Delete apparmor.d/groups/lxqt directory
This commit is contained in:
Besanon
GitHub
parent
2dd6cb6cbe
commit
8ff45da8ad
29 changed files with 0 additions and 1340 deletions
|
|
@ -1,64 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lximage-qt
|
||||
profile lximage-qt @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/gvfs-open>
|
||||
include <abstractions/user-read-strict>
|
||||
include <abstractions/user-write-strict>
|
||||
include <abstractions/user-download-strict>
|
||||
include <abstractions/thumbnails-cache-read>
|
||||
|
||||
@{exec_path} mr,
|
||||
@{lib}exec/menu-cache/menu-cached mr,
|
||||
|
||||
/usr/share/icons/{,**} r,
|
||||
/usr/share/desktop-directories/{,**} r,
|
||||
/usr/share/lximage-qt/translations/{,**} r,
|
||||
/usr/share/libfm-qt6/translations/libfm-qt_de.qm r,
|
||||
/usr/share/thumbnailers/{,**} r,
|
||||
/usr/share/gvfs/remote-volume-monitors/ r,
|
||||
/usr/share/gvfs/remote-volume-monitors/udisks2.monitor r,
|
||||
|
||||
/etc/fstab r,
|
||||
/etc/nsswitch.conf r,
|
||||
/etc/xdg/menus/lxqt-applications.menu r,
|
||||
|
||||
owner @{user_cache_dirs}/thumbnails/normal/** rwk,
|
||||
owner @{user_config_dirs}/#@{int} rwk,
|
||||
owner @{user_config_dirs}/QtProject.conf rw,
|
||||
owner @{user_config_dirs}/QtProject.conf.lock rwk,
|
||||
owner @{user_config_dirs}/QtProject.conf.@{rand6} rwkl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/lximage-qt/settings.conf rw,
|
||||
owner @{user_config_dirs}/lximage-qt/settings.conf.lock rwk,
|
||||
owner @{user_config_dirs}/lximage-qt/QtProject.conf.@{rand6} rwkl -> @{user_config_dirs}/lximage-qt/#@{int},
|
||||
owner @{user_config_dirs}/lximage-qt/#@{int} rw,
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
||||
owner @{HOME}/.inputrc r,
|
||||
owner @{HOME}/.bashrc r,
|
||||
owner @{HOME}/.bash_profile r,
|
||||
owner @{HOME}/.bash_logout r,
|
||||
owner @{HOME}/.bash_history r,
|
||||
owner @{HOME}/.xscreensaver r,
|
||||
|
||||
owner /tmp/@{int} r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lximage-qt>
|
||||
}
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-about
|
||||
profile lxqt-about @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/video>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/icons/{,**} r,
|
||||
/usr/share/desktop-directories/{,**} r,
|
||||
|
||||
/etc/xdg/menus/lxqt-applications.menu r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
owner /tmp/@{int} r,
|
||||
|
||||
include if exists <local/lxqt-about>
|
||||
}
|
||||
|
|
@ -1,31 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-admin-time
|
||||
profile lxqt-admin-time @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/video>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/gvfs-open>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{user_config_dirs}/lxqt/Timedate* rwkl -> @{user_config_dirs}/lxqt/#@{int},
|
||||
|
||||
owner /tmp/@{int} r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-admin-time>
|
||||
}
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-admin-user
|
||||
profile lxqt-admin-user @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/video>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/gvfs-open>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/pkexec rPx,
|
||||
@{bin}/usermod rPx,
|
||||
|
||||
/etc/shells r,
|
||||
|
||||
owner /tmp/@{int} r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-admin-user>
|
||||
}
|
||||
|
|
@ -1,31 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-admin-user-helper
|
||||
profile lxqt-admin-user-helper @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/video>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/gvfs-open>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/usermod rPx,
|
||||
|
||||
owner @{sh_path} r,
|
||||
owner /tmp/@{int} r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-admin-user-helper>
|
||||
}
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-archiver
