From 82d549ac9504a7a52ac1765a977c22df1a252459 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Tue, 22 Oct 2024 16:29:43 +0200
Subject: [PATCH 01/53] Create abstraction for lxqt desktop group

first file for the LXQT 2.0 desktop group
---
 apparmor.d/abstractions/lxqt | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 apparmor.d/abstractions/lxqt

diff --git a/apparmor.d/abstractions/lxqt b/apparmor.d/abstractions/lxqt
new file mode 100644
index 000000000..9cb526741
--- /dev/null
+++ b/apparmor.d/abstractions/lxqt
@@ -0,0 +1,31 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  abi <abi/4.0>,
+
+  include <abstractions/fonts>
+  include <abstractions/freedesktop.org>
+  include <abstractions/gtk>
+  include <abstractions/qt5>
+  include <abstractions/wayland>
+  include <abstractions/X-strict>
+
+  signal (receive) set=(kill, term) peer=lxqt-session,	
+
+  /usr/share/hwdata/pnp.ids 	  r,
+  /usr/share/icu/@{int}.@{int}/*.dat 			r,
+  /usr/share/lxqt/**    				r,
+  /usr/share/qt{5,6}/ 					r,
+  /usr/share/qt{5,6}/{,**} 			r,
+ 
+  owner @{HOME}/.Xdefaults 			r,
+
+  owner @{user_cache_dirs}/fontconfig/* 		      rw,
+  owner @{user_cache_dirs}/lxqt-notificationd/*  	r,
+
+  owner @{user_config_dirs}/lxqt/*.conf			      rw,
+
+  include if exists <abstractions/lxqt.d>
+
+# vim:syntax=apparmor

From 5b715473dc4f8fd495b86960ca03c64d538eced1 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Tue, 22 Oct 2024 18:55:35 +0200
Subject: [PATCH 02/53] Update lxqt

---
 apparmor.d/abstractions/lxqt | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/apparmor.d/abstractions/lxqt b/apparmor.d/abstractions/lxqt
index 9cb526741..83a9b151f 100644
--- a/apparmor.d/abstractions/lxqt
+++ b/apparmor.d/abstractions/lxqt
@@ -5,6 +5,7 @@
   abi <abi/4.0>,
 
   include <abstractions/fonts>
+  include <abstractions/fontconfig-cache-write>
   include <abstractions/freedesktop.org>
   include <abstractions/gtk>
   include <abstractions/qt5>
@@ -16,12 +17,9 @@
   /usr/share/hwdata/pnp.ids 	  r,
   /usr/share/icu/@{int}.@{int}/*.dat 			r,
   /usr/share/lxqt/**    				r,
-  /usr/share/qt{5,6}/ 					r,
-  /usr/share/qt{5,6}/{,**} 			r,
  
   owner @{HOME}/.Xdefaults 			r,
 
-  owner @{user_cache_dirs}/fontconfig/* 		      rw,
   owner @{user_cache_dirs}/lxqt-notificationd/*  	r,
 
   owner @{user_config_dirs}/lxqt/*.conf			      rw,

From 8072b339c9066a95ca65908ca75e1dcdea6f7c74 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Tue, 22 Oct 2024 19:33:37 +0200
Subject: [PATCH 03/53] xdg-desktop abstraction added

---
 apparmor.d/abstractions/lxqt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apparmor.d/abstractions/lxqt b/apparmor.d/abstractions/lxqt
index 83a9b151f..d9aa3712e 100644
--- a/apparmor.d/abstractions/lxqt
+++ b/apparmor.d/abstractions/lxqt
@@ -11,6 +11,7 @@
   include <abstractions/qt5>
   include <abstractions/wayland>
   include <abstractions/X-strict>
+  include <abstractions/xdg-desktop>
 
   signal (receive) set=(kill, term) peer=lxqt-session,	
 

From 637347bac73a4d572c71944fc763e48d37f6eb1e Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Tue, 22 Oct 2024 19:37:23 +0200
Subject: [PATCH 04/53] removing tabs

---
 apparmor.d/abstractions/lxqt | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/apparmor.d/abstractions/lxqt b/apparmor.d/abstractions/lxqt
index d9aa3712e..c1633033f 100644
--- a/apparmor.d/abstractions/lxqt
+++ b/apparmor.d/abstractions/lxqt
@@ -13,17 +13,17 @@
   include <abstractions/X-strict>
   include <abstractions/xdg-desktop>
 
-  signal (receive) set=(kill, term) peer=lxqt-session,	
+  signal (receive) set=(kill, term) peer=lxqt-session,
 
-  /usr/share/hwdata/pnp.ids 	  r,
-  /usr/share/icu/@{int}.@{int}/*.dat 			r,
-  /usr/share/lxqt/**    				r,
+  /usr/share/hwdata/pnp.ids r,
+  /usr/share/icu/@{int}.@{int}/*.dat r,
+  /usr/share/lxqt/** r,
  
-  owner @{HOME}/.Xdefaults 			r,
+  owner @{HOME}/.Xdefaults r,
 
-  owner @{user_cache_dirs}/lxqt-notificationd/*  	r,
+  owner @{user_cache_dirs}/lxqt-notificationd/* r,
 
-  owner @{user_config_dirs}/lxqt/*.conf			      rw,
+  owner @{user_config_dirs}/lxqt/*.conf rw,
 
   include if exists <abstractions/lxqt.d>
 

From 836dbd01aeac17d79f1f9143c9a3b05795758bac Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Tue, 22 Oct 2024 20:15:29 +0200
Subject: [PATCH 05/53] Create startlxqt

starter file for LXQT Desktop
---
 apparmor.d/profiles-s-z/startlxqt | 84 +++++++++++++++++++++++++++++++
 1 file changed, 84 insertions(+)
 create mode 100644 apparmor.d/profiles-s-z/startlxqt

diff --git a/apparmor.d/profiles-s-z/startlxqt b/apparmor.d/profiles-s-z/startlxqt
new file mode 100644
index 000000000..d56b77f62
--- /dev/null
+++ b/apparmor.d/profiles-s-z/startlxqt
@@ -0,0 +1,84 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/startlxqt
+profile startlxqt @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/freedesktop.org>
+  include <abstractions/fontconfig-cache-read>
+  include <abstractions/lxqt>
+  include <abstractions/X-strict>
+
+  signal (receive) set=(term) peer=sddm,
+
+  @{exec_path} mr,
+
+  @{bin}/xrdb               rPx,
+  @{bin}/xsetroot           rPx,
+  @{bin}/xprop              rpx,
+  @{bin}/mkdir              rix,
+  @{sh_path}                rix,
+  @{bin}/lxqt-session       rPx,
+
+  @{bin}/systemctl                           rCx -> systemctl,
+  @{bin}/dbus-update-activation-environment  rCx -> dbus,
+
+  /usr/share/color-schemes/{,**} r,
+  /usr/share/desktop-directories/{,**} r,
+  /usr/share/kservices5/{,**} r,
+  /usr/share/mime/{,**} r,
+  /etc/locale.alias r,
+  /etc/machine-id r,
+  /etc/xdg/menus/{,**} r,
+
+  @{HOME}/ r,
+  owner @{HOME}/.Xauthority r,
+
+  owner @{user_cache_dirs}/ rw,
+  owner @{user_cache_dirs}/#@{int} rw,
+        @{user_cache_dirs}/ksycoca5_* rwkl -> @{user_cache_dirs}/#@{int},
+
+  owner @{user_config_dirs}/lxqt/ rw,
+  owner @{user_config_dirs}/menus/{,**} r,
+
+  owner @{user_share_dirs}/kservices5/{,**} r,
+  owner @{user_share_dirs}/sddm/wayland-session.log rw,
+  owner @{user_share_dirs}/sddm/xorg-session.log rw,
+
+  owner /tmp/#@{int} rw,
+  owner /tmp/startlxqt.@{rand6} rwl -> /tmp/#@{int},
+
+  owner @{run}/user/@{uid}/ r,
+
+        @{PROC}/sys/kernel/core_pattern r,
+  owner @{PROC}/@{pid}/maps r,
+
+  /dev/tty rw,
+  /dev/tty@{int} rw,
+
+  profile systemctl flags=(attach_disconnected) {
+    include <abstractions/base>
+    include <abstractions/app/systemctl>
+
+    include if exists <local/startlxqt_systemctl>
+  }
+
+  profile dbus {
+    include <abstractions/base>
+
+    @{bin}/dbus-update-activation-environment mr,
+
+    owner @{HOME}/.xsession-errors w,
+
+    include if exists <local/startlxqt_dbus>
+  }
+}
+
+# vim:syntax=apparmor

From 5164b2b78af90c5e4a1665180eb5cccc276c9ed2 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Tue, 22 Oct 2024 20:36:58 +0200
Subject: [PATCH 06/53] Create startlxqt

---
 apparmor.d/groups/lxqt/startlxqt | 86 ++++++++++++++++++++++++++++++++
 1 file changed, 86 insertions(+)
 create mode 100644 apparmor.d/groups/lxqt/startlxqt

diff --git a/apparmor.d/groups/lxqt/startlxqt b/apparmor.d/groups/lxqt/startlxqt
new file mode 100644
index 000000000..e04047143
--- /dev/null
+++ b/apparmor.d/groups/lxqt/startlxqt
@@ -0,0 +1,86 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2024 Besanon  <m231009ts@mailfence.com>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_pathstlx} = @{bin}/startlxqt
+profile startlxqt @{exec_pathstlx} {
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/freedesktop.org>
+  include <abstractions/fontconfig-cache-read>
+  include <abstractions/lxqt>
+  include <abstractions/X-strict>
+
+  signal (receive) set=(term) peer=sddm,
+
+  @{exec_pathstlx} mr,
+
+  @{bin}/xrdb               rPx,
+  @{bin}/xsetroot           rPx,
+  @{bin}/xprop              rpx,
+  @{bin}/mkdir              rix,
+  @{sh_path}                rix,
+  @{bin}/lxqt-session       rPx,
+
+  @{bin}/systemctl  rCx -> systemctl,
+  @{bin}/dbus-update-activation-environment  rCx -> dbus,
+
+  /usr/share/color-schemes/{,**} r,
+  /usr/share/desktop-directories/{,**} r,
+  /usr/share/kservices5/{,**} r,
+  /usr/share/mime/{,**} r,
+
+  /etc/locale.alias r,
+  /etc/machine-id r,
+  /etc/xdg/menus/{,**} r,
+
+  @{HOME}/ r,
+  owner @{HOME}/.Xauthority r,
+
+  owner @{user_cache_dirs}/ rw,
+  owner @{user_cache_dirs}/#@{int} rw,
+        @{user_cache_dirs}/ksycoca5_* rwkl -> @{user_cache_dirs}/#@{int},
+
+  owner @{user_config_dirs}/#@{int} rw,
+  owner @{user_config_dirs}/lxqt/ rw,
+  owner @{user_config_dirs}/menus/{,**} r,
+
+  owner @{user_share_dirs}/kservices5/{,**} r,
+  owner @{user_share_dirs}/sddm/wayland-session.log rw,
+  owner @{user_share_dirs}/sddm/xorg-session.log rw,
+
+  owner /tmp/#@{int} rw,
+  owner /tmp/startlxqt.@{rand6} rwl -> /tmp/#@{int},
+
+  owner @{run}/user/@{uid}/ r,
+
+        @{PROC}/sys/kernel/core_pattern r,
+  owner @{PROC}/@{pid}/maps r,
+
+  /dev/tty rw,
+  /dev/tty@{int} rw,
+
+  profile systemctl flags=(attach_disconnected) {
+    include <abstractions/base>
+    include <abstractions/app/systemctl>
+
+    include if exists <local/startlxqt_systemctl>
+  }
+
+  profile dbus {
+    include <abstractions/base>
+
+    @{bin}/dbus-update-activation-environment mr,
+
+    owner @{HOME}/.xsession-errors w,
+
+    include if exists <local/startlxqt_dbus>
+  }
+}
+
+# vim:syntax=apparmor

