diff --git a/apparmor.d/groups/akonadi/akonadi_akonotes_resource b/apparmor.d/groups/akonadi/akonadi_akonotes_resource index 1ff1b8e23..ab45b9ae1 100644 --- a/apparmor.d/groups/akonadi/akonadi_akonotes_resource +++ b/apparmor.d/groups/akonadi/akonadi_akonotes_resource @@ -38,10 +38,10 @@ profile akonadi_akonotes_resource @{exec_path} { owner @{user_config_dirs}/kdedefaults/kwinrc r, owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwinrc r, - + @{PROC}/sys/kernel/core_pattern r, /dev/tty r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/akonadi/akonadi_archivemail_agent b/apparmor.d/groups/akonadi/akonadi_archivemail_agent index 93977afa8..90ecb0ba2 100644 --- a/apparmor.d/groups/akonadi/akonadi_archivemail_agent +++ b/apparmor.d/groups/akonadi/akonadi_archivemail_agent @@ -20,7 +20,7 @@ profile akonadi_archivemail_agent @{exec_path} { @{exec_path} mr, - /usr/share/akonadi/plugins/serializer/*.desktop r, + /usr/share/akonadi/plugins/serializer/{,*.desktop} r, /usr/share/hwdata/*.ids r, /usr/share/mime/{,**} r, /usr/share/qt{5,}/translations/*.qm r, @@ -45,11 +45,11 @@ profile akonadi_archivemail_agent @{exec_path} { owner @{user_config_dirs}/kdedefaults/kwinrc r, owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwinrc r, - + @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/random/boot_id r, /dev/tty r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/akonadi/akonadi_birthdays_resource b/apparmor.d/groups/akonadi/akonadi_birthdays_resource index 851fc7f3d..cc8e69181 100644 --- a/apparmor.d/groups/akonadi/akonadi_birthdays_resource +++ b/apparmor.d/groups/akonadi/akonadi_birthdays_resource @@ -36,10 +36,10 @@ profile akonadi_birthdays_resource @{exec_path} { owner @{user_config_dirs}/kdedefaults/kwinrc r, owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwinrc r, - + @{PROC}/sys/kernel/core_pattern r, /dev/tty r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/akonadi/akonadi_contacts_resource b/apparmor.d/groups/akonadi/akonadi_contacts_resource index 2dcc26d5c..6333715e2 100644 --- a/apparmor.d/groups/akonadi/akonadi_contacts_resource +++ b/apparmor.d/groups/akonadi/akonadi_contacts_resource @@ -16,6 +16,7 @@ profile akonadi_contacts_resource @{exec_path} { include include include + include include @{exec_path} mr, @@ -37,10 +38,10 @@ profile akonadi_contacts_resource @{exec_path} { owner @{user_config_dirs}/kwinrc r, owner @{user_share_dirs}/contacts/ r, - + @{PROC}/sys/kernel/core_pattern r, /dev/tty r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/akonadi/akonadi_control b/apparmor.d/groups/akonadi/akonadi_control index 84f5d2347..90e121eb0 100644 --- a/apparmor.d/groups/akonadi/akonadi_control +++ b/apparmor.d/groups/akonadi/akonadi_control @@ -10,10 +10,12 @@ include profile akonadi_control @{exec_path} { include include + include include include include include + include include include @@ -34,14 +36,17 @@ profile akonadi_control @{exec_path} { owner @{user_cache_dirs}/akonadi/{,**} rwl, owner @{user_config_dirs}/akonadi/ rw, + owner @{user_config_dirs}/akonadi/agentsrc.lock k, owner @{user_config_dirs}/akonadi/** rwl -> @{user_config_dirs}/akonadi/**, owner @{user_config_dirs}/kdedefaults/kdeglobals r, owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/libaccounts-glib/accounts.db{,-shm,-wal} rwk, owner @{user_share_dirs}/akonadi/{,**} rwl, - + @{PROC}/sys/kernel/core_pattern r, + + /dev/tty r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/akonadi/akonadi_followupreminder_agent b/apparmor.d/groups/akonadi/akonadi_followupreminder_agent index 8a4475c8e..749f15865 100644 --- a/apparmor.d/groups/akonadi/akonadi_followupreminder_agent +++ b/apparmor.d/groups/akonadi/akonadi_followupreminder_agent @@ -15,6 +15,7 @@ profile akonadi_followupreminder_agent @{exec_path} { include include include + include include include @@ -40,10 +41,10 @@ profile akonadi_followupreminder_agent @{exec_path} { owner @{user_config_dirs}/kdedefaults/kwinrc r, owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwinrc r, - + @{PROC}/sys/kernel/core_pattern r, /dev/tty r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/akonadi/akonadi_ical_resource b/apparmor.d/groups/akonadi/akonadi_ical_resource index b1dc6cbc1..6092c23e5 100644 --- a/apparmor.d/groups/akonadi/akonadi_ical_resource +++ b/apparmor.d/groups/akonadi/akonadi_ical_resource @@ -10,8 +10,10 @@ include profile akonadi_ical_resource @{exec_path} { include include + include include include + include include @{exec_path} mr, @@ -31,10 +33,10 @@ profile akonadi_ical_resource @{exec_path} { owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwinrc r, owner @{user_share_dirs}/apps/korganizer/{,**} rw, - + @{PROC}/sys/kernel/core_pattern r, /dev/tty r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/akonadi/akonadi_indexing_agent b/apparmor.d/groups/akonadi/akonadi_indexing_agent index 84277a37c..255deec98 100644 --- a/apparmor.d/groups/akonadi/akonadi_indexing_agent +++ b/apparmor.d/groups/akonadi/akonadi_indexing_agent @@ -34,7 +34,7 @@ profile akonadi_indexing_agent @{exec_path} { owner @{user_config_dirs}/akonadi_indexing_agentrc r, owner @{user_config_dirs}/akonadi/#[0-9]* rw, - owner @{user_config_dirs}/akonadi/agent_config_akonadi_indexing_agent* rwlk, + owner @{user_config_dirs}/akonadi/agent_config_akonadi_indexing_agent{,.*} rwlk, owner @{user_config_dirs}/akonadi/akonadiconnectionrc r, owner @{user_config_dirs}/kdedefaults/kdeglobals r, owner @{user_config_dirs}/kdedefaults/kwinrc r, @@ -42,11 +42,11 @@ profile akonadi_indexing_agent @{exec_path} { owner @{user_config_dirs}/kwinrc r, owner @{user_share_dirs}/akonadi/** rwk, - + @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/random/boot_id r, /dev/tty r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/akonadi/akonadi_maildir_resource b/apparmor.d/groups/akonadi/akonadi_maildir_resource index 019a96454..4a5a32bf4 100644 --- a/apparmor.d/groups/akonadi/akonadi_maildir_resource +++ b/apparmor.d/groups/akonadi/akonadi_maildir_resource @@ -41,10 +41,10 @@ profile akonadi_maildir_resource @{exec_path} { owner @{user_share_dirs}/akonadi/{,**} rwk, owner @{user_share_dirs}/local-mail*/{,**} rw, - + @{PROC}/sys/kernel/core_pattern rw, /dev/tty r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent b/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent index 9bc108920..f3b3e199f 100644 --- a/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent +++ b/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent @@ -45,10 +45,10 @@ profile akonadi_maildispatcher_agent @{exec_path} { owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwinrc r, owner @{user_config_dirs}/specialmailcollectionsrc r, - + @{PROC}/sys/kernel/core_pattern r, /dev/tty r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/akonadi/akonadi_mailfilter_agent b/apparmor.d/groups/akonadi/akonadi_mailfilter_agent index 0f4a656ff..96f662c8f 100644 --- a/apparmor.d/groups/akonadi/akonadi_mailfilter_agent +++ b/apparmor.d/groups/akonadi/akonadi_mailfilter_agent @@ -53,12 +53,12 @@ profile akonadi_mailfilter_agent @{exec_path} { owner @{user_config_dirs}/specialmailcollectionsrc r, - owner @{user_share_dirs}/akonadi/file_db_data/{,**} r, - + owner @{user_share_dirs}/akonadi/file_db_data/{,**} rw, + @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/random/boot_id r, /dev/tty r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/akonadi/akonadi_mailmerge_agent b/apparmor.d/groups/akonadi/akonadi_mailmerge_agent index 12c98f8c4..ed7ddd334 100644 --- a/apparmor.d/groups/akonadi/akonadi_mailmerge_agent +++ b/apparmor.d/groups/akonadi/akonadi_mailmerge_agent @@ -10,10 +10,12 @@ include profile akonadi_mailmerge_agent @{exec_path} { include include + include include include include include + include include network inet dgram, @@ -35,10 +37,10 @@ profile akonadi_mailmerge_agent @{exec_path} { owner @{user_config_dirs}/kdedefaults/kwinrc r, owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwinrc r, - + @{PROC}/sys/kernel/core_pattern r, /dev/tty r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/akonadi/akonadi_migration_agent b/apparmor.d/groups/akonadi/akonadi_migration_agent index 491ace3de..ce936f960 100644 --- a/apparmor.d/groups/akonadi/akonadi_migration_agent +++ b/apparmor.d/groups/akonadi/akonadi_migration_agent @@ -38,10 +38,10 @@ profile akonadi_migration_agent @{exec_path} { owner @{user_config_dirs}/kwinrc r, owner @{user_share_dirs}/akonadi_migration_agent/{,**} rw, - + @{PROC}/sys/kernel/core_pattern r, /dev/tty r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent b/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent index 89bb544e1..3fa0a2083 100644 --- a/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent +++ b/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent @@ -21,6 +21,7 @@ profile akonadi_newmailnotifier_agent @{exec_path} { @{exec_path} mr, + /usr/share/akonadi/plugins/serializer/*.desktop r, /usr/share/hwdata/*.ids r, /usr/share/mime/{,**} r, /usr/share/icu/[0-9]*.