|
||||
profile lxqt-archiver @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/video>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/gvfs-open>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner /tmp/@{int} r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-archiver>
|
||||
}
|
||||
|
|
@ -1,37 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-backlight_backend
|
||||
profile lxqt-backlight_backend @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/video>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/gvfs-open>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{sys}/class/backlight/ r,
|
||||
@{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/ r,
|
||||
@{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/max_brightness r,
|
||||
@{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/bl_power r,
|
||||
@{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/actual_brightness r,
|
||||
owner @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/brightness rw,
|
||||
@{sys}/devices/@{pci_bus}/**/**/drm/card@{int}/card@{int}-eDP-1/amdgpu_bl@{int}/* r,
|
||||
owner @{sys}/devices/@{pci_bus}/**/**/drm/card@{int}/card@{int}-eDP-1/amdgpu_bl@{int}/brightness rw,
|
||||
|
||||
owner /tmp/@{int} r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-backlight_backend>
|
||||
}
|
||||
|
|
@ -1,61 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-config
|
||||
profile lxqt-config @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/graphics>
|
||||
include <abstractions/video>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/gvfs-open>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/lxqt-admin-user rPx,
|
||||
@{bin}/ibus-setup rPx,
|
||||
@{bin}/lxqt-config-monitor rPx,
|
||||
@{bin}/pcmanfm-qt rPx,
|
||||
@{bin}/lxqt-admin-time rPx,
|
||||
@{bin}/lxqt-config-input rPx,
|
||||
@{bin}/lxqt-config-locale rPx,
|
||||
@{bin}/lxqt-config-brightness rPx,
|
||||
@{bin}/lxqt-config-session rPx,
|
||||
@{bin}/lxqt-config-file-associations rPx,
|
||||
@{bin}/lxqt-config-powermanagement rPx,
|
||||
@{bin}/lxqt-config-appearance rPx,
|
||||
@{bin}/lxqt-config-globalkeyshortcuts rPx,
|
||||
@{bin}/lxqt-config-notificationd rPx,
|
||||
@{bin}/obconf-qt rPx,
|
||||
@{bin}/nm-connection-editor rPx,
|
||||
@{bin}/pavucontrol rPx,
|
||||
@{bin}/pavucontrol-qt rPx,
|
||||
@{bin}/system-config-printer rPx,
|
||||
@{bin}/nm-connection-editor rPx,
|
||||
@{bin}/ControlPanel rPx,
|
||||
|
||||
/etc/xdg/menus/lxqt-config.menu r,
|
||||
|
||||
/usr/share/desktop-directories/lxqt-* r,
|
||||
|
||||
owner @{user_config_dirs}/lxqt/lxqt-config.conf.lock rwk,
|
||||
owner @{user_config_dirs}/lxqt/#@{int} rw,
|
||||
owner @{user_config_dirs}/lxqt/lxqt-config-conf.@{rand6} rwkl -> @{user_config_dirs}/lxqt/#@{int},
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
|
||||
owner /tmp/@{int} r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-config>
|
||||
}
|
||||
|
|
@ -1,38 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-config-appearance
|
||||
profile lxqt-config-appearance @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/graphics>
|
||||
include <abstractions/video>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/gvfs-open>
|
||||
|
||||
@{exec_path} mr,
|
||||
@{bin}/gsettings rPx,
|
||||
@{bin}/pcmanfm-qt rPx,
|
||||
|
||||
owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int},
|
||||
owner @{user_config_dirs}/pcmanfm-qt/lxqt/settings.conf r,
|
||||
|
||||
owner /tmp/#@{int} rw,
|
||||
owner /tmp/lxqt-config-appearance.@{rand6} rwl -> /tmp/#@{int},
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-config-appearance>
|
||||
}
|
||||
|
|
@ -1,37 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-config-brightness
|
||||
profile lxqt-config-brightness @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/video>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/gvfs-open>
|
||||
|
||||