From b5aa129eab4b733cc24b7479d064e926ab18e5ed Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Tue, 22 Oct 2024 21:37:03 +0200
Subject: [PATCH 07/53] fixing startlxqt

I use sddm as display manager

I cant remove the other file - only use graphical env., sorry

After startlxqt i would add  2 lines to sddm to enable the start of LXQT desktop
---
 apparmor.d/groups/lxqt/startlxqt | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/apparmor.d/groups/lxqt/startlxqt b/apparmor.d/groups/lxqt/startlxqt
index e04047143..2ac94f990 100644
--- a/apparmor.d/groups/lxqt/startlxqt
+++ b/apparmor.d/groups/lxqt/startlxqt
@@ -7,18 +7,16 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-@{exec_pathstlx} = @{bin}/startlxqt
-profile startlxqt @{exec_pathstlx} {
+@{exec_path} = @{bin}/startlxqt
+profile startlxqt @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>
-  include <abstractions/freedesktop.org>
   include <abstractions/fontconfig-cache-read>
   include <abstractions/lxqt>
-  include <abstractions/X-strict>
 
   signal (receive) set=(term) peer=sddm,
 
-  @{exec_pathstlx} mr,
+  @{exec_path} mr,
 
   @{bin}/xrdb               rPx,
   @{bin}/xsetroot           rPx,
@@ -35,14 +33,11 @@ profile startlxqt @{exec_pathstlx} {
   /usr/share/kservices5/{,**} r,
   /usr/share/mime/{,**} r,
 
-  /etc/locale.alias r,
   /etc/machine-id r,
   /etc/xdg/menus/{,**} r,
 
   @{HOME}/ r,
-  owner @{HOME}/.Xauthority r,
 
-  owner @{user_cache_dirs}/ rw,
   owner @{user_cache_dirs}/#@{int} rw,
         @{user_cache_dirs}/ksycoca5_* rwkl -> @{user_cache_dirs}/#@{int},
 
@@ -59,12 +54,13 @@ profile startlxqt @{exec_pathstlx} {
 
   owner @{run}/user/@{uid}/ r,
 
-        @{PROC}/sys/kernel/core_pattern r,
   owner @{PROC}/@{pid}/maps r,
 
   /dev/tty rw,
   /dev/tty@{int} rw,
 
+ include if exists <local/startlxqt>
+
   profile systemctl flags=(attach_disconnected) {
     include <abstractions/base>
     include <abstractions/app/systemctl>

From e81dc05074b08b5aaa8fd18355bb895c5d8f5b5a Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Tue, 22 Oct 2024 23:02:24 +0200
Subject: [PATCH 08/53] Delete apparmor.d/profiles-s-z/startlxqt

---
 apparmor.d/profiles-s-z/startlxqt | 84 -------------------------------
 1 file changed, 84 deletions(-)
 delete mode 100644 apparmor.d/profiles-s-z/startlxqt

diff --git a/apparmor.d/profiles-s-z/startlxqt b/apparmor.d/profiles-s-z/startlxqt
deleted file mode 100644
index d56b77f62..000000000
--- a/apparmor.d/profiles-s-z/startlxqt
+++ /dev/null
@@ -1,84 +0,0 @@
-# apparmor.d - Full set of apparmor profiles
-# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
-# Copyright (C) 2024 Besanon <m231009ts@mailfence.com>
-# SPDX-License-Identifier: GPL-2.0-only
-
-abi <abi/4.0>,
-
-include <tunables/global>
-
-@{exec_path} = @{bin}/startlxqt
-profile startlxqt @{exec_path} {
-  include <abstractions/base>
-  include <abstractions/consoles>
-  include <abstractions/freedesktop.org>
-  include <abstractions/fontconfig-cache-read>
-  include <abstractions/lxqt>
-  include <abstractions/X-strict>
-
-  signal (receive) set=(term) peer=sddm,
-
-  @{exec_path} mr,
-
-  @{bin}/xrdb               rPx,
-  @{bin}/xsetroot           rPx,
-  @{bin}/xprop              rpx,
-  @{bin}/mkdir              rix,
-  @{sh_path}                rix,
-  @{bin}/lxqt-session       rPx,
-
-  @{bin}/systemctl                           rCx -> systemctl,
-  @{bin}/dbus-update-activation-environment  rCx -> dbus,
-
-  /usr/share/color-schemes/{,**} r,
-  /usr/share/desktop-directories/{,**} r,
-  /usr/share/kservices5/{,**} r,
-  /usr/share/mime/{,**} r,
-  /etc/locale.alias r,
-  /etc/machine-id r,
-  /etc/xdg/menus/{,**} r,
-
-  @{HOME}/ r,
-  owner @{HOME}/.Xauthority r,
-
-  owner @{user_cache_dirs}/ rw,
-  owner @{user_cache_dirs}/#@{int} rw,
-        @{user_cache_dirs}/ksycoca5_* rwkl -> @{user_cache_dirs}/#@{int},
-
-  owner @{user_config_dirs}/lxqt/ rw,
-  owner @{user_config_dirs}/menus/{,**} r,
-
-  owner @{user_share_dirs}/kservices5/{,**} r,
-  owner @{user_share_dirs}/sddm/wayland-session.log rw,
-  owner @{user_share_dirs}/sddm/xorg-session.log rw,
-
-  owner /tmp/#@{int} rw,
-  owner /tmp/startlxqt.@{rand6} rwl -> /tmp/#@{int},
-
-  owner @{run}/user/@{uid}/ r,
-
-        @{PROC}/sys/kernel/core_pattern r,
-  owner @{PROC}/@{pid}/maps r,
-
-  /dev/tty rw,
-  /dev/tty@{int} rw,
-
-  profile systemctl flags=(attach_disconnected) {
-    include <abstractions/base>
-    include <abstractions/app/systemctl>
-
-    include if exists <local/startlxqt_systemctl>
-  }
-
-  profile dbus {
-    include <abstractions/base>
-
-    @{bin}/dbus-update-activation-environment mr,
-
-    owner @{HOME}/.xsession-errors w,
-
-    include if exists <local/startlxqt_dbus>
-  }
-}
-
-# vim:syntax=apparmor

From 67fcca54e362cb0a76a6d3310456efd9f0853bf0 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Wed, 23 Oct 2024 12:15:58 +0200
Subject: [PATCH 09/53] indented by 2 spaces (like other entries)

---
 apparmor.d/groups/lxqt/startlxqt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apparmor.d/groups/lxqt/startlxqt b/apparmor.d/groups/lxqt/startlxqt
index 2ac94f990..06967e694 100644
--- a/apparmor.d/groups/lxqt/startlxqt
+++ b/apparmor.d/groups/lxqt/startlxqt
@@ -59,7 +59,7 @@ profile startlxqt @{exec_path} {
   /dev/tty rw,
   /dev/tty@{int} rw,
 
- include if exists <local/startlxqt>
+  include if exists <local/startlxqt>
 
   profile systemctl flags=(attach_disconnected) {
     include <abstractions/base>

From c47e048f4a149c8aa04bc43cd9b2c248440c8d5c Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Thu, 24 Oct 2024 08:26:20 +0200
Subject: [PATCH 10/53] Update sddm

Enable sddm to start an lxqt desktop session
---
 apparmor.d/groups/kde/sddm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm
index 5e024adfd..d8adff564 100644
--- a/apparmor.d/groups/kde/sddm
+++ b/apparmor.d/groups/kde/sddm
@@ -40,6 +40,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   ptrace (trace) peer=@{profile_name},
 
   signal (receive) set=(hup) peer=@{p_systemd},
+  signal (send) set=(kill, term) peer=lxqt-session,
   signal (send) set=(kill, term) peer=startplasma,
   signal (send) set=(kill, term) peer=xorg,
   signal (send) set=(kill, term) peer=xsetroot,
@@ -94,6 +95,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   @{bin}/kwalletd{5,6}        rPx,
   @{bin}/kwin_wayland         rPx,
   @{bin}/sddm-greeter{,-qt6}  rPx,
+  @{bin}/startlxqt            rPx,
   @{bin}/startplasma-wayland  rPx,
   @{bin}/startplasma-x11      rPx,
   @{bin}/sway                rPUx,

