feat(profile): small general improvments.

apparmor.d/groups/flatpak/flatpak

@@ -98,7 +98,9 @@ profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain
   owner @{tmp}/ostree-gpg-@{rand6}/{,**} rw,
   owner /dev/shm/flatpak*/{,**} rw,
 
-        @{run}/.userns r,
+         @{run}/.userns r,
+  @{att}/@{run}/.userns r,
+
         @{run}/user/@{uid}/.dbus-proxy/ w,
         @{run}/user/@{uid}/dconf/user rw,
   owner @{run}/user/@{uid}/.dbus-proxy/* rw,
@@ -146,6 +148,8 @@ profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain
     include <abstractions/base>
     include <abstractions/app/fusermount>
 
+    capability setuid,
+
     mount fstype=fuse.revokefs-fuse options=(rw, nosuid, nodev) -> /var/tmp/flatpak-cache-*/*/,
     umount /var/tmp/flatpak-cache-*/*/,
 

apparmor.d/groups/freedesktop/xdg-desktop-portal-kde

@@ -10,10 +10,12 @@ include <tunables/global>
 @{exec_path} += @{lib}/@{multiarch}/{,libexec/}xdg-desktop-portal-kde
 profile xdg-desktop-portal-kde @{exec_path} {
   include <abstractions/base>
+  include <abstractions/bus-session>
   include <abstractions/graphics>
   include <abstractions/kde-globals-write>
   include <abstractions/kde-strict>
   include <abstractions/nameservice-strict>
+  include <abstractions/qt5-shader-cache>
 
   network inet dgram,
   network inet6 dgram,
@@ -27,8 +29,14 @@ profile xdg-desktop-portal-kde @{exec_path} {
 
   #aa:exec kioworker
 
+  /usr/share/plasma/look-and-feel/** r,
+
+  owner @{HOME}/ r,
+
   owner @{desktop_config_dirs}/user-dirs.dirs r,
 
+  owner @{user_cache_dirs}/xdg-desktop-portal-kde/{,**} rw,
+
   owner @{user_config_dirs}/autostart/org.kde.*.desktop r,
   owner @{user_config_dirs}/breezerc r,
   owner @{user_config_dirs}/xdg-desktop-portal-kderc{,.*} rwlk,