@{exec_path} mr,
|
||||
@{bin}/pkexec rpx,
|
||||
|
||||
@{sh_path} rix,
|
||||
|
||||
owner @{HOME}/ r,
|
||||
|
||||
owner /tmp/@{int} rw,
|
||||
|
||||
@{sys}/class/backlight/ r,
|
||||
@{sys}/devices/@{pci_bus}/**/**/drm/card@{int}/card@{int}-eDP-@{int}/amdgpu_bl@{int}/* rw,
|
||||
@{sys}/devices/@{pci_bus}/**/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/* rw,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-config-brightness>
|
||||
}
|
||||
|
|
@ -1,36 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-config-file-associations
|
||||
profile lxqt-config-file-associations @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/video>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/gvfs-open>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{user_config_dirs}/ r,
|
||||
owner @{user_config_dirs}/mimeapps* rwk,
|
||||
owner @{user_config_dirs}/lxqt-* rwk,
|
||||
owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int},
|
||||
owner @{user_config_dirs}/lxqt/#@{int} rw,
|
||||
|
||||
owner /tmp/#@{int} rwk,
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-config-file-associations>
|
||||
}
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-config-globalkeyshortcuts
|
||||
profile lxqt-config-globalkeyshortcuts @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/graphics>
|
||||
include <abstractions/video>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/gvfs-open>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int},
|
||||
owner @{user_config_dirs}/lxqt/globalkeysshortcuts.conf rwk,
|
||||
owner @{user_config_dirs}/lxqt/#@{int} rw,
|
||||
|
||||
owner /tmp/@{int} r,
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-config-globalkeyshortcuts>
|
||||
}
|
||||
|
|
@ -1,65 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-config-input
|
||||
profile lxqt-config-input @{exec_path} {
|
||||
include <abstractions/audio-client>
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus-system>
|
||||
include <abstractions/bus/org.bluez>
|
||||
include <abstractions/bus/org.freedesktop.login1>
|
||||
include <abstractions/devices-usb>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/graphics>
|
||||
include <abstractions/gvfs-open>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/video>
|
||||
|
||||
signal (read) set=(kill,term) peer=lxqt-session,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/setxkbmap rix,
|
||||
|
||||
/etc/udev/udev.conf r,
|
||||
|
||||
owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int},
|
||||
owner @{user_config_dirs}/lxqt/#@{int} rw,
|
||||
|
||||
owner /tmp/@{int} rw,
|
||||
|
||||
@{run}/udev/data/c@{int}:* r,
|
||||
@{run}/udev/data/b@{int}:* r,
|
||||
@{run}/udev/data/+sound:card@{int} r,
|
||||
@{run}/udev/data/+bluetooth:* r,
|
||||
@{run}/udev/data/+platform:* r,
|
||||
@{run}/udev/data/+acpi:* r,
|
||||
@{run}/udev/data/+i2c:* r,
|
||||
@{run}/udev/data/+backlight:* r,
|
||||
@{run}/udev/data/+leds:* r,
|
||||
@{run}/udev/data/n@{int} r,
|
||||
@{run}/udev/data/+input:* r,
|
||||
@{run}/udev/data/+dmi:* r,
|
||||
@{run}/udev/data/+drm:* r,
|
||||
@{run}/udev/data/+pci:* r,
|
||||
@{run}/udev/data/+rfkill:* r,
|
||||
|
||||
@{sys}/bus/** r,
|
||||
@{sys}/class/** r,
|
||||
@{sys}/devices/** r,
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-config-input>
|
||||
}
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-config-locale
|
||||
profile lxqt-config-locale @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/video>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/gvfs-open>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{user_config_dirs}/lxqt/* r,
|
||||
owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int},
|
||||
owner @{user_config_dirs}/lxqt/#@{int} rw,
|
||||
|
||||
owner /tmp/@{int} r,
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-config-locale>
|
||||
}
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-config-monitor
|
||||