From d567cb85f9bda3194b6418295e24bd912b54bd42 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Thu, 24 Oct 2024 08:46:48 +0200
Subject: [PATCH 11/53] Create lxqt-session

lxqt-session to be started by startlxqt. Display manager: sddm
---
 apparmor.d/groups/lxqt/lxqt-session | 115 ++++++++++++++++++++++++++++
 1 file changed, 115 insertions(+)
 create mode 100644 apparmor.d/groups/lxqt/lxqt-session

diff --git a/apparmor.d/groups/lxqt/lxqt-session b/apparmor.d/groups/lxqt/lxqt-session
new file mode 100644
index 000000000..2a72835ec
--- /dev/null
+++ b/apparmor.d/groups/lxqt/lxqt-session
@@ -0,0 +1,115 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2024 Besanon  <m231009ts@mailfence.com>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/lxqt-session
+profile lxqt-session @{exec_path} flags=(attach_disconnected) {
+  include <abstractions/base>
+  include <abstractions/dbus-accessibility>
+  include <abstractions/lxqt>
+  include <abstractions/qt5-shader-cache>
+  include <abstractions/nameservice-strict>
+
+  signal (send),
+  signal (receive) set=(kill, term) peer=startlxqt,
+  signal (receive) set=(kill, term) peer=sddm,
+
+  ptrace (read),
+
+  network netlink raw,
+
+  @{exec_path} mr,
+
+  @{sh_path}                          rix,
+  @{bin}/sed                          rix,
+  @{bin}/readlink                     rix,
+  @{bin}/dirname                      rix,
+  @{bin}/system-config-printer-applet rPx,
+  @{bin}/lxqt-config-input            rPx,
+  @{bin}/lxqt-session-settings        rPx,
+  @{bin}/lxqt-globalkeysd             rPx,
+  @{bin}/lxqt-panel                   rPx,
+  @{bin}/lxqt-policykit-agent         rPx,
+  @{bin}/lxqt-runner                  rPx,
+  @{bin}/lxqt-notificationd           rPx,
+  @{bin}/lxqt-powermanagement         rPx,
+  @{bin}/lxqt-config                  rPx,
+  @{bin}/lxqt-leave                   rPx,
+  @{bin}/lxqt-about                   rPx,
+  @{bin}/lxqt-config-monitor          rPx,
+  @{bin}/dbus-update-activation-environment rCx -> dbus,
+  @{bin}/systemctl                    rCx -> systemctl,
+
+  @{bin}/pavucontrol                  rPx,
+  @{lib}/geoclue-2.0/demos/agent      rPx,
+  @{bin}/python3.@{int}               rPx,
+  @{lib}/python3.@{int}               rPx,
+  @{bin}/nm-connection-editor         rPx,
+  @{bin}/nm-applet                    rPx,
+  @{bin}/pcmanfm-qt                   rPx,
+  @{bin}/openbox                      rix,
+  @{bin}/dconf-editor                 rPx,
+  @{bin}/setxkbmap                    rix,
+  @{bin}/start-pulseaudio-x11         rPx,
+  @{bin}/xrdb                         rPx,
+  @{bin}/xdg-user-dirs-update         rPx,
+
+  /usr/share/                         r,
+  /usr/share/mime/                    r,
+  /usr/share/cursors/                 r,
+  /usr/share/backintime/common/*      r,
+  /usr/share/desktop-directories/*    r,
+  /usr/share/system-config-printer/*  r,
+
+  /etc/xdg/                           r,
+  /etc/xdg/autostart/                 r,
+  /etc/xdg/autostart/*.desktop        r,
+  /etc/xdg/menus/lxqt-*               r,
+  /etc/xdg/openbox/*                  r,
+  /etc/udev/udev.conf                 r,
+
+  owner @{HOME}/.local/share/         r,
+  owner @{HOME}/.config/              r,
+  owner @{HOME}/.config/autostart/    r,
+  owner @{HOME}/.config/autostart/*   rw,
+  owner @{user_cache_dirs}/openbox/   rw,
+  owner @{user_cache_dirs}/openbox/sessions/          rw,
+  owner @{user_cache_dirs}/openbox/openbox.log        rwk,
+  owner @{user_config_dirs}/mimeapps.list{,.@{rand6}} rw,
+  owner @{user_config_dirs}/dconf/user r,
+  owner @{user_config_dirs}/openbox/rc.xml            r,
+  owner @{user_share_dirs}/sddm/xorg-session.log      rw,
+
+  @{PROC}/                             r,
+  @{PROC}/uptime                       r,
+  @{PROC}/@{pid}/stat                  r,
+  owner @{PROC}/@{pid}/stat            r,
+
+  @{run}/systemd/inhibit/**            rw,
+
+  /dev/tty                             rw,
+
+  include if exists <local/lxqt-session>
+
+  profile systemctl {
+    include <abstractions/base>
+    include <abstractions/app/systemctl>
+
+    include if exists <local/lxqt-session_systemctl>
+
+  profile dbus {
+    include <abstractions/base>
+    include <abstractions/bus-session>
+
+    @{bin}/dbus-update-activation-environment mr,
+
+    include if exists <local/lxqt-session_dbus>
+  }
+}
+
+# vim:syntax=apparmor

From 2ae93044b868e8c1a65ce0e2adc36eabfbd2aab4 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Fri, 25 Oct 2024 07:49:08 +0200
Subject: [PATCH 12/53] Update lxqt-session

---
 apparmor.d/groups/lxqt/lxqt-session | 29 ++++++++++++-----------------
 1 file changed, 12 insertions(+), 17 deletions(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-session b/apparmor.d/groups/lxqt/lxqt-session
index 2a72835ec..1fcced9e5 100644
--- a/apparmor.d/groups/lxqt/lxqt-session
+++ b/apparmor.d/groups/lxqt/lxqt-session
@@ -10,17 +10,18 @@ include <tunables/global>
 @{exec_path} = @{bin}/lxqt-session
 profile lxqt-session @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
-  include <abstractions/dbus-accessibility>
+  include <abstractions/bus-accessibility>
+  include <abstractions/dconf>
   include <abstractions/lxqt>
   include <abstractions/qt5-shader-cache>
   include <abstractions/nameservice-strict>
 
+  ptrace (read),
+
   signal (send),
   signal (receive) set=(kill, term) peer=startlxqt,
   signal (receive) set=(kill, term) peer=sddm,
 
-  ptrace (read),
-
   network netlink raw,
 
   @{exec_path} mr,
@@ -47,8 +48,6 @@ profile lxqt-session @{exec_path} flags=(attach_disconnected) {
 
   @{bin}/pavucontrol                  rPx,
   @{lib}/geoclue-2.0/demos/agent      rPx,
-  @{bin}/python3.@{int}               rPx,
-  @{lib}/python3.@{int}               rPx,
   @{bin}/nm-connection-editor         rPx,
   @{bin}/nm-applet                    rPx,
   @{bin}/pcmanfm-qt                   rPx,
@@ -73,35 +72,29 @@ profile lxqt-session @{exec_path} flags=(attach_disconnected) {
   /etc/xdg/openbox/*                  r,
   /etc/udev/udev.conf                 r,
 
-  owner @{HOME}/.local/share/         r,
-  owner @{HOME}/.config/              r,
-  owner @{HOME}/.config/autostart/    r,
-  owner @{HOME}/.config/autostart/*   rw,
+  owner @{user_config_dirs}/autostart/ r,
+  owner @{user_config_dirs}/autostart/*.desktop r,
   owner @{user_cache_dirs}/openbox/   rw,
   owner @{user_cache_dirs}/openbox/sessions/          rw,
   owner @{user_cache_dirs}/openbox/openbox.log        rwk,
   owner @{user_config_dirs}/mimeapps.list{,.@{rand6}} rw,
-  owner @{user_config_dirs}/dconf/user r,
   owner @{user_config_dirs}/openbox/rc.xml            r,
-  owner @{user_share_dirs}/sddm/xorg-session.log      rw,
+
+  @{att}/@{run}/systemd/inhibit/@{int}.ref rw,
 
   @{PROC}/                             r,
-  @{PROC}/uptime                       r,
+  @{PROC}/uptime                       r, 
   @{PROC}/@{pid}/stat                  r,
   owner @{PROC}/@{pid}/stat            r,
 
-  @{run}/systemd/inhibit/**            rw,
-
   /dev/tty                             rw,
 
-  include if exists <local/lxqt-session>
-
   profile systemctl {
     include <abstractions/base>
     include <abstractions/app/systemctl>
 
     include if exists <local/lxqt-session_systemctl>
-
+  }
   profile dbus {
     include <abstractions/base>
     include <abstractions/bus-session>
@@ -110,6 +103,8 @@ profile lxqt-session @{exec_path} flags=(attach_disconnected) {
 
     include if exists <local/lxqt-session_dbus>
   }
+
+  include if exists <local/lxqt-session>
 }
 
 # vim:syntax=apparmor

From 4c2db9baf05ec1061c626184060f4a74db16a58e Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Fri, 25 Oct 2024 08:07:08 +0200
Subject: [PATCH 13/53] Update lxqt-session

---
 apparmor.d/groups/lxqt/lxqt-session | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-session b/apparmor.d/groups/lxqt/lxqt-session
index 1fcced9e5..dc739ba8b 100644
--- a/apparmor.d/groups/lxqt/lxqt-session
+++ b/apparmor.d/groups/lxqt/lxqt-session
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} = @{bin}/lxqt-session
 profile lxqt-session @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/app-launcher-user>
   include <abstractions/bus-accessibility>
   include <abstractions/dconf>
   include <abstractions/lxqt>
@@ -31,18 +32,6 @@ profile lxqt-session @{exec_path} flags=(attach_disconnected) {
   @{bin}/readlink                     rix,
   @{bin}/dirname                      rix,
   @{bin}/system-config-printer-applet rPx,
-  @{bin}/lxqt-config-input            rPx,
-  @{bin}/lxqt-session-settings        rPx,
-  @{bin}/lxqt-globalkeysd             rPx,
-  @{bin}/lxqt-panel                   rPx,
-  @{bin}/lxqt-policykit-agent         rPx,
-  @{bin}/lxqt-runner                  rPx,
-  @{bin}/lxqt-notificationd           rPx,
-  @{bin}/lxqt-powermanagement         rPx,
-  @{bin}/lxqt-config                  rPx,
-  @{bin}/lxqt-leave                   rPx,
-  @{bin}/lxqt-about                   rPx,
-  @{bin}/lxqt-config-monitor          rPx,
   @{bin}/dbus-update-activation-environment rCx -> dbus,
   @{bin}/systemctl                    rCx -> systemctl,
 
@@ -50,7 +39,6 @@ profile lxqt-session @{exec_path} flags=(attach_disconnected) {
   @{lib}/geoclue-2.0/demos/agent      rPx,
   @{bin}/nm-connection-editor         rPx,
   @{bin}/nm-applet                    rPx,
-  @{bin}/pcmanfm-qt                   rPx,
   @{bin}/openbox                      rix,
   @{bin}/dconf-editor                 rPx,
   @{bin}/setxkbmap                    rix,

From 632f62b7035ac0d2ed493061b4c39d72f57ff18b Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Fri, 25 Oct 2024 08:14:19 +0200
Subject: [PATCH 14/53] removed trailing whitespace

---
 apparmor.d/groups/lxqt/lxqt-session | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-session b/apparmor.d/groups/lxqt/lxqt-session
index dc739ba8b..5bc8491b3 100644
--- a/apparmor.d/groups/lxqt/lxqt-session
+++ b/apparmor.d/groups/lxqt/lxqt-session
@@ -71,7 +71,7 @@ profile lxqt-session @{exec_path} flags=(attach_disconnected) {
   @{att}/@{run}/systemd/inhibit/@{int}.ref rw,
 
