felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(profiles): use @{bin} and @{lib} in profiles (3)

Browse source
This commit is contained in:
Alexandre Pujol 2023-07-09 14:09:55 +01:00
parent 2eed3b725f
commit 27daa7c9bb
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
355 changed files with 1473 additions and 1472 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/groups/kde/baloo
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/baloo_file @{libexec}/baloo_file
@{exec_path} = @{bin}/baloo_file @{lib}/baloo_file
profile baloo @{exec_path} {
include <abstractions/base>
include <abstractions/deny-sensitive-home>
@ -22,7 +22,7 @@ profile baloo @{exec_path} {
@{exec_path} mr,
/{usr/,}lib/baloo_file_extractor rix,
@{lib}/baloo_file_extractor rix,
/usr/share/hwdata/pnp.ids r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,

2
apparmor.d/groups/kde/drkonqi
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/drkonqi
@{exec_path} = @{lib}/drkonqi
profile drkonqi @{exec_path} {
include <abstractions/base>
include <abstractions/fonts>

2
apparmor.d/groups/kde/gmenudbusmenuproxy
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/gmenudbusmenuproxy
@{exec_path} = @{bin}/gmenudbusmenuproxy
profile gmenudbusmenuproxy @{exec_path} {
include <abstractions/base>
include <abstractions/fonts>

4
apparmor.d/groups/kde/kaccess
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/kaccess
@{exec_path} = @{bin}/kaccess
profile kaccess @{exec_path} {
include <abstractions/base>
include <abstractions/dri-common>
@ -17,7 +17,7 @@ profile kaccess @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/gsettings rPx,
@{bin}/gsettings rPx,
/usr/share/hwdata/pnp.ids r,
/usr/share/icons/{,**} r,

2
apparmor.d/groups/kde/kactivitymanagerd
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/kactivitymanagerd
@{exec_path} = @{lib}/kactivitymanagerd
profile kactivitymanagerd @{exec_path} {
include <abstractions/base>
include <abstractions/qt5>

4
apparmor.d/groups/kde/kalendarac
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/kalendarac
@{exec_path} = @{bin}/kalendarac
profile kalendarac @{exec_path} {
include <abstractions/base>
include <abstractions/dri-common>
@ -17,7 +17,7 @@ profile kalendarac @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/akonadi_control rPx,
@{bin}/akonadi_control rPx,
/usr/share/akonadi/firstrun/{,*} r,
/usr/share/hwdata/*.ids r,

2
apparmor.d/groups/kde/kauth-backlighthelper
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/kauth/backlighthelper
@{exec_path} = @{lib}/kauth/backlighthelper
profile kauth-backlighthelper @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>

2
apparmor.d/groups/kde/kauth-chargethresholdhelper
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/kauth/chargethresholdhelper
@{exec_path} = @{lib}/kauth/chargethresholdhelper
profile kauth-chargethresholdhelper @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>

2
apparmor.d/groups/kde/kauth-discretegpuhelper
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/kauth/discretegpuhelper
@{exec_path} = @{lib}/kauth/discretegpuhelper
profile kauth-discretegpuhelper @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>

2
apparmor.d/groups/kde/kauth-fontinst
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/kauth/fontinst
@{exec_path} = @{lib}/kauth/fontinst
profile kauth-fontinst @{exec_path} {
include <abstractions/base>
include <abstractions/qt5>

4
apparmor.d/groups/kde/kauth-kded-smart-helper
View file

@ -6,14 +6,14 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/kauth/kded-smart-helper
@{exec_path} = @{lib}/kauth/kded-smart-helper
profile kauth-kded-smart-helper @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>
@{exec_path} mr,
/{usr/,}{s,}bin/smartctl rPx,
@{bin}/smartctl rPx,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,

4
apparmor.d/groups/kde/kauth-kinfocenter-dmidecode-helper
View file

@ -6,13 +6,13 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/kauth/kinfocenter-dmidecode-helper
@{exec_path} = @{lib}/kauth/kinfocenter-dmidecode-helper
profile kauth-kinfocenter-dmidecode-helper @{exec_path} {
include <abstractions/base>
@{exec_path} mr,
/{usr/,}{s,}bin/dmidecode rPx,
@{bin}/dmidecode rPx,
include if exists <local/kauth-kinfocenter-dmidecode-helper>
}

4
apparmor.d/groups/kde/kcminit
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/kcminit
@{exec_path} = @{bin}/kcminit
profile kcminit @{exec_path} {
include <abstractions/base>
include <abstractions/fonts>
@ -15,7 +15,7 @@ profile kcminit @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/xrdb rPx,
@{bin}/xrdb rPx,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
/usr/share/hwdata/pnp.ids r,

2
apparmor.d/groups/kde/kconf_update
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/kf5/kconf_update
@{exec_path} = @{lib}/kf5/kconf_update
profile kconf_update @{exec_path} {
include <abstractions/base>

4
apparmor.d/groups/kde/kde-powerdevil
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/org_kde_powerdevil
@{exec_path} = @{lib}/org_kde_powerdevil
profile kde-powerdevil @{exec_path} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/qt5>
@ -18,7 +18,7 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected) {
@{exec_path} mrix,
@{libexec}/drkonqi rPx,
@{lib}/drkonqi rPx,
/usr/share/hwdata/*.ids r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,

16
apparmor.d/groups/kde/kded5
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/kded5
@{exec_path} = @{bin}/kded5
profile kded5 @{exec_path} {
include <abstractions/base>
include <abstractions/audio>
@ -33,12 +33,12 @@ profile kded5 @{exec_path} {
@{exec_path} mr,
@{libexec}/kf5/kconf_update rPx,
@{libexec}/utempter/utempter rPx,
/{usr/,}bin/kcminit rPx,
/{usr/,}bin/pgrep rCx -> pgrep,
/{usr/,}bin/setxkbmap rix,
/{usr/,}bin/xsettingsd rPx,
@{lib}/kf5/kconf_update rPx,
@{lib}/utempter/utempter rPx,
@{bin}/kcminit rPx,
@{bin}/pgrep rCx -> pgrep,
@{bin}/setxkbmap rix,
@{bin}/xsettingsd rPx,
/usr/share/hwdata/*.ids r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
@ -110,7 +110,7 @@ profile kded5 @{exec_path} {
ptrace (read),
/{usr/,}bin/pgrep mr,
@{bin}/pgrep mr,
@{PROC}/ r,
@{PROC}/@{pids}/cmdline r,

2
apparmor.d/groups/kde/kglobalaccel5
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/kglobalaccel5
@{exec_path} = @{bin}/kglobalaccel5
profile kglobalaccel5 @{exec_path} {
include <abstractions/base>
include <abstractions/freedesktop.org>

2
apparmor.d/groups/kde/kio_http_cache_cleaner
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/kf5/kio_http_cache_cleaner
@{exec_path} = @{lib}/kf5/kio_http_cache_cleaner
profile kio_http_cache_cleaner @{exec_path} {
include <abstractions/base>

8
apparmor.d/groups/kde/kioslave5
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/kf5/kioslave5
@{exec_path} = @{lib}/kf5/kioslave5
profile kioslave5 @{exec_path} {
include <abstractions/base>
include <abstractions/dri-common>
@ -28,9 +28,9 @@ profile kioslave5 @{exec_path} {
@{exec_path} mr,
@{libexec}/libheif/ r,
@{libexec}/libheif/*.so* rm,
@{libexec}/kf5/kio_http_cache_cleaner rPx,
@{lib}/libheif/ r,
@{lib}/libheif/*.so* rm,
@{lib}/kf5/kio_http_cache_cleaner rPx,
/usr/share/hwdata/*.ids r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,

2
apparmor.d/groups/kde/kreadconfig
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/kreadconfig5
@{exec_path} = @{bin}/kreadconfig5
profile kreadconfig @{exec_path} {
include <abstractions/base>

2
apparmor.d/groups/kde/kscreen_backend_launcher
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/kf5/kscreen_backend_launcher
@{exec_path} = @{lib}/kf5/kscreen_backend_launcher
profile kscreen_backend_launcher @{exec_path} {
include <abstractions/base>
include <abstractions/qt5>