profile lxqt-config-monitor @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/video>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/gvfs-open>
|
||||
|
||||
signal (read) set=(kill,term) peer=lxqt-session,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner /tmp/@{int} r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-config-monitor>
|
||||
}
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-config-notificationd
|
||||
profile lxqt-config-notificationd @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/fonts>
|
||||
include <abstractions/qt5>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
include <abstractions/graphics>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/etc/machine-id r,
|
||||
|
||||
/var/lib/dbus/machine-id r,
|
||||
|
||||
owner @{user_config_dirs}/lxqt/ r,
|
||||
owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int},
|
||||
owner @{user_config_dirs}/lxqt/#@{int} rw,
|
||||
|
||||
owner /tmp/#@{int} r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-config-notificationd>
|
||||
}
|
||||
|
|
@ -1,41 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-config-powermanagement
|
||||
profile lxqt-config-powermanagement @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus-system>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/video>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/gvfs-open>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int},
|
||||
owner @{user_config_dirs}/lxqt/#@{int} rw,
|
||||
|
||||
owner /tmp/@{int} r,
|
||||
|
||||
@{sys}/class/backlight/ r,
|
||||
@{sys}/devices/@{pci_bus}/**/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/* rw,
|
||||
@{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/ r,
|
||||
@{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/max_brightness r,
|
||||
@{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/bl_power r,
|
||||
@{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/actual_brightness r,
|
||||
@{sys}/devices/@{pci_bus}/**/**/drm/card@{int}/card@{int}-eDP-1/amdgpu_bl@{int}/* r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-config-powermanagement>
|
||||
}
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-config-printer
|
||||
profile lxqt-config-printer @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/video>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/gvfs-open>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner /tmp/@{int} r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-config-printer>
|
||||
}
|
||||
|
|
@ -1,52 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-config-session
|
||||
profile lxqt-config-session @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/graphics>
|
||||
include <abstractions/video>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/qt5>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/gvfs-open>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
include <abstractions/thumbnails-cache-read>
|
||||
include <abstractions/thumbnails-cache-write>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/libfm-qt6/translations/libfm-qt_de.qm r,
|
||||
/usr/share/gvfs/remote-volume-monitors/ r,
|
||||
/usr/share/gvfs/remote-volume-monitors/udisks2.monitor r,
|
||||
|
||||
/etc/fstab r,
|
||||
/etc/xdg/autostart/ r,
|
||||
/etc/xdg/autostart/** r,
|
||||
|
||||
owner @{user_config_dirs}/#@{int} rw,
|
||||
owner @{user_config_dirs}/QtProject.conf.@{rand6} rwkl,
|
||||
owner @{user_config_dirs}/QtProject.conf.lock rwk,
|
||||
owner @{user_config_dirs}/autostart/*.desktop r,
|
||||
owner @{user_config_dirs}/autostart/lxqt-config-monitor-autostart.desktop r,
|
||||
owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int},
|
||||
owner @{user_config_dirs}/lxqt/#@{int} rw,
|
||||
owner @{user_config_dirs}/user-dirs.dirs rw,
|
||||
|
||||
owner /tmp/@{int} r,
|
||||
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-config-session>
|
||||
}
|
||||
