From b2393cb7c23a8f6e130e3e7844bfcdb42c608843 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Wed, 28 Aug 2024 11:46:38 +0200
Subject: [PATCH] Create startlxqt

---
 apparmor.d/groups/lxqt/startlxqt | 74 ++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 apparmor.d/groups/lxqt/startlxqt

diff --git a/apparmor.d/groups/lxqt/startlxqt b/apparmor.d/groups/lxqt/startlxqt
new file mode 100644
index 000000000..9691e294d
--- /dev/null
+++ b/apparmor.d/groups/lxqt/startlxqt
@@ -0,0 +1,74 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/startlxqt
+profile startlxqt @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/freedesktop.org>
+  include <abstractions/fontconfig-cache-read>
+  include <abstractions/qt5>
+  include <abstractions/X-strict>
+
+  signal (receive) set=(term) peer=sddm,
+
+  @{exec_path} mr,
+
+  @{bin}/xrdb               rPx,
+  @{bin}/xsetroot           rPx,
+  @{bin}/xprop              rpx,
+  @{bin}/mkdir              rix,
+  @{bin}/dbus-launch        rPx,
+  @{bin}/lxqt-session       rPx,
+  @{sh_path}                rix,
+
+  /usr/share/color-schemes/{,**} r,
+  /usr/share/desktop-directories/{,**} r,
+  /usr/share/icu/@{int}.@{int}/*.dat r,
+  /usr/share/mime/{,**} r,
+
+  /etc/locale.alias r,
+  /etc/machine-id r,
+  /etc/xdg/kdeglobals r,
+  /etc/xdg/menus/{,**} r,
+
+  @{HOME}/ r,
+  owner @{HOME}/.Xauthority r,
+
+  owner @{user_cache_dirs}/ rw,
+  owner @{user_cache_dirs}/#@{int} rw,
+        @{user_cache_dirs}/ksycoca5_* rwkl -> @{user_cache_dirs}/#@{int},
+
+  owner @{user_config_dirs}/#@{int} rw,
+  owner @{user_config_dirs}/gtkrc rl,
+  owner @{user_config_dirs}/gtkrc-2.0 rl,
+  owner @{user_config_dirs}/lxqt/ rw,
+  owner @{user_config_dirs}/menus/{,**} r,
+
+  owner @{user_share_dirs}/sddm/wayland-session.log rw,
+  owner @{user_share_dirs}/sddm/xorg-session.log rw,
+
+  owner /tmp/#@{int} rw,
+  owner /tmp/startlxqt.@{rand6} rwl -> /tmp/#@{int},
+
+  owner @{run}/user/@{uid}/ r,
+        @{run}/user/@{uid}/xauth_@{rand6} rl,
+
+        @{PROC}/sys/kernel/core_pattern r,
+  owner @{PROC}/@{pid}/maps r,
+
+  /dev/tty rw,
+  /dev/tty@{int} rw,
+
+  include if exists <local/startlxqt>
+}
+
+# vim:syntax=apparmor
+
+
+