   @{PROC}/                             r,
-  @{PROC}/uptime                       r, 
+  @{PROC}/uptime                       r,
   @{PROC}/@{pid}/stat                  r,
   owner @{PROC}/@{pid}/stat            r,
 

From 6ca909210b335aafc2b8ac944316ef85ddd25ac1 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Fri, 25 Oct 2024 11:56:49 +0200
Subject: [PATCH 15/53] Update kscreen_backend_launcher to support lxqt desktop

is needed for several complaints:
DENIED  kscreen_backend_launcher open owner @{user_config_dirs}/lxqt/lxqt.conf comm=kscreen_backend requested_mask=r denied_mask=r
DENIED  kscreen_backend_launcher open /usr/share/lxqt/lxqt.conf comm=kscreen_backend requested_mask=r denied_mask=r
DENIED  kscreen_backend_launcher open owner @{user_config_dirs}/lxqt/session.conf comm=kscreen_backend requested_mask=r denied_mask=r
DENIED  kscreen_backend_launcher open /usr/share/lxqt/session.conf comm=kscreen_backend requested_mask=r denied_mask=r
---
 apparmor.d/groups/kde/kscreen_backend_launcher | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apparmor.d/groups/kde/kscreen_backend_launcher b/apparmor.d/groups/kde/kscreen_backend_launcher
index 5e09b0cbe..d4b547c7c 100644
--- a/apparmor.d/groups/kde/kscreen_backend_launcher
+++ b/apparmor.d/groups/kde/kscreen_backend_launcher
@@ -10,6 +10,7 @@ include <tunables/global>
 @{exec_path} += @{lib}/@{multiarch}/{,libexec/}kf{5,6}/kscreen_backend_launcher
 profile kscreen_backend_launcher @{exec_path} {
   include <abstractions/base>
+  include <abstractions/lxqt>
   include <abstractions/kde-strict>
 
   @{exec_path} mr,

From b2e0387fe74586be1b2e3b130bbbbac527558405 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Sun, 27 Oct 2024 23:15:22 +0100
Subject: [PATCH 16/53] Update lxqt-session

---
 apparmor.d/groups/lxqt/lxqt-session | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-session b/apparmor.d/groups/lxqt/lxqt-session
index 5bc8491b3..3a4a6cd61 100644
--- a/apparmor.d/groups/lxqt/lxqt-session
+++ b/apparmor.d/groups/lxqt/lxqt-session
@@ -17,13 +17,13 @@ profile lxqt-session @{exec_path} flags=(attach_disconnected) {
   include <abstractions/qt5-shader-cache>
   include <abstractions/nameservice-strict>
 
-  ptrace (read),
+  network netlink raw,
 
   signal (send),
   signal (receive) set=(kill, term) peer=startlxqt,
   signal (receive) set=(kill, term) peer=sddm,
 
-  network netlink raw,
+  ptrace (read),
 
   @{exec_path} mr,
 

From b8712e7e7528862a564c0e3a3ae9ecaf9ff76e66 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Mon, 28 Oct 2024 16:27:25 +0100
Subject: [PATCH 17/53] Create lxqt-panel

---
 apparmor.d/groups/lxqt/lxqt-panel | 86 +++++++++++++++++++++++++++++++
 1 file changed, 86 insertions(+)
 create mode 100644 apparmor.d/groups/lxqt/lxqt-panel

diff --git a/apparmor.d/groups/lxqt/lxqt-panel b/apparmor.d/groups/lxqt/lxqt-panel
new file mode 100644
index 000000000..8ed2bb720
--- /dev/null
+++ b/apparmor.d/groups/lxqt/lxqt-panel
@@ -0,0 +1,86 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2024 Besanon  <m231009ts@mailfence.com>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/lxqt-panel
+profile lxqt-panel @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/app-launcher-user>
+  include <abstractions/audio-client>
+  include <abstractions/dconf-write>
+  include <abstractions/lxqt>
+  include <abstractions/nameservice-strict>
+
+  network inet dgram,
+  network inet6 dgram,
+  network inet stream,
+  network inet6 stream,
+  network netlink raw,
+  network packet dgram,
+
+  @{exec_path} mr,
+
+  @{bin}/exo-open rix,
+  @{bin}/nm-applet rPx,
+  @{bin}/nm-connection-editor rPx,
+  @{bin}/xdg-open rPx,
+  @{bin}/ControlPanel rPx,
+
+  /usr/lib{,32,64}/lxqt-panel/*.so mr, # LXQT-Plugins
+  /usr/lib{,32,64}/lxqt-config/*.so mr, # LXQT-Plugins
+
+  /usr/share/lxqt/helpers/*.desktop r,
+  /usr/share/lxqt/panel/plugins/{,*.desktop} r,
+  /usr/share/desktop-directories/{,**} r,
+  /usr/share/X11/locale/locale.alias r,
+  /usr/share/lxqt/themes/{,**} r,
+
+  /etc/fstab r,
+  /etc/udev/udev.conf r,
+  /etc/machine-id r,
+  /etc/xdg/lxqt-qtxdg.conf r,
+  /etc/xdg/menus/**.menu r,
+  /etc/xdg/menus/applications-merged/ r,
+  /etc/xdg/ui/uistandards.rc r,
+
+  /var/lib/dbus/machine-id r,
+
+  owner @{HOME}/.config/menus/**.menu rw,
+  owner @{HOME}/.config/menus/applications-merged/ r,
+  owner @{HOME}/Desktop/** rw,
+  owner @{HOME}/Desktop/#@{int} rw,
+  owner @{HOME}/Desktop/*.desktop l -> @{HOME}/Desktop/#@{int},
+  owner @{HOME}/.local/share/desktop-directories/*.directory r,
+  owner @{HOME}/.local/share/gvfs-metadata/{,*} r,
+
+  owner @{user_config_dirs}/lxqt/#* rw,
+  owner @{user_config_dirs}/lxqt/panel.conf rw,
+  owner @{user_config_dirs}/lxqt/panel.conf.lock rwk,
+  owner @{user_config_dirs}/lxqt/panel.conf.@{rand6} rw,
+  owner @{user_config_dirs}/lxqt/panel.conf.@{rand6} l -> @{user_config_dirs}/lxqt/#*,
+  owner @{user_config_dirs}/pulse/{,**} rwk,
+  owner @{user_config_dirs}/ibus/bus/{,**} rw,
+
+  @{run}/udev/data/* r,
+
+  @{sys}/class/i2c-adapter/ r,
+  @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{cur,min,max}_freq r,
+
+  @{PROC}/@{pid}/fd/ r,
+  @{PROC}/@{pid}/net/dev r,
+  owner @{PROC}/@{pid}/mounts r,
+
+  /dev/tty rw,
+  /dev/tty@{int} rw,
+  /dev/pts/@{int} rw,
+  /dev/snd/controlC@{int} rw,
+
+  include if exists <local/lxqt-panel>
+}
+
+# vim:syntax=apparmor

From db1a170fcbc329173675a982fe113c62c6c0af73 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Mon, 28 Oct 2024 16:52:59 +0100
Subject: [PATCH 18/53] Update lxqt-panel

---
 apparmor.d/groups/lxqt/lxqt-panel | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-panel b/apparmor.d/groups/lxqt/lxqt-panel
index 8ed2bb720..2caf6b69b 100644
--- a/apparmor.d/groups/lxqt/lxqt-panel
+++ b/apparmor.d/groups/lxqt/lxqt-panel
@@ -50,9 +50,9 @@ profile lxqt-panel @{exec_path} {
 
   /var/lib/dbus/machine-id r,
 
-  owner @{HOME}/.config/menus/**.menu rw,
+  owner @{HOME}/.config/menus/*.menu rw,
   owner @{HOME}/.config/menus/applications-merged/ r,
-  owner @{HOME}/Desktop/** rw,
+  owner @{HOME}/Desktop/*.desktop rw,
   owner @{HOME}/Desktop/#@{int} rw,
   owner @{HOME}/Desktop/*.desktop l -> @{HOME}/Desktop/#@{int},
   owner @{HOME}/.local/share/desktop-directories/*.directory r,

From 6524dcc148ffa934b99961e117895eeaf55e8874 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Tue, 29 Oct 2024 12:47:38 +0100
Subject: [PATCH 19/53] Update lxqt-panel

---
 apparmor.d/groups/lxqt/lxqt-panel | 26 +++++++++++---------------
 1 file changed, 11 insertions(+), 15 deletions(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-panel b/apparmor.d/groups/lxqt/lxqt-panel
index 2caf6b69b..9bdd43228 100644
--- a/apparmor.d/groups/lxqt/lxqt-panel
+++ b/apparmor.d/groups/lxqt/lxqt-panel
@@ -13,6 +13,7 @@ profile lxqt-panel @{exec_path} {
   include <abstractions/app-launcher-user>
   include <abstractions/audio-client>
   include <abstractions/dconf-write>
+  include <abstractions/ibus>
   include <abstractions/lxqt>
   include <abstractions/nameservice-strict>
 
@@ -25,20 +26,16 @@ profile lxqt-panel @{exec_path} {
 
   @{exec_path} mr,
 
-  @{bin}/exo-open rix,
+  @{open_path} rix,
   @{bin}/nm-applet rPx,
   @{bin}/nm-connection-editor rPx,
-  @{bin}/xdg-open rPx,
   @{bin}/ControlPanel rPx,
 
-  /usr/lib{,32,64}/lxqt-panel/*.so mr, # LXQT-Plugins
-  /usr/lib{,32,64}/lxqt-config/*.so mr, # LXQT-Plugins
+  @{lib}/lxqt-panel/*.so mr, # LXQT-Plugins
+  @{lib}/lxqt-config/*.so mr, # LXQT-Plugins
 
-  /usr/share/lxqt/helpers/*.desktop r,
-  /usr/share/lxqt/panel/plugins/{,*.desktop} r,
   /usr/share/desktop-directories/{,**} r,
-  /usr/share/X11/locale/locale.alias r,
-  /usr/share/lxqt/themes/{,**} r,
+  /usr/share/lxqt/{,**} r,
 
   /etc/fstab r,
   /etc/udev/udev.conf r,
@@ -50,21 +47,20 @@ profile lxqt-panel @{exec_path} {
 
   /var/lib/dbus/machine-id r,
 
-  owner @{HOME}/.config/menus/*.menu rw,
-  owner @{HOME}/.config/menus/applications-merged/ r,
   owner @{HOME}/Desktop/*.desktop rw,
   owner @{HOME}/Desktop/#@{int} rw,
   owner @{HOME}/Desktop/*.desktop l -> @{HOME}/Desktop/#@{int},
-  owner @{HOME}/.local/share/desktop-directories/*.directory r,
-  owner @{HOME}/.local/share/gvfs-metadata/{,*} r,
 