|
|
@ -1,42 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-globalkeysd
|
||||
profile lxqt-globalkeysd @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/video>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/gvfs-open>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/screengrab rpx,
|
||||
@{bin}/lxqt-config-brightness rpx,
|
||||
|
||||
/usr/share/lxqt/globalkeyshortcuts.conf rw,
|
||||
|
||||
/var/lib/dbus/machine-id r,
|
||||
|
||||
owner @{user_config_dirs}/lxqt/* rwk,
|
||||
owner @{user_config_dirs}/lxqt/globalkeyshortcuts.conf.lock wrk,
|
||||
owner @{user_config_dirs}/lxqt/#@{int} wr,
|
||||
owner @{user_config_dirs}/lxqt/globalkeyshortcuts.conf.@{rand6} rw,
|
||||
owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int},
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
owner /tmp/@{int} r,
|
||||
|
||||
include if exists <local/lxqt-globalkeysd>
|
||||
}
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-leave
|
||||
profile lxqt-leave @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/graphics>
|
||||
include <abstractions/video>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/gvfs-open>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner /tmp/@{int} r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-leave>
|
||||
}
|
||||
|
|
@ -1,57 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-notificationd
|
||||
profile lxqt-notificationd @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/graphics>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/video>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/gvfs-open>
|
||||
|
||||
dbus receive
|
||||
bus=session
|
||||
path="/org/freedesktop/Notifications"
|
||||
interface="org.freedesktop.DBus.Introspectable"
|
||||
peer=(name=":[0-9]*.[0-9]*"),
|
||||
dbus send
|
||||
bus=session
|
||||
path="/org/freedesktop/Notifications"
|
||||
interface="org.freedesktop.Notifications"
|
||||
peer=(name="org.freedesktop.DBus"),
|
||||
dbus receive
|
||||
bus=session
|
||||
path="/org/freedesktop/Notifications"
|
||||
interface="org.freedesktop.Notifications"
|
||||
peer=(name=":[0-9]*.[0-9]*"),
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/etc/nsswitch.conf r,
|
||||
|
||||
/var/lib/dpkg/info/lxqt-notifications.conffiles r,
|
||||
|
||||
owner @{user_cache_dirs}/lxqt-notificationd/** rwk,
|
||||
owner @{user_cache_dirs}/lxqt-notificationd/#@{int} rw,
|
||||
owner @{user_cache_dirs}/lxqt-notificationd/unattended.list.@{rand6} rwkl -> @{user_cache_dirs}/lxqt-notificationd/#@{int},
|
||||
|
||||
owner @{user_config_dirs}/lxqt/globalkeyshortcuts.conf.@{rand6} rwkl -> @{user_config_dirs}/lxqt/#@{int},
|
||||
|
||||
owner /tmp/@{int} r,
|
||||
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-notificationd>
|
||||
}
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-openssh-askpass
|
||||
profile lxqt-openssh-askpass @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/video>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/gvfs-open>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
owner /tmp/#@{int} r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-openssh-askpass>
|
||||
}
|
||||
|
|
@ -1,89 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-panel
|
||||
profile lxqt-panel @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/app-launcher-user>
|
||||
include <abstractions/audio-client>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
network inet dgram,
|
||||
network inet stream,
|
||||
network inet6 dgram,
|
||||
network inet6 stream,
|
||||
network inet dgram,
|
||||
network inet stream,
|
||||
network netlink raw,
|
||||
network packet dgram,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/exo-open rix,
|
||||
@{bin}/nm-connection-editor rPx,
|
||||
@{bin}/xdg-open rPx,
|
||||
|
||||
@{bin}/ControlPanel rPx,
|
||||
|
||||
/usr/lib{,32,64}/lxqt-panel/*.so mr, # LXQT-Plugins
|
||||
/usr/lib{,32,64}/lxqt-config/*.so mr, # LXQT-Plugins