[0-9]*/*.dat r, @@ -44,11 +45,12 @@ profile akonadi_newmailnotifier_agent @{exec_path} { owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kmail2rc r, owner @{user_config_dirs}/kwinrc r, - + owner @{user_config_dirs}/specialmailcollectionsrc r, + @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/random/boot_id r, /dev/tty r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/akonadi/akonadi_sendlater_agent b/apparmor.d/groups/akonadi/akonadi_sendlater_agent index 9374e65c5..b1e9590e4 100644 --- a/apparmor.d/groups/akonadi/akonadi_sendlater_agent +++ b/apparmor.d/groups/akonadi/akonadi_sendlater_agent @@ -43,10 +43,10 @@ profile akonadi_sendlater_agent @{exec_path} { owner @{user_config_dirs}/kdedefaults/kwinrc r, owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwinrc r, - + @{PROC}/sys/kernel/core_pattern r, /dev/tty r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent b/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent index e65331a27..e8e47db8f 100644 --- a/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent +++ b/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent @@ -38,8 +38,10 @@ profile akonadi_unifiedmailbox_agent @{exec_path} { owner @{user_config_dirs}/kdedefaults/kwinrc r, owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwinrc r, - + @{PROC}/sys/kernel/core_pattern r, + + /dev/tty r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell index ace3ea45f..9588e4131 100644 --- a/apparmor.d/groups/kde/plasmashell +++ b/apparmor.d/groups/kde/plasmashell @@ -10,6 +10,8 @@ include profile plasmashell @{exec_path} { include include + include + include include include include @@ -41,6 +43,7 @@ profile plasmashell @{exec_path} { @{libexec}/libheif/ r, @{libexec}/libheif/*.so* rm, @{libexec}/kf5/kioslave5 rPx, + @{libexec}/kf5/kdesu{,d} rix, /{usr/,}bin/dolphin rPUx, # TODO: rPx, /{usr/,}bin/plasma-discover rPUx, @@ -55,11 +58,15 @@ profile plasmashell @{exec_path} { /usr/share/krunner/{,**} r, /usr/share/konsole/ r, /usr/share/akonadi/firstrun/{,*} r, + /usr/share/lshw/artwork/logo.svg r, + /usr/share/knotifications5/*.notifyrc r, + /usr/share/desktop-directories/kf5-*.directory r, /etc/appstream.conf r, /etc/cups/client.conf r, /etc/fstab r, /etc/machine-id r, + /etc/pipewire/client.conf.d/ r, /etc/pulse/client.conf r, /etc/pulse/client.conf.d/ r, /etc/xdg/baloofilerc r, @@ -69,6 +76,7 @@ profile plasmashell @{exec_path} { /etc/xdg/krunnerrc r, /etc/xdg/kwinrc r, /etc/xdg/menus/ r, + /etc/xdg/menus/applications.menu r, /etc/xdg/menus/applications-merged/ r, /etc/xdg/plasmanotifyrc r, /etc/xdg/plasmarc r, @@ -81,6 +89,7 @@ profile plasmashell @{exec_path} { owner @{user_cache_dirs}/ r, owner @{user_cache_dirs}/#[0-9]* rw, + owner @{user_cache_dirs}/event-sound-cache.tdb.*.x86_64-pc-linux-gnu rwk, owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_cache_dirs}/ksycoca5_* r, owner @{user_cache_dirs}/org.kde.dirmodel-qml.kcache rw, @@ -111,7 +120,9 @@ profile plasmashell @{exec_path} { owner @{user_config_dirs}/plasma-org.kde.plasma.desktop-appletsrc.?????? rk, owner @{user_config_dirs}/plasma-pk-updates r, owner @{user_config_dirs}/plasma*desktop* rwlk, - owner @{user_config_dirs}/plasmanotifyrc r, + owner @{user_config_dirs}/plasmanotifyrc rw, + owner @{user_config_dirs}/plasmanotifyrc.lock rwk, + owner @{user_config_dirs}/plasmanotifyrc.* rwl, owner @{user_config_dirs}/plasmaparc r, owner @{user_config_dirs}/plasmashellrc r, owner @{user_config_dirs}/pulse/cookie rwk, @@ -135,6 +146,7 @@ profile plasmashell @{exec_path} { owner @{user_share_dirs}/user-places.xbel r, owner @{run}/user/@{uid}/#[0-9]* rw, + owner @{run}/user/@{uid}/kdesud_:1 w, owner @{run}/user/@{uid}/plasmashell??????.[0-9].kioworker.socket rwl, owner @{run}/user/@{uid}/gvfs/ r, owner @{run}/user/@{uid}/pulse/ rw, @@ -148,9 +160,11 @@ profile plasmashell @{exec_path} { owner @{PROC}/@{pid}/environ r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, - + owner @{PROC}/@{pid}/{cgroup,cmdline,stat,statm} r, + owner @{PROC}/@{pid}/attr/current r, + /dev/shm/ r, - /dev/tty r, - + /dev/ptmx rw, + include if exists }