felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
apparmor.d/apparmor.d/groups/kde/konsole
Alexandre Pujol 523522dd1d
feat(profile): improve kde profiles.
2025-08-17 17:05:38 +02:00

93 lines
2.9 KiB
Text
Raw Blame History

# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 Jeroen Rijken
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
abi <abi/4.0>,
include <tunables/global>
@{exec_path} = @{bin}/konsole
profile konsole @{exec_path} flags=(attach_disconnected,mediate_deleted) {
include <abstractions/base>
include <abstractions/audio-client>
include <abstractions/bus-accessibility>
include <abstractions/bus-session>
include <abstractions/bus/org.a11y>
include <abstractions/consoles>
include <abstractions/graphics>
include <abstractions/kde-strict>
include <abstractions/nameservice-strict>
ptrace (read),
signal (send) set=(hup),
#aa:dbus own bus=session name=org.kde.konsole-@{int}
@{exec_path} mr,
@{bin}/@{shells} rUx,
@{browsers_path} rPx,
@{lib}/libheif/ r,
@{lib}/libheif/** mr,
@{lib}/{,@{multiarch}/}utempter/utempter rPx,
# Some CLI program can be launched directly from KDE
@{bin}/btop rPUx,
@{bin}/htop rPx,
@{bin}/micro rPUx,
@{bin}/nvtop rPx,
@{bin}/vim rUx,
/usr/share/color-schemes/{,**} r,
/usr/share/kf6/{,**} r,
/usr/share/konsole/{,**} r,
/usr/share/sounds/** r,
/etc/xdg/konsolerc r,
/etc/xdg/kshorturifilterrc r,
/etc/xdg/menus/{,**} r,
/etc/xdg/ui/ui_standards.rc r,
owner @{HOME}/@{XDG_SSH_DIR}/config r,
owner @{user_config_dirs}/#@{int} rwl,
owner @{user_config_dirs}/breezerc r,
owner @{user_config_dirs}/kbookmarkrc r,
owner @{user_config_dirs}/konsole.notifyrc r,
owner @{user_config_dirs}/konsolerc rwl,
owner @{user_config_dirs}/konsolerc.@{rand6} rwl,
owner @{user_config_dirs}/konsolerc.lock rwk,
owner @{user_config_dirs}/konsolesshconfig rwl -> @{user_config_dirs}/#@{int},
owner @{user_config_dirs}/konsolesshconfig.@{rand6} rwl -> @{user_config_dirs}/#@{int},
owner @{user_config_dirs}/konsolesshconfig.lock rwk,
owner @{user_config_dirs}/kservicemenurc r,
owner @{user_config_dirs}/menus/{,**} r,
owner @{user_config_dirs}/session/** rwlk,
owner @{user_share_dirs}/color-schemes/{,**} r,
owner @{user_share_dirs}/konsole/ rw,
owner @{user_share_dirs}/konsole/** rwlk,
owner @{user_share_dirs}/kxmlgui5/konsole/{,**} r,
owner @{user_state_dirs}/#@{int} rw,
owner @{user_state_dirs}/konsolestaterc rw,
owner @{user_state_dirs}/konsolestaterc.@{rand6} rwl -> @{user_state_dirs}/#@{int},
owner @{user_state_dirs}/konsolestaterc.lock rwk,
owner @{tmp}/#@{int} rw,
owner @{tmp}/konsole.@{rand6} rw,
owner @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/app-org.kde.konsole-@{int}.scope/** rw,
@{PROC}/@{pid}/cmdline r,
@{PROC}/@{pid}/stat r,
owner @{PROC}/@{pid}/cgroup r,
/dev/ptmx rw,
include if exists <local/konsole>
}
# vim:syntax=apparmor
Reference in a new issue View git blame Copy permalink