diff --git a/apparmor.d/groups/lxqt/qterminal b/apparmor.d/groups/lxqt/qterminal new file mode 100644 index 000000000..5ca0cc544 --- /dev/null +++ b/apparmor.d/groups/lxqt/qterminal @@ -0,0 +1,72 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Jeroen Rijken +# Copyright (C) 2024 Alexandre Pujol +# Copyright (C) 2024 Besanon +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/qterminal +profile qterminal @{exec_path} { + include + include + include + include + include + include + include + include + + ptrace (read), + + signal (send) set=(hup), + signal (send) set=(kill) peer=htop, + + #aa:dbus own bus=session name=org.QTerminal-@{int} + + @{exec_path} mr, + @{bin}/@{shells} rUx, + @{browsers_path} rPx, + @{bin}/htop rPx, + @{bin}/dbus-launch rPx, + @{open_path} rPx -> child-open-help, + + #aa:exec utempter + + /usr/share/color-schemes/{,**} r, + /usr/share/kf6/{,**} r, + /usr/share/qterminal/{,**} r, + /usr/share/sounds/** r, + /usr/share/lxqt/lxqt.conf r, + /usr/share/qtermwidget6/{,**} r, + /etc/xdg/ui/ui_standards.rc r, + + /{,var/}run/systemd/notify w, + /var/cache/fontconfig/ rw, + + owner @{HOME}/@{XDG_SSH_DIR}/config r, + @{HOME}/.Xdefaults r, + + owner @{user_cache_dirs}/icon-cache.kcache rw, + owner @{user_config_dirs}/lxqt/lxqt.conf r, + owner @{user_config_dirs}/qterminal.org/** rw, + owner @{user_config_dirs}/qterminal.org/#@{int} rwk, + owner @{user_config_dirs}/qterminal.org/qterminal.ini.lock rwk, + owner @{user_config_dirs}/qterminal.org/qterminal.ini.@{rand6} rwk, + owner @{user_config_dirs}/qterminal.org/qterminal.ini.@{rand6} l -> @{user_config_dirs}/qterminal.org/#@{int}, + + owner /tmp/#@{int} rw, + owner /tmp/konsole.@{rand6} rw, + owner /tmp/xauth_@{rand6} rw, + + @{PROC}/sys/kernel/core_pattern r, + owner @{PROC}/@{pid}/cmdline r, + owner @{PROC}/@{pid}/stat r, + owner @{PROC}/@{pid}/fd/ r, + + include if exists +} + +# vim:syntax=apparmor