|
||||
|
||||
/usr/share/lxqt/helpers/*.desktop r,
|
||||
/usr/share/lxqt/panel/plugins/{,*.desktop} r,
|
||||
/usr/share/desktop-directories/{,**} r,
|
||||
/usr/share/X11/locale/locale.alias r,
|
||||
/usr/share/lxqt/themes/{,**} r,
|
||||
|
||||
/etc/fstab r,
|
||||
/etc/udev/udev.conf r,
|
||||
/etc/machine-id r,
|
||||
/etc/xdg/lxqt-qtxdg.conf r,
|
||||
/etc/xdg/menus/**.menu r,
|
||||
/etc/xdg/menus/applications-merged/ r,
|
||||
/etc/xdg/ui/uistandards.rc r,
|
||||
|
||||
/var/lib/dbus/machine-id r,
|
||||
|
||||
/opt/tor/tor-browser/Browser/browser/chrome/icons/default/*.png r,
|
||||
/opt/tormedium/tor-browser/Browser/browser/chrome/icons/default/*.png r,
|
||||
|
||||
owner @{HOME}/.config/menus/**.menu rw,
|
||||
owner @{HOME}/.config/menus/applications-merged/ r,
|
||||
owner @{HOME}/Desktop/** r,
|
||||
owner @{HOME}/.local/share/desktop-directories/*.directory r,
|
||||
owner @{HOME}/.local/share/gvfs-metadata/{,*} r,
|
||||
|
||||
owner @{user_config_dirs}/lxqt/{,**} rw,
|
||||
owner @{user_config_dirs}/lxqt/panel.conf.lock rwk,
|
||||
owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/lxqt/#@{int},
|
||||
owner @{user_config_dirs}/pulse/{,**} rwk,
|
||||
owner @{user_config_dirs}/lxqt/globalkeyshortcuts.conf.@{rand6} rwk,
|
||||
owner @{user_config_dirs}/ibus/bus/{,**} rw,
|
||||
|
||||
@{run}/udev/data/* r,
|
||||
|
||||
@{sys}/class/i2c-adapter/ r,
|
||||
@{sys}/devices/@{pci_bus}/0000:00:*/ata@{int}/host@{int}/**/**/**/**/**/* r,
|
||||
@{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{cur,min,max}_freq r,
|
||||
@{sys}/devices/@{pci_bus}/**/**/nvme/nvme0/nvme0n1/nvme0n1p4/uevent r,
|
||||
@{sys}/devices/@{pci_bus}/**/**/usb@{int}/** r,
|
||||
|
||||
@{PROC}/@{pid}/fd/ r,
|
||||
@{PROC}/@{pid}/net/dev r,
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
||||
/dev/tty rw,
|
||||
/dev/tty@{int} rw,
|
||||
/dev/pts/[0-9]* rw,
|
||||
/dev/snd/controlC[0-9]* rw,
|
||||
|
||||
include if exists <local/lxqt-panel>
|
||||
}
|
||||
|
|
@ -1,54 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{lib}/@{multiarch}/lxqt-policykit-agent-[0-9]
|
||||
@{exec_path} += @{bin}/lxqt-policykit-agent
|
||||
profile lxqt-policykit-agent @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/dri-enumerate>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/qt5-compose-cache-write>
|
||||
include <abstractions/vulkan>
|
||||
|
||||
signal (send) set=(term, kill) peer=polkit-agent-helper,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{lib}/polkit-[0-9]/polkit-agent-helper-[0-9] rPx,
|
||||
|
||||
/usr/share/lxqt/translations/lxqt-policykit-agent/lxqt-policykit-agent_de.qm r,
|
||||
|
||||
/etc/machine-id r,
|
||||
|
||||
/var/lib/dbus/machine-id r,
|
||||
|
||||
owner @{user_cache_dirs}/icon-cache.kcache rw,
|
||||
owner @{user_config_dirs}/qt5ct/{,**} r,
|
||||
|
||||
owner /tmp/#@{int} rw,
|
||||
owner /tmp/lxqt-policykit-agent-[0-9].* rwl -> /tmp/#@{int},
|
||||
|
||||
@{run}/systemd/users/@{uid} r,
|
||||
|
||||
@{sys}/devices/system/node/ r,
|
||||
@{sys}/devices/system/node/node@{int}/meminfo r,
|
||||
|
||||
@{PROC}/@{pid}/cgroup r,
|
||||
@{PROC}/@{pid}/cmdline r,
|
||||
@{PROC}/@{pid}/fd/ r,
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
|
||||
/dev/shm/#@{int} rw,
|
||||
|
||||
include if exists <local/lxqt-policykit-agent>
|
||||
}
|
||||
|
|
@ -1,38 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-powermanagement
|
||||
profile lxqt-powermanagement @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/video>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/gvfs-open>
|
||||
|
||||
network netlink raw,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/xset rPx,
|
||||
|
||||
/etc/udev/udev.conf r,
|
||||
/etc/fstab r,
|
||||
|
||||
owner /tmp/@{int} r,
|
||||
|
||||
@{run}/systemd/inhibit/* rw,
|
||||
|
||||
owner @{PROC}/@{pid}/mounts r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-powermangement>
|
