PROC}/sys/kernel/random/boot_id r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-config-brightness b/apparmor.d/groups/lxqt/lxqt-config-brightness new file mode 100644 index 000000000..4f90c5d3d --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-config-brightness @@ -0,0 +1,37 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx7} = @{bin}/lxqt-config-brightness +profile lxqt-config-brightness @{exec_pathlx7} { + include + include + include + include + include + include + include + include + + @{exec_pathlx7} mr, + @{bin}/pkexec rpx, + + @{sh_path} rix, + + owner @{HOME}/ r, + + owner /tmp/{,**} r, + + @{sys}/class/backlight/ r, + @{sys}/devices/@{pci_bus}/**/**/drm/card@{int}/card@{int}-eDP-@{int}/amdgpu_bl@{int}/* rw, + @{sys}/devices/@{pci_bus}/**/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/* rw, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-config-file-associations b/apparmor.d/groups/lxqt/lxqt-config-file-associations new file mode 100644 index 000000000..637ec2a01 --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-config-file-associations @@ -0,0 +1,35 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx18} = @{bin}/lxqt-config-file-associations +profile lxqt-config-file-associations @{exec_pathlx18} { + include + include + include + include + include + include + include + include + + @{exec_pathlx18} mr, + + owner @{user_config_dirs}/ r, + owner @{user_config_dirs}/mimeapps* rwk, + owner @{user_config_dirs}/lxqt-* rwk, + owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, + + owner /tmp/#@{int} rwk, + + @{PROC}/sys/kernel/random/boot_id r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts b/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts new file mode 100644 index 000000000..77c3cadf2 --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts @@ -0,0 +1,33 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx8} = @{bin}/lxqt-config-globalkeyshortcuts +profile lxqt-config-globalkeyshortcuts @{exec_pathlx8} { + include + include + include + include + include + include + include + include + include + + @{exec_pathlx8} mr, + + owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, + + owner /tmp/@{int} r, + + @{PROC}/sys/kernel/random/boot_id r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-config-input b/apparmor.d/groups/lxqt/lxqt-config-input new file mode 100644 index 000000000..26ab48f75 --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-config-input @@ -0,0 +1,64 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx9} = @{bin}/lxqt-config-input +profile lxqt-config-input @{exec_pathlx9} { + include + include + include + include + include + include + include + include + include + include + include + include + include + include + + signal (read) set=(kill,term) peer=lxqt-session, + + @{exec_pathlx9} mr, + + @{bin}/setxkbmap rix, + + /etc/udev/udev.conf r, + + owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, + + owner /tmp/@{int} r, + + @{run}/udev/data/c@{int}:* r, + @{run}/udev/data/b@{int}:* r, + @{run}/udev/data/+sound:card@{int} r, + @{run}/udev/data/+bluetooth:* r, + @{run}/udev/data/+platform:* r, + @{run}/udev/data/+acpi:* r, + @{run}/udev/data/+i2c:* r, + @{run}/udev/data/+backlight:* r, + @{run}/udev/data/+leds:* r, + @{run}/udev/data/n@{int} r, + @{run}/udev/data/+input:* r, + @{run}/udev/data/+dmi:* r, + @{run}/udev/data/+drm:* r, + @{run}/udev/data/+pci:* r, + @{run}/udev/data/+rfkill:* r, + + @{sys}/bus/** r, + @{sys}/class/** r, + @{sys}/devices/** r, + + @{PROC}/sys/kernel/random/boot_id r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-config-locale b/apparmor.d/groups/lxqt/lxqt-config-locale new file mode 100644 index 000000000..616cd27eb --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-config-locale @@ -0,0 +1,33 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx10} = @{bin}/lxqt-config-locale +profile lxqt-config-locale @{exec_pathlx10} { + include + include + include + include + include + include + include + include + + @{exec_pathlx10} mr, + + owner @{user_config_dirs}/lxqt/* r, + owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, + + owner /tmp/@{int} r, + + @{PROC}/sys/kernel/random/boot_id r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-config-monitor b/apparmor.d/groups/lxqt/lxqt-config-monitor new file mode 100644 index 000000000..f519f5064 --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-config-monitor @@ -0,0 +1,30 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx11} = @{bin}/lxqt-config-monitor +profile lxqt-config-monitor @{exec_pathlx11} { + include + include + include + include + include + include + include + include + + signal (read) set=(kill,term) peer=lxqt-session, + + @{exec_pathlx11} mr, + + owner /tmp/@{int} r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-config-notificationd b/apparmor.d/groups/lxqt/lxqt-config-notificationd new file mode 100644 index 000000000..5811d9258 --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-config-notificationd @@ -0,0 +1,36 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx12} = @{bin}/lxqt-config-notificationd +profile lxqt-config-notificationd @{exec_pathlx12} { + include + include + include + include + include + include + include + + @{exec_pathlx12} mr, + + /etc/machine-id r, + + /var/lib/dbus/machine-id r, + + owner @{user_config_dirs}/lxqt/ r, + owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, + + owner /tmp/#@{int} r, + + @{PROC}/sys/kernel/random/boot_id r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-config-powermanagement b/apparmor.d/groups/lxqt/lxqt-config-powermanagement new file mode 100644 index 000000000..770e65361 --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-config-powermanagement @@ -0,0 +1,42 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx14} = @{bin}/lxqt-config-powermanagement +profile lxqt-config-powermanagement @{exec_pathlx14} { + include + include + include + include + include + include + include + include + include + + @{exec_pathlx14} mr, + + owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, + + owner /tmp/@{int} r, + + @{sys}/class/backlight/ r, + @{sys}/devices/@{pci_bus}/**/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/* rw, + @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/ r, + @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/max_brightness r, + @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/bl_power r, + @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/actual_brightness r, + @{sys}/devices/@{pci_bus}/**/**/drm/card@{int}/card@{int}-eDP-1/amdgpu_bl@{int}/* r, + + + @{PROC}/sys/kernel/random/boot_id r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-config-printer b/apparmor.d/groups/lxqt/lxqt-config-printer new file mode 100644 index 000000000..07e1f6553 --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-config-printer @@ -0,0 +1,28 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx15} = @{bin}/lxqt-config-printer +profile lxqt-config-printer @{exec_pathlx15} { + include + include + include + include + include + include + include + include + + @{exec_pathlx15} mr, + + owner /tmp/@{int} r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-config-session b/apparmor.d/groups/lxqt/lxqt-config-session new file mode 100644 index 000000000..07de7ac11 --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-config-session @@ -0,0 +1,51 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx16} = @{bin}/lxqt-config-session +profile lxqt-config-session @{exec_pathlx16} { + include + include + include + include + include + include + include + include + include + include + include + include + + @{exec_pathlx16} mr, + + /usr/share/libfm-qt6/translations/libfm-qt_de.qm r, + /usr/share/gvfs/remote-volume-monitors/ r, + /usr/share/gvfs/remote-volume-monitors/udisks2.monitor r, + + /etc/fstab r, + /etc/xdg/autostart/ r, + /etc/xdg/autostart/** r, + + owner @{user_config_dirs}/#@{int} rw, + owner @{user_config_dirs}/QtProject.conf.@{rand6} rwkl, + owner @{user_config_dirs}/QtProject.conf.lock rwk, + owner @{user_config_dirs}/autostart/*.desktop r, + owner @{user_config_dirs}/autostart/lxqt-config-monitor-autostart.desktop r, + owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, + owner @{user_config_dirs}/user-dirs.dirs rw, + + owner /tmp/@{int} r, + + @{PROC}/sys/kernel/random/boot_id r, + owner @{PROC}/@{pid}/mountinfo r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-globalkeysd b/apparmor.d/groups/lxqt/lxqt-globalkeysd new file mode 100644 index 000000000..7ddfe5ba2 --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-globalkeysd @@ -0,0 +1,43 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx20} = @{bin}/lxqt-globalkeysd +profile lxqt-globalkeysd @{exec_pathlx20} { + include + include + include + include + include + include + include + include + + @{exec_pathlx20} mr, + + @{bin}/screengrab rpx, + @{bin}/lxqt-config-brightness rpx, + + /usr/share/lxqt/globalkeyshortcuts.conf rw, + + /var/lib/dbus/machine-id r, + + owner @{user_config_dirs}/lxqt/* rwk, + owner @{user_config_dirs}/lxqt/globalkeyshortcuts.conf.lock wrk, + owner @{user_config_dirs}/lxqt/#@{int} wr, + owner @{user_config_dirs}/lxqt/globalkeyshortcuts.conf.@{rand6} rw, + owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, + + /dev/tty rw, + + owner /tmp/@{int} r, + + @{PROC}/sys/kernel/random/boot_id r, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-leave b/apparmor.d/groups/lxqt/lxqt-leave new file mode 100644 index 000000000..59a6189f0 --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-leave @@ -0,0 +1,29 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx21} = @{bin}/lxqt-leave +profile lxqt-leave @{exec_pathlx21} { + include + include + include + include + include + include + include + include + include + + @{exec_pathlx21} mr, + + owner /tmp/@{int} r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-notificationd b/apparmor.d/groups/lxqt/lxqt-notificationd new file mode 100644 index 000000000..eb2c3a20b --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-notificationd @@ -0,0 +1,58 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx112} = @{bin}/lxqt-notificationd +profile lxqt-notificationd @{exec_pathlx112} { + include + include + include + include + include + include + include + include + include + + dbus receive + bus=session + path="/org/freedesktop/Notifications" + interface="org.freedesktop.DBus.Introspectable" + peer=(name=":[0-9]*.[0-9]*"), + dbus send + bus=session + path="/org/freedesktop/Notifications" + interface="org.freedesktop.Notifications" + peer=(name="org.freedesktop.DBus"), + dbus receive + bus=session + path="/org/freedesktop/Notifications" + interface="org.freedesktop.Notifications" + peer=(name=":[0-9]*.[0-9]*"), + + @{exec_pathlx112} mr, + + /etc/nsswitch.conf r, + + /var/lib/dpkg/info/lxqt-notifications.conffiles r, + + owner @{user_cache_dirs}/lxqt-notificationd/** rwk, + owner @{user_cache_dirs}/lxqt-notificationd/#@{int} rw, + owner @{user_cache_dirs}/lxqt-notificationd/unattended.list.@{rand6} rwkl -> @{user_cache_dirs}/lxqt-notificationd/#@{int}, + owner @{user_cache_dirs}/mesa_shader_cache/index rwk, + + owner @{user_config_dirs}/lxqt/globalkeyshortcuts.conf.@{rand6} rwkl -> @{user_config_dirs}/lxqt/#@{int}, + + owner /tmp/{,**} r, + + @{PROC}/sys/kernel/random/boot_id r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-openssh-askpass b/apparmor.d/groups/lxqt/lxqt-openssh-askpass new file mode 100644 index 000000000..4a7e0b39a --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-openssh-askpass @@ -0,0 +1,28 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx23} = @{bin}/lxqt-openssh-askpass +profile lxqt-openssh-askpass @{exec_pathlx23} { + include + include + include + include + include + include + include + include + + @{exec_pathlx23} mr, + + owner /tmp/@{int} r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-panel b/apparmor.d/groups/lxqt/lxqt-panel new file mode 100644 index 000000000..b501afbab --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-panel @@ -0,0 +1,89 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx24} = @{bin}/lxqt-panel +profile lxqt-panel @{exec_pathlx24} { + include + include + include + include + include + include + + network inet dgram, + network inet stream, + network inet6 dgram, + network inet6 stream, + network inet dgram, + network inet stream, + network netlink raw, + network packet dgram, + + @{exec_pathlx24} mr, + + @{bin}/exo-open rix, + @{bin}/nm-connection-editor rPx, + @{bin}/xdg-open rPx, + + @{bin}/ControlPanel rPx, + + /usr/lib{,32,64}/lxqt-panel/*.so mr, # LXQT-Plugins + /usr/lib{,32,64}/lxqt-config/*.so mr, # LXQT-Plugins + + /usr/share/lxqt/helpers/*.desktop r, + /usr/share/lxqt/panel/plugins/{,*.desktop} r, + /usr/share/desktop-directories/{,**} r, + /usr/share/X11/locale/locale.alias r, + /usr/share/lxqt/themes/{,**} r, + + /etc/fstab r, + /etc/udev/udev.conf r, + /etc/machine-id r, + /etc/xdg/lxqt-qtxdg.conf r, + /etc/xdg/menus/**.menu r, + /etc/xdg/menus/applications-merged/ r, + /etc/xdg/ui/uistandards.rc r, + + /var/lib/dbus/machine-id r, + + /opt/tor/tor-browser/Browser/browser/chrome/icons/default/*.png r, + /opt/tormedium/tor-browser/Browser/browser/chrome/icons/default/*.png r, + + owner @{HOME}/.config/menus/**.menu rw, + owner @{HOME}/.config/menus/applications-merged/ r, + owner @{HOME}/Desktop/** r, + owner @{HOME}/.local/share/desktop-directories/*.directory r, + owner @{HOME}/.local/share/gvfs-metadata/{,*} r, + + owner @{user_config_dirs}/lxqt/{,**} rw, + owner @{user_config_dirs}/lxqt/panel.conf.lock rwk, + owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, + owner @{user_config_dirs}/pulse/{,**} rwk, + owner @{user_config_dirs}/lxqt/globalkeyshortcuts.conf.