-  owner @{user_config_dirs}/lxqt/#* rw,
+  owner @{user_config_dirs}/menus/*.menu rw,
+  owner @{user_config_dirs}/menus/applications-merged/ r,
+  owner @{user_config_dirs}/share/desktop-directories/*.directory r,
+  owner @{user_config_dirs}/share/gvfs-metadata/{,*} r,
+  owner @{user_config_dirs}/lxqt/#@{int} rw,
   owner @{user_config_dirs}/lxqt/panel.conf rw,
   owner @{user_config_dirs}/lxqt/panel.conf.lock rwk,
   owner @{user_config_dirs}/lxqt/panel.conf.@{rand6} rw,
-  owner @{user_config_dirs}/lxqt/panel.conf.@{rand6} l -> @{user_config_dirs}/lxqt/#*,
+  owner @{user_config_dirs}/lxqt/panel.conf.@{rand6} l -> @{user_config_dirs}/lxqt/#@{int},
   owner @{user_config_dirs}/pulse/{,**} rwk,
-  owner @{user_config_dirs}/ibus/bus/{,**} rw,
 
   @{run}/udev/data/* r,
 

From 2653354f62d817f5e9ee1a8bd76df92f12c06927 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Tue, 29 Oct 2024 13:12:59 +0100
Subject: [PATCH 20/53] Update lxqt-panel

---
 apparmor.d/groups/lxqt/lxqt-panel | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-panel b/apparmor.d/groups/lxqt/lxqt-panel
index 9bdd43228..51a3c0149 100644
--- a/apparmor.d/groups/lxqt/lxqt-panel
+++ b/apparmor.d/groups/lxqt/lxqt-panel
@@ -31,7 +31,7 @@ profile lxqt-panel @{exec_path} {
   @{bin}/nm-connection-editor rPx,
   @{bin}/ControlPanel rPx,
 
-  @{lib}/lxqt-panel/*.so mr, # LXQT-Plugins
+  @{lib}/lxqt-panel/*.so mr, #  LXQT-Plugins
   @{lib}/lxqt-config/*.so mr, # LXQT-Plugins
 
   /usr/share/desktop-directories/{,**} r,

From 0cfe954a9ebcd5aaae5e2a60718c8ca3434dc47c Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Tue, 29 Oct 2024 14:35:55 +0100
Subject: [PATCH 21/53] fix conflicting x

---
 apparmor.d/groups/lxqt/lxqt-panel | 1 -
 1 file changed, 1 deletion(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-panel b/apparmor.d/groups/lxqt/lxqt-panel
index 51a3c0149..536b1351f 100644
--- a/apparmor.d/groups/lxqt/lxqt-panel
+++ b/apparmor.d/groups/lxqt/lxqt-panel
@@ -26,7 +26,6 @@ profile lxqt-panel @{exec_path} {
 
   @{exec_path} mr,
 
-  @{open_path} rix,
   @{bin}/nm-applet rPx,
   @{bin}/nm-connection-editor rPx,
   @{bin}/ControlPanel rPx,

From 0aafd35dec80f436ad6900271a01f195e633796f Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Fri, 1 Nov 2024 15:06:25 +0100
Subject: [PATCH 22/53] Update lxqt-panel

add child-open
---
 apparmor.d/groups/lxqt/lxqt-panel | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apparmor.d/groups/lxqt/lxqt-panel b/apparmor.d/groups/lxqt/lxqt-panel
index 536b1351f..618ff479c 100644
--- a/apparmor.d/groups/lxqt/lxqt-panel
+++ b/apparmor.d/groups/lxqt/lxqt-panel
@@ -26,6 +26,7 @@ profile lxqt-panel @{exec_path} {
 
   @{exec_path} mr,
 
+  @{open_path} rPx -> child-open,
   @{bin}/nm-applet rPx,
   @{bin}/nm-connection-editor rPx,
   @{bin}/ControlPanel rPx,

From 26b1b3290f9bd23651fb89fa7e69ca8aff4964c8 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Fri, 1 Nov 2024 15:13:24 +0100
Subject: [PATCH 23/53] remove  include <abstractions/app-launcher-user>

you think its too permissive to have app-launcher-user here, right?
---
 apparmor.d/groups/lxqt/lxqt-panel | 1 -
 1 file changed, 1 deletion(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-panel b/apparmor.d/groups/lxqt/lxqt-panel
index 618ff479c..f2a5878c8 100644
--- a/apparmor.d/groups/lxqt/lxqt-panel
+++ b/apparmor.d/groups/lxqt/lxqt-panel
@@ -10,7 +10,6 @@ include <tunables/global>
 @{exec_path} = @{bin}/lxqt-panel
 profile lxqt-panel @{exec_path} {
   include <abstractions/base>
-  include <abstractions/app-launcher-user>
   include <abstractions/audio-client>
   include <abstractions/dconf-write>
   include <abstractions/ibus>

From 9791b68bd7be457cea53912825d8db80a3065efe Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Fri, 1 Nov 2024 20:05:09 +0100
Subject: [PATCH 24/53] Update lxqt-panel

add needed programs
---
 apparmor.d/groups/lxqt/lxqt-panel | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-panel b/apparmor.d/groups/lxqt/lxqt-panel
index f2a5878c8..c7960653c 100644
--- a/apparmor.d/groups/lxqt/lxqt-panel
+++ b/apparmor.d/groups/lxqt/lxqt-panel
@@ -26,9 +26,11 @@ profile lxqt-panel @{exec_path} {
   @{exec_path} mr,
 
   @{open_path} rPx -> child-open,
+  @{bin}/ControlPanel rPx,
+  @{bin}/lxqt-leave rPx,
   @{bin}/nm-applet rPx,
   @{bin}/nm-connection-editor rPx,
-  @{bin}/ControlPanel rPx,
+  @{bin}/pulseaudio rPx,
 
   @{lib}/lxqt-panel/*.so mr, #  LXQT-Plugins
   @{lib}/lxqt-config/*.so mr, # LXQT-Plugins

From 38e88cef14c602b0df78d6097d4615ee62b8428e Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Fri, 1 Nov 2024 22:20:05 +0100
Subject: [PATCH 25/53] Update lxqt-panel

turning back to layout of corresponding xfce file.
---
 apparmor.d/groups/lxqt/lxqt-panel | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-panel b/apparmor.d/groups/lxqt/lxqt-panel
index c7960653c..650a7e402 100644
--- a/apparmor.d/groups/lxqt/lxqt-panel
+++ b/apparmor.d/groups/lxqt/lxqt-panel
@@ -12,7 +12,6 @@ profile lxqt-panel @{exec_path} {
   include <abstractions/base>
   include <abstractions/audio-client>
   include <abstractions/dconf-write>
-  include <abstractions/ibus>
   include <abstractions/lxqt>
   include <abstractions/nameservice-strict>
 
@@ -25,12 +24,13 @@ profile lxqt-panel @{exec_path} {
 
   @{exec_path} mr,
 
-  @{open_path} rPx -> child-open,
-  @{bin}/ControlPanel rPx,
-  @{bin}/lxqt-leave rPx,
+  @{bin}/exo-open rix,
+  @{lib}/gio-launch-desktop  rix,
   @{bin}/nm-applet rPx,
   @{bin}/nm-connection-editor rPx,
-  @{bin}/pulseaudio rPx,
+  @{bin}/ControlPanel rPx,
+
+  @{bin}/sudo rCx -> root,
 
   @{lib}/lxqt-panel/*.so mr, #  LXQT-Plugins
   @{lib}/lxqt-config/*.so mr, # LXQT-Plugins
@@ -77,6 +77,15 @@ profile lxqt-panel @{exec_path} {
   /dev/pts/@{int} rw,
   /dev/snd/controlC@{int} rw,
 
+  profile root {
+    include <abstractions/base>
+    include <abstractions/app/sudo>
+
+    @{bin}/lsblk rPx,
+
+    include if exists <local/lxqt-panel_root>
+  }
+
   include if exists <local/lxqt-panel>
 }
 

From d5552d2f94c3482e1b7fec192c681be009129942 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Mon, 4 Nov 2024 11:55:57 +0100
Subject: [PATCH 26/53] Create lxqt-globalkeysd

---
 apparmor.d/groups/lxqt/lxqt-globalkeysd | 42 +++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 apparmor.d/groups/lxqt/lxqt-globalkeysd

diff --git a/apparmor.d/groups/lxqt/lxqt-globalkeysd b/apparmor.d/groups/lxqt/lxqt-globalkeysd
new file mode 100644
index 000000000..2f440b902
--- /dev/null
+++ b/apparmor.d/groups/lxqt/lxqt-globalkeysd
@@ -0,0 +1,42 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2024 Besanon  <m231009ts@mailfence.com>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/lxqt-globalkeysd
+profile lxqt-globalkeysd @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/bus-accessibility>
+  include <abstractions/video>
+  include <abstractions/lxqt>
+  include <abstractions/nameservice-strict>
+  include <abstractions/qt5-shader-cache>
+  include <abstractions/gvfs-open>
+
+  @{exec_path} mr,
+
+  @{bin}/screengrab rpx,
+  @{bin}/lxqt-config-brightness rpx,
+
+  /usr/share/lxqt/globalkeyshortcuts.conf rw,
+
+  /var/lib/dbus/machine-id r,
+
+  owner @{user_config_dirs}/lxqt/ r,
+  owner @{user_config_dirs}/lxqt/globalkeyshortcuts.conf.lock wrk,
+  owner @{user_config_dirs}/lxqt/#@{int} wr,
+  owner @{user_config_dirs}/lxqt/globalkeyshortcuts.conf.@{rand6} rw,
+  owner @{user_config_dirs}/lxqt/globalkeyshortcuts.conf.@{rand6} l -> @{user_config_dirs}/lxqt/#@{int},
+
+  owner /tmp/@{int} r,
+
+  /dev/tty rw,
+
+  include if exists <local/lxqt-globalkeysd>
+}
+
+# vim:syntax=apparmor

From 35fa0a23a684ea30611798ed5c28e502a65a6c18 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Mon, 4 Nov 2024 11:58:11 +0100
Subject: [PATCH 27/53] Create lxqt-about

---
 apparmor.d/groups/lxqt/lxqt-about | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 apparmor.d/groups/lxqt/lxqt-about

diff --git a/apparmor.d/groups/lxqt/lxqt-about b/apparmor.d/groups/lxqt/lxqt-about
new file mode 100644
index 000000000..e8fcde1d0
--- /dev/null
+++ b/apparmor.d/groups/lxqt/lxqt-about
@@ -0,0 +1,30 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2024 Besanon  <m231009ts@mailfence.com>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/lxqt-about
+profile lxqt-about @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/lxqt>
+  include <abstractions/video>
+
+  @{exec_path} mr,
+
+  /usr/share/icons/{,**} r,
+  /usr/share/desktop-directories/{,**} r,
+
+  /etc/xdg/menus/lxqt-applications.menu r,
+
+  owner /tmp/@{int} r,
+
+  /dev/tty rw,
+
+  include if exists <local/lxqt-about>
+}
+
+# vim:syntax=apparmor

