Merge branch 'main' into xdg-open

apparmor.d/groups/freedesktop/update-desktop-database

@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = @{bin}/update-desktop-database
 profile update-desktop-database @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/attached/consoles>
   include <abstractions/consoles>
   include <abstractions/freedesktop.org>
 

apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome

@@ -48,6 +48,7 @@ profile xdg-desktop-portal-gnome @{exec_path} flags=(attach_disconnected) {
 
   owner @{desktop_cache_dirs}/dconf/user r,
   owner @{desktop_cache_dirs}/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} rw,
+  owner @{desktop_config_dirs}/dconf/user r,
   owner @{DESKTOP_HOME}/greeter-dconf-defaults r,
 
   owner @{HOME}/ r,

apparmor.d/groups/freedesktop/xdg-document-portal

@@ -57,7 +57,7 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
   owner @{PROC}/@{pid}/cgroup r,
   owner @{PROC}/@{pid}/fd/ r,
 
-        /dev/fuse rw,
+  /dev/fuse rw,
 
   profile fusermount flags=(attach_disconnected) {
     include <abstractions/base>

apparmor.d/groups/freedesktop/xkbcomp

@@ -11,6 +11,7 @@ include <tunables/global>
 profile xkbcomp @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/attached/consoles>
+  include <abstractions/consoles>
   include <abstractions/mesa>
   include <abstractions/X-strict>
 
@@ -29,6 +30,7 @@ profile xkbcomp @{exec_path} flags=(attach_disconnected) {
   owner @{user_share_dirs}/xorg/Xorg.@{int}.log w,
 
         /var/lib/{gdm{3,},sddm}/.local/share/xorg/Xorg.@{int}.log w,
+        /var/log/Xorg.@{int}.log w,
   owner /var/log/lightdm/x-@{int}.log w,
 
   owner @{run}/user/@{uid}/server-@{int}.xkm rwk,
@@ -38,9 +40,7 @@ profile xkbcomp @{exec_path} flags=(attach_disconnected) {
   /dev/dri/card@{int} rw,
   /dev/fb@{int} rw,
   /dev/tty rw,
-
-  deny /dev/input/event@{int} rw,
-  deny /var/log/Xorg.@{int}.log w,
+  /dev/input/event@{int} rw,
 
   include if exists <local/xkbcomp>
 }

apparmor.d/groups/freedesktop/xorg

@@ -134,6 +134,7 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
   /dev/shm/shmfd-* rw,
   /dev/tty rw,
   /dev/tty@{int} rw,
+  /dev/udmabuf rw,
   /dev/vga_arbiter rw,  # Graphic card modules
 
   profile pkexec {