12
apparmor.d/groups/kde/kscreenlocker-greet
View file

@ -7,8 +7,8 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/kscreenlocker_greet
@{exec_path} += /{usr/,}lib/@{multiarch}/libexec/kscreenlocker_greet
@{exec_path} = @{lib}/kscreenlocker_greet
@{exec_path} += @{lib}/@{multiarch}/libexec/kscreenlocker_greet
profile kscreenlocker-greet @{exec_path} {
include <abstractions/base>
include <abstractions/dri-enumerate>
@ -29,11 +29,11 @@ profile kscreenlocker-greet @{exec_path} {
@{exec_path} mr,
@{libexec}/libheif/ r,
@{libexec}/libheif/*.so* rm,
@{lib}/libheif/ r,
@{lib}/libheif/*.so* rm,
/{usr/,}{s,}bin/unix_chkpwd rPx,
/{usr/,}lib/@{multiarch}/libexec/kcheckpass rPx,
@{bin}/unix_chkpwd rPx,
@{lib}/@{multiarch}/libexec/kcheckpass rPx,
/usr/share/hwdata/pnp.ids r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,

10
apparmor.d/groups/kde/ksmserver
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/ksmserver
@{exec_path} = @{bin}/ksmserver
profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) {
include <abstractions/base>
include <abstractions/app-launcher-user>
@ -22,11 +22,11 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) {
@{exec_path} mr,
/{usr/,}bin/rm rix,
@{bin}/rm rix,
@{libexec}/DiscoverNotifier rPUx, # TODO: rPx,
@{libexec}/drkonqi rPx,
@{libexec}/kscreenlocker_greet rPx,
@{lib}/DiscoverNotifier rPUx, # TODO: rPx,
@{lib}/drkonqi rPx,
@{lib}/kscreenlocker_greet rPx,
/usr/share/color-schemes/{,**} r,
/usr/share/hwdata/pnp.ids r,

14
apparmor.d/groups/kde/kwalletd5
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/kwalletd5
@{exec_path} = @{bin}/kwalletd5
profile kwalletd5 @{exec_path} {
include <abstractions/base>
include <abstractions/audio>
@ -27,9 +27,9 @@ profile kwalletd5 @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/gpgconf rCx -> gpg,
/{usr/,}bin/gpg{,2} rCx -> gpg,
/{usr/,}bin/gpgsm rCx -> gpg,
@{bin}/gpgconf rCx -> gpg,
@{bin}/gpg{,2} rCx -> gpg,
@{bin}/gpgsm rCx -> gpg,
/usr/share/color-schemes/{,**} r,
/usr/share/hwdata/pnp.ids r,
@ -71,9 +71,9 @@ profile kwalletd5 @{exec_path} {
profile gpg {
include <abstractions/base>
/{usr/,}bin/gpgconf mr,
/{usr/,}bin/gpg{,2} mr,
/{usr/,}bin/gpgsm mr,
@{bin}/gpgconf mr,
@{bin}/gpg{,2} mr,
@{bin}/gpgsm mr,
owner @{HOME}/@{XDG_GPG_DIR}/ rw,
owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,

2
apparmor.d/groups/kde/kwalletmanager5
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/kwalletmanager5
@{exec_path} = @{bin}/kwalletmanager5
profile kwalletmanager5 @{exec_path} {
include <abstractions/base>
include <abstractions/audio>

8
apparmor.d/groups/kde/kwin_x11
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/kwin_x11
@{exec_path} = @{bin}/kwin_x11
profile kwin_x11 @{exec_path} {
include <abstractions/base>
include <abstractions/dri-common>
@ -26,9 +26,9 @@ profile kwin_x11 @{exec_path} {
@{exec_path} mrix,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}lib/kwin_killer_helper rix,
@{libexec}/drkonqi rPx,
@{bin}/{,ba,da}sh rix,
@{lib}/kwin_killer_helper rix,
@{lib}/drkonqi rPx,
/usr/share/hwdata/pnp.ids r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,

10
apparmor.d/groups/kde/plasma-discover
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/plasma-discover
@{exec_path} = @{bin}/plasma-discover
profile plasma-discover @{exec_path} {
include <abstractions/base>
include <abstractions/mesa>
@ -22,11 +22,11 @@ profile plasma-discover @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/kreadconfig5 rPx,
@{bin}/{,ba,da}sh rix,
@{bin}/kreadconfig5 rPx,
@{libexec}/kf5/kioslave5 rPx,
@{libexec}/kf5/kio_http_cache_cleaner rPx,
@{lib}/kf5/kioslave5 rPx,
@{lib}/kf5/kio_http_cache_cleaner rPx,
/usr/share/kservices5/{,*} r,

14
apparmor.d/groups/kde/plasmashell
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/plasmashell
@{exec_path} = @{bin}/plasmashell
profile plasmashell @{exec_path} {
include <abstractions/base>
include <abstractions/app-launcher-user>
@ -40,12 +40,12 @@ profile plasmashell @{exec_path} {
@{exec_path} mr,
@{libexec}/libheif/ r,
@{libexec}/libheif/*.so* rm,
@{libexec}/kf5/kioslave5 rPx,
@{libexec}/kf5/kdesu{,d} rix,
/{usr/,}bin/dolphin rPUx, # TODO: rPx,
/{usr/,}bin/plasma-discover rPUx,
@{lib}/libheif/ r,
@{lib}/libheif/*.so* rm,
@{lib}/kf5/kioslave5 rPx,
@{lib}/kf5/kdesu{,d} rix,
@{bin}/dolphin rPUx, # TODO: rPx,
@{bin}/plasma-discover rPUx,
/usr/share/akonadi/firstrun/{,*} r,
/usr/share/akonadi/plugins/serializer/{,*.desktop} r,

56
apparmor.d/groups/kde/sddm
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/sddm
@{exec_path} = @{bin}/sddm
profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
include <abstractions/base>
include <abstractions/authentication>
@ -39,35 +39,35 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
@{exec_path} mr,
/{usr/,}lib{,exec}/sddm/sddm-helper rix,
/{usr/,}lib/@{multiarch}/sddm/sddm-helper rix,
/{usr/,}lib/plasma-dbus-run-session-if-needed rix,
@{lib}/@{multiarch}/sddm/sddm-helper rix,
@{lib}/plasma-dbus-run-session-if-needed rix,
@{lib}/sddm/sddm-helper rix,
/{usr/,}{s,}bin/checkproc rix,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/cat rix,
/{usr/,}bin/tr rix,
/{usr/,}bin/tty rix,
/{usr/,}bin/xdm r,
/{usr/,}bin/xmodmap rix,
@{bin}/{,ba,da}sh rix,
@{bin}/cat rix,
@{bin}/checkproc rix,
@{bin}/tr rix,
@{bin}/tty rix,
@{bin}/xdm r,
@{bin}/xmodmap rix,
/{usr/,}bin/sddm-greeter rPx,
/{usr/,}bin/Xorg rPx,
/etc/sddm/Xsession rPx,
@{bin}/sddm-greeter rPx,
@{bin}/Xorg rPx,
/etc/sddm/Xsession rPx,
/{usr/,}bin/flatpak rPUx,
/{usr/,}bin/sway rPUx,
/{usr/,}bin/xauth rCx -> xauth,
/{usr/,}bin/xsetroot rPx,
@{bin}/flatpak rPUx,
@{bin}/sway rPUx,
@{bin}/xauth rCx -> xauth,
@{bin}/xsetroot rPx,
@{etc_ro}/X11/xdm/Xsession rPx,
/{usr/,}bin/dbus-update-activation-environment rCx -> dbus,
/{usr/,}bin/gnome-keyring-daemon rPx,
/{usr/,}bin/kwalletd5 rPx,
/{usr/,}bin/startplasma-x11 rPx,
/{usr/,}bin/systemctl rPx -> child-systemctl,
/{usr/,}bin/xrdb rPx,
/{usr/,}bin/xset rPx,
@{etc_ro}/X11/xdm/Xsession rPx,
@{bin}/dbus-update-activation-environment rCx -> dbus,
@{bin}/gnome-keyring-daemon rPx,
@{bin}/kwalletd5 rPx,
@{bin}/startplasma-x11 rPx,
@{bin}/systemctl rPx -> child-systemctl,
@{bin}/xrdb rPx,
@{bin}/xset rPx,
/usr/etc/X11/xdm/Xsetup rix,
/usr/share/sddm/scripts/wayland-session rix,
@ -143,7 +143,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
profile xauth {
include <abstractions/base>
/{usr/,}bin/xauth mr,
@{bin}/xauth mr,
owner @{HOME}/.Xauthority-c w,
owner @{HOME}/.Xauthority-l wl -> @{HOME}/.Xauthority-c,
@ -163,7 +163,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
profile dbus {
include <abstractions/base>
/{usr/,}bin/dbus-update-activation-environment mr,
@{bin}/dbus-update-activation-environment mr,
owner @{user_share_dirs}/sddm/xorg-session.log w,

6
apparmor.d/groups/kde/sddm-greeter
View file

@ -7,7 +7,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/sddm-greeter
@{exec_path} = @{bin}/sddm-greeter
profile sddm-greeter @{exec_path} {
include <abstractions/base>
include <abstractions/fontconfig-cache-read>
@ -24,8 +24,8 @@ profile sddm-greeter @{exec_path} {
@{exec_path} mr,
@{libexec}/libheif/ r,
@{libexec}/libheif/*.so* rm,
@{lib}/libheif/ r,
@{lib}/libheif/*.so* rm,
/usr/share/desktop-base/softwaves-theme/login/*.svg r,
/usr/share/hwdata/pnp.ids r,

56
apparmor.d/groups/kde/sddm-xsession
View file

@ -18,37 +18,37 @@ profile sddm-xsession @{exec_path} {
@{exec_path} r,
/{usr/,}{local,}bin/ r,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/{,e}grep rix,
/{usr/,}bin/{m,g,}awk rix,
/{usr/,}bin/cat rix,
/{usr/,}bin/chmod rix,
/{usr/,}bin/csh rix,
/{usr/,}bin/date rix,
/{usr/,}bin/fish rix,
/{usr/,}bin/id rix,
/{usr/,}bin/mktemp rix,
/{usr/,}bin/rm rix,
/{usr/,}bin/tcsh rix,
/{usr/,}bin/tempfile rix,
/{usr/,}bin/touch rix,
/{usr/,}bin/which{,.*} rix,
/{usr/,}bin/zsh rix,
@{bin}/{,ba,da}sh rix,
@{bin}/{,e}grep rix,
@{bin}/{m,g,}awk rix,
@{bin}/cat rix,
@{bin}/chmod rix,
@{bin}/csh rix,
@{bin}/date rix,
@{bin}/fish rix,
@{bin}/id rix,
@{bin}/mktemp rix,
@{bin}/rm rix,
@{bin}/tcsh rix,
@{bin}/tempfile rix,
@{bin}/touch rix,
@{bin}/which{,.*} rix,
@{bin}/zsh rix,
/{usr/,}bin/dbus-update-activation-environment rCx -> dbus,
/{usr/,}bin/flatpak rPUx,
/{usr/,}bin/numlockx rPx,
/{usr/,}bin/xhost rPx,
/{usr/,}bin/xrdb rPx,
@{bin}/dbus-update-activation-environment rCx -> dbus,
@{bin}/flatpak rPUx,
@{bin}/numlockx rPx,
@{bin}/xhost rPx,
@{bin}/xrdb rPx,
/etc/X11/Xsession rPx,
/{usr/,}bin/ssh-agent rPx,
/{usr/,}bin/udevadm rPx,
@{bin}/ssh-agent rPx,
@{bin}/udevadm rPx,
/{usr/,}bin/run-parts rCx -> run-parts,
@{bin}/run-parts rCx -> run-parts,
# Allowed GUI sessions to start
#/{usr/,}bin/openbox-session rPx,
#/{usr/,}bin/openbox rPx,
#@{bin}/openbox-session rPx,
#@{bin}/openbox rPx,
/etc/default/{,*} r,
/etc/X11/{,**} r,
@ -65,7 +65,7 @@ profile sddm-xsession @{exec_path} {
profile run-parts {
include <abstractions/base>
/{usr/,}bin/run-parts mr,
@{bin}/run-parts mr,
/etc/X11/Xsession.d/ r,
/etc/X11/Xresources/ r,
@ -78,7 +78,7 @@ profile sddm-xsession @{exec_path} {
profile dbus {
include <abstractions/base>
/{usr/,}bin/dbus-update-activation-environment mr,
@{bin}/dbus-update-activation-environment mr,
owner @{HOME}/.xsession-errors w,

10
apparmor.d/groups/kde/startplasma-x11
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/startplasma-x11
@{exec_path} = @{bin}/startplasma-x11
profile startplasma-x11 @{exec_path} {
include <abstractions/base>
include <abstractions/freedesktop.org>
@ -15,10 +15,10 @@ profile startplasma-x11 @{exec_path} {
@{exec_path} mr,
/{usr/,}bin/kapplymousetheme rPUx,
/{usr/,}bin/ksplashqml rPUx,
/{usr/,}bin/xrdb rPx,
/{usr/,}bin/xsetroot rPx,
@{bin}/kapplymousetheme rPUx,
@{bin}/ksplashqml rPUx,
@{bin}/xrdb rPx,
@{bin}/xsetroot rPx,
/usr/share/color-schemes/{,**} r,
/usr/share/desktop-directories/{,**} r,

2
apparmor.d/groups/kde/utempter
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = @{libexec}/utempter/utempter
@{exec_path} = @{lib}/utempter/utempter
profile utempter @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>

60
apparmor.d/groups/kde/xdm-xsession
View file

@ -17,42 +17,42 @@ profile xdm-xsession @{exec_path} {
@{exec_path} mr,
/{usr/,}{s,}bin/checkproc rix,
/{usr/,}bin/{,ba,da}sh rix,
/{usr/,}bin/basename rix,
/{usr/,}bin/cat rix,
/{usr/,}bin/dirname rix,
/{usr/,}bin/gpg-agent rix,
/{usr/,}bin/gpg-connect-agent rix,
/{usr/,}bin/grep rix,
/{usr/,}bin/locale rix,
/{usr/,}bin/manpath rix,
/{usr/,}bin/readlink rix,
/{usr/,}bin/sed rix,
/{usr/,}bin/ssh-agent rix,
/{usr/,}bin/tr rix,
/{usr/,}bin/tty rix,
/{usr/,}bin/uname rix,
/{usr/,}bin/whoami rix,
@{bin}/checkproc rix,
@{bin}/{,ba,da}sh rix,
@{bin}/basename rix,
@{bin}/cat rix,
@{bin}/dirname rix,
@{bin}/gpg-agent rix,
@{bin}/gpg-connect-agent rix,
@{bin}/grep rix,
@{bin}/locale rix,
@{bin}/manpath rix,
@{bin}/readlink rix,
@{bin}/sed rix,
@{bin}/ssh-agent rix,
@{bin}/tr rix,
@{bin}/tty rix,
@{bin}/uname rix,
@{bin}/whoami rix,
/{usr/,}bin/dbus-update-activation-environment rCx -> dbus,
/{usr/,}bin/flatpak rPUx,
/{usr/,}bin/pidof rPx,
/{usr/,}bin/startplasma-x11 rPx,
/{usr/,}bin/systemctl rPx -> child-systemctl,
/{usr/,}bin/xdg-user-dirs-update rPx,
/{usr/,}bin/xrdb rPx,
@{bin}/dbus-update-activation-environment rCx -> dbus,
@{bin}/flatpak rPUx,
@{bin}/pidof rPx,
@{bin}/startplasma-x11 rPx,
@{bin}/systemctl rPx -> child-systemctl,
@{bin}/xdg-user-dirs-update rPx,
@{bin}/xrdb rPx,
@{libexec}/gnome-session-binary rPx,
/{usr/,}bin/gnome rix,
/{usr/,}bin/gnome-session rix,
/{usr/,}bin/gsettings rPx,
@{lib}/gnome-session-binary rPx,
@{bin}/gnome rix,
@{bin}/gnome-session rix,
@{bin}/gsettings rPx,
@{etc_ro}/X11/xdm/sys.xsession rix,
@{etc_ro}/X11/xinit/xinitrc.d/50-systemd-user.sh rix,
@{etc_ro}/X11/xinit/xinitrc.d/xdg-user-dirs.sh rix,
@{HOME}/.xinitrc rPix,
@{libexec}/xinit/xinitrc rix,
@{lib}/xinit/xinitrc rix,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/bash-completion/{,**} r,
@ -96,7 +96,7 @@ profile xdm-xsession @{exec_path} {
profile dbus {
include <abstractions/base>
/{usr/,}bin/dbus-update-activation-environment mr,
@{bin}/dbus-update-activation-environment mr,
owner @{user_share_dirs}/sddm/xorg-session.log rw,

2
apparmor.d/groups/kde/xembedsniproxy
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/xembedsniproxy
@{exec_path} = @{bin}/xembedsniproxy
profile xembedsniproxy @{exec_path} {
include <abstractions/base>
include <abstractions/nameservice-strict>

2
apparmor.d/groups/kde/xsettingsd
View file

@ -6,7 +6,7 @@ abi <abi/3.0>,
include <tunables/global>
@{exec_path} = /{usr/,}bin/xsettingsd
@{exec_path} = @{bin}/xsettingsd
profile xsettingsd @{exec_path} {
include <abstractions/base>