From a7da4672ae33a9f26229711b77df81cfedca5b73 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Mon, 4 Nov 2024 11:59:35 +0100
Subject: [PATCH 28/53] Create lxqt-leave

---
 apparmor.d/groups/lxqt/lxqt-leave | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 apparmor.d/groups/lxqt/lxqt-leave

diff --git a/apparmor.d/groups/lxqt/lxqt-leave b/apparmor.d/groups/lxqt/lxqt-leave
new file mode 100644
index 000000000..74aa39f7c
--- /dev/null
+++ b/apparmor.d/groups/lxqt/lxqt-leave
@@ -0,0 +1,25 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2024 Besanon  <m231009ts@mailfence.com>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/lxqt-leave
+profile lxqt-leave @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/graphics>
+  include <abstractions/lxqt>
+
+  @{exec_pathlx21} mr,
+
+  owner /tmp/@{int} r,
+
+  /dev/tty rw,
+
+  include if exists <local/lxqt-leave>
+}
+
+# vim:syntax=apparmor

From 554301bee8540498ce17224ca0e8007051155faa Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Mon, 4 Nov 2024 12:02:12 +0100
Subject: [PATCH 29/53] Create lxqt-runner

---
 apparmor.d/groups/lxqt/lxqt-runner | 36 ++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 apparmor.d/groups/lxqt/lxqt-runner

diff --git a/apparmor.d/groups/lxqt/lxqt-runner b/apparmor.d/groups/lxqt/lxqt-runner
new file mode 100644
index 000000000..81383e968
--- /dev/null
+++ b/apparmor.d/groups/lxqt/lxqt-runner
@@ -0,0 +1,36 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2024 Besanon  <m231009ts@mailfence.com>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/lxqt-runner
+profile lxqt-runner @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/video>
+  include <abstractions/lxqt>
+
+  @{exec_pathlx27} mr,
+
+  /usr/share/icons/ r,
+  /usr/share/icons/{,**} r,
+  /usr/share/desktop-directories/ r,
+  /usr/share/desktop-directories/{,**} r,
+
+  /etc/xdg/menus/lxqt-applications.menu r,
+
+  owner @{user_config_dirs}/lxqt/lxqt-runner.conf.lock rwk,
+  owner @{user_config_dirs}/lxqt/#@{int} rw,
+  owner @{user_config_dirs}/lxqt/lxqt-runner.conf.@{rand6} rwkl  -> @{user_config_dirs}/lxqt/#@{int},
+
+  owner /tmp/@{int} r,
+
+  /dev/tty rw,
+
+  include if exists <local/lxqt-runner>
+}
+
+# vim:syntax=apparmor

From 7433e7ba795101032a22c93a672a3804b60157f3 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Mon, 4 Nov 2024 12:16:27 +0100
Subject: [PATCH 30/53] Update lxqt-leave

---
 apparmor.d/groups/lxqt/lxqt-leave | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-leave b/apparmor.d/groups/lxqt/lxqt-leave
index 74aa39f7c..aac8953cc 100644
--- a/apparmor.d/groups/lxqt/lxqt-leave
+++ b/apparmor.d/groups/lxqt/lxqt-leave
@@ -13,7 +13,7 @@ profile lxqt-leave @{exec_path} {
   include <abstractions/graphics>
   include <abstractions/lxqt>
 
-  @{exec_pathlx21} mr,
+  @{exec_path} mr,
 
   owner /tmp/@{int} r,
 

From 3ede7913a6bcd0dcd4cc51f8967ef261ead82515 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Mon, 4 Nov 2024 12:16:45 +0100
Subject: [PATCH 31/53] Update lxqt-runner

---
 apparmor.d/groups/lxqt/lxqt-runner | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-runner b/apparmor.d/groups/lxqt/lxqt-runner
index 81383e968..173217539 100644
--- a/apparmor.d/groups/lxqt/lxqt-runner
+++ b/apparmor.d/groups/lxqt/lxqt-runner
@@ -13,7 +13,7 @@ profile lxqt-runner @{exec_path} {
   include <abstractions/video>
   include <abstractions/lxqt>
 
-  @{exec_pathlx27} mr,
+  @{exec_path} mr,
 
   /usr/share/icons/ r,
   /usr/share/icons/{,**} r,

From de38a3b40bc9619cc98ccbf6cd6c362c6a935b18 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Mon, 4 Nov 2024 17:38:19 +0100
Subject: [PATCH 32/53] Update lxqt-globalkeysd

---
 apparmor.d/groups/lxqt/lxqt-globalkeysd | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-globalkeysd b/apparmor.d/groups/lxqt/lxqt-globalkeysd
index 2f440b902..8b3e19442 100644
--- a/apparmor.d/groups/lxqt/lxqt-globalkeysd
+++ b/apparmor.d/groups/lxqt/lxqt-globalkeysd
@@ -15,12 +15,12 @@ profile lxqt-globalkeysd @{exec_path} {
   include <abstractions/lxqt>
   include <abstractions/nameservice-strict>
   include <abstractions/qt5-shader-cache>
-  include <abstractions/gvfs-open>
 
   @{exec_path} mr,
 
-  @{bin}/screengrab rpx,
-  @{bin}/lxqt-config-brightness rpx,
+  @{open_path} rPx -> child-open-help,
+  @{bin}/screengrab rPx,
+  @{bin}/lxqt-config-brightness rPx,
 
   /usr/share/lxqt/globalkeyshortcuts.conf rw,
 

From 919d8a25c7ea70c571ecd4ad701940ac715c3009 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Mon, 4 Nov 2024 18:10:24 +0100
Subject: [PATCH 33/53] remove video in lxqt-about

---
 apparmor.d/groups/lxqt/lxqt-about | 1 -
 1 file changed, 1 deletion(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-about b/apparmor.d/groups/lxqt/lxqt-about
index e8fcde1d0..96743910d 100644
--- a/apparmor.d/groups/lxqt/lxqt-about
+++ b/apparmor.d/groups/lxqt/lxqt-about
@@ -11,7 +11,6 @@ include <tunables/global>
 profile lxqt-about @{exec_path} {
   include <abstractions/base>
   include <abstractions/lxqt>
-  include <abstractions/video>
 
   @{exec_path} mr,
 

From e278ea54f7d4fecbe6bf5ba0871cb01147b81db9 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Mon, 4 Nov 2024 18:10:51 +0100
Subject: [PATCH 34/53] Update lxqt-about

---
 apparmor.d/groups/lxqt/lxqt-about | 1 -
 1 file changed, 1 deletion(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-about b/apparmor.d/groups/lxqt/lxqt-about
index 96743910d..8f5830453 100644
--- a/apparmor.d/groups/lxqt/lxqt-about
+++ b/apparmor.d/groups/lxqt/lxqt-about
@@ -14,7 +14,6 @@ profile lxqt-about @{exec_path} {
 
   @{exec_path} mr,
 
-  /usr/share/icons/{,**} r,
   /usr/share/desktop-directories/{,**} r,
 
   /etc/xdg/menus/lxqt-applications.menu r,

From 66b19bf48d1fd183aeb5541a8f3eb1b84b7eddca Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Sun, 10 Nov 2024 08:10:48 +0100
Subject: [PATCH 35/53] Update lxqt-runner

---
 apparmor.d/groups/lxqt/lxqt-runner | 1 -
 1 file changed, 1 deletion(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-runner b/apparmor.d/groups/lxqt/lxqt-runner
index 173217539..272c8e730 100644
--- a/apparmor.d/groups/lxqt/lxqt-runner
+++ b/apparmor.d/groups/lxqt/lxqt-runner
@@ -16,7 +16,6 @@ profile lxqt-runner @{exec_path} {
   @{exec_path} mr,
 
   /usr/share/icons/ r,
-  /usr/share/icons/{,**} r,
   /usr/share/desktop-directories/ r,
   /usr/share/desktop-directories/{,**} r,
 

From 7e85bd5cba0536359dc7908559ff0bbe7207be4b Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Sun, 10 Nov 2024 08:22:16 +0100
Subject: [PATCH 36/53] remove abstr. in lxqt-globalkeysd

---
 apparmor.d/groups/lxqt/lxqt-globalkeysd | 2 --
 1 file changed, 2 deletions(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-globalkeysd b/apparmor.d/groups/lxqt/lxqt-globalkeysd
index 8b3e19442..8729b1abb 100644
--- a/apparmor.d/groups/lxqt/lxqt-globalkeysd
+++ b/apparmor.d/groups/lxqt/lxqt-globalkeysd
@@ -11,10 +11,8 @@ include <tunables/global>
 profile lxqt-globalkeysd @{exec_path} {
   include <abstractions/base>
   include <abstractions/bus-accessibility>
-  include <abstractions/video>
   include <abstractions/lxqt>
   include <abstractions/nameservice-strict>
-  include <abstractions/qt5-shader-cache>
 
   @{exec_path} mr,
 

From bbabc65d27edf686f571b6c2f3c1943ff00e49b4 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Sun, 10 Nov 2024 08:22:54 +0100
Subject: [PATCH 37/53] remove abstr. in lxqt-runner

---
 apparmor.d/groups/lxqt/lxqt-runner | 1 -
 1 file changed, 1 deletion(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-runner b/apparmor.d/groups/lxqt/lxqt-runner
index 272c8e730..9477c1bda 100644
--- a/apparmor.d/groups/lxqt/lxqt-runner
+++ b/apparmor.d/groups/lxqt/lxqt-runner
@@ -10,7 +10,6 @@ include <tunables/global>
 @{exec_path} = @{bin}/lxqt-runner
 profile lxqt-runner @{exec_path} {
   include <abstractions/base>
-  include <abstractions/video>
   include <abstractions/lxqt>
 
   @{exec_path} mr,

From 9452b4fefd89f45a0464fd4a02b8005eddf99519 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Sun, 10 Nov 2024 08:24:55 +0100
Subject: [PATCH 38/53] remove abstr. in lxqt-leave

---
 apparmor.d/groups/lxqt/lxqt-leave | 1 -
 1 file changed, 1 deletion(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-leave b/apparmor.d/groups/lxqt/lxqt-leave
index aac8953cc..e76d81f54 100644
--- a/apparmor.d/groups/lxqt/lxqt-leave
+++ b/apparmor.d/groups/lxqt/lxqt-leave
@@ -10,7 +10,6 @@ include <tunables/global>
 @{exec_path} = @{bin}/lxqt-leave
 profile lxqt-leave @{exec_path} {
   include <abstractions/base>
-  include <abstractions/graphics>
   include <abstractions/lxqt>
 