||||
}
|
||||
|
|
@ -1,41 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-runner
|
||||
profile lxqt-runner @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/video>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/bus-accessibility>
|
||||
include <abstractions/bus-session>
|
||||
include <abstractions/gvfs-open>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
/usr/share/icons/ r,
|
||||
/usr/share/icons/{,**} r,
|
||||
/usr/share/desktop-directories/ r,
|
||||
/usr/share/desktop-directories/{,**} r,
|
||||
|
||||
/etc/xdg/menus/lxqt-applications.menu r,
|
||||
|
||||
owner @{user_config_dirs}/lxqt/lxqt-runner.conf.lock rwk,
|
||||
owner @{user_config_dirs}/lxqt/#@{int} rw,
|
||||
owner @{user_config_dirs}/lxqt/lxqt-runner.conf.@{rand6} rwkl -> @{user_config_dirs}/lxqt/#@{int},
|
||||
|
||||
# only needed if tor is installed on /opt
|
||||
owner /opt/*/**/*.png r,
|
||||
|
||||
owner /tmp/@{int} r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/lxqt-runner>
|
||||
}
|
||||
|
|
@ -1,130 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/lxqt-session
|
||||
profile lxqt-session @{exec_path} {
|
||||
include <abstractions/app-open>
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus/org.freedesktop.NetworkManager>
|
||||
include <abstractions/bus/org.freedesktop.UPower>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/gtk>
|
||||
include <abstractions/graphics>
|
||||
include <abstractions/lxqt>
|
||||
include <abstractions/video>
|
||||
include <abstractions/qt5-shader-cache>
|
||||
include <abstractions/nameservice-strict>
|
||||
include <abstractions/dbus-session>
|
||||
include <abstractions/dbus-accessibility>
|
||||
include <abstractions/gvfs-open>
|
||||
include <abstractions/recent-documents-write>
|
||||
include <abstractions/ssl_certs>
|
||||
include <abstractions/thumbnails-cache-read>
|
||||
|
||||
signal (send),
|
||||
signal (receive) set=(kill, term) peer=startlxqt,
|
||||
signal (receive) set=(kill, term) peer=sddm,
|
||||
|
||||
ptrace (read),
|
||||
|
||||
network netlink raw,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{sh_path} rix,
|
||||
@{bin}/sed rix,
|
||||
@{bin}/readlink rix,
|
||||
@{bin}/dirname rix,
|
||||
@{bin}/system-config-printer-applet rPx,
|
||||
@{bin}/lxqt-config-input rPx,
|
||||
@{bin}/lxqt-session-settings rPx,
|
||||
@{bin}/lxqt-globalkeysd rPx,
|
||||
@{bin}/lxqt-panel rPx,
|
||||
@{bin}/lxqt-policykit-agent rPx,
|
||||
@{bin}/lxqt-runner rPx,
|
||||
@{bin}/lxqt-notificationd rPx,
|
||||
@{bin}/lxqt-powermanagement rPx,
|
||||
@{bin}/lxqt-config rPx,
|
||||
@{bin}/lxqt-leave rPx,
|
||||
@{bin}/lxqt-about rPx,
|
||||
@{bin}/dbus-send rPUx,
|
||||
@{bin}/dbus-update-activation-environment rCx -> dbus,
|
||||
@{bin}/systemctl rCx -> systemctl,
|
||||
|
||||
@{bin}/pavucontrol rPx,
|
||||
@{bin}/pulseaudio rPx,
|
||||
@{bin}/python3.@{int} rPx,
|
||||
@{lib}/python3.@{int} rPx,
|
||||
@{bin}/xfe rPx,
|
||||
@{bin}/nm-connection-editor rPx,
|
||||
@{bin}/nm-applet rPx,
|
||||
@{bin}/nm-tray rPx,
|
||||
@{bin}/pcmanfm-qt rPx,
|
||||
@{bin}/openbox rix,
|
||||
@{bin}/dconf-editor rPx,
|
||||
@{bin}/setxkbmap rix,
|
||||
@{bin}/start-pulseaudio-x11 rPx,
|
||||
@{bin}/xrdb rPx,
|
||||
@{bin}/xdg-user-dirs-update rPx,
|
||||
/usr/lib/{/,x86_64-linux-gnu/}tumbler-1/tumblerd rPx,
|
||||
|
||||
/usr/share/ r,
|
||||
/usr/share/mime/ r,
|
||||
/usr/share/cursors/ r,
|
||||
/usr/share/backintime/common/* r,
|
||||
/usr/share/desktop-directories/* r,
|
||||
/usr/share/system-config-printer/* r,
|
||||
|
||||
/etc/xdg/ r,
|
||||
/etc/xdg/autostart/ r,
|
||||
/etc/xdg/autostart/*.desktop r,
|
||||
/etc/xdg/menus/lxqt-* r,
|
||||
/etc/xdg/openbox/* r,
|
||||
/etc/udev/udev.conf r,
|
||||
|
||||
owner @{HOME}/.local/share/ r,
|
||||
owner @{HOME}/.config/ r,
|
||||
owner @{HOME}/.config/autostart/ r,
|
||||
owner @{HOME}/.config/autostart/* rw,
|
||||
owner @{user_cache_dirs}/openbox/openbox.log rwk,
|
