diff --git a/apparmor.d/groups/freedesktop/xdg-mime b/apparmor.d/groups/freedesktop/xdg-mime index ef0e156ff..364c6a8bf 100644 --- a/apparmor.d/groups/freedesktop/xdg-mime +++ b/apparmor.d/groups/freedesktop/xdg-mime @@ -21,7 +21,6 @@ profile xdg-mime @{exec_path} flags=(attach_disconnected) { @{bin}/cut rix, @{bin}/file rix, @{bin}/head rix, - @{bin}/ktraderclient5 rPUx, @{bin}/mv rix, @{bin}/readlink rix, @{bin}/sed rix, diff --git a/apparmor.d/groups/freedesktop/xdg-settings b/apparmor.d/groups/freedesktop/xdg-settings index 9bb6558fc..4153c11eb 100644 --- a/apparmor.d/groups/freedesktop/xdg-settings +++ b/apparmor.d/groups/freedesktop/xdg-settings @@ -19,7 +19,6 @@ profile xdg-settings @{exec_path} { @{bin}/basename rix, @{bin}/cat rix, @{bin}/cut rix, - @{bin}/kreadconfig5 rPx, @{bin}/mktemp rix, @{bin}/mv rix, @{bin}/readlink rix, diff --git a/apparmor.d/groups/kde/ksmserver b/apparmor.d/groups/kde/ksmserver index 7d78a4861..5ff310c18 100644 --- a/apparmor.d/groups/kde/ksmserver +++ b/apparmor.d/groups/kde/ksmserver @@ -21,10 +21,6 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) { signal (send) set=(usr1,term) peer=kscreenlocker-greet, - unix (connect, receive, send, accept) - type=stream - peer=(addr="@/tmp/.ICE-unix/[0-9]*"), - @{exec_path} mr, @{bin}/rm rix, diff --git a/apparmor.d/groups/kde/kstart b/apparmor.d/groups/kde/kstart index 47ee7a9b7..38b6f9242 100644 --- a/apparmor.d/groups/kde/kstart +++ b/apparmor.d/groups/kde/kstart @@ -1,25 +1,25 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023 Jeroen Rijken +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include -@{exec_path} = /{usr/,}bin/kstart +@{exec_path} = @{bin}/kstart profile kstart @{exec_path} flags=(complain,attach_disconnected) { include - include include include - - unix (connect, send, receive) type=stream peer=(addr="@/tmp/.ICE-unix/4979"), + include + include @{exec_path} mr, - /{usr/,}bin/** rPUx, - /{usr/,}bin/konsole rUx, - @{HOME}.Xauthority r, + @{bin}/** rPUx, + + @{bin}/konsole rPUx, include if exists } diff --git a/apparmor.d/profiles-m-r/plank b/apparmor.d/profiles-m-r/plank index 239b0bda4..678250bbf 100644 --- a/apparmor.d/profiles-m-r/plank +++ b/apparmor.d/profiles-m-r/plank @@ -1,32 +1,33 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2023 Jeroen Rijken +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include -@{exec_path} = /{usr/,}bin/plank -profile plank @{exec_path} flags=(complain) { +@{exec_path} = @{bin}/plank +profile plank @{exec_path} { include include include include - include include include + include include + include @{exec_path} rm, - unix (send, receive, connect) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*", label="{xorg,xkbcomp}"), - - @{user_config_dirs}/plank/{,**} rw, /usr/{,local/}share/plank/{,**} r, - /usr/{,local/}share/mime/mime.cache r, + /var/lib/flatpak/exports/share/icons/{,**} r, /var/lib/flatpak/exports/share/mime/mime.cache r, + owner @{user_config_dirs}/plank/{,**} rw, + include if exists } diff --git a/dists/flags/main.flags b/dists/flags/main.flags index a59740479..3cd5af3b5 100644 --- a/dists/flags/main.flags +++ b/dists/flags/main.flags @@ -256,6 +256,7 @@ pinentry-gnome3 complain pinentry-gtk-2 complain pkexec complain pkttyagent complain +plank complain plasma-browser-integration-host complain plasma-discover complain plasmashell mediate_deleted,complain