   @{exec_path} mr,

From 3abe61d0073edf2b05532090689325c4710ade85 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Sat, 23 Nov 2024 20:57:59 +0100
Subject: [PATCH 39/53] Create lxqt-config-notificationd

---
 .../groups/lxqt/lxqt-config-notificationd     | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 apparmor.d/groups/lxqt/lxqt-config-notificationd

diff --git a/apparmor.d/groups/lxqt/lxqt-config-notificationd b/apparmor.d/groups/lxqt/lxqt-config-notificationd
new file mode 100644
index 000000000..63b2eb673
--- /dev/null
+++ b/apparmor.d/groups/lxqt/lxqt-config-notificationd
@@ -0,0 +1,34 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2024 Besanon  <m231009ts@mailfence.com>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/lxqt-config-notificationd
+profile lxqt-config-notificationd @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/lxqt>
+  include <abstractions/nameservice-strict>
+
+  @{exec_path} mr,
+
+  /etc/machine-id r,
+
+  /var/lib/dbus/machine-id r,
+
+  owner @{user_config_dirs}/lxqt/#@{int} rw,
+  owner @{user_config_dirs}/lxqt/notifications.conf.lock  rwk,
+  owner @{user_config_dirs}/lxqt/notifications.conf.@{rand6} rw,
+  owner @{user_config_dirs}/lxqt/notifications.conf.@{rand6} l -> @{user_config_dirs}/lxqt/#@{int},
+
+  owner /tmp/#@{int} r,
+
+  /dev/tty rw,
+
+  include if exists <local/lxqt-config-notificationd>
+}
+
+# vim:syntax=apparmor

From 08a2987d358cacbbdf8197ff18ec8cad91d6aec4 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Sat, 23 Nov 2024 21:03:16 +0100
Subject: [PATCH 40/53] Create lxqt-config-locale

---
 apparmor.d/groups/lxqt/lxqt-config-locale | 40 +++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 apparmor.d/groups/lxqt/lxqt-config-locale

diff --git a/apparmor.d/groups/lxqt/lxqt-config-locale b/apparmor.d/groups/lxqt/lxqt-config-locale
new file mode 100644
index 000000000..c7c868c18
--- /dev/null
+++ b/apparmor.d/groups/lxqt/lxqt-config-locale
@@ -0,0 +1,40 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2024 Besanon  <m231009ts@mailfence.com>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/lxqt-config-locale
+profile lxqt-config-locale @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/lxqt>
+  include <abstractions/nameservice-strict>
+
+  @{exec_path} mr,
+
+  /etc/machine-id r,
+
+  owner @{user_config_dirs}/lxqt/* r,
+  owner @{user_config_dirs}/lxqt/#@{int} rw,
+  owner @{user_config_dirs}/lxqt/lxqt-config.conf.lock rwk,
+  owner @{user_config_dirs}/lxqt/lxqt-config.conf.@{rand6} rw,
+  owner @{user_config_dirs}/lxqt/lxqt-config.conf.@{rand6} l -> @{user_config_dirs}/lxqt/#@{int},
+  owner @{user_config_dirs}/lxqt/lxqt-config-locale.conf l -> @{user_config_dirs}/lxqt/#@{int},
+  owner @{user_config_dirs}/lxqt/lxqt-config-locale.conf.@{rand6} rw,
+  owner @{user_config_dirs}/lxqt/lxqt-config-locale.conf.@{rand6} l -> @{user_config_dirs}/lxqt/#@{int},
+  owner @{user_config_dirs}/lxqt/lxqt-config-locale.conf.lock rwk,
+  owner @{user_config_dirs}/lxqt/session.conf.lock rwk,
+  owner @{user_config_dirs}/lxqt/session.conf.@{rand6} rw,
+  owner @{user_config_dirs}/lxqt/session.conf.@{rand6} l -> @{user_config_dirs}/lxqt/#@{int},
+
+  owner /tmp/@{int} r,
+
+  /dev/tty rw,
+
+  include if exists <local/lxqt-config-locale>
+}
+
+# vim:syntax=apparmor

From 9d946327a440df90f129f34b179bbd35683fa5cd Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Sat, 23 Nov 2024 21:05:18 +0100
Subject: [PATCH 41/53] Create lxqt-config-printer

---
 apparmor.d/groups/lxqt/lxqt-config-printer | 24 ++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 apparmor.d/groups/lxqt/lxqt-config-printer

diff --git a/apparmor.d/groups/lxqt/lxqt-config-printer b/apparmor.d/groups/lxqt/lxqt-config-printer
new file mode 100644
index 000000000..d7a4c5da0
--- /dev/null
+++ b/apparmor.d/groups/lxqt/lxqt-config-printer
@@ -0,0 +1,24 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2024 Besanon  <m231009ts@mailfence.com>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/lxqt-config-printer
+profile lxqt-config-printer @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/lxqt>
+
+  @{exec_pathlx15} mr,
+
+  owner /tmp/@{int} r,
+
+  /dev/tty rw,
+
+  include if exists <local/lxqt-config-printer>
+}
+
+# vim:syntax=apparmor

From ee63c445f03628f3bf4cfb23f11712f26e715b75 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Sat, 23 Nov 2024 21:10:03 +0100
Subject: [PATCH 42/53] Create lxqt-config-file-associations

---
 .../groups/lxqt/lxqt-config-file-associations | 36 +++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 apparmor.d/groups/lxqt/lxqt-config-file-associations

diff --git a/apparmor.d/groups/lxqt/lxqt-config-file-associations b/apparmor.d/groups/lxqt/lxqt-config-file-associations
new file mode 100644
index 000000000..4232f1c70
--- /dev/null
+++ b/apparmor.d/groups/lxqt/lxqt-config-file-associations
@@ -0,0 +1,36 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2024 Besanon  <m231009ts@mailfence.com>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/lxqt-config-file-associations
+profile lxqt-config-file-associations @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/lxqt>
+  include <abstractions/nameservice-strict>
+
+  @{exec_path} mr,
+
+  /etc/machine-id r,
+
+  owner @{user_config_dirs}/ r,
+  owner @{user_config_dirs}/mimeapps* rwk,
+  owner @{user_config_dirs}/lxqt-* rwk,
+  owner @{user_config_dirs}/lxqt/ r,
+  owner @{user_config_dirs}/lxqt/#@{int} rwk,
+  owner @{user_config_dirs}/lxqt/lxqt-config-file-associations.conf.lock rwk,
+  owner @{user_config_dirs}/lxqt/lxqt-config-file-associations.conf kl -> @{user_config_dirs}/lxqt/#@{int},
+  owner @{user_config_dirs}/lxqt/lxqt-config-file-associations.conf.@{rand6} rwkl -> @{user_config_dirs}/lxqt/#@{int},
+
+  owner /tmp/#@{int} rwk,
+
+  /dev/tty rw,
+
+  include if exists <local/lxqt-config-file-associations>
+}
+
+# vim:syntax=apparmor

From 26b2e1c54c343f01ead0c8fa31fa100394ba3587 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Sat, 23 Nov 2024 21:15:24 +0100
Subject: [PATCH 43/53] Create lxqt-config-powermanagement

---
 .../groups/lxqt/lxqt-config-powermanagement   | 41 +++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 apparmor.d/groups/lxqt/lxqt-config-powermanagement

diff --git a/apparmor.d/groups/lxqt/lxqt-config-powermanagement b/apparmor.d/groups/lxqt/lxqt-config-powermanagement
new file mode 100644
index 000000000..636e13b46
--- /dev/null
+++ b/apparmor.d/groups/lxqt/lxqt-config-powermanagement
@@ -0,0 +1,41 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2024 Besanon  <m231009ts@mailfence.com>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/lxqt-config-powermanagement
+profile lxqt-config-powermanagement @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/bus-system>
+  include <abstractions/lxqt>
+  include <abstractions/nameservice-strict>
+
+  @{exec_path} mr,
+
+  /etc/machine-id r,
+
+  owner @{user_config_dirs}/lxqt/#@{int} rw,
+  owner @{user_config_dirs}/lxqt/lxqt-powermanagement.conf.lock rwk,
+  owner @{user_config_dirs}/lxqt/lxqt-powermanagement.conf.@{rand6} rw,
+  owner @{user_config_dirs}/lxqt/lxqt-powermanagement.conf.@{rand6} l -> @{user_config_dirs}/lxqt/#@{int},
+
+  owner /tmp/@{int} r,
+
+  @{sys}/class/backlight/ r,
+  @{sys}/devices/@{pci_bus}/**/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/* rw,
+  @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/ r,
+  @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/max_brightness r,
+  @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/bl_power r,
+  @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/actual_brightness  r,
+  @{sys}/devices/@{pci_bus}/**/**/drm/card@{int}/card@{int}-eDP-1/amdgpu_bl@{int}/* r,
+
+  /dev/tty rw,
+
+  include if exists <local/lxqt-config-powermanagement>
+}
+
+# vim:syntax=apparmor

From 41a75353988629a5d293af8decec65e71670ed0b Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Sat, 23 Nov 2024 21:21:12 +0100
Subject: [PATCH 44/53] enable wayland-session for lxqt 2.1

startlxqtwayland for starting the session, support for labwc and kwin_wayland
---
 apparmor.d/groups/kde/sddm | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm
index d8adff564..d28049e42 100644
--- a/apparmor.d/groups/kde/sddm
+++ b/apparmor.d/groups/kde/sddm
@@ -40,6 +40,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   ptrace (trace) peer=@{profile_name},
 
   signal (receive) set=(hup) peer=@{p_systemd},
+  signal (send) set=(kill, term) peer=labwc,
   signal (send) set=(kill, term) peer=lxqt-session,
   signal (send) set=(kill, term) peer=startplasma,
   signal (send) set=(kill, term) peer=xorg,
@@ -47,6 +48,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   signal (send) set=(term) peer=kwin_wayland,
   signal (send) set=(term) peer=sddm-greeter,
   signal (send) set=(term) peer=startplasma-wayland,
+  signal (send) set=(term) peer=startlxqtwayland,
 
   dbus receive bus=system path=/org/freedesktop/DisplayManager/Seat@{int}
        interface=org.freedesktop.DBus.Introspectable
@@ -96,6 +98,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   @{bin}/kwin_wayland         rPx,
   @{bin}/sddm-greeter{,-qt6}  rPx,
   @{bin}/startlxqt            rPx,
+  @{bin}/startlxqtwayland     rPx,
   @{bin}/startplasma-wayland  rPx,
   @{bin}/startplasma-x11      rPx,
   @{bin}/sway                rPUx,

From 30226845351a412363c0a2f90283ad1eb53103f4 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Sat, 23 Nov 2024 21:36:56 +0100
Subject: [PATCH 45/53] Update lxqt-config-printer

---
 apparmor.d/groups/lxqt/lxqt-config-printer | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-config-printer b/apparmor.d/groups/lxqt/lxqt-config-printer
index d7a4c5da0..f4c38e94d 100644
--- a/apparmor.d/groups/lxqt/lxqt-config-printer
+++ b/apparmor.d/groups/lxqt/lxqt-config-printer
@@ -12,7 +12,7 @@ profile lxqt-config-printer @{exec_path} {
   include <abstractions/base>
   include <abstractions/lxqt>
 
-  @{exec_pathlx15} mr,
+  @{exec_path} mr,
 
   owner /tmp/@{int} r,
 

From c2fa8db554e18f750bf553b0a203220dab309b19 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Sat, 23 Nov 2024 22:13:48 +0100
Subject: [PATCH 46/53] Update lxqt-config-powermanagement

---
 apparmor.d/groups/lxqt/lxqt-config-powermanagement | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-config-powermanagement b/apparmor.d/groups/lxqt/lxqt-config-powermanagement
index 636e13b46..d24080127 100644
--- a/apparmor.d/groups/lxqt/lxqt-config-powermanagement
+++ b/apparmor.d/groups/lxqt/lxqt-config-powermanagement
@@ -26,12 +26,12 @@ profile lxqt-config-powermanagement @{exec_path} {
   owner /tmp/@{int} r,
 
   @{sys}/class/backlight/ r,
-  @{sys}/devices/@{pci_bus}/**/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/* rw,
-  @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/ r,
-  @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/max_brightness r,
-  @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/bl_power r,
-  @{sys}/devices/@{pci_bus}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/actual_brightness  r,
-  @{sys}/devices/@{pci_bus}/**/**/drm/card@{int}/card@{int}-eDP-1/amdgpu_bl@{int}/* r,
+  @{sys}/devices/@{pci}/**/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/* rw,
+  @{sys}/devices/@{pci}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/ r,
+  @{sys}/devices/@{pci}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/max_brightness r,
+  @{sys}/devices/@{pci}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/bl_power r,
+  @{sys}/devices/@{pci}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/actual_brightness  r,
+  @{sys}/devices/@{pci}/**/**/drm/card@{int}/card@{int}-eDP-1/amdgpu_bl@{int}/* r,
 
   /dev/tty rw,
 

From af7641a687361284e7f9cf39f15391e4af0f284d Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Mon, 25 Nov 2024 17:21:30 +0100
Subject: [PATCH 47/53] Update sddm

---
 apparmor.d/groups/kde/sddm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm
index d28049e42..8e491bb2b 100644
--- a/apparmor.d/groups/kde/sddm
+++ b/apparmor.d/groups/kde/sddm
@@ -97,6 +97,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   @{bin}/kwalletd{5,6}        rPx,
   @{bin}/kwin_wayland         rPx,
   @{bin}/sddm-greeter{,-qt6}  rPx,
+  @{bin}/labwc                rPx,
   @{bin}/startlxqt            rPx,
   @{bin}/startlxqtwayland     rPx,
   @{bin}/startplasma-wayland  rPx,

From 49dab185643e0422d2f2e85e2df6e1a0b5308f68 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Mon, 25 Nov 2024 17:44:53 +0100
Subject: [PATCH 48/53] Update sddm


From 0f36ac12ea84e59f94acb62d58496ea372e92b0c Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Fri, 29 Nov 2024 16:55:09 +0100
Subject: [PATCH 49/53] adapt pci-rules

ok, havent seen this profile yet. I will change that in lxqt-powermanagement as well and check the other profiles
---
 .../groups/lxqt/lxqt-config-powermanagement       | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-config-powermanagement b/apparmor.d/groups/lxqt/lxqt-config-powermanagement
index d24080127..a4339c9fd 100644
--- a/apparmor.d/groups/lxqt/lxqt-config-powermanagement
+++ b/apparmor.d/groups/lxqt/lxqt-config-powermanagement
@@ -26,12 +26,15 @@ profile lxqt-config-powermanagement @{exec_path} {
   owner /tmp/@{int} r,
 
   @{sys}/class/backlight/ r,
-  @{sys}/devices/@{pci}/**/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/* rw,
-  @{sys}/devices/@{pci}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/ r,
-  @{sys}/devices/@{pci}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/max_brightness r,
-  @{sys}/devices/@{pci}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/bl_power r,
-  @{sys}/devices/@{pci}/0000:00:02.0/drm/card@{int}/card@{int}-eDP-@{int}/intel_backlight/actual_brightness  r,
-  @{sys}/devices/@{pci}/**/**/drm/card@{int}/card@{int}-eDP-1/amdgpu_bl@{int}/* r,
+  @{sys}/class/leds/ r,
+  @{sys}/devices/@{pci}/backlight/**/{,max_,actual_}brightness rw,
+  @{sys}/devices/@{pci}/backlight/**/{uevent,type,enabled} r,
+  @{sys}/devices/@{pci}/backlight/**/brightness rw,
+  @{sys}/devices/@{pci}/drm/card@{int}/**/{,max_,actual_}brightness rw,
+  @{sys}/devices/@{pci}/drm/card@{int}/**/{uevent,type,enabled} r,
+  @{sys}/devices/@{pci}/drm/card@{int}/**/brightness rw,
+  @{sys}/devices/@{pci}/*_backlight/{,max_,actual_}brightness rw,
+  @{sys}/devices/@{pci}/*_backlight/{uevent,type,enabled} r,
 
   /dev/tty rw,
 

From 65ab819b8f81c44e5c6d5a5236a0bd1e280dadac Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Fri, 29 Nov 2024 17:11:16 +0100
Subject: [PATCH 50/53] Update lxqt-config-powermanagement


From b60609644802793091649dddc406368051c22cc6 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Fri, 29 Nov 2024 17:49:01 +0100
Subject: [PATCH 51/53] Update lxqt-config-powermanagement

---
 apparmor.d/groups/lxqt/lxqt-config-powermanagement | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-config-powermanagement b/apparmor.d/groups/lxqt/lxqt-config-powermanagement
index a4339c9fd..05e04f864 100644
--- a/apparmor.d/groups/lxqt/lxqt-config-powermanagement
+++ b/apparmor.d/groups/lxqt/lxqt-config-powermanagement
@@ -26,7 +26,7 @@ profile lxqt-config-powermanagement @{exec_path} {
   owner /tmp/@{int} r,
 
   @{sys}/class/backlight/ r,
-  @{sys}/class/leds/ r,
+  @{sys}/class/leds/  r,
   @{sys}/devices/@{pci}/backlight/**/{,max_,actual_}brightness rw,
   @{sys}/devices/@{pci}/backlight/**/{uevent,type,enabled} r,
   @{sys}/devices/@{pci}/backlight/**/brightness rw,

From 6e402fe2bded6736c2698c14befe095e1448a63e Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Fri, 29 Nov 2024 19:03:37 +0100
Subject: [PATCH 52/53] Update lxqt-config-powermanagement

---
 apparmor.d/groups/lxqt/lxqt-config-powermanagement | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/apparmor.d/groups/lxqt/lxqt-config-powermanagement b/apparmor.d/groups/lxqt/lxqt-config-powermanagement
index 05e04f864..0406e1529 100644
--- a/apparmor.d/groups/lxqt/lxqt-config-powermanagement
+++ b/apparmor.d/groups/lxqt/lxqt-config-powermanagement
@@ -25,17 +25,6 @@ profile lxqt-config-powermanagement @{exec_path} {
 
   owner /tmp/@{int} r,
 
-  @{sys}/class/backlight/ r,
-  @{sys}/class/leds/  r,
-  @{sys}/devices/@{pci}/backlight/**/{,max_,actual_}brightness rw,
-  @{sys}/devices/@{pci}/backlight/**/{uevent,type,enabled} r,
-  @{sys}/devices/@{pci}/backlight/**/brightness rw,
-  @{sys}/devices/@{pci}/drm/card@{int}/**/{,max_,actual_}brightness rw,
-  @{sys}/devices/@{pci}/drm/card@{int}/**/{uevent,type,enabled} r,
-  @{sys}/devices/@{pci}/drm/card@{int}/**/brightness rw,
-  @{sys}/devices/@{pci}/*_backlight/{,max_,actual_}brightness rw,
-  @{sys}/devices/@{pci}/*_backlight/{uevent,type,enabled} r,
-
   /dev/tty rw,
 
   include if exists <local/lxqt-config-powermanagement>

From 26c93b6e1bee36c03fa40abefe4817a71c57c593 Mon Sep 17 00:00:00 2001
From: Besanon <m231009ts@mailfence.com>
Date: Fri, 29 Nov 2024 19:04:29 +0100
Subject: [PATCH 53/53] Update lxqt-config-powermanagement

---
 apparmor.d/groups/lxqt/lxqt-config-powermanagement | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/apparmor.d/groups/lxqt/lxqt-config-powermanagement b/apparmor.d/groups/lxqt/lxqt-config-powermanagement
index 0406e1529..4b96ccb36 100644
--- a/apparmor.d/groups/lxqt/lxqt-config-powermanagement
+++ b/apparmor.d/groups/lxqt/lxqt-config-powermanagement
@@ -23,6 +23,16 @@ profile lxqt-config-powermanagement @{exec_path} {
   owner @{user_config_dirs}/lxqt/lxqt-powermanagement.conf.@{rand6} rw,
   owner @{user_config_dirs}/lxqt/lxqt-powermanagement.conf.@{rand6} l -> @{user_config_dirs}/lxqt/#@{int},
 
+  @{sys}/class/leds/ r,
+  @{sys}/devices/@{pci}/backlight/**/{,max_,actual_}brightness rw,
+  @{sys}/devices/@{pci}/backlight/**/{uevent,type,enabled} r,
+  @{sys}/devices/@{pci}/backlight/**/brightness rw,
+  @{sys}/devices/@{pci}/drm/card@{int}/**/{,max_,actual_}brightness rw,
+  @{sys}/devices/@{pci}/drm/card@{int}/**/{uevent,type,enabled} r,
+  @{sys}/devices/@{pci}/drm/card@{int}/**/brightness rw,
+  @{sys}/devices/@{pci}/*_backlight/{,max_,actual_}brightness rw,
+  @{sys}/devices/@{pci}/*_backlight/{uevent,type,enabled} r,
+
   owner /tmp/@{int} r,
 
   /dev/tty rw,