From f56163afb184d93df751f2ce571d90cd9b08ecbc Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sun, 6 Jul 2025 21:56:24 +0200
Subject: [PATCH] feat(profile): ensure xdg portal can start any sandboxing
 tool.

---
 apparmor.d/groups/freedesktop/xdg-document-portal | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/apparmor.d/groups/freedesktop/xdg-document-portal b/apparmor.d/groups/freedesktop/xdg-document-portal
index 91a203d3a..93cac619e 100644
--- a/apparmor.d/groups/freedesktop/xdg-document-portal
+++ b/apparmor.d/groups/freedesktop/xdg-document-portal
@@ -39,8 +39,9 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} mr,
 
-  @{bin}/flatpak         rPUx,
+  @{bin}/flatpak         rPx,
   @{bin}/fusermount{,3}  rCx -> fusermount,
+  @{bin}/snap            rPx,
 
               / r,
   owner @{att}/ r,
@@ -64,6 +65,7 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) {
 
   profile fusermount flags=(attach_disconnected) {
     include <abstractions/base>
+    include <abstractions/consoles>
     include <abstractions/app/fusermount>
 
     capability dac_read_search,