diff --git a/apparmor.d/groups/kde/baloorunner b/apparmor.d/groups/kde/baloorunner index 702288a1f..64372f497 100644 --- a/apparmor.d/groups/kde/baloorunner +++ b/apparmor.d/groups/kde/baloorunner @@ -10,6 +10,9 @@ include @{exec_path} += @{lib}/@{multiarch}/{,libexec/}baloorunner profile baloorunner @{exec_path} { include + include + include + include include include include diff --git a/apparmor.d/groups/kde/kaccess b/apparmor.d/groups/kde/kaccess index 65582d1ba..4b1e734ed 100644 --- a/apparmor.d/groups/kde/kaccess +++ b/apparmor.d/groups/kde/kaccess @@ -18,6 +18,7 @@ profile kaccess @{exec_path} { include #aa:dbus own bus=session name=org.kde.kaccess + #aa:dbus talk bus=session name=org.kde.kglobalaccel path=/kglobalaccel label=kglobalacceld @{exec_path} mr, diff --git a/apparmor.d/groups/kde/kactivitymanagerd b/apparmor.d/groups/kde/kactivitymanagerd index 1cc6b41d1..ead285e5f 100644 --- a/apparmor.d/groups/kde/kactivitymanagerd +++ b/apparmor.d/groups/kde/kactivitymanagerd @@ -11,6 +11,7 @@ include profile kactivitymanagerd @{exec_path} { include include + include include include include diff --git a/apparmor.d/groups/kde/kde-powerdevil b/apparmor.d/groups/kde/kde-powerdevil index c961ed7a3..01706e649 100644 --- a/apparmor.d/groups/kde/kde-powerdevil +++ b/apparmor.d/groups/kde/kde-powerdevil @@ -28,6 +28,7 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted) network netlink raw, #aa:dbus own bus=system name=org.freedesktop.Policy.Power + #aa:dbus own bus=system name=org.kde.kf5auth path=/ #aa:dbus own bus=session name=local.org_kde_powerdevil #aa:dbus own bus=session name=org.freedesktop.PowerManagement diff --git a/apparmor.d/groups/kde/kded b/apparmor.d/groups/kde/kded index e8be8a0dd..93c70329e 100644 --- a/apparmor.d/groups/kde/kded +++ b/apparmor.d/groups/kde/kded @@ -68,6 +68,7 @@ profile kded @{exec_path} { #aa:dbus talk bus=system name=org.freedesktop.NetworkManager label=NetworkManager #aa:dbus talk bus=system name=org.freedesktop.bolt label=boltd + #aa:dbus talk bus=session name=org.kde.NightColor path=/ColorCorrect label="{kwin_wayland,kwin_x11}" #aa:dbus talk bus=session name=org.kde.KGlobalAccel path=/ label="{kglobalacceld,kwin_wayland}" dbus receive bus=system path=/ diff --git a/apparmor.d/groups/kde/kglobalacceld b/apparmor.d/groups/kde/kglobalacceld index 156bdf928..b9c09d0c6 100644 --- a/apparmor.d/groups/kde/kglobalacceld +++ b/apparmor.d/groups/kde/kglobalacceld @@ -9,7 +9,9 @@ include @{exec_path} = @{bin}/kglobalaccel5 @{lib}/kglobalacceld profile kglobalacceld @{exec_path} { include + include include + include include #aa:dbus own bus=session name=org.kde.KGlobalAccel path=/kglobalaccel diff --git a/apparmor.d/groups/kde/ksmserver-logout-greeter b/apparmor.d/groups/kde/ksmserver-logout-greeter index e5ea15c29..e46237c2a 100644 --- a/apparmor.d/groups/kde/ksmserver-logout-greeter +++ b/apparmor.d/groups/kde/ksmserver-logout-greeter @@ -11,6 +11,10 @@ include @{exec_path} += @{lib}/@{multiarch}/{,libexec/}ksmserver-logout-greeter profile ksmserver-logout-greeter @{exec_path} flags=(attach_disconnected,mediate_deleted) { include + include + include + include + include include include include @@ -18,6 +22,11 @@ profile ksmserver-logout-greeter @{exec_path} flags=(attach_disconnected,mediate include include + #aa:dbus own bus=session name=org.kde.LogoutPrompt path=/LogoutPrompt + + #aa:dbus talk bus=session name=org.kde.LogoutPrompt path=/Shutdown label=plasma-shutdown + #aa:dbus talk bus=session name=org.kde.KWin label=kwin_wayland + @{exec_path} mr, @{lib}/os-release r, diff --git a/apparmor.d/groups/kde/ksplashqml b/apparmor.d/groups/kde/ksplashqml index e1d5d7394..ea80e28cd 100644 --- a/apparmor.d/groups/kde/ksplashqml +++ b/apparmor.d/groups/kde/ksplashqml @@ -11,6 +11,7 @@ profile ksplashqml @{exec_path} { include include include + include include include include diff --git a/apparmor.d/groups/kde/kwin_wayland b/apparmor.d/groups/kde/kwin_wayland index c11f951be..51f09c8c4 100644 --- a/apparmor.d/groups/kde/kwin_wayland +++ b/apparmor.d/groups/kde/kwin_wayland @@ -35,7 +35,7 @@ profile kwin_wayland @{exec_path} flags=(attach_disconnected,mediate_deleted) { unix type=stream peer=(label=xwayland), #aa:dbus own bus=session name=org.freedesktop.ScreenSaver - #aa:dbus own bus=session name=org.kde.kglobalaccel + #aa:dbus own bus=session name=org.kde.kglobalaccel path=/kglobalaccel #aa:dbus own bus=session name=org.kde.KWin #aa:dbus own bus=session name=org.kde.NightColor path=/ColorCorrect #aa:dbus own bus=session name=org.kde.screensaver diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm index b9d07e380..08835eaf0 100644 --- a/apparmor.d/groups/kde/sddm +++ b/apparmor.d/groups/kde/sddm @@ -55,6 +55,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { #aa:dbus own bus=system name=org.freedesktop.DisplayManager #aa:dbus talk bus=system name=org.freedesktop.home1 interface=org.freedesktop.home1.Manager label="@{p_systemd_homed}" + #aa:dbus talk bus=system name=org.freedesktop.login1 interface=org.freedesktop.login1.Manager label="@{p_systemd_logind}" @{exec_path} mr,