Add lxqt-session, enable start in sddm #580
Conversation
first file for the LXQT 2.0 desktop group
starter file for LXQT Desktop
I use sddm as display manager I cant remove the other file - only use graphical env., sorry After startlxqt i would add 2 lines to sddm to enable the start of LXQT desktop
Enable sddm to start an lxqt desktop session
lxqt-session to be started by startlxqt. Display manager: sddm
|
|
||
| ptrace (read), | ||
|
|
||
| network netlink raw, |
There was a problem hiding this comment.
This rule should come before the signal rules.
apparmor.d/groups/lxqt/lxqt-session
Outdated
| @{exec_path} = @{bin}/lxqt-session | ||
| profile lxqt-session @{exec_path} flags=(attach_disconnected) { | ||
| include <abstractions/base> | ||
| include <abstractions/dbus-accessibility> |
There was a problem hiding this comment.
Use bus-accessibility instead (see https://apparmor.pujol.io/development/dbus/)
apparmor.d/groups/lxqt/lxqt-session
Outdated
| @{bin}/python3.@{int} rPx, | ||
| @{lib}/python3.@{int} rPx, |
There was a problem hiding this comment.
- There is no profile for
@{bin}/python3.@{int} - There is no such thing as an exec name:
@{lib}/python3.@{int}
There was a problem hiding this comment.
for now i will remove this, yes. I used a different profile for python. Only applicable with some backup programs
apparmor.d/groups/lxqt/lxqt-session
Outdated
| owner @{HOME}/.local/share/ r, | ||
| owner @{HOME}/.config/ r, |
There was a problem hiding this comment.
Remove, they are included in lxqt
apparmor.d/groups/lxqt/lxqt-session
Outdated
| owner @{HOME}/.config/autostart/ r, | ||
| owner @{HOME}/.config/autostart/* rw, |
There was a problem hiding this comment.
That should be:
owner @{user_config_dirs}/autostart/ r,
owner @{user_config_dirs}/autostart/*.desktop r,
apparmor.d/groups/lxqt/lxqt-session
Outdated
| owner @{user_cache_dirs}/openbox/sessions/ rw, | ||
| owner @{user_cache_dirs}/openbox/openbox.log rwk, | ||
| owner @{user_config_dirs}/mimeapps.list{,.@{rand6}} rw, | ||
| owner @{user_config_dirs}/dconf/user r, |
There was a problem hiding this comment.
Remove, use the dconf abs instead.
apparmor.d/groups/lxqt/lxqt-session
Outdated
| owner @{user_config_dirs}/mimeapps.list{,.@{rand6}} rw, | ||
| owner @{user_config_dirs}/dconf/user r, | ||
| owner @{user_config_dirs}/openbox/rc.xml r, | ||
| owner @{user_share_dirs}/sddm/xorg-session.log rw, |
There was a problem hiding this comment.
Remove, this is already part of X-strict
apparmor.d/groups/lxqt/lxqt-session
Outdated
| @{PROC}/@{pid}/stat r, | ||
| owner @{PROC}/@{pid}/stat r, | ||
|
|
||
| @{run}/systemd/inhibit/** rw, |
There was a problem hiding this comment.
That should be @{att}/@{run}/systemd/inhibit/@{int}.ref rw, and the rule should come before the @{PROC} ones.
There was a problem hiding this comment.
didnt reflected this change, going to check the other profiles as well
apparmor.d/groups/lxqt/lxqt-session
Outdated
| include <abstractions/app/systemctl> | ||
|
|
||
| include if exists <local/lxqt-session_systemctl> | ||
|
|
There was a problem hiding this comment.
You forgot to close the systemctl subprofile: }
apparmor.d/groups/lxqt/lxqt-session
Outdated
|
|
||
| /dev/tty rw, | ||
|
|
||
| include if exists <local/lxqt-session> |
There was a problem hiding this comment.
Please more this include after the subprofile (it is where we place it for all other profiles).
|
That should be good as a first version of the profile. Note that this part of lxqt is most likelly an app launcher. If so, you can remove all |
|
which profile is supposed to be an app-launcher has been a bit confusing in the past. I will try to change this in lxqt-session, see if its ok to entirely remove the singel rPx-calls |
|
well, i added |
is needed for several complaints:
DENIED kscreen_backend_launcher open owner @{user_config_dirs}/lxqt/lxqt.conf comm=kscreen_backend requested_mask=r denied_mask=r
DENIED kscreen_backend_launcher open /usr/share/lxqt/lxqt.conf comm=kscreen_backend requested_mask=r denied_mask=r
DENIED kscreen_backend_launcher open owner @{user_config_dirs}/lxqt/session.conf comm=kscreen_backend requested_mask=r denied_mask=r
DENIED kscreen_backend_launcher open /usr/share/lxqt/session.conf comm=kscreen_backend requested_mask=r denied_mask=r
No description provided.