From a30ae5f27391511bd7e3317eebe9ee8a4a152af8 Mon Sep 17 00:00:00 2001
From: curiosityseeker <60518106+curiosityseeker@users.noreply.github.com>
Date: Fri, 22 Aug 2025 14:13:22 +0200
Subject: [PATCH] Update gnome-boxes

ALLOWED gnome-boxes open /usr/share/ladspa/rdf/ comm=gst-plugin-scan requested_mask=r denied_mask=r
ALLOWED gnome-boxes open /usr/share/ladspa/rdf/ladspa.rdfs comm=gst-plugin-scan requested_mask=r denied_mask=r
ALLOWED gnome-boxes open /usr/share/ladspa/rdf/ladspa-rubberband.rdf comm=gst-plugin-scan requested_mask=r denied_mask=r
ALLOWED gnome-boxes open @{sys}/devices/@{pci}/usb2/2-3/bConfigurationValue comm=gnome-boxes requested_mask=r denied_mask=r
ALLOWED gnome-boxes open @{sys}/devices/@{pci}/usb1/1-6/1-6.2/bConfigurationValue comm=gnome-boxes requested_mask=r denied_mask=r
ALLOWED gnome-boxes open @{sys}/devices/@{pci}/usb1/1-14/bConfigurationValue comm=gnome-boxes requested_mask=r denied_mask=r
ALLOWED gnome-boxes open @{sys}/devices/@{pci}/usb1/1-13/bConfigurationValue comm=gnome-boxes requested_mask=r denied_mask=r
---
 apparmor.d/groups/gnome/gnome-boxes | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/apparmor.d/groups/gnome/gnome-boxes b/apparmor.d/groups/gnome/gnome-boxes
index 2462c2071..16aa4e862 100644
--- a/apparmor.d/groups/gnome/gnome-boxes
+++ b/apparmor.d/groups/gnome/gnome-boxes
@@ -36,6 +36,7 @@ profile gnome-boxes @{exec_path} {
   @{bin}/virsh      rCx -> virsh,
   @{bin}/virtqemud  rPUx,
 
+  /usr/share/ladspa/rdf/{,*} r,
   /usr/share/osinfo/{,**} r,
   /usr/share/gnome-boxes/{,**} r,
 
@@ -55,6 +56,8 @@ profile gnome-boxes @{exec_path} {
   owner @{user_config_dirs}/gnome-boxes/ rw,
   owner @{user_config_dirs}/gnome-boxes/** rwk,
 
+  owner @{user_share_dirs}/gnome-boxes/images/ rw,
+
   owner @{tmp}/.goutputstream-@{rand6} rw,
   owner @{tmp}/*.iso-@{rand6} rw,
   owner @{tmp}/*.svg-@{rand6} rw,
@@ -66,6 +69,7 @@ profile gnome-boxes @{exec_path} {
 
   @{run}/udev/data/c@{dynamic}:@{int} r,  # For dynamic assignment range 234 to 254, 384 to 511
 
+        @{sys}/devices/@{pci}/usb@{int}/** r,
   owner @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/app-dbus*org.gnome.Boxes.slice/*/memory.* r,
 
         @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,