@{rand6} rwk, + owner @{user_config_dirs}/ibus/bus/{,**} rw, + + @{run}/udev/data/* r, + + @{sys}/class/i2c-adapter/ r, + @{sys}/devices/@{pci_bus}/0000:00:*/ata@{int}/host@{int}/**/**/**/**/**/* r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{cur,min,max}_freq r, + @{sys}/devices/@{pci_bus}/**/**/nvme/nvme0/nvme0n1/nvme0n1p4/uevent r, + @{sys}/devices/@{pci_bus}/**/**/usb@{int}/** r, + + @{PROC}/@{pid}/fd/ r, + @{PROC}/@{pid}/net/dev r, + owner @{PROC}/@{pid}/mounts r, + + /dev/tty rw, + /dev/tty@{int} rw, + /dev/pts/[0-9]* rw, + /dev/snd/controlC[0-9]* rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-policykit-agent b/apparmor.d/groups/lxqt/lxqt-policykit-agent new file mode 100644 index 000000000..ec0f7bb28 --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-policykit-agent @@ -0,0 +1,54 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx25} = @{lib}/@{multiarch}/lxqt-policykit-agent-[0-9] +@{exec_pathlx25} += @{bin}/lxqt-policykit-agent +profile lxqt-policykit-agent @{exec_pathlx25} { + include + include + include + include + include + include + include + include + include + + signal (send) set=(term, kill) peer=polkit-agent-helper, + + @{exec_pathlx25} mr, + + @{lib}/polkit-[0-9]/polkit-agent-helper-[0-9] rPx, + + /usr/share/lxqt/translations/lxqt-policykit-agent/lxqt-policykit-agent_de.qm r, + + /etc/machine-id r, + + /var/lib/dbus/machine-id r, + + owner @{user_cache_dirs}/icon-cache.kcache rw, + owner @{user_config_dirs}/qt5ct/{,**} r, + + owner /tmp/#@{int} rw, + owner /tmp/lxqt-policykit-agent-[0-9].* rwl -> /tmp/#@{int}, + + @{run}/systemd/users/@{uid} r, + + @{sys}/devices/system/node/ r, + @{sys}/devices/system/node/node@{int}/meminfo r, + + @{PROC}/@{pid}/cgroup r, + @{PROC}/@{pid}/cmdline r, + @{PROC}/@{pid}/fd/ r, + @{PROC}/sys/kernel/core_pattern r, + + /dev/shm/#@{int} rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-powermanagement b/apparmor.d/groups/lxqt/lxqt-powermanagement new file mode 100644 index 000000000..9a102bad9 --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-powermanagement @@ -0,0 +1,38 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx266} = @{bin}/lxqt-powermanagement +profile lxqt-powermanagement @{exec_pathlx266} flags=(attach_disconnected) { + include + include + include + include + include + include + include + + network netlink raw, + + @{exec_pathlx266} mr, + + @{bin}/xset rPx, + + /etc/udev/udev.conf r, + /etc/fstab r, + + owner /tmp/@{int} r, + + @{run}/systemd/inhibit/* rw, + + owner @{PROC}/@{pid}/mounts r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-runner b/apparmor.d/groups/lxqt/lxqt-runner new file mode 100644 index 000000000..04b9b6a2a --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-runner @@ -0,0 +1,41 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx27} = @{bin}/lxqt-runner +profile lxqt-runner @{exec_pathlx27} { + include + include + include + include + include + include + include + + @{exec_pathlx27} mr, + + /usr/share/icons/ r, + /usr/share/icons/{,**} r, + /usr/share/desktop-directories/ r, + /usr/share/desktop-directories/{,**} r, + + /etc/xdg/menus/lxqt-applications.menu r, + + owner @{user_config_dirs}/lxqt/lxqt-runner.conf.lock rwk, + owner @{user_config_dirs}/lxqt/#@{int} rw, + owner @{user_config_dirs}/lxqt/lxqt-runner.conf.@{rand6} rwkl -> @{user_config_dirs}/lxqt/#@{int}, + + # only needed if tor is installed on /opt + owner /opt/*/**/*.png r, + + owner /tmp/@{int} r, + + /dev/tty rw, + + include if exists +} diff --git a/apparmor.d/groups/lxqt/lxqt-session b/apparmor.d/groups/lxqt/lxqt-session new file mode 100644 index 000000000..9216c24ca --- /dev/null +++ b/apparmor.d/groups/lxqt/lxqt-session @@ -0,0 +1,130 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathlx771} = @{bin}/lxqt-session +profile lxqt-session @{exec_pathlx771} { + include + include + include + include + include + include + include + include + include + include + include + include + include + include + include + include + include + include + + signal (send), + signal (receive) set=(kill, term) peer=startlxqt, + signal (receive) set=(kill, term) peer=sddm, + + ptrace (read), + + network netlink raw, + + @{exec_pathlx771} mr, + + @{sh_path} rix, + @{bin}/sed rix, + @{bin}/readlink rix, + @{bin}/dirname rix, + @{bin}/system-config-printer-applet rPx, + @{bin}/lxqt-config-input rPx, + @{bin}/lxqt-session-settings rPx, + @{bin}/lxqt-globalkeysd rPx, + @{bin}/lxqt-panel rPx, + @{bin}/lxqt-policykit-agent rPx, + @{bin}/lxqt-runner rPx, + @{bin}/lxqt-notificationd rPx, + @{bin}/lxqt-powermanagement rPx, + @{bin}/lxqt-config rPx, + @{bin}/lxqt-leave rPx, + @{bin}/lxqt-about rPx, + @{bin}/dbus-send rPUx, + @{bin}/dbus-update-activation-environment rCx -> dbus, + @{bin}/systemctl rCx -> systemctl, + + @{bin}/pavucontrol rPx, + @{bin}/pulseaudio rPx, + @{bin}/python3.@{int} rPx, + @{lib}/python3.@{int} rPx, + @{bin}/xfe rPx, + @{bin}/nm-connection-editor rPx, + @{bin}/nm-applet rPx, + @{bin}/nm-tray rPx, + @{bin}/pcmanfm-qt rPx, + @{bin}/openbox rix, + @{bin}/dconf-editor rPx, + @{bin}/setxkbmap rix, + @{bin}/start-pulseaudio-x11 rPx, + @{bin}/xrdb rPx, + @{bin}/xdg-user-dirs-update rPx, + /usr/lib/{/,x86_64-linux-gnu/}tumbler-1/tumblerd rPx, + + /usr/share/ r, + /usr/share/mime/ r, + /usr/share/cursors/ r, + /usr/share/backintime/common/* r, + /usr/share/desktop-directories/* r, + /usr/share/system-config-printer/* r, + + /etc/xdg/ r, + /etc/xdg/autostart/ r, + /etc/xdg/autostart/*.desktop r, + /etc/xdg/menus/lxqt-* r, + /etc/xdg/openbox/* r, + /etc/udev/udev.conf r, + + owner @{HOME}/.local/share/ r, + owner @{HOME}/.config/ r, + owner @{HOME}/.config/autostart/ r, + owner @{HOME}/.config/autostart/* rw, + owner @{user_cache_dirs}/openbox/openbox.log rwk, + owner @{user_config_dirs}/mimeapps.list{,.@{rand6}} rw, + owner @{user_config_dirs}/dconf/user r, + owner @{user_config_dirs}/openbox/rc.xml r, + owner @{user_share_dirs}/sddm/xorg-session.log rw, + + @{PROC}/ r, + @{PROC}/uptime r, + @{PROC}/@{pid}/stat r, + owner @{PROC}/@{pid}/stat r, + + @{run}/systemd/inhibit/** rw, + + include if exists + + profile systemctl { + include + include + + include if exists + } + + profile dbus { + include + include + + @{bin}/dbus-update-activation-environment mr, + + owner @{user_share_dirs}/sddm/xorg-session.log rw, + + include if exists + } + +} + diff --git a/apparmor.d/groups/lxqt/startlxqt b/apparmor.d/groups/lxqt/startlxqt new file mode 100644 index 000000000..86938ba03 --- /dev/null +++ b/apparmor.d/groups/lxqt/startlxqt @@ -0,0 +1,87 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2023 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_pathstlx} = @{bin}/startlxqt +profile startlxqt @{exec_pathstlx} { + include + include + include + include + + signal (receive) set=(term) peer=sddm, + + @{exec_pathstlx} mr, + + @{bin}/xrdb rPx, + @{bin}/xsetroot rPx, + @{bin}/xprop rpx, + @{bin}/mkdir rix, + @{bin}/dbus-launch rPx, + @{bin}/lxqt-session rPx, + @{sh_path} rix, + + /usr/share/color-schemes/{,**} r, + /usr/share/desktop-directories/{,**} r, + /usr/share/icu/@{int}.@{int}/*.dat r, + /usr/share/knotifications5/{,**} r, + /usr/share/kservices5/{,**} r, + /usr/share/kservicetypes5/{,**} r, + /usr/share/mime/{,**} r, + /usr/share/plasma/{,**} r, + + /etc/locale.alias r, + /etc/machine-id r, + /etc/xdg/kcminputrc r, + /etc/xdg/kdeglobals r, + /etc/xdg/menus/{,**} r, + + @{HOME}/ r, + owner @{HOME}/.Xauthority r, + + owner @{user_cache_dirs}/ rw, + owner @{user_cache_dirs}/#@{int} rw, + owner @{user_cache_dirs}/kcrash-metadata/ rw, + @{user_cache_dirs}/ksycoca5_* rwkl -> @{user_cache_dirs}/#@{int}, + owner @{user_cache_dirs}/plasma-svgelements rw, + + owner @{user_config_dirs}/#@{int} rw, + owner @{user_config_dirs}/gtkrc rl, + owner @{user_config_dirs}/gtkrc-2.0 rl, + owner @{user_config_dirs}/kcminputrc r, + owner @{user_config_dirs}/lxqt/ rw, + owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/kdedefaults/**, + owner @{user_config_dirs}/kdeglobals.lock rwk, + owner @{user_config_dirs}/kdeglobals{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, + owner @{user_config_dirs}/ksplashrc r, + owner @{user_config_dirs}/kwinkdeglobalsrc.lock rwk, + owner @{user_config_dirs}/menus/{,**} r, + owner @{user_config_dirs}/plasma-localerc rwl, + owner @{user_config_dirs}/plasma-localerc.lock rwk, + owner @{user_config_dirs}/plasma-workspace/env/ r, + owner @{user_config_dirs}/startkderc r, + owner @{user_config_dirs}/Trolltech.conf rwl, + owner @{user_config_dirs}/Trolltech.conf.lock rwk, + + owner @{user_share_dirs}/kservices5/{,**} r, + owner @{user_share_dirs}/sddm/wayland-session.log rw, + owner @{user_share_dirs}/sddm/xorg-session.log rw, + + owner /tmp/#@{int} rw, + owner /tmp/startlxqt.@{rand6} rwl -> /tmp/#@{int}, + + owner @{run}/user/@{uid}/ r, + @{run}/user/@{uid}/xauth_@{rand6} rl, + + @{PROC}/sys/kernel/core_pattern r, + @{PROC}/sys/kernel/random/boot_id r, + owner @{PROC}/@{pid}/maps r, + + + /dev/tty rw, + /dev/tty@{int} rw, +} From 95cd8b16374d8f89379e6943e145a632c80bfcc1 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:19:33 +0000 Subject: [PATCH 02/78] Update lximage-qt --- apparmor.d/groups/lxqt/lximage-qt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lximage-qt b/apparmor.d/groups/lxqt/lximage-qt index ff5de9488..f331ecbb1 100644 --- a/apparmor.d/groups/lxqt/lximage-qt +++ b/apparmor.d/groups/lxqt/lximage-qt @@ -7,8 +7,8 @@ abi , include -@{exec_pathLXI} = @{bin}/lximage-qt -profile lximage-qt @{exec_pathLXI} { +@{exec_path} = @{bin}/lximage-qt +profile lximage-qt @{exec_path} { include include include @@ -20,7 +20,7 @@ profile lximage-qt @{exec_pathLXI} { include include - @{exec_pathLXI} mr, + @{exec_path} mr, @{lib}exec/menu-cache/menu-cached mr, /usr/share/icons/{,**} r, From 5e5dffbddab13c9cb4bb8db4371bc5eae90da06a Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:20:13 +0000 Subject: [PATCH 03/78] Update lxqt-about --- apparmor.d/groups/lxqt/lxqt-about | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-about b/apparmor.d/groups/lxqt/lxqt-about index d94c192a5..3c4691236 100644 --- a/apparmor.d/groups/lxqt/lxqt-about +++ b/apparmor.d/groups/lxqt/lxqt-about @@ -7,15 +7,15 @@ abi , include -@{exec_pathlx1} = @{bin}/lxqt-about -profile lxqt-about @{exec_pathlx1} { +@{exec_path} = @{bin}/lxqt-about +profile lxqt-about @{exec_path} { include include include include include - @{exec_pathlx1} mr, + @{exec_path} mr, /usr/share/icons/{,**} r, /usr/share/desktop-directories/{,**} r, From 017a0eff836b05249b763dc0bc866d0d043c5613 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:20:46 +0000 Subject: [PATCH 04/78] Update lxqt-admin-time --- apparmor.d/groups/lxqt/lxqt-admin-time | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-admin-time b/apparmor.d/groups/lxqt/lxqt-admin-time index c363bbef8..40efe3b92 100644 --- a/apparmor.d/groups/lxqt/lxqt-admin-time +++ b/apparmor.d/groups/lxqt/lxqt-admin-time @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx2} = @{bin}/lxqt-admin-time -profile lxqt-admin-time @{exec_pathlx2} { +@{exec_path} = @{bin}/lxqt-admin-time +profile lxqt-admin-time @{exec_path} { include include include @@ -18,7 +18,7 @@ profile lxqt-admin-time @{exec_pathlx2} { include include - @{exec_pathlx2} mr, + @{exec_path} mr, owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, From c8904c344ac1ede9c518931a63804b9ea4d959a7 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:21:18 +0000 Subject: [PATCH 05/78] Update lxqt-admin-user --- apparmor.d/groups/lxqt/lxqt-admin-user | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-admin-user b/apparmor.d/groups/lxqt/lxqt-admin-user index cc77562b4..6c9504b97 100644 --- a/apparmor.d/groups/lxqt/lxqt-admin-user +++ b/apparmor.d/groups/lxqt/lxqt-admin-user @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx3} = @{bin}/lxqt-admin-user -profile lxqt-admin-user @{exec_pathlx3} { +@{exec_path} = @{bin}/lxqt-admin-user +profile lxqt-admin-user @{exec_path} { include include include @@ -19,7 +19,7 @@ profile lxqt-admin-user @{exec_pathlx3} { include include - @{exec_pathlx3} mr, + @{exec_path} mr, @{bin}/pkexec rPx, @{bin}/usermod rPx, From 960a1add2dc335f1985140027d9ad3efaeb20d08 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:21:57 +0000 Subject: [PATCH 06/78] Update lxqt-admin-user-helper --- apparmor.d/groups/lxqt/lxqt-admin-user-helper | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-admin-user-helper b/apparmor.d/groups/lxqt/lxqt-admin-user-helper index 0f39b7d35..28b2d02af 100644 --- a/apparmor.d/groups/lxqt/lxqt-admin-user-helper +++ b/apparmor.d/groups/lxqt/lxqt-admin-user-helper @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx4} = @{bin}/lxqt-admin-user-helper -profile lxqt-admin-user-helper @{exec_pathlx4} { +@{exec_path} = @{bin}/lxqt-admin-user-helper +profile lxqt-admin-user-helper @{exec_path} { include include include @@ -18,7 +18,7 @@ profile lxqt-admin-user-helper @{exec_pathlx4} { include include - @{exec_pathlx4} mr, + @{exec_path} mr, @{bin}/usermod rPx, From c519960b2ee3be75f16022538d40d856aae666b0 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:22:25 +0000 Subject: [PATCH 07/78] Update lxqt-archiver --- apparmor.d/groups/lxqt/lxqt-archiver | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-archiver b/apparmor.d/groups/lxqt/lxqt-archiver index 9aaf3f32e..90abd1de5 100644 --- a/apparmor.d/groups/lxqt/lxqt-archiver +++ b/apparmor.d/groups/lxqt/lxqt-archiver @@ -7,8 +7,8 @@ abi , include -@{exec_path995} = @{bin}/lxqt-archiver -profile lxqt-archiver @{exec_path995} { +@{exec_path} = @{bin}/lxqt-archiver +profile lxqt-archiver @{exec_path} { include include include @@ -18,7 +18,7 @@ profile lxqt-archiver @{exec_path995} { include include - @{exec_path995} mr, + @{exec_path} mr, owner /tmp/@{int} r, From 3cb096d1ed8cc7a89157254d674637924a79f08a Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:23:01 +0000 Subject: [PATCH 08/78] Update lxqt-backlight_backend --- apparmor.d/groups/lxqt/lxqt-backlight_backend | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-backlight_backend b/apparmor.d/groups/lxqt/lxqt-backlight_backend index 37a1be5de..4ca42a8f5 100644 --- a/apparmor.d/groups/lxqt/lxqt-backlight_backend +++ b/apparmor.d/groups/lxqt/lxqt-backlight_backend @@ -7,8 +7,8 @@ abi , include -@{exec_path998} = @{bin}/lxqt-backlight_backend -profile lxqt-backlight_backend @{exec_path998} { +@{exec_path} = @{bin}/lxqt-backlight_backend +profile lxqt-backlight_backend @{exec_path} { include include include @@ -18,7 +18,7 @@ profile lxqt-backlight_backend @{exec_path998} { include include - @{exec_path998} mr, + @{exec_path} mr, @{sys}/class/backlight/ r, @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/ r, From 9887ee168ab6b36c754587a3714b54cffd4cdd1d Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:23:26 +0000 Subject: [PATCH 09/78] Update lxqt-config --- apparmor.d/groups/lxqt/lxqt-config | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config b/apparmor.d/groups/lxqt/lxqt-config index b3f5d9e22..10d591ba6 100644 --- a/apparmor.d/groups/lxqt/lxqt-config +++ b/apparmor.d/groups/lxqt/lxqt-config @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx5} = @{bin}/lxqt-config -profile lxqt-config @{exec_pathlx5} { +@{exec_path} = @{bin}/lxqt-config +profile lxqt-config @{exec_path} { include include include @@ -19,7 +19,7 @@ profile lxqt-config @{exec_pathlx5} { include include - @{exec_pathlx5} mr, + @{exec_path} mr, @{bin}/lxqt-admin-user rPx, @{bin}/ibus-setup rPx, From 6c6e97aba4160e20f701c000ffec581cfac519af Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:23:51 +0000 Subject: [PATCH 10/78] Update lxqt-config-appearance --- apparmor.d/groups/lxqt/lxqt-config-appearance | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-appearance b/apparmor.d/groups/lxqt/lxqt-config-appearance index b21b357d8..04e2c0217 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-appearance +++ b/apparmor.d/groups/lxqt/lxqt-config-appearance @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx6} = @{bin}/lxqt-config-appearance -profile lxqt-config-appearance @{exec_pathlx6} { +@{exec_path} = @{bin}/lxqt-config-appearance +profile lxqt-config-appearance @{exec_path} { include include include @@ -21,7 +21,7 @@ profile lxqt-config-appearance @{exec_pathlx6} { include include - @{exec_pathlx6} mr, + @{exec_path} mr, @{bin}/gsettings rPx, @{bin}/pcmanfm-qt rPx, From bde4630e5994a7a60023a9ce912b8cd955302ad9 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:24:20 +0000 Subject: [PATCH 11/78] Update lxqt-config-brightness --- apparmor.d/groups/lxqt/lxqt-config-brightness | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-brightness b/apparmor.d/groups/lxqt/lxqt-config-brightness index 4f90c5d3d..cb3c05e1a 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-brightness +++ b/apparmor.d/groups/lxqt/lxqt-config-brightness @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx7} = @{bin}/lxqt-config-brightness -profile lxqt-config-brightness @{exec_pathlx7} { +@{exec_path} = @{bin}/lxqt-config-brightness +profile lxqt-config-brightness @{exec_path} { include include include @@ -18,7 +18,7 @@ profile lxqt-config-brightness @{exec_pathlx7} { include include - @{exec_pathlx7} mr, + @{exec_path} mr, @{bin}/pkexec rpx, @{sh_path} rix, From aa84ce983a395c6e513e38adb32faf1b452b86d4 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:24:50 +0000 Subject: [PATCH 12/78] Update lxqt-config-file-associations --- apparmor.d/groups/lxqt/lxqt-config-file-associations | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-file-associations b/apparmor.d/groups/lxqt/lxqt-config-file-associations index 637ec2a01..c694a7d9b 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-file-associations +++ b/apparmor.d/groups/lxqt/lxqt-config-file-associations @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx18} = @{bin}/lxqt-config-file-associations -profile lxqt-config-file-associations @{exec_pathlx18} { +@{exec_path} = @{bin}/lxqt-config-file-associations +profile lxqt-config-file-associations @{exec_path} { include include include @@ -18,7 +18,7 @@ profile lxqt-config-file-associations @{exec_pathlx18} { include include - @{exec_pathlx18} mr, + @{exec_path} mr, owner @{user_config_dirs}/ r, owner @{user_config_dirs}/mimeapps* rwk, From b6dc2c12b9a09070f956f6b2bdb660175c79a122 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:25:20 +0000 Subject: [PATCH 13/78] Update lxqt-config-globalkeyshortcuts --- apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts b/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts index 77c3cadf2..53a9e5284 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts +++ b/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx8} = @{bin}/lxqt-config-globalkeyshortcuts -profile lxqt-config-globalkeyshortcuts @{exec_pathlx8} { +@{exec_path} = @{bin}/lxqt-config-globalkeyshortcuts +profile lxqt-config-globalkeyshortcuts @{exec_path} { include include include @@ -19,7 +19,7 @@ profile lxqt-config-globalkeyshortcuts @{exec_pathlx8} { include include - @{exec_pathlx8} mr, + @{exec_path} mr, owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, From 724deea00dcc7d4dc6c0d5f97b1710d22a6bf6ed Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:25:48 +0000 Subject: [PATCH 14/78] Update lxqt-config-input --- apparmor.d/groups/lxqt/lxqt-config-input | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-input b/apparmor.d/groups/lxqt/lxqt-config-input index 26ab48f75..3eb95e8f8 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-input +++ b/apparmor.d/groups/lxqt/lxqt-config-input @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx9} = @{bin}/lxqt-config-input -profile lxqt-config-input @{exec_pathlx9} { +@{exec_path} = @{bin}/lxqt-config-input +profile lxqt-config-input @{exec_path} { include include include @@ -26,7 +26,7 @@ profile lxqt-config-input @{exec_pathlx9} { signal (read) set=(kill,term) peer=lxqt-session, - @{exec_pathlx9} mr, + @{exec_path} mr, @{bin}/setxkbmap rix, From e3583ad72dbb77557501aedc91893d1cc14c393e Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:26:18 +0000 Subject: [PATCH 15/78] Update lxqt-config-locale --- apparmor.d/groups/lxqt/lxqt-config-locale | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-locale b/apparmor.d/groups/lxqt/lxqt-config-locale index 616cd27eb..b0d9a17ed 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-locale +++ b/apparmor.d/groups/lxqt/lxqt-config-locale @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx10} = @{bin}/lxqt-config-locale -profile lxqt-config-locale @{exec_pathlx10} { +@{exec_path} = @{bin}/lxqt-config-locale +profile lxqt-config-locale @{exec_path} { include include include @@ -18,7 +18,7 @@ profile lxqt-config-locale @{exec_pathlx10} { include include - @{exec_pathlx10} mr, + @{exec_path} mr, owner @{user_config_dirs}/lxqt/* r, owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, From 66f3cb6581d89cdef1796d5578c2001980178648 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:26:50 +0000 Subject: [PATCH 16/78] Update lxqt-config-monitor --- apparmor.d/groups/lxqt/lxqt-config-monitor | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-monitor b/apparmor.d/groups/lxqt/lxqt-config-monitor index f519f5064..56fc3c335 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-monitor +++ b/apparmor.d/groups/lxqt/lxqt-config-monitor @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx11} = @{bin}/lxqt-config-monitor -profile lxqt-config-monitor @{exec_pathlx11} { +@{exec_path} = @{bin}/lxqt-config-monitor +profile lxqt-config-monitor @{exec_path} { include include include @@ -20,7 +20,7 @@ profile lxqt-config-monitor @{exec_pathlx11} { signal (read) set=(kill,term) peer=lxqt-session, - @{exec_pathlx11} mr, + @{exec_path} mr, owner /tmp/@{int} r, From 3b2d4a44ae4c3e2b30b9e7644bff160287cf9b94 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:27:18 +0000 Subject: [PATCH 17/78] Update lxqt-config-notificationd --- apparmor.d/groups/lxqt/lxqt-config-notificationd | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-notificationd b/apparmor.d/groups/lxqt/lxqt-config-notificationd index 5811d9258..781ccb7c0 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-notificationd +++ b/apparmor.d/groups/lxqt/lxqt-config-notificationd @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx12} = @{bin}/lxqt-config-notificationd -profile lxqt-config-notificationd @{exec_pathlx12} { +@{exec_path} = @{bin}/lxqt-config-notificationd +profile lxqt-config-notificationd @{exec_path} { include include include @@ -17,7 +17,7 @@ profile lxqt-config-notificationd @{exec_pathlx12} { include include - @{exec_pathlx12} mr, + @{exec_path} mr, /etc/machine-id r, From 5964617f313f4d1e060a2b65b9d4707503dd100a Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:27:46 +0000 Subject: [PATCH 18/78] Update lxqt-config-powermanagement --- apparmor.d/groups/lxqt/lxqt-config-powermanagement | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-powermanagement b/apparmor.d/groups/lxqt/lxqt-config-powermanagement index 770e65361..fc088ca40 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-powermanagement +++ b/apparmor.d/groups/lxqt/lxqt-config-powermanagement @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx14} = @{bin}/lxqt-config-powermanagement -profile lxqt-config-powermanagement @{exec_pathlx14} { +@{exec_path} = @{bin}/lxqt-config-powermanagement +profile lxqt-config-powermanagement @{exec_path} { include include include @@ -19,7 +19,7 @@ profile lxqt-config-powermanagement @{exec_pathlx14} { include include - @{exec_pathlx14} mr, + @{exec_path} mr, owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, From feeda18c26b8441ff3c4a3fa69593da40ee6f35b Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:28:12 +0000 Subject: [PATCH 19/78] Update lxqt-config-printer --- apparmor.d/groups/lxqt/lxqt-config-printer | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-printer b/apparmor.d/groups/lxqt/lxqt-config-printer index 07e1f6553..dc5b8cedb 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-printer +++ b/apparmor.d/groups/lxqt/lxqt-config-printer @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx15} = @{bin}/lxqt-config-printer -profile lxqt-config-printer @{exec_pathlx15} { +@{exec_path} = @{bin}/lxqt-config-printer +profile lxqt-config-printer @{exec_path} { include include include @@ -18,7 +18,7 @@ profile lxqt-config-printer @{exec_pathlx15} { include include - @{exec_pathlx15} mr, + @{exec_path} mr, owner /tmp/@{int} r, From 075112e5c89aae9bbe11713d4e8feedd31ae69b7 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:28:41 +0000 Subject: [PATCH 20/78] Update lxqt-config-session --- apparmor.d/groups/lxqt/lxqt-config-session | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-session b/apparmor.d/groups/lxqt/lxqt-config-session index 07de7ac11..113b863b6 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-session +++ b/apparmor.d/groups/lxqt/lxqt-config-session @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx16} = @{bin}/lxqt-config-session -profile lxqt-config-session @{exec_pathlx16} { +@{exec_path} = @{bin}/lxqt-config-session +profile lxqt-config-session @{exec_path} { include include include @@ -22,7 +22,7 @@ profile lxqt-config-session @{exec_pathlx16} { include include - @{exec_pathlx16} mr, + @{exec_path} mr, /usr/share/libfm-qt6/translations/libfm-qt_de.qm r, /usr/share/gvfs/remote-volume-monitors/ r, From 0556fad616db7ac3b706ac79e7eb1fa2ea911e4f Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:29:05 +0000 Subject: [PATCH 21/78] Update lxqt-globalkeysd --- apparmor.d/groups/lxqt/lxqt-globalkeysd | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-globalkeysd b/apparmor.d/groups/lxqt/lxqt-globalkeysd index 7ddfe5ba2..4f4d07732 100644 --- a/apparmor.d/groups/lxqt/lxqt-globalkeysd +++ b/apparmor.d/groups/lxqt/lxqt-globalkeysd @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx20} = @{bin}/lxqt-globalkeysd -profile lxqt-globalkeysd @{exec_pathlx20} { +@{exec_path} = @{bin}/lxqt-globalkeysd +profile lxqt-globalkeysd @{exec_path} { include include include @@ -18,7 +18,7 @@ profile lxqt-globalkeysd @{exec_pathlx20} { include include - @{exec_pathlx20} mr, + @{exec_path} mr, @{bin}/screengrab rpx, @{bin}/lxqt-config-brightness rpx, From e072d6a6da4a2de6e5866db5428111b19b4cebd9 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:29:29 +0000 Subject: [PATCH 22/78] Update lxqt-leave --- apparmor.d/groups/lxqt/lxqt-leave | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-leave b/apparmor.d/groups/lxqt/lxqt-leave index 59a6189f0..123e582de 100644 --- a/apparmor.d/groups/lxqt/lxqt-leave +++ b/apparmor.d/groups/lxqt/lxqt-leave @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx21} = @{bin}/lxqt-leave -profile lxqt-leave @{exec_pathlx21} { +@{exec_path} = @{bin}/lxqt-leave +profile lxqt-leave @{exec_path} { include include include @@ -19,7 +19,7 @@ profile lxqt-leave @{exec_pathlx21} { include include - @{exec_pathlx21} mr, + @{exec_path} mr, owner /tmp/@{int} r, From 1b650cbe5a3bad2bf0871dd801ae55b04e820c89 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:29:56 +0000 Subject: [PATCH 23/78] Update lxqt-notificationd --- apparmor.d/groups/lxqt/lxqt-notificationd | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-notificationd b/apparmor.d/groups/lxqt/lxqt-notificationd index eb2c3a20b..024a4913d 100644 --- a/apparmor.d/groups/lxqt/lxqt-notificationd +++ b/apparmor.d/groups/lxqt/lxqt-notificationd @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx112} = @{bin}/lxqt-notificationd -profile lxqt-notificationd @{exec_pathlx112} { +@{exec_path} = @{bin}/lxqt-notificationd +profile lxqt-notificationd @{exec_path} { include include include @@ -35,7 +35,7 @@ profile lxqt-notificationd @{exec_pathlx112} { interface="org.freedesktop.Notifications" peer=(name=":[0-9]*.[0-9]*"), - @{exec_pathlx112} mr, + @{exec_path} mr, /etc/nsswitch.conf r, From 1b2dcd9b976247ba70cdba414f69839f13d5e93a Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:30:22 +0000 Subject: [PATCH 24/78] Update lxqt-openssh-askpass --- apparmor.d/groups/lxqt/lxqt-openssh-askpass | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-openssh-askpass b/apparmor.d/groups/lxqt/lxqt-openssh-askpass index 4a7e0b39a..c4bf06e25 100644 --- a/apparmor.d/groups/lxqt/lxqt-openssh-askpass +++ b/apparmor.d/groups/lxqt/lxqt-openssh-askpass @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx23} = @{bin}/lxqt-openssh-askpass -profile lxqt-openssh-askpass @{exec_pathlx23} { +@{exec_path} = @{bin}/lxqt-openssh-askpass +profile lxqt-openssh-askpass @{exec_path} { include include include @@ -18,7 +18,7 @@ profile lxqt-openssh-askpass @{exec_pathlx23} { include include - @{exec_pathlx23} mr, + @{exec_path} mr, owner /tmp/@{int} r, From fcec02a7f329ddde9c83e0d9bda4c4b33dda1bf0 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:30:45 +0000 Subject: [PATCH 25/78] Update lxqt-panel --- apparmor.d/groups/lxqt/lxqt-panel | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-panel b/apparmor.d/groups/lxqt/lxqt-panel index b501afbab..19623249b 100644 --- a/apparmor.d/groups/lxqt/lxqt-panel +++ b/apparmor.d/groups/lxqt/lxqt-panel @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx24} = @{bin}/lxqt-panel -profile lxqt-panel @{exec_pathlx24} { +@{exec_path} = @{bin}/lxqt-panel +profile lxqt-panel @{exec_path} { include include include @@ -25,7 +25,7 @@ profile lxqt-panel @{exec_pathlx24} { network netlink raw, network packet dgram, - @{exec_pathlx24} mr, + @{exec_path} mr, @{bin}/exo-open rix, @{bin}/nm-connection-editor rPx, From de9c6c6876efd3643d792d669a9af0174c695a9e Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:31:14 +0000 Subject: [PATCH 26/78] Update lxqt-policykit-agent --- apparmor.d/groups/lxqt/lxqt-policykit-agent | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-policykit-agent b/apparmor.d/groups/lxqt/lxqt-policykit-agent index ec0f7bb28..bc7787d79 100644 --- a/apparmor.d/groups/lxqt/lxqt-policykit-agent +++ b/apparmor.d/groups/lxqt/lxqt-policykit-agent @@ -7,9 +7,9 @@ abi , include -@{exec_pathlx25} = @{lib}/@{multiarch}/lxqt-policykit-agent-[0-9] -@{exec_pathlx25} += @{bin}/lxqt-policykit-agent -profile lxqt-policykit-agent @{exec_pathlx25} { +@{exec_path} = @{lib}/@{multiarch}/lxqt-policykit-agent-[0-9] +@{exec_path} += @{bin}/lxqt-policykit-agent +profile lxqt-policykit-agent @{exec_path} { include include include @@ -22,7 +22,7 @@ profile lxqt-policykit-agent @{exec_pathlx25} { signal (send) set=(term, kill) peer=polkit-agent-helper, - @{exec_pathlx25} mr, + @{exec_path} mr, @{lib}/polkit-[0-9]/polkit-agent-helper-[0-9] rPx, From 7e6daa55feb342d922a75b7b0ad3134a8a94f43a Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:31:40 +0000 Subject: [PATCH 27/78] Update lxqt-powermanagement --- apparmor.d/groups/lxqt/lxqt-powermanagement | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-powermanagement b/apparmor.d/groups/lxqt/lxqt-powermanagement index 9a102bad9..cda7f5552 100644 --- a/apparmor.d/groups/lxqt/lxqt-powermanagement +++ b/apparmor.d/groups/lxqt/lxqt-powermanagement @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx266} = @{bin}/lxqt-powermanagement -profile lxqt-powermanagement @{exec_pathlx266} flags=(attach_disconnected) { +@{exec_path} = @{bin}/lxqt-powermanagement +profile lxqt-powermanagement @{exec_path} flags=(attach_disconnected) { include include include @@ -19,7 +19,7 @@ profile lxqt-powermanagement @{exec_pathlx266} flags=(attach_disconnected) { network netlink raw, - @{exec_pathlx266} mr, + @{exec_path} mr, @{bin}/xset rPx, From 85d6afabdcee14b4c03fc61c0912122bab29a29f Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:31:59 +0000 Subject: [PATCH 28/78] Update lxqt-runner --- apparmor.d/groups/lxqt/lxqt-runner | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-runner b/apparmor.d/groups/lxqt/lxqt-runner index 04b9b6a2a..ba848dd16 100644 --- a/apparmor.d/groups/lxqt/lxqt-runner +++ b/apparmor.d/groups/lxqt/lxqt-runner @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx27} = @{bin}/lxqt-runner -profile lxqt-runner @{exec_pathlx27} { +@{exec_path} = @{bin}/lxqt-runner +profile lxqt-runner @{exec_path} { include include include @@ -17,7 +17,7 @@ profile lxqt-runner @{exec_pathlx27} { include include - @{exec_pathlx27} mr, + @{exec_path} mr, /usr/share/icons/ r, /usr/share/icons/{,**} r, From 055adbcfce9faf383dc053304dc8c0504af82260 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:32:34 +0000 Subject: [PATCH 29/78] Update lxqt-session --- apparmor.d/groups/lxqt/lxqt-session | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-session b/apparmor.d/groups/lxqt/lxqt-session index 9216c24ca..dce8853b5 100644 --- a/apparmor.d/groups/lxqt/lxqt-session +++ b/apparmor.d/groups/lxqt/lxqt-session @@ -7,8 +7,8 @@ abi , include -@{exec_pathlx771} = @{bin}/lxqt-session -profile lxqt-session @{exec_pathlx771} { +@{exec_path} = @{bin}/lxqt-session +profile lxqt-session @{exec_path} { include include include @@ -36,7 +36,7 @@ profile lxqt-session @{exec_pathlx771} { network netlink raw, - @{exec_pathlx771} mr, + @{exec_path} mr, @{sh_path} rix, @{bin}/sed rix, From 4d379c82694b8ad7b576b06a0bc6524460cfc4bd Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:32:57 +0000 Subject: [PATCH 30/78] Update startlxqt --- apparmor.d/groups/lxqt/startlxqt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/startlxqt b/apparmor.d/groups/lxqt/startlxqt index 86938ba03..56bd12940 100644 --- a/apparmor.d/groups/lxqt/startlxqt +++ b/apparmor.d/groups/lxqt/startlxqt @@ -6,8 +6,8 @@ abi , include -@{exec_pathstlx} = @{bin}/startlxqt -profile startlxqt @{exec_pathstlx} { +@{exec_path} = @{bin}/startlxqt +profile startlxqt @{exec_path} { include include include @@ -15,7 +15,7 @@ profile startlxqt @{exec_pathstlx} { signal (receive) set=(term) peer=sddm, - @{exec_pathstlx} mr, + @{exec_path} mr, @{bin}/xrdb rPx, @{bin}/xsetroot rPx, From cee61d5fc90eb0970cc7ed4f4645aa2a63582965 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:39:49 +0000 Subject: [PATCH 31/78] Update lximage-qt --- apparmor.d/groups/lxqt/lximage-qt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lximage-qt b/apparmor.d/groups/lxqt/lximage-qt index f331ecbb1..3215865d6 100644 --- a/apparmor.d/groups/lxqt/lximage-qt +++ b/apparmor.d/groups/lxqt/lximage-qt @@ -15,8 +15,8 @@ profile lximage-qt @{exec_path} { include include include - include - include + include + include include include From b748491b059fc0a301c1ea917376d4c5ef5fff95 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:40:19 +0000 Subject: [PATCH 32/78] Update lxqt-about --- apparmor.d/groups/lxqt/lxqt-about | 1 - 1 file changed, 1 deletion(-) diff --git a/apparmor.d/groups/lxqt/lxqt-about b/apparmor.d/groups/lxqt/lxqt-about index 3c4691236..efc50a5ba 100644 --- a/apparmor.d/groups/lxqt/lxqt-about +++ b/apparmor.d/groups/lxqt/lxqt-about @@ -13,7 +13,6 @@ profile lxqt-about @{exec_path} { include include include - include @{exec_path} mr, From 03b105d5af69356ded94411b901ce003a301cc9a Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:43:39 +0000 Subject: [PATCH 33/78] Update lxqt-admin-time --- apparmor.d/groups/lxqt/lxqt-admin-time | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-admin-time b/apparmor.d/groups/lxqt/lxqt-admin-time index 40efe3b92..fe2a0a5c0 100644 --- a/apparmor.d/groups/lxqt/lxqt-admin-time +++ b/apparmor.d/groups/lxqt/lxqt-admin-time @@ -12,6 +12,7 @@ profile lxqt-admin-time @{exec_path} { include include include + include include include include @@ -24,8 +25,6 @@ profile lxqt-admin-time @{exec_path} { owner /tmp/@{int} r, - @{PROC}/sys/kernel/random/boot_id r, - /dev/tty rw, include if exists From 73f59e262ef8ab6741c48fb3b96cbf83a4978991 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:44:35 +0000 Subject: [PATCH 34/78] Update lxqt-admin-user-helper --- apparmor.d/groups/lxqt/lxqt-admin-user-helper | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-admin-user-helper b/apparmor.d/groups/lxqt/lxqt-admin-user-helper index 28b2d02af..c96f0660e 100644 --- a/apparmor.d/groups/lxqt/lxqt-admin-user-helper +++ b/apparmor.d/groups/lxqt/lxqt-admin-user-helper @@ -14,8 +14,8 @@ profile lxqt-admin-user-helper @{exec_path} { include include include - include - include + include + include include @{exec_path} mr, From 84ec6d1542fb6e345ea13645d335a5254565e9b4 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:45:16 +0000 Subject: [PATCH 35/78] Update lxqt-admin-user --- apparmor.d/groups/lxqt/lxqt-admin-user | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-admin-user b/apparmor.d/groups/lxqt/lxqt-admin-user index 6c9504b97..4c5045181 100644 --- a/apparmor.d/groups/lxqt/lxqt-admin-user +++ b/apparmor.d/groups/lxqt/lxqt-admin-user @@ -14,8 +14,8 @@ profile lxqt-admin-user @{exec_path} { include include include - include - include + include + include include include From 61b13536f849b3cc60def7c46f4f7ae826254afa Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:45:51 +0000 Subject: [PATCH 36/78] Update lxqt-admin-time --- apparmor.d/groups/lxqt/lxqt-admin-time | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-admin-time b/apparmor.d/groups/lxqt/lxqt-admin-time index fe2a0a5c0..b9cc60f43 100644 --- a/apparmor.d/groups/lxqt/lxqt-admin-time +++ b/apparmor.d/groups/lxqt/lxqt-admin-time @@ -14,9 +14,9 @@ profile lxqt-admin-time @{exec_path} { include include include + include + include include - include - include include @{exec_path} mr, From 4cf3fe68a071523e6b95ac2cd24044a20911b412 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:46:17 +0000 Subject: [PATCH 37/78] Update lximage-qt --- apparmor.d/groups/lxqt/lximage-qt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lximage-qt b/apparmor.d/groups/lxqt/lximage-qt index 3215865d6..b07146108 100644 --- a/apparmor.d/groups/lxqt/lximage-qt +++ b/apparmor.d/groups/lxqt/lximage-qt @@ -12,8 +12,8 @@ profile lximage-qt @{exec_path} { include include include - include - include + include + include include include include From e661f255685494e0b35d1fb6929be7e50dace965 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:46:54 +0000 Subject: [PATCH 38/78] Update lxqt-archiver --- apparmor.d/groups/lxqt/lxqt-archiver | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-archiver b/apparmor.d/groups/lxqt/lxqt-archiver index 90abd1de5..4813d486c 100644 --- a/apparmor.d/groups/lxqt/lxqt-archiver +++ b/apparmor.d/groups/lxqt/lxqt-archiver @@ -14,8 +14,8 @@ profile lxqt-archiver @{exec_path} { include include include - include - include + include + include include @{exec_path} mr, From acaeee4efcb344ca7d5ab31040f4f6f63e9f5a8c Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:47:31 +0000 Subject: [PATCH 39/78] Update lxqt-backlight_backend --- apparmor.d/groups/lxqt/lxqt-backlight_backend | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-backlight_backend b/apparmor.d/groups/lxqt/lxqt-backlight_backend index 4ca42a8f5..2248b0e86 100644 --- a/apparmor.d/groups/lxqt/lxqt-backlight_backend +++ b/apparmor.d/groups/lxqt/lxqt-backlight_backend @@ -14,8 +14,8 @@ profile lxqt-backlight_backend @{exec_path} { include include include - include - include + include + include include @{exec_path} mr, From b231a6b64d76c8f21dfce4c26d1d5e706e833c07 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:48:06 +0000 Subject: [PATCH 40/78] Update lxqt-config --- apparmor.d/groups/lxqt/lxqt-config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config b/apparmor.d/groups/lxqt/lxqt-config index 10d591ba6..e926a9c9f 100644 --- a/apparmor.d/groups/lxqt/lxqt-config +++ b/apparmor.d/groups/lxqt/lxqt-config @@ -15,8 +15,8 @@ profile lxqt-config @{exec_path} { include include include - include - include + include + include include @{exec_path} mr, From d01ba2912f6e140c03c06986cdf150495e597459 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:48:47 +0000 Subject: [PATCH 41/78] Update lxqt-config-appearance --- apparmor.d/groups/lxqt/lxqt-config-appearance | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-appearance b/apparmor.d/groups/lxqt/lxqt-config-appearance index 04e2c0217..fba9cb7a6 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-appearance +++ b/apparmor.d/groups/lxqt/lxqt-config-appearance @@ -12,13 +12,12 @@ profile lxqt-config-appearance @{exec_path} { include include include - include include include include + include + include include - include - include include @{exec_path} mr, From b3dced95dbc172e63ee3d5fbe417becbbfc9c937 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:49:43 +0000 Subject: [PATCH 42/78] Update lxqt-config-brightness --- apparmor.d/groups/lxqt/lxqt-config-brightness | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-brightness b/apparmor.d/groups/lxqt/lxqt-config-brightness index cb3c05e1a..fb47705c1 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-brightness +++ b/apparmor.d/groups/lxqt/lxqt-config-brightness @@ -14,8 +14,8 @@ profile lxqt-config-brightness @{exec_path} { include include include - include - include + include + include include @{exec_path} mr, @@ -25,7 +25,7 @@ profile lxqt-config-brightness @{exec_path} { owner @{HOME}/ r, - owner /tmp/{,**} r, + owner /tmp/@{int} rw, @{sys}/class/backlight/ r, @{sys}/devices/@{pci_bus}/**/**/drm/card@{int}/card@{int}-eDP-@{int}/amdgpu_bl@{int}/* rw, From ebc22390feb8171c22116399478b3f384da2d802 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:50:21 +0000 Subject: [PATCH 43/78] Update lxqt-config-file-associations --- apparmor.d/groups/lxqt/lxqt-config-file-associations | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-file-associations b/apparmor.d/groups/lxqt/lxqt-config-file-associations index c694a7d9b..bb26670fa 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-file-associations +++ b/apparmor.d/groups/lxqt/lxqt-config-file-associations @@ -14,8 +14,8 @@ profile lxqt-config-file-associations @{exec_path} { include include include - include - include + include + include include @{exec_path} mr, From ee77f165245dc70a9c33cceadf90fb103e2886fb Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:50:53 +0000 Subject: [PATCH 44/78] Update lxqt-config-globalkeyshortcuts --- apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts b/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts index 53a9e5284..3330a1296 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts +++ b/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts @@ -15,8 +15,8 @@ profile lxqt-config-globalkeyshortcuts @{exec_path} { include include include - include - include + include + include include @{exec_path} mr, From 6b5eb1d515197ac3522022a912b5512f48a6a101 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:51:41 +0000 Subject: [PATCH 45/78] Update lxqt-config-input --- apparmor.d/groups/lxqt/lxqt-config-input | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-input b/apparmor.d/groups/lxqt/lxqt-config-input index 3eb95e8f8..0dcfc2bef 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-input +++ b/apparmor.d/groups/lxqt/lxqt-config-input @@ -15,8 +15,8 @@ profile lxqt-config-input @{exec_path} { include include include - include - include + include + include include include include @@ -34,7 +34,7 @@ profile lxqt-config-input @{exec_path} { owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, - owner /tmp/@{int} r, + owner /tmp/@{int} rw, @{run}/udev/data/c@{int}:* r, @{run}/udev/data/b@{int}:* r, From c415585495c52f905914d6b2bb22732504a68c72 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:52:15 +0000 Subject: [PATCH 46/78] Update lxqt-config-locale --- apparmor.d/groups/lxqt/lxqt-config-locale | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-locale b/apparmor.d/groups/lxqt/lxqt-config-locale index b0d9a17ed..5f109c958 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-locale +++ b/apparmor.d/groups/lxqt/lxqt-config-locale @@ -14,8 +14,8 @@ profile lxqt-config-locale @{exec_path} { include include include - include - include + include + include include @{exec_path} mr, From e49c12b95c379f9246de1ee1cf9d321a8907c01c Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:52:42 +0000 Subject: [PATCH 47/78] Update lxqt-config-monitor --- apparmor.d/groups/lxqt/lxqt-config-monitor | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-monitor b/apparmor.d/groups/lxqt/lxqt-config-monitor index 56fc3c335..3841e4bac 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-monitor +++ b/apparmor.d/groups/lxqt/lxqt-config-monitor @@ -14,8 +14,8 @@ profile lxqt-config-monitor @{exec_path} { include include include - include - include + include + include include signal (read) set=(kill,term) peer=lxqt-session, From 9c50b6927bb2240caa5d63c34f3d4506576ebd95 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:53:02 +0000 Subject: [PATCH 48/78] Update lxqt-config-notificationd --- apparmor.d/groups/lxqt/lxqt-config-notificationd | 1 - 1 file changed, 1 deletion(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-notificationd b/apparmor.d/groups/lxqt/lxqt-config-notificationd index 781ccb7c0..d3688afec 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-notificationd +++ b/apparmor.d/groups/lxqt/lxqt-config-notificationd @@ -15,7 +15,6 @@ profile lxqt-config-notificationd @{exec_path} { include include include - include @{exec_path} mr, From 426801fdf9febb253e22ed5a73157215213788b7 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:53:33 +0000 Subject: [PATCH 49/78] Update lxqt-config-powermanagement --- apparmor.d/groups/lxqt/lxqt-config-powermanagement | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-powermanagement b/apparmor.d/groups/lxqt/lxqt-config-powermanagement index fc088ca40..6f31193c0 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-powermanagement +++ b/apparmor.d/groups/lxqt/lxqt-config-powermanagement @@ -15,8 +15,8 @@ profile lxqt-config-powermanagement @{exec_path} { include include include - include - include + include + include include @{exec_path} mr, From 3317786eb8c3650e8b3f1a831cca7bea34bee128 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:53:57 +0000 Subject: [PATCH 50/78] Update lxqt-config-printer --- apparmor.d/groups/lxqt/lxqt-config-printer | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-printer b/apparmor.d/groups/lxqt/lxqt-config-printer index dc5b8cedb..f54bd081f 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-printer +++ b/apparmor.d/groups/lxqt/lxqt-config-printer @@ -14,8 +14,8 @@ profile lxqt-config-printer @{exec_path} { include include include - include - include + include + include include @{exec_path} mr, From ece670633ac138525299efa55379dfcc0f24984e Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:54:41 +0000 Subject: [PATCH 51/78] Update lxqt-config-session --- apparmor.d/groups/lxqt/lxqt-config-session | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-session b/apparmor.d/groups/lxqt/lxqt-config-session index 113b863b6..1744920eb 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-session +++ b/apparmor.d/groups/lxqt/lxqt-config-session @@ -16,8 +16,8 @@ profile lxqt-config-session @{exec_path} { include include include - include - include + include + include include include include From b3817fc2d168133bc5b2ea726b451f8f05129836 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:55:02 +0000 Subject: [PATCH 52/78] Update lxqt-globalkeysd --- apparmor.d/groups/lxqt/lxqt-globalkeysd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-globalkeysd b/apparmor.d/groups/lxqt/lxqt-globalkeysd index 4f4d07732..3c3a24a1f 100644 --- a/apparmor.d/groups/lxqt/lxqt-globalkeysd +++ b/apparmor.d/groups/lxqt/lxqt-globalkeysd @@ -14,8 +14,8 @@ profile lxqt-globalkeysd @{exec_path} { include include include - include - include + include + include include @{exec_path} mr, From 377b619a68ce73ac2235d7110dd3e400fa7a5fc3 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:55:31 +0000 Subject: [PATCH 53/78] Update lxqt-leave --- apparmor.d/groups/lxqt/lxqt-leave | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-leave b/apparmor.d/groups/lxqt/lxqt-leave index 123e582de..180d9868f 100644 --- a/apparmor.d/groups/lxqt/lxqt-leave +++ b/apparmor.d/groups/lxqt/lxqt-leave @@ -15,8 +15,8 @@ profile lxqt-leave @{exec_path} { include include include - include - include + include + include include @{exec_path} mr, From 1379a9476fb3c95bc01cbfba084f4d7c16c3218a Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:56:18 +0000 Subject: [PATCH 54/78] Update lxqt-notificationd --- apparmor.d/groups/lxqt/lxqt-notificationd | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-notificationd b/apparmor.d/groups/lxqt/lxqt-notificationd index 024a4913d..395d4ffb7 100644 --- a/apparmor.d/groups/lxqt/lxqt-notificationd +++ b/apparmor.d/groups/lxqt/lxqt-notificationd @@ -15,8 +15,8 @@ profile lxqt-notificationd @{exec_path} { include include include - include - include + include + include include dbus receive @@ -48,7 +48,7 @@ profile lxqt-notificationd @{exec_path} { owner @{user_config_dirs}/lxqt/globalkeyshortcuts.conf.@{rand6} rwkl -> @{user_config_dirs}/lxqt/#@{int}, - owner /tmp/{,**} r, + owner /tmp/@{int} r, @{PROC}/sys/kernel/random/boot_id r, From f5ab9b01bc0273005a77090132bcc9683f0ba215 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:56:44 +0000 Subject: [PATCH 55/78] Update lxqt-openssh-askpass --- apparmor.d/groups/lxqt/lxqt-openssh-askpass | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-openssh-askpass b/apparmor.d/groups/lxqt/lxqt-openssh-askpass index c4bf06e25..0fde770b8 100644 --- a/apparmor.d/groups/lxqt/lxqt-openssh-askpass +++ b/apparmor.d/groups/lxqt/lxqt-openssh-askpass @@ -14,8 +14,8 @@ profile lxqt-openssh-askpass @{exec_path} { include include include - include - include + include + include include @{exec_path} mr, From 767959745ebc021e94f45fab6e3bbf79d09c5374 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 13:58:30 +0000 Subject: [PATCH 56/78] Update lxqt-runner --- apparmor.d/groups/lxqt/lxqt-runner | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-runner b/apparmor.d/groups/lxqt/lxqt-runner index ba848dd16..a46c22c28 100644 --- a/apparmor.d/groups/lxqt/lxqt-runner +++ b/apparmor.d/groups/lxqt/lxqt-runner @@ -13,8 +13,8 @@ profile lxqt-runner @{exec_path} { include include include - include - include + include + include include @{exec_path} mr, From 8ab66be0b7591b7fa38562c6565b93b1a5bc9fd2 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 14:03:48 +0000 Subject: [PATCH 57/78] Update lxqt-config-powermanagement --- apparmor.d/groups/lxqt/lxqt-config-powermanagement | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-powermanagement b/apparmor.d/groups/lxqt/lxqt-config-powermanagement index 6f31193c0..132f73e6a 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-powermanagement +++ b/apparmor.d/groups/lxqt/lxqt-config-powermanagement @@ -14,6 +14,7 @@ profile lxqt-config-powermanagement @{exec_path} { include include include + include include include include @@ -32,9 +33,6 @@ profile lxqt-config-powermanagement @{exec_path} { @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/bl_power r, @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/actual_brightness r, @{sys}/devices/@{pci_bus}/**/**/drm/card@{int}/card@{int}-eDP-1/amdgpu_bl@{int}/* r, - - - @{PROC}/sys/kernel/random/boot_id r, /dev/tty rw, From b297cbacda79645a5f2fe65c0ee3b1d1f80fb342 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 14:04:31 +0000 Subject: [PATCH 58/78] Update lxqt-config-session --- apparmor.d/groups/lxqt/lxqt-config-session | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-session b/apparmor.d/groups/lxqt/lxqt-config-session index 1744920eb..54f0514b2 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-session +++ b/apparmor.d/groups/lxqt/lxqt-config-session @@ -19,6 +19,7 @@ profile lxqt-config-session @{exec_path} { include include include + include include include @@ -42,7 +43,6 @@ profile lxqt-config-session @{exec_path} { owner /tmp/@{int} r, - @{PROC}/sys/kernel/random/boot_id r, owner @{PROC}/@{pid}/mountinfo r, /dev/tty rw, From 313b3f1f23ea8143f3dacbddf339530068cac646 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 14:05:26 +0000 Subject: [PATCH 59/78] Update lxqt-notificationd --- apparmor.d/groups/lxqt/lxqt-notificationd | 1 - 1 file changed, 1 deletion(-) diff --git a/apparmor.d/groups/lxqt/lxqt-notificationd b/apparmor.d/groups/lxqt/lxqt-notificationd index 395d4ffb7..3b54722f7 100644 --- a/apparmor.d/groups/lxqt/lxqt-notificationd +++ b/apparmor.d/groups/lxqt/lxqt-notificationd @@ -44,7 +44,6 @@ profile lxqt-notificationd @{exec_path} { owner @{user_cache_dirs}/lxqt-notificationd/** rwk, owner @{user_cache_dirs}/lxqt-notificationd/#@{int} rw, owner @{user_cache_dirs}/lxqt-notificationd/unattended.list.@{rand6} rwkl -> @{user_cache_dirs}/lxqt-notificationd/#@{int}, - owner @{user_cache_dirs}/mesa_shader_cache/index rwk, owner @{user_config_dirs}/lxqt/globalkeyshortcuts.conf.@{rand6} rwkl -> @{user_config_dirs}/lxqt/#@{int}, From 5a869e130662c23cccd093287d96a962efd854c0 Mon Sep 17 00:00:00 2001 From: Besanon Date: Thu, 11 Jul 2024 14:05:47 +0000 Subject: [PATCH 60/78] Update lxqt-openssh-askpass --- apparmor.d/groups/lxqt/lxqt-openssh-askpass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apparmor.d/groups/lxqt/lxqt-openssh-askpass b/apparmor.d/groups/lxqt/lxqt-openssh-askpass index 0fde770b8..8564056c4 100644 --- a/apparmor.d/groups/lxqt/lxqt-openssh-askpass +++ b/apparmor.d/groups/lxqt/lxqt-openssh-askpass @@ -20,7 +20,7 @@ profile lxqt-openssh-askpass @{exec_path} { @{exec_path} mr, - owner /tmp/@{int} r, + owner /tmp/#@{int} r, /dev/tty rw, From e51c3af566df46c084a729d65cf4c83577a5f51e Mon Sep 17 00:00:00 2001 From: Besanon Date: Fri, 12 Jul 2024 07:39:17 +0000 Subject: [PATCH 61/78] Update lxqt-admin-time --- apparmor.d/groups/lxqt/lxqt-admin-time | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apparmor.d/groups/lxqt/lxqt-admin-time b/apparmor.d/groups/lxqt/lxqt-admin-time index b9cc60f43..309ed3aa8 100644 --- a/apparmor.d/groups/lxqt/lxqt-admin-time +++ b/apparmor.d/groups/lxqt/lxqt-admin-time @@ -21,7 +21,7 @@ profile lxqt-admin-time @{exec_path} { @{exec_path} mr, - owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, + owner @{user_config_dirs}/lxqt/Timedate* rwkl -> @{user_config_dirs}/lxqt/#@{int}, owner /tmp/@{int} r, From e18549f4341951d361db25a6f738287612d7f02f Mon Sep 17 00:00:00 2001 From: Besanon Date: Fri, 12 Jul 2024 08:08:21 +0000 Subject: [PATCH 62/78] Update lxqt-config --- apparmor.d/groups/lxqt/lxqt-config | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config b/apparmor.d/groups/lxqt/lxqt-config index e926a9c9f..0c4f30d40 100644 --- a/apparmor.d/groups/lxqt/lxqt-config +++ b/apparmor.d/groups/lxqt/lxqt-config @@ -48,8 +48,9 @@ profile lxqt-config @{exec_path} { /usr/share/desktop-directories/lxqt-* r, owner @{user_config_dirs}/lxqt/lxqt-config.conf.lock rwk, - owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, - + owner @{user_config_dirs}/lxqt/#@{int} rw, + owner @{user_config_dirs}/lxqt/lxqt-config-conf.@{rand6} rwkl -> @{user_config_dirs}/lxqt/#@{int}, + @{PROC}/sys/kernel/random/boot_id r, owner /tmp/@{int} r, From a8d1c3c9618b0777ef648d93d649a60594e86ba0 Mon Sep 17 00:00:00 2001 From: Besanon Date: Fri, 12 Jul 2024 08:18:50 +0000 Subject: [PATCH 63/78] Update lxqt-config-appearance --- apparmor.d/groups/lxqt/lxqt-config-appearance | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-appearance b/apparmor.d/groups/lxqt/lxqt-config-appearance index fba9cb7a6..c661ce2a6 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-appearance +++ b/apparmor.d/groups/lxqt/lxqt-config-appearance @@ -24,7 +24,7 @@ profile lxqt-config-appearance @{exec_path} { @{bin}/gsettings rPx, @{bin}/pcmanfm-qt rPx, - owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, + owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, owner @{user_config_dirs}/pcmanfm-qt/lxqt/settings.conf r, owner /tmp/#@{int} rw, From 54eae2ce0a8aa37bad40f504e5097810af5fb4f2 Mon Sep 17 00:00:00 2001 From: Besanon Date: Fri, 12 Jul 2024 08:19:31 +0000 Subject: [PATCH 64/78] Update lxqt-config-file-associations --- apparmor.d/groups/lxqt/lxqt-config-file-associations | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-file-associations b/apparmor.d/groups/lxqt/lxqt-config-file-associations index bb26670fa..7f7ce6758 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-file-associations +++ b/apparmor.d/groups/lxqt/lxqt-config-file-associations @@ -23,7 +23,7 @@ profile lxqt-config-file-associations @{exec_path} { owner @{user_config_dirs}/ r, owner @{user_config_dirs}/mimeapps* rwk, owner @{user_config_dirs}/lxqt-* rwk, - owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, + owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, owner /tmp/#@{int} rwk, From 4829a5c3d84cf0e68ab88a2af3d7359d8b95c1e9 Mon Sep 17 00:00:00 2001 From: Besanon Date: Fri, 12 Jul 2024 08:21:50 +0000 Subject: [PATCH 65/78] Update lxqt-config-file-associations --- apparmor.d/groups/lxqt/lxqt-config-file-associations | 1 + 1 file changed, 1 insertion(+) diff --git a/apparmor.d/groups/lxqt/lxqt-config-file-associations b/apparmor.d/groups/lxqt/lxqt-config-file-associations index 7f7ce6758..b18e44c82 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-file-associations +++ b/apparmor.d/groups/lxqt/lxqt-config-file-associations @@ -24,6 +24,7 @@ profile lxqt-config-file-associations @{exec_path} { owner @{user_config_dirs}/mimeapps* rwk, owner @{user_config_dirs}/lxqt-* rwk, owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, + owner @{user_config_dirs}/lxqt/#@{int} rw, owner /tmp/#@{int} rwk, From 5f96bef3a9da4adba385164bd510b2f94b31380b Mon Sep 17 00:00:00 2001 From: Besanon Date: Fri, 12 Jul 2024 08:28:47 +0000 Subject: [PATCH 66/78] Update lxqt-config-globalkeyshortcuts --- apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts b/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts index 3330a1296..b40b8f442 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts +++ b/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts @@ -21,8 +21,9 @@ profile lxqt-config-globalkeyshortcuts @{exec_path} { @{exec_path} mr, - owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, - + owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, + owner @{user_config_dirs}/lxqt/globalkeysshortcuts.conf rwk, + owner /tmp/@{int} r, @{PROC}/sys/kernel/random/boot_id r, From df237057924dc7ea3f17ad278aba7cf5427d1653 Mon Sep 17 00:00:00 2001 From: Besanon Date: Fri, 12 Jul 2024 08:30:53 +0000 Subject: [PATCH 67/78] Update lxqt-config-globalkeyshortcuts --- apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts | 1 + 1 file changed, 1 insertion(+) diff --git a/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts b/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts index b40b8f442..2416bc5c1 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts +++ b/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts @@ -23,6 +23,7 @@ profile lxqt-config-globalkeyshortcuts @{exec_path} { owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, owner @{user_config_dirs}/lxqt/globalkeysshortcuts.conf rwk, + owner @{user_config_dirs}/lxqt/#@{int} rw, owner /tmp/@{int} r, From 3cf53a5dcbfa9624e7fcc9d73c87dfb054436fbe Mon Sep 17 00:00:00 2001 From: Besanon Date: Fri, 12 Jul 2024 08:37:57 +0000 Subject: [PATCH 68/78] Update lxqt-config-input --- apparmor.d/groups/lxqt/lxqt-config-input | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-input b/apparmor.d/groups/lxqt/lxqt-config-input index 0dcfc2bef..30a9248fb 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-input +++ b/apparmor.d/groups/lxqt/lxqt-config-input @@ -32,7 +32,8 @@ profile lxqt-config-input @{exec_path} { /etc/udev/udev.conf r, - owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, + owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, + owner @{user_config_dirs}/lxqt/#@{int} rw, owner /tmp/@{int} rw, From ab52aaf6057c2f5599a7127e9caa51e247868baf Mon Sep 17 00:00:00 2001 From: Besanon Date: Fri, 12 Jul 2024 08:38:48 +0000 Subject: [PATCH 69/78] Update lxqt-config-locale --- apparmor.d/groups/lxqt/lxqt-config-locale | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-locale b/apparmor.d/groups/lxqt/lxqt-config-locale index 5f109c958..f587b49eb 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-locale +++ b/apparmor.d/groups/lxqt/lxqt-config-locale @@ -21,8 +21,9 @@ profile lxqt-config-locale @{exec_path} { @{exec_path} mr, owner @{user_config_dirs}/lxqt/* r, - owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, - + owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, + owner @{user_config_dirs}/lxqt/#@{int} rw, + owner /tmp/@{int} r, @{PROC}/sys/kernel/random/boot_id r, From 46739402818912e384fdc311b357110324e83cc2 Mon Sep 17 00:00:00 2001 From: Besanon Date: Fri, 12 Jul 2024 08:40:10 +0000 Subject: [PATCH 70/78] Update lxqt-config-notificationd --- apparmor.d/groups/lxqt/lxqt-config-notificationd | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-notificationd b/apparmor.d/groups/lxqt/lxqt-config-notificationd index d3688afec..4ded8b27b 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-notificationd +++ b/apparmor.d/groups/lxqt/lxqt-config-notificationd @@ -23,12 +23,11 @@ profile lxqt-config-notificationd @{exec_path} { /var/lib/dbus/machine-id r, owner @{user_config_dirs}/lxqt/ r, - owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, + owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, + owner @{user_config_dirs}/lxqt/#@{int} rw, owner /tmp/#@{int} r, - - @{PROC}/sys/kernel/random/boot_id r, - + /dev/tty rw, include if exists From f6565502784b914d32353036a46ec17a6bf5e8f7 Mon Sep 17 00:00:00 2001 From: Besanon Date: Fri, 12 Jul 2024 08:40:44 +0000 Subject: [PATCH 71/78] Update lxqt-config-powermanagement --- apparmor.d/groups/lxqt/lxqt-config-powermanagement | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-powermanagement b/apparmor.d/groups/lxqt/lxqt-config-powermanagement index 132f73e6a..a09691ed8 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-powermanagement +++ b/apparmor.d/groups/lxqt/lxqt-config-powermanagement @@ -22,8 +22,9 @@ profile lxqt-config-powermanagement @{exec_path} { @{exec_path} mr, - owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, - + owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, + owner @{user_config_dirs}/lxqt/#@{int} rw, + owner /tmp/@{int} r, @{sys}/class/backlight/ r, From dbdd3effbd38ccd43398d9ca64da42d4a3648b1e Mon Sep 17 00:00:00 2001 From: Besanon Date: Fri, 12 Jul 2024 08:41:31 +0000 Subject: [PATCH 72/78] Update lxqt-config-session --- apparmor.d/groups/lxqt/lxqt-config-session | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apparmor.d/groups/lxqt/lxqt-config-session b/apparmor.d/groups/lxqt/lxqt-config-session index 54f0514b2..fdd5c36ed 100644 --- a/apparmor.d/groups/lxqt/lxqt-config-session +++ b/apparmor.d/groups/lxqt/lxqt-config-session @@ -38,7 +38,8 @@ profile lxqt-config-session @{exec_path} { owner @{user_config_dirs}/QtProject.conf.lock rwk, owner @{user_config_dirs}/autostart/*.desktop r, owner @{user_config_dirs}/autostart/lxqt-config-monitor-autostart.desktop r, - owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, + owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, + owner @{user_config_dirs}/lxqt/#@{int} rw, owner @{user_config_dirs}/user-dirs.dirs rw, owner /tmp/@{int} r, From 2c9d9a1a90c28ff7a193d8f52227457b57df7cf6 Mon Sep 17 00:00:00 2001 From: Besanon Date: Fri, 12 Jul 2024 08:42:20 +0000 Subject: [PATCH 73/78] Update lxqt-globalkeysd --- apparmor.d/groups/lxqt/lxqt-globalkeysd | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/apparmor.d/groups/lxqt/lxqt-globalkeysd b/apparmor.d/groups/lxqt/lxqt-globalkeysd index 3c3a24a1f..b14b622b3 100644 --- a/apparmor.d/groups/lxqt/lxqt-globalkeysd +++ b/apparmor.d/groups/lxqt/lxqt-globalkeysd @@ -13,6 +13,7 @@ profile lxqt-globalkeysd @{exec_path} { include include include + include include include include @@ -31,13 +32,11 @@ profile lxqt-globalkeysd @{exec_path} { owner @{user_config_dirs}/lxqt/globalkeyshortcuts.conf.lock wrk, owner @{user_config_dirs}/lxqt/#@{int} wr, owner @{user_config_dirs}/lxqt/globalkeyshortcuts.conf.@{rand6} rw, - owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, + owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, /dev/tty rw, owner /tmp/@{int} r, - @{PROC}/sys/kernel/random/boot_id r, - include if exists } From aaada11f278f97479c69b7504ba764c32db32778 Mon Sep 17 00:00:00 2001 From: Besanon Date: Fri, 12 Jul 2024 08:44:16 +0000 Subject: [PATCH 74/78] Update lxqt-panel --- apparmor.d/groups/lxqt/lxqt-panel | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apparmor.d/groups/lxqt/lxqt-panel b/apparmor.d/groups/lxqt/lxqt-panel index 19623249b..efe772b2b 100644 --- a/apparmor.d/groups/lxqt/lxqt-panel +++ b/apparmor.d/groups/lxqt/lxqt-panel @@ -63,7 +63,7 @@ profile lxqt-panel @{exec_path} { owner @{user_config_dirs}/lxqt/{,**} rw, owner @{user_config_dirs}/lxqt/panel.conf.lock rwk, - owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/lxqt/#@{int}, + owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, owner @{user_config_dirs}/pulse/{,**} rwk, owner @{user_config_dirs}/lxqt/globalkeyshortcuts.conf.@{rand6} rwk, owner @{user_config_dirs}/ibus/bus/{,**} rw, From d60c61992962a3970465978e35d465f8fef55602 Mon Sep 17 00:00:00 2001 From: Besanon Date: Fri, 12 Jul 2024 08:45:53 +0000 Subject: [PATCH 75/78] Update startlxqt --- apparmor.d/groups/lxqt/startlxqt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apparmor.d/groups/lxqt/startlxqt b/apparmor.d/groups/lxqt/startlxqt index 56bd12940..5cf08599e 100644 --- a/apparmor.d/groups/lxqt/startlxqt +++ b/apparmor.d/groups/lxqt/startlxqt @@ -54,7 +54,7 @@ profile startlxqt @{exec_path} { owner @{user_config_dirs}/gtkrc-2.0 rl, owner @{user_config_dirs}/kcminputrc r, owner @{user_config_dirs}/lxqt/ rw, - owner @{user_config_dirs}/lxqt/** rwkl -> @{user_config_dirs}/kdedefaults/**, + owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/kdedefaults/**, owner @{user_config_dirs}/kdeglobals.lock rwk, owner @{user_config_dirs}/kdeglobals{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/ksplashrc r, From 8ff45da8ad8af5f06589ed5a55a7ed8f48207542 Mon Sep 17 00:00:00 2001 From: Besanon Date: Tue, 16 Jul 2024 07:28:18 +0200 Subject: [PATCH 76/78] Delete apparmor.d/groups/lxqt directory --- apparmor.d/groups/lxqt/lximage-qt | 64 --------- apparmor.d/groups/lxqt/lxqt-about | 29 ---- apparmor.d/groups/lxqt/lxqt-admin-time | 31 ----- apparmor.d/groups/lxqt/lxqt-admin-user | 34 ----- apparmor.d/groups/lxqt/lxqt-admin-user-helper | 31 ----- apparmor.d/groups/lxqt/lxqt-archiver | 28 ---- apparmor.d/groups/lxqt/lxqt-backlight_backend | 37 ----- apparmor.d/groups/lxqt/lxqt-config | 61 -------- apparmor.d/groups/lxqt/lxqt-config-appearance | 38 ----- apparmor.d/groups/lxqt/lxqt-config-brightness | 37 ----- .../groups/lxqt/lxqt-config-file-associations | 36 ----- .../lxqt/lxqt-config-globalkeyshortcuts | 35 ----- apparmor.d/groups/lxqt/lxqt-config-input | 65 --------- apparmor.d/groups/lxqt/lxqt-config-locale | 34 ----- apparmor.d/groups/lxqt/lxqt-config-monitor | 30 ---- .../groups/lxqt/lxqt-config-notificationd | 34 ----- .../groups/lxqt/lxqt-config-powermanagement | 41 ------ apparmor.d/groups/lxqt/lxqt-config-printer | 28 ---- apparmor.d/groups/lxqt/lxqt-config-session | 52 ------- apparmor.d/groups/lxqt/lxqt-globalkeysd | 42 ------ apparmor.d/groups/lxqt/lxqt-leave | 29 ---- apparmor.d/groups/lxqt/lxqt-notificationd | 57 -------- apparmor.d/groups/lxqt/lxqt-openssh-askpass | 28 ---- apparmor.d/groups/lxqt/lxqt-panel | 89 ------------ apparmor.d/groups/lxqt/lxqt-policykit-agent | 54 -------- apparmor.d/groups/lxqt/lxqt-powermanagement | 38 ----- apparmor.d/groups/lxqt/lxqt-runner | 41 ------ apparmor.d/groups/lxqt/lxqt-session | 130 ------------------ apparmor.d/groups/lxqt/startlxqt | 87 ------------ 29 files changed, 1340 deletions(-) delete mode 100644 apparmor.d/groups/lxqt/lximage-qt delete mode 100644 apparmor.d/groups/lxqt/lxqt-about delete mode 100644 apparmor.d/groups/lxqt/lxqt-admin-time delete mode 100644 apparmor.d/groups/lxqt/lxqt-admin-user delete mode 100644 apparmor.d/groups/lxqt/lxqt-admin-user-helper delete mode 100644 apparmor.d/groups/lxqt/lxqt-archiver delete mode 100644 apparmor.d/groups/lxqt/lxqt-backlight_backend delete mode 100644 apparmor.d/groups/lxqt/lxqt-config delete mode 100644 apparmor.d/groups/lxqt/lxqt-config-appearance delete mode 100644 apparmor.d/groups/lxqt/lxqt-config-brightness delete mode 100644 apparmor.d/groups/lxqt/lxqt-config-file-associations delete mode 100644 apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts delete mode 100644 apparmor.d/groups/lxqt/lxqt-config-input delete mode 100644 apparmor.d/groups/lxqt/lxqt-config-locale delete mode 100644 apparmor.d/groups/lxqt/lxqt-config-monitor delete mode 100644 apparmor.d/groups/lxqt/lxqt-config-notificationd delete mode 100644 apparmor.d/groups/lxqt/lxqt-config-powermanagement delete mode 100644 apparmor.d/groups/lxqt/lxqt-config-printer delete mode 100644 apparmor.d/groups/lxqt/lxqt-config-session delete mode 100644 apparmor.d/groups/lxqt/lxqt-globalkeysd delete mode 100644 apparmor.d/groups/lxqt/lxqt-leave delete mode 100644 apparmor.d/groups/lxqt/lxqt-notificationd delete mode 100644 apparmor.d/groups/lxqt/lxqt-openssh-askpass delete mode 100644 apparmor.d/groups/lxqt/lxqt-panel delete mode 100644 apparmor.d/groups/lxqt/lxqt-policykit-agent delete mode 100644 apparmor.d/groups/lxqt/lxqt-powermanagement delete mode 100644 apparmor.d/groups/lxqt/lxqt-runner delete mode 100644 apparmor.d/groups/lxqt/lxqt-session delete mode 100644 apparmor.d/groups/lxqt/startlxqt diff --git a/apparmor.d/groups/lxqt/lximage-qt b/apparmor.d/groups/lxqt/lximage-qt deleted file mode 100644 index b07146108..000000000 --- a/apparmor.d/groups/lxqt/lximage-qt +++ /dev/null @@ -1,64 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lximage-qt -profile lximage-qt @{exec_path} { - include - include - include - include - include - include - include - include - include - include - - @{exec_path} mr, - @{lib}exec/menu-cache/menu-cached mr, - - /usr/share/icons/{,**} r, - /usr/share/desktop-directories/{,**} r, - /usr/share/lximage-qt/translations/{,**} r, - /usr/share/libfm-qt6/translations/libfm-qt_de.qm r, - /usr/share/thumbnailers/{,**} r, - /usr/share/gvfs/remote-volume-monitors/ r, - /usr/share/gvfs/remote-volume-monitors/udisks2.monitor r, - - /etc/fstab r, - /etc/nsswitch.conf r, - /etc/xdg/menus/lxqt-applications.menu r, - - owner @{user_cache_dirs}/thumbnails/normal/** rwk, - owner @{user_config_dirs}/#@{int} rwk, - owner @{user_config_dirs}/QtProject.conf rw, - owner @{user_config_dirs}/QtProject.conf.lock rwk, - owner @{user_config_dirs}/QtProject.conf.@{rand6} rwkl -> @{user_config_dirs}/#@{int}, - owner @{user_config_dirs}/lximage-qt/settings.conf rw, - owner @{user_config_dirs}/lximage-qt/settings.conf.lock rwk, - owner @{user_config_dirs}/lximage-qt/QtProject.conf.@{rand6} rwkl -> @{user_config_dirs}/lximage-qt/#@{int}, - owner @{user_config_dirs}/lximage-qt/#@{int} rw, - - @{PROC}/sys/kernel/random/boot_id r, - owner @{PROC}/@{pid}/mountinfo r, - owner @{PROC}/@{pid}/mounts r, - - owner @{HOME}/.inputrc r, - owner @{HOME}/.bashrc r, - owner @{HOME}/.bash_profile r, - owner @{HOME}/.bash_logout r, - owner @{HOME}/.bash_history r, - owner @{HOME}/.xscreensaver r, - - owner /tmp/@{int} r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-about b/apparmor.d/groups/lxqt/lxqt-about deleted file mode 100644 index efc50a5ba..000000000 --- a/apparmor.d/groups/lxqt/lxqt-about +++ /dev/null @@ -1,29 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-about -profile lxqt-about @{exec_path} { - include - include - include - include - - @{exec_path} mr, - - /usr/share/icons/{,**} r, - /usr/share/desktop-directories/{,**} r, - - /etc/xdg/menus/lxqt-applications.menu r, - - /dev/tty rw, - - owner /tmp/@{int} r, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-admin-time b/apparmor.d/groups/lxqt/lxqt-admin-time deleted file mode 100644 index 309ed3aa8..000000000 --- a/apparmor.d/groups/lxqt/lxqt-admin-time +++ /dev/null @@ -1,31 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-admin-time -profile lxqt-admin-time @{exec_path} { - include - include - include - include - include - include - include - include - include - - @{exec_path} mr, - - owner @{user_config_dirs}/lxqt/Timedate* rwkl -> @{user_config_dirs}/lxqt/#@{int}, - - owner /tmp/@{int} r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-admin-user b/apparmor.d/groups/lxqt/lxqt-admin-user deleted file mode 100644 index 4c5045181..000000000 --- a/apparmor.d/groups/lxqt/lxqt-admin-user +++ /dev/null @@ -1,34 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-admin-user -profile lxqt-admin-user @{exec_path} { - include - include - include - include - include - include - include - include - include - - @{exec_path} mr, - - @{bin}/pkexec rPx, - @{bin}/usermod rPx, - - /etc/shells r, - - owner /tmp/@{int} r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-admin-user-helper b/apparmor.d/groups/lxqt/lxqt-admin-user-helper deleted file mode 100644 index c96f0660e..000000000 --- a/apparmor.d/groups/lxqt/lxqt-admin-user-helper +++ /dev/null @@ -1,31 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-admin-user-helper -profile lxqt-admin-user-helper @{exec_path} { - include - include - include - include - include - include - include - include - - @{exec_path} mr, - - @{bin}/usermod rPx, - - owner @{sh_path} r, - owner /tmp/@{int} r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-archiver b/apparmor.d/groups/lxqt/lxqt-archiver deleted file mode 100644 index 4813d486c..000000000 --- a/apparmor.d/groups/lxqt/lxqt-archiver +++ /dev/null @@ -1,28 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-archiver -profile lxqt-archiver @{exec_path} { - include - include - include - include - include - include - include - include - - @{exec_path} mr, - - owner /tmp/@{int} r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-backlight_backend b/apparmor.d/groups/lxqt/lxqt-backlight_backend deleted file mode 100644 index 2248b0e86..000000000 --- a/apparmor.d/groups/lxqt/lxqt-backlight_backend +++ /dev/null @@ -1,37 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-backlight_backend -profile lxqt-backlight_backend @{exec_path} { - include - include - include - include - include - include - include - include - - @{exec_path} mr, - - @{sys}/class/backlight/ r, - @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/ r, - @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/max_brightness r, - @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/bl_power r, - @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/actual_brightness r, - owner @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/brightness rw, - @{sys}/devices/@{pci_bus}/**/**/drm/card@{int}/card@{int}-eDP-1/amdgpu_bl@{int}/* r, - owner @{sys}/devices/@{pci_bus}/**/**/drm/card@{int}/card@{int}-eDP-1/amdgpu_bl@{int}/brightness rw, - - owner /tmp/@{int} r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-config b/apparmor.d/groups/lxqt/lxqt-config deleted file mode 100644 index 0c4f30d40..000000000 --- a/apparmor.d/groups/lxqt/lxqt-config +++ /dev/null @@ -1,61 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-config -profile lxqt-config @{exec_path} { - include - include - include - include - include - include - include - include - include - - @{exec_path} mr, - - @{bin}/lxqt-admin-user rPx, - @{bin}/ibus-setup rPx, - @{bin}/lxqt-config-monitor rPx, - @{bin}/pcmanfm-qt rPx, - @{bin}/lxqt-admin-time rPx, - @{bin}/lxqt-config-input rPx, - @{bin}/lxqt-config-locale rPx, - @{bin}/lxqt-config-brightness rPx, - @{bin}/lxqt-config-session rPx, - @{bin}/lxqt-config-file-associations rPx, - @{bin}/lxqt-config-powermanagement rPx, - @{bin}/lxqt-config-appearance rPx, - @{bin}/lxqt-config-globalkeyshortcuts rPx, - @{bin}/lxqt-config-notificationd rPx, - @{bin}/obconf-qt rPx, - @{bin}/nm-connection-editor rPx, - @{bin}/pavucontrol rPx, - @{bin}/pavucontrol-qt rPx, - @{bin}/system-config-printer rPx, - @{bin}/nm-connection-editor rPx, - @{bin}/ControlPanel rPx, - - /etc/xdg/menus/lxqt-config.menu r, - - /usr/share/desktop-directories/lxqt-* r, - - owner @{user_config_dirs}/lxqt/lxqt-config.conf.lock rwk, - owner @{user_config_dirs}/lxqt/#@{int} rw, - owner @{user_config_dirs}/lxqt/lxqt-config-conf.@{rand6} rwkl -> @{user_config_dirs}/lxqt/#@{int}, - - @{PROC}/sys/kernel/random/boot_id r, - - owner /tmp/@{int} r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-config-appearance b/apparmor.d/groups/lxqt/lxqt-config-appearance deleted file mode 100644 index c661ce2a6..000000000 --- a/apparmor.d/groups/lxqt/lxqt-config-appearance +++ /dev/null @@ -1,38 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-config-appearance -profile lxqt-config-appearance @{exec_path} { - include - include - include - include - include - include - include - include - include - include - - @{exec_path} mr, - @{bin}/gsettings rPx, - @{bin}/pcmanfm-qt rPx, - - owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, - owner @{user_config_dirs}/pcmanfm-qt/lxqt/settings.conf r, - - owner /tmp/#@{int} rw, - owner /tmp/lxqt-config-appearance.@{rand6} rwl -> /tmp/#@{int}, - - @{PROC}/sys/kernel/random/boot_id r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-config-brightness b/apparmor.d/groups/lxqt/lxqt-config-brightness deleted file mode 100644 index fb47705c1..000000000 --- a/apparmor.d/groups/lxqt/lxqt-config-brightness +++ /dev/null @@ -1,37 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-config-brightness -profile lxqt-config-brightness @{exec_path} { - include - include - include - include - include - include - include - include - - @{exec_path} mr, - @{bin}/pkexec rpx, - - @{sh_path} rix, - - owner @{HOME}/ r, - - owner /tmp/@{int} rw, - - @{sys}/class/backlight/ r, - @{sys}/devices/@{pci_bus}/**/**/drm/card@{int}/card@{int}-eDP-@{int}/amdgpu_bl@{int}/* rw, - @{sys}/devices/@{pci_bus}/**/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/* rw, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-config-file-associations b/apparmor.d/groups/lxqt/lxqt-config-file-associations deleted file mode 100644 index b18e44c82..000000000 --- a/apparmor.d/groups/lxqt/lxqt-config-file-associations +++ /dev/null @@ -1,36 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-config-file-associations -profile lxqt-config-file-associations @{exec_path} { - include - include - include - include - include - include - include - include - - @{exec_path} mr, - - owner @{user_config_dirs}/ r, - owner @{user_config_dirs}/mimeapps* rwk, - owner @{user_config_dirs}/lxqt-* rwk, - owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, - owner @{user_config_dirs}/lxqt/#@{int} rw, - - owner /tmp/#@{int} rwk, - - @{PROC}/sys/kernel/random/boot_id r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts b/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts deleted file mode 100644 index 2416bc5c1..000000000 --- a/apparmor.d/groups/lxqt/lxqt-config-globalkeyshortcuts +++ /dev/null @@ -1,35 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-config-globalkeyshortcuts -profile lxqt-config-globalkeyshortcuts @{exec_path} { - include - include - include - include - include - include - include - include - include - - @{exec_path} mr, - - owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, - owner @{user_config_dirs}/lxqt/globalkeysshortcuts.conf rwk, - owner @{user_config_dirs}/lxqt/#@{int} rw, - - owner /tmp/@{int} r, - - @{PROC}/sys/kernel/random/boot_id r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-config-input b/apparmor.d/groups/lxqt/lxqt-config-input deleted file mode 100644 index 30a9248fb..000000000 --- a/apparmor.d/groups/lxqt/lxqt-config-input +++ /dev/null @@ -1,65 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-config-input -profile lxqt-config-input @{exec_path} { - include - include - include - include - include - include - include - include - include - include - include - include - include - include - - signal (read) set=(kill,term) peer=lxqt-session, - - @{exec_path} mr, - - @{bin}/setxkbmap rix, - - /etc/udev/udev.conf r, - - owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, - owner @{user_config_dirs}/lxqt/#@{int} rw, - - owner /tmp/@{int} rw, - - @{run}/udev/data/c@{int}:* r, - @{run}/udev/data/b@{int}:* r, - @{run}/udev/data/+sound:card@{int} r, - @{run}/udev/data/+bluetooth:* r, - @{run}/udev/data/+platform:* r, - @{run}/udev/data/+acpi:* r, - @{run}/udev/data/+i2c:* r, - @{run}/udev/data/+backlight:* r, - @{run}/udev/data/+leds:* r, - @{run}/udev/data/n@{int} r, - @{run}/udev/data/+input:* r, - @{run}/udev/data/+dmi:* r, - @{run}/udev/data/+drm:* r, - @{run}/udev/data/+pci:* r, - @{run}/udev/data/+rfkill:* r, - - @{sys}/bus/** r, - @{sys}/class/** r, - @{sys}/devices/** r, - - @{PROC}/sys/kernel/random/boot_id r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-config-locale b/apparmor.d/groups/lxqt/lxqt-config-locale deleted file mode 100644 index f587b49eb..000000000 --- a/apparmor.d/groups/lxqt/lxqt-config-locale +++ /dev/null @@ -1,34 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-config-locale -profile lxqt-config-locale @{exec_path} { - include - include - include - include - include - include - include - include - - @{exec_path} mr, - - owner @{user_config_dirs}/lxqt/* r, - owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, - owner @{user_config_dirs}/lxqt/#@{int} rw, - - owner /tmp/@{int} r, - - @{PROC}/sys/kernel/random/boot_id r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-config-monitor b/apparmor.d/groups/lxqt/lxqt-config-monitor deleted file mode 100644 index 3841e4bac..000000000 --- a/apparmor.d/groups/lxqt/lxqt-config-monitor +++ /dev/null @@ -1,30 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-config-monitor -profile lxqt-config-monitor @{exec_path} { - include - include - include - include - include - include - include - include - - signal (read) set=(kill,term) peer=lxqt-session, - - @{exec_path} mr, - - owner /tmp/@{int} r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-config-notificationd b/apparmor.d/groups/lxqt/lxqt-config-notificationd deleted file mode 100644 index 4ded8b27b..000000000 --- a/apparmor.d/groups/lxqt/lxqt-config-notificationd +++ /dev/null @@ -1,34 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-config-notificationd -profile lxqt-config-notificationd @{exec_path} { - include - include - include - include - include - include - - @{exec_path} mr, - - /etc/machine-id r, - - /var/lib/dbus/machine-id r, - - owner @{user_config_dirs}/lxqt/ r, - owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, - owner @{user_config_dirs}/lxqt/#@{int} rw, - - owner /tmp/#@{int} r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-config-powermanagement b/apparmor.d/groups/lxqt/lxqt-config-powermanagement deleted file mode 100644 index a09691ed8..000000000 --- a/apparmor.d/groups/lxqt/lxqt-config-powermanagement +++ /dev/null @@ -1,41 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-config-powermanagement -profile lxqt-config-powermanagement @{exec_path} { - include - include - include - include - include - include - include - include - include - include - - @{exec_path} mr, - - owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, - owner @{user_config_dirs}/lxqt/#@{int} rw, - - owner /tmp/@{int} r, - - @{sys}/class/backlight/ r, - @{sys}/devices/@{pci_bus}/**/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/* rw, - @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/ r, - @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/max_brightness r, - @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/bl_power r, - @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/actual_brightness r, - @{sys}/devices/@{pci_bus}/**/**/drm/card@{int}/card@{int}-eDP-1/amdgpu_bl@{int}/* r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-config-printer b/apparmor.d/groups/lxqt/lxqt-config-printer deleted file mode 100644 index f54bd081f..000000000 --- a/apparmor.d/groups/lxqt/lxqt-config-printer +++ /dev/null @@ -1,28 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-config-printer -profile lxqt-config-printer @{exec_path} { - include - include - include - include - include - include - include - include - - @{exec_path} mr, - - owner /tmp/@{int} r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-config-session b/apparmor.d/groups/lxqt/lxqt-config-session deleted file mode 100644 index fdd5c36ed..000000000 --- a/apparmor.d/groups/lxqt/lxqt-config-session +++ /dev/null @@ -1,52 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-config-session -profile lxqt-config-session @{exec_path} { - include - include - include - include - include - include - include - include - include - include - include - include - include - - @{exec_path} mr, - - /usr/share/libfm-qt6/translations/libfm-qt_de.qm r, - /usr/share/gvfs/remote-volume-monitors/ r, - /usr/share/gvfs/remote-volume-monitors/udisks2.monitor r, - - /etc/fstab r, - /etc/xdg/autostart/ r, - /etc/xdg/autostart/** r, - - owner @{user_config_dirs}/#@{int} rw, - owner @{user_config_dirs}/QtProject.conf.@{rand6} rwkl, - owner @{user_config_dirs}/QtProject.conf.lock rwk, - owner @{user_config_dirs}/autostart/*.desktop r, - owner @{user_config_dirs}/autostart/lxqt-config-monitor-autostart.desktop r, - owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, - owner @{user_config_dirs}/lxqt/#@{int} rw, - owner @{user_config_dirs}/user-dirs.dirs rw, - - owner /tmp/@{int} r, - - owner @{PROC}/@{pid}/mountinfo r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-globalkeysd b/apparmor.d/groups/lxqt/lxqt-globalkeysd deleted file mode 100644 index b14b622b3..000000000 --- a/apparmor.d/groups/lxqt/lxqt-globalkeysd +++ /dev/null @@ -1,42 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-globalkeysd -profile lxqt-globalkeysd @{exec_path} { - include - include - include - include - include - include - include - include - include - - @{exec_path} mr, - - @{bin}/screengrab rpx, - @{bin}/lxqt-config-brightness rpx, - - /usr/share/lxqt/globalkeyshortcuts.conf rw, - - /var/lib/dbus/machine-id r, - - owner @{user_config_dirs}/lxqt/* rwk, - owner @{user_config_dirs}/lxqt/globalkeyshortcuts.conf.lock wrk, - owner @{user_config_dirs}/lxqt/#@{int} wr, - owner @{user_config_dirs}/lxqt/globalkeyshortcuts.conf.@{rand6} rw, - owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, - - /dev/tty rw, - - owner /tmp/@{int} r, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-leave b/apparmor.d/groups/lxqt/lxqt-leave deleted file mode 100644 index 180d9868f..000000000 --- a/apparmor.d/groups/lxqt/lxqt-leave +++ /dev/null @@ -1,29 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-leave -profile lxqt-leave @{exec_path} { - include - include - include - include - include - include - include - include - include - - @{exec_path} mr, - - owner /tmp/@{int} r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-notificationd b/apparmor.d/groups/lxqt/lxqt-notificationd deleted file mode 100644 index 3b54722f7..000000000 --- a/apparmor.d/groups/lxqt/lxqt-notificationd +++ /dev/null @@ -1,57 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-notificationd -profile lxqt-notificationd @{exec_path} { - include - include - include - include - include - include - include - include - include - - dbus receive - bus=session - path="/org/freedesktop/Notifications" - interface="org.freedesktop.DBus.Introspectable" - peer=(name=":[0-9]*.[0-9]*"), - dbus send - bus=session - path="/org/freedesktop/Notifications" - interface="org.freedesktop.Notifications" - peer=(name="org.freedesktop.DBus"), - dbus receive - bus=session - path="/org/freedesktop/Notifications" - interface="org.freedesktop.Notifications" - peer=(name=":[0-9]*.[0-9]*"), - - @{exec_path} mr, - - /etc/nsswitch.conf r, - - /var/lib/dpkg/info/lxqt-notifications.conffiles r, - - owner @{user_cache_dirs}/lxqt-notificationd/** rwk, - owner @{user_cache_dirs}/lxqt-notificationd/#@{int} rw, - owner @{user_cache_dirs}/lxqt-notificationd/unattended.list.@{rand6} rwkl -> @{user_cache_dirs}/lxqt-notificationd/#@{int}, - - owner @{user_config_dirs}/lxqt/globalkeyshortcuts.conf.@{rand6} rwkl -> @{user_config_dirs}/lxqt/#@{int}, - - owner /tmp/@{int} r, - - @{PROC}/sys/kernel/random/boot_id r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-openssh-askpass b/apparmor.d/groups/lxqt/lxqt-openssh-askpass deleted file mode 100644 index 8564056c4..000000000 --- a/apparmor.d/groups/lxqt/lxqt-openssh-askpass +++ /dev/null @@ -1,28 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-openssh-askpass -profile lxqt-openssh-askpass @{exec_path} { - include - include - include - include - include - include - include - include - - @{exec_path} mr, - - owner /tmp/#@{int} r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-panel b/apparmor.d/groups/lxqt/lxqt-panel deleted file mode 100644 index efe772b2b..000000000 --- a/apparmor.d/groups/lxqt/lxqt-panel +++ /dev/null @@ -1,89 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-panel -profile lxqt-panel @{exec_path} { - include - include - include - include - include - include - - network inet dgram, - network inet stream, - network inet6 dgram, - network inet6 stream, - network inet dgram, - network inet stream, - network netlink raw, - network packet dgram, - - @{exec_path} mr, - - @{bin}/exo-open rix, - @{bin}/nm-connection-editor rPx, - @{bin}/xdg-open rPx, - - @{bin}/ControlPanel rPx, - - /usr/lib{,32,64}/lxqt-panel/*.so mr, # LXQT-Plugins - /usr/lib{,32,64}/lxqt-config/*.so mr, # LXQT-Plugins - - /usr/share/lxqt/helpers/*.desktop r, - /usr/share/lxqt/panel/plugins/{,*.desktop} r, - /usr/share/desktop-directories/{,**} r, - /usr/share/X11/locale/locale.alias r, - /usr/share/lxqt/themes/{,**} r, - - /etc/fstab r, - /etc/udev/udev.conf r, - /etc/machine-id r, - /etc/xdg/lxqt-qtxdg.conf r, - /etc/xdg/menus/**.menu r, - /etc/xdg/menus/applications-merged/ r, - /etc/xdg/ui/uistandards.rc r, - - /var/lib/dbus/machine-id r, - - /opt/tor/tor-browser/Browser/browser/chrome/icons/default/*.png r, - /opt/tormedium/tor-browser/Browser/browser/chrome/icons/default/*.png r, - - owner @{HOME}/.config/menus/**.menu rw, - owner @{HOME}/.config/menus/applications-merged/ r, - owner @{HOME}/Desktop/** r, - owner @{HOME}/.local/share/desktop-directories/*.directory r, - owner @{HOME}/.local/share/gvfs-metadata/{,*} r, - - owner @{user_config_dirs}/lxqt/{,**} rw, - owner @{user_config_dirs}/lxqt/panel.conf.lock rwk, - owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int}, - owner @{user_config_dirs}/pulse/{,**} rwk, - owner @{user_config_dirs}/lxqt/globalkeyshortcuts.conf.@{rand6} rwk, - owner @{user_config_dirs}/ibus/bus/{,**} rw, - - @{run}/udev/data/* r, - - @{sys}/class/i2c-adapter/ r, - @{sys}/devices/@{pci_bus}/0000:00:*/ata@{int}/host@{int}/**/**/**/**/**/* r, - @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{cur,min,max}_freq r, - @{sys}/devices/@{pci_bus}/**/**/nvme/nvme0/nvme0n1/nvme0n1p4/uevent r, - @{sys}/devices/@{pci_bus}/**/**/usb@{int}/** r, - - @{PROC}/@{pid}/fd/ r, - @{PROC}/@{pid}/net/dev r, - owner @{PROC}/@{pid}/mounts r, - - /dev/tty rw, - /dev/tty@{int} rw, - /dev/pts/[0-9]* rw, - /dev/snd/controlC[0-9]* rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-policykit-agent b/apparmor.d/groups/lxqt/lxqt-policykit-agent deleted file mode 100644 index bc7787d79..000000000 --- a/apparmor.d/groups/lxqt/lxqt-policykit-agent +++ /dev/null @@ -1,54 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{lib}/@{multiarch}/lxqt-policykit-agent-[0-9] -@{exec_path} += @{bin}/lxqt-policykit-agent -profile lxqt-policykit-agent @{exec_path} { - include - include - include - include - include - include - include - include - include - - signal (send) set=(term, kill) peer=polkit-agent-helper, - - @{exec_path} mr, - - @{lib}/polkit-[0-9]/polkit-agent-helper-[0-9] rPx, - - /usr/share/lxqt/translations/lxqt-policykit-agent/lxqt-policykit-agent_de.qm r, - - /etc/machine-id r, - - /var/lib/dbus/machine-id r, - - owner @{user_cache_dirs}/icon-cache.kcache rw, - owner @{user_config_dirs}/qt5ct/{,**} r, - - owner /tmp/#@{int} rw, - owner /tmp/lxqt-policykit-agent-[0-9].* rwl -> /tmp/#@{int}, - - @{run}/systemd/users/@{uid} r, - - @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node@{int}/meminfo r, - - @{PROC}/@{pid}/cgroup r, - @{PROC}/@{pid}/cmdline r, - @{PROC}/@{pid}/fd/ r, - @{PROC}/sys/kernel/core_pattern r, - - /dev/shm/#@{int} rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-powermanagement b/apparmor.d/groups/lxqt/lxqt-powermanagement deleted file mode 100644 index cda7f5552..000000000 --- a/apparmor.d/groups/lxqt/lxqt-powermanagement +++ /dev/null @@ -1,38 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-powermanagement -profile lxqt-powermanagement @{exec_path} flags=(attach_disconnected) { - include - include - include - include - include - include - include - - network netlink raw, - - @{exec_path} mr, - - @{bin}/xset rPx, - - /etc/udev/udev.conf r, - /etc/fstab r, - - owner /tmp/@{int} r, - - @{run}/systemd/inhibit/* rw, - - owner @{PROC}/@{pid}/mounts r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-runner b/apparmor.d/groups/lxqt/lxqt-runner deleted file mode 100644 index a46c22c28..000000000 --- a/apparmor.d/groups/lxqt/lxqt-runner +++ /dev/null @@ -1,41 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-runner -profile lxqt-runner @{exec_path} { - include - include - include - include - include - include - include - - @{exec_path} mr, - - /usr/share/icons/ r, - /usr/share/icons/{,**} r, - /usr/share/desktop-directories/ r, - /usr/share/desktop-directories/{,**} r, - - /etc/xdg/menus/lxqt-applications.menu r, - - owner @{user_config_dirs}/lxqt/lxqt-runner.conf.lock rwk, - owner @{user_config_dirs}/lxqt/#@{int} rw, - owner @{user_config_dirs}/lxqt/lxqt-runner.conf.@{rand6} rwkl -> @{user_config_dirs}/lxqt/#@{int}, - - # only needed if tor is installed on /opt - owner /opt/*/**/*.png r, - - owner /tmp/@{int} r, - - /dev/tty rw, - - include if exists -} diff --git a/apparmor.d/groups/lxqt/lxqt-session b/apparmor.d/groups/lxqt/lxqt-session deleted file mode 100644 index dce8853b5..000000000 --- a/apparmor.d/groups/lxqt/lxqt-session +++ /dev/null @@ -1,130 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2024 Alexandre Pujol -# Copyright (C) 2024 Besanon -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/lxqt-session -profile lxqt-session @{exec_path} { - include - include - include - include - include - include - include - include - include - include - include - include - include - include - include - include - include - include - - signal (send), - signal (receive) set=(kill, term) peer=startlxqt, - signal (receive) set=(kill, term) peer=sddm, - - ptrace (read), - - network netlink raw, - - @{exec_path} mr, - - @{sh_path} rix, - @{bin}/sed rix, - @{bin}/readlink rix, - @{bin}/dirname rix, - @{bin}/system-config-printer-applet rPx, - @{bin}/lxqt-config-input rPx, - @{bin}/lxqt-session-settings rPx, - @{bin}/lxqt-globalkeysd rPx, - @{bin}/lxqt-panel rPx, - @{bin}/lxqt-policykit-agent rPx, - @{bin}/lxqt-runner rPx, - @{bin}/lxqt-notificationd rPx, - @{bin}/lxqt-powermanagement rPx, - @{bin}/lxqt-config rPx, - @{bin}/lxqt-leave rPx, - @{bin}/lxqt-about rPx, - @{bin}/dbus-send rPUx, - @{bin}/dbus-update-activation-environment rCx -> dbus, - @{bin}/systemctl rCx -> systemctl, - - @{bin}/pavucontrol rPx, - @{bin}/pulseaudio rPx, - @{bin}/python3.@{int} rPx, - @{lib}/python3.@{int} rPx, - @{bin}/xfe rPx, - @{bin}/nm-connection-editor rPx, - @{bin}/nm-applet rPx, - @{bin}/nm-tray rPx, - @{bin}/pcmanfm-qt rPx, - @{bin}/openbox rix, - @{bin}/dconf-editor rPx, - @{bin}/setxkbmap rix, - @{bin}/start-pulseaudio-x11 rPx, - @{bin}/xrdb rPx, - @{bin}/xdg-user-dirs-update rPx, - /usr/lib/{/,x86_64-linux-gnu/}tumbler-1/tumblerd rPx, - - /usr/share/ r, - /usr/share/mime/ r, - /usr/share/cursors/ r, - /usr/share/backintime/common/* r, - /usr/share/desktop-directories/* r, - /usr/share/system-config-printer/* r, - - /etc/xdg/ r, - /etc/xdg/autostart/ r, - /etc/xdg/autostart/*.desktop r, - /etc/xdg/menus/lxqt-* r, - /etc/xdg/openbox/* r, - /etc/udev/udev.conf r, - - owner @{HOME}/.local/share/ r, - owner @{HOME}/.config/ r, - owner @{HOME}/.config/autostart/ r, - owner @{HOME}/.config/autostart/* rw, - owner @{user_cache_dirs}/openbox/openbox.log rwk, - owner @{user_config_dirs}/mimeapps.list{,.@{rand6}} rw, - owner @{user_config_dirs}/dconf/user r, - owner @{user_config_dirs}/openbox/rc.xml r, - owner @{user_share_dirs}/sddm/xorg-session.log rw, - - @{PROC}/ r, - @{PROC}/uptime r, - @{PROC}/@{pid}/stat r, - owner @{PROC}/@{pid}/stat r, - - @{run}/systemd/inhibit/** rw, - - include if exists - - profile systemctl { - include - include - - include if exists - } - - profile dbus { - include - include - - @{bin}/dbus-update-activation-environment mr, - - owner @{user_share_dirs}/sddm/xorg-session.log rw, - - include if exists - } - -} - diff --git a/apparmor.d/groups/lxqt/startlxqt b/apparmor.d/groups/lxqt/startlxqt deleted file mode 100644 index 5cf08599e..000000000 --- a/apparmor.d/groups/lxqt/startlxqt +++ /dev/null @@ -1,87 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2023 Alexandre Pujol -# SPDX-License-Identifier: GPL-2.0-only - -abi , - -include - -@{exec_path} = @{bin}/startlxqt -profile startlxqt @{exec_path} { - include - include - include - include - - signal (receive) set=(term) peer=sddm, - - @{exec_path} mr, - - @{bin}/xrdb rPx, - @{bin}/xsetroot rPx, - @{bin}/xprop rpx, - @{bin}/mkdir rix, - @{bin}/dbus-launch rPx, - @{bin}/lxqt-session rPx, - @{sh_path} rix, - - /usr/share/color-schemes/{,**} r, - /usr/share/desktop-directories/{,**} r, - /usr/share/icu/@{int}.@{int}/*.dat r, - /usr/share/knotifications5/{,**} r, - /usr/share/kservices5/{,**} r, - /usr/share/kservicetypes5/{,**} r, - /usr/share/mime/{,**} r, - /usr/share/plasma/{,**} r, - - /etc/locale.alias r, - /etc/machine-id r, - /etc/xdg/kcminputrc r, - /etc/xdg/kdeglobals r, - /etc/xdg/menus/{,**} r, - - @{HOME}/ r, - owner @{HOME}/.Xauthority r, - - owner @{user_cache_dirs}/ rw, - owner @{user_cache_dirs}/#@{int} rw, - owner @{user_cache_dirs}/kcrash-metadata/ rw, - @{user_cache_dirs}/ksycoca5_* rwkl -> @{user_cache_dirs}/#@{int}, - owner @{user_cache_dirs}/plasma-svgelements rw, - - owner @{user_config_dirs}/#@{int} rw, - owner @{user_config_dirs}/gtkrc rl, - owner @{user_config_dirs}/gtkrc-2.0 rl, - owner @{user_config_dirs}/kcminputrc r, - owner @{user_config_dirs}/lxqt/ rw, - owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/kdedefaults/**, - owner @{user_config_dirs}/kdeglobals.lock rwk, - owner @{user_config_dirs}/kdeglobals{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int}, - owner @{user_config_dirs}/ksplashrc r, - owner @{user_config_dirs}/kwinkdeglobalsrc.lock rwk, - owner @{user_config_dirs}/menus/{,**} r, - owner @{user_config_dirs}/plasma-localerc rwl, - owner @{user_config_dirs}/plasma-localerc.lock rwk, - owner @{user_config_dirs}/plasma-workspace/env/ r, - owner @{user_config_dirs}/startkderc r, - owner @{user_config_dirs}/Trolltech.conf rwl, - owner @{user_config_dirs}/Trolltech.conf.lock rwk, - - owner @{user_share_dirs}/kservices5/{,**} r, - owner @{user_share_dirs}/sddm/wayland-session.log rw, - owner @{user_share_dirs}/sddm/xorg-session.log rw, - - owner /tmp/#@{int} rw, - owner /tmp/startlxqt.@{rand6} rwl -> /tmp/#@{int}, - - owner @{run}/user/@{uid}/ r, - @{run}/user/@{uid}/xauth_@{rand6} rl, - - @{PROC}/sys/kernel/core_pattern r, - @{PROC}/sys/kernel/random/boot_id r, - owner @{PROC}/@{pid}/maps r, - - - /dev/tty rw, - /dev/tty@{int} rw, -} From a8177518d4ec9c74a9e0ab9e4b246898830ad635 Mon Sep 17 00:00:00 2001 From: Besanon Date: Tue, 16 Jul 2024 08:00:02 +0200 Subject: [PATCH 77/78] Create lxqt --- apparmor.d/abstractions/lxqt | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 apparmor.d/abstractions/lxqt diff --git a/apparmor.d/abstractions/lxqt b/apparmor.d/abstractions/lxqt new file mode 100644 index 000000000..d3a5ebf93 --- /dev/null +++ b/apparmor.d/abstractions/lxqt @@ -0,0 +1,31 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + + include + include + include + include + include + include + include + + signal (receive) set=(kill, term) peer=lxqt-session, + + /usr/share/hwdata/pnp.ids r, + /usr/share/icu/@{int}.@{int}/*.dat r, + /usr/share/lxqt/** r, + /usr/share/qt{5,6}/ r, + /usr/share/qt{5,6}/{,**} r, + + owner @{HOME}/.Xdefaults r, + + owner @{user_cache_dirs}/lxqt-notificationd/* r, + + owner @{user_config_dirs}/lxqt/*.conf rw, + + owner @{user_share_dirs}/sddm/xorg-session.log rw, + + include if exists + +# vim:syntax=apparmor From c92f9b514bdf99e878cfebc4a3fac8c0a17dd4ed Mon Sep 17 00:00:00 2001 From: Besanon Date: Tue, 16 Jul 2024 08:12:23 +0200 Subject: [PATCH 78/78] Update lxqt --- apparmor.d/abstractions/lxqt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apparmor.d/abstractions/lxqt b/apparmor.d/abstractions/lxqt index d3a5ebf93..df37cddb3 100644 --- a/apparmor.d/abstractions/lxqt +++ b/apparmor.d/abstractions/lxqt @@ -3,7 +3,7 @@ # SPDX-License-Identifier: GPL-2.0-only include - include + include include include include