||||
owner @{user_config_dirs}/mimeapps.list{,.@{rand6}} rw,
|
||||
owner @{user_config_dirs}/dconf/user r,
|
||||
owner @{user_config_dirs}/openbox/rc.xml r,
|
||||
owner @{user_share_dirs}/sddm/xorg-session.log rw,
|
||||
|
||||
@{PROC}/ r,
|
||||
@{PROC}/uptime r,
|
||||
@{PROC}/@{pid}/stat r,
|
||||
owner @{PROC}/@{pid}/stat r,
|
||||
|
||||
@{run}/systemd/inhibit/** rw,
|
||||
|
||||
include if exists <local/lxqt-session>
|
||||
|
||||
profile systemctl {
|
||||
include <abstractions/base>
|
||||
include <abstractions/app/systemctl>
|
||||
|
||||
include if exists <local/lxqt-session_systemctl>
|
||||
}
|
||||
|
||||
profile dbus {
|
||||
include <abstractions/base>
|
||||
include <abstractions/bus-session>
|
||||
|
||||
@{bin}/dbus-update-activation-environment mr,
|
||||
|
||||
owner @{user_share_dirs}/sddm/xorg-session.log rw,
|
||||
|
||||
include if exists <local/lxqt-session_dbus>
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -1,87 +0,0 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
abi <abi/3.0>,
|
||||
|
||||
include <tunables/global>
|
||||
|
||||
@{exec_path} = @{bin}/startlxqt
|
||||
profile startlxqt @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/freedesktop.org>
|
||||
include <abstractions/qt5>
|
||||
include <abstractions/X-strict>
|
||||
|
||||
signal (receive) set=(term) peer=sddm,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/xrdb rPx,
|
||||
@{bin}/xsetroot rPx,
|
||||
@{bin}/xprop rpx,
|
||||
@{bin}/mkdir rix,
|
||||
@{bin}/dbus-launch rPx,
|
||||
@{bin}/lxqt-session rPx,
|
||||
@{sh_path} rix,
|
||||
|
||||
/usr/share/color-schemes/{,**} r,
|
||||
/usr/share/desktop-directories/{,**} r,
|
||||
/usr/share/icu/@{int}.@{int}/*.dat r,
|
||||
/usr/share/knotifications5/{,**} r,
|
||||
/usr/share/kservices5/{,**} r,
|
||||
/usr/share/kservicetypes5/{,**} r,
|
||||
/usr/share/mime/{,**} r,
|
||||
/usr/share/plasma/{,**} r,
|
||||
|
||||
/etc/locale.alias r,
|
||||
/etc/machine-id r,
|
||||
/etc/xdg/kcminputrc r,
|
||||
/etc/xdg/kdeglobals r,
|
||||
/etc/xdg/menus/{,**} r,
|
||||
|
||||
@{HOME}/ r,
|
||||
owner @{HOME}/.Xauthority r,
|
||||
|
||||
owner @{user_cache_dirs}/ rw,
|
||||
owner @{user_cache_dirs}/#@{int} rw,
|
||||
owner @{user_cache_dirs}/kcrash-metadata/ rw,
|
||||
@{user_cache_dirs}/ksycoca5_* rwkl -> @{user_cache_dirs}/#@{int},
|
||||
owner @{user_cache_dirs}/plasma-svgelements rw,
|
||||
|
||||
owner @{user_config_dirs}/#@{int} rw,
|
||||
owner @{user_config_dirs}/gtkrc rl,
|
||||
owner @{user_config_dirs}/gtkrc-2.0 rl,
|
||||
owner @{user_config_dirs}/kcminputrc r,
|
||||
owner @{user_config_dirs}/lxqt/ rw,
|
||||
owner @{user_config_dirs}/lxqt/lxqt* rwkl -> @{user_config_dirs}/kdedefaults/**,
|
||||
owner @{user_config_dirs}/kdeglobals.lock rwk,
|
||||
owner @{user_config_dirs}/kdeglobals{,.@{rand6}} rwl -> @{user_config_dirs}/#@{int},
|
||||
owner @{user_config_dirs}/ksplashrc r,
|
||||
owner @{user_config_dirs}/kwinkdeglobalsrc.lock rwk,
|
||||
owner @{user_config_dirs}/menus/{,**} r,
|
||||
owner @{user_config_dirs}/plasma-localerc rwl,
|
||||
owner @{user_config_dirs}/plasma-localerc.lock rwk,
|
||||
owner @{user_config_dirs}/plasma-workspace/env/ r,
|
||||
owner @{user_config_dirs}/startkderc r,
|
||||
owner @{user_config_dirs}/Trolltech.conf rwl,
|
||||
owner @{user_config_dirs}/Trolltech.conf.lock rwk,
|
||||
|
||||
owner @{user_share_dirs}/kservices5/{,**} r,
|
||||
owner @{user_share_dirs}/sddm/wayland-session.log rw,
|
||||
owner @{user_share_dirs}/sddm/xorg-session.log rw,
|
||||
|
||||
owner /tmp/#@{int} rw,
|
||||
owner /tmp/startlxqt.@{rand6} rwl -> /tmp/#@{int},
|
||||
|
||||
owner @{run}/user/@{uid}/ r,
|
||||
@{run}/user/@{uid}/xauth_@{rand6} rl,
|
||||
|
||||
@{PROC}/sys/kernel/core_pattern r,
|
||||
@{PROC}/sys/kernel/random/boot_id r,
|
||||
owner @{PROC}/@{pid}/maps r,
|
||||
|
||||
|
||||
/dev/tty rw,
|
||||
/dev/tty@{int} rw,
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue