From aa7fe16a20b66a9050c7421f4fd07f77ed2671e9 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Fri, 20 Oct 2023 23:50:26 +0100
Subject: [PATCH] feat(profile): improve opensuse integration.

See #208
---
 apparmor.d/groups/kde/dolphin      | 3 ++-
 apparmor.d/groups/kde/plasmashell  | 1 +
 apparmor.d/profiles-a-f/aa-enforce | 2 +-
 apparmor.d/profiles-g-l/git        | 1 +
 apparmor.d/profiles-g-l/host       | 2 ++
 5 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/apparmor.d/groups/kde/dolphin b/apparmor.d/groups/kde/dolphin
index c99127f33..83370adf4 100644
--- a/apparmor.d/groups/kde/dolphin
+++ b/apparmor.d/groups/kde/dolphin
@@ -35,8 +35,9 @@ profile dolphin @{exec_path} {
   /usr/share/mime/ r,
 
   /etc/fstab r,
-  /etc/xdg/arkrc r,
   /etc/machine-id r,
+  /etc/xdg/arkrc r,
+  /etc/xdg/dolphinrc r,
 
   # Full access to user's data
   / r,
diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell
index e5d3e44c0..f40406351 100644
--- a/apparmor.d/groups/kde/plasmashell
+++ b/apparmor.d/groups/kde/plasmashell
@@ -39,6 +39,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
   ptrace (read) peer=akonadi*,
   ptrace (read) peer=kalendarac,
   ptrace (read) peer=kded5,
+  ptrace (read) peer=kwin_x11,
   ptrace (read) peer=libreoffice*,
   ptrace (read) peer=pinentry-qt,
 
diff --git a/apparmor.d/profiles-a-f/aa-enforce b/apparmor.d/profiles-a-f/aa-enforce
index 608505179..07222cf28 100644
--- a/apparmor.d/profiles-a-f/aa-enforce
+++ b/apparmor.d/profiles-a-f/aa-enforce
@@ -24,7 +24,7 @@ profile aa-enforce @{exec_path} {
   /etc/apparmor/logprof.conf r,
   /etc/apparmor.d/{,**} rw,
 
-  /etc/inputrc r,
+  @{etc_ro}/inputrc r,
 
   owner /snap/core@{int}/@{int}/etc/apparmor.d/{,**} rw,
   owner /var/lib/snapd/apparmor/{,**} rw,
diff --git a/apparmor.d/profiles-g-l/git b/apparmor.d/profiles-g-l/git
index 13b173be5..7e8323cde 100644
--- a/apparmor.d/profiles-g-l/git
+++ b/apparmor.d/profiles-g-l/git
@@ -80,6 +80,7 @@ profile git @{exec_path} {
   /usr/share/git{,-core}/{,**} r,
   /usr/share/terminfo/x/xterm-256color r,
 
+  /etc/gitconfig r,
   /etc/mailname r,
 
   owner @{user_projects_dirs}/   rw,
diff --git a/apparmor.d/profiles-g-l/host b/apparmor.d/profiles-g-l/host
index 124b29d2c..b1cb71c26 100644
--- a/apparmor.d/profiles-g-l/host
+++ b/apparmor.d/profiles-g-l/host
@@ -13,6 +13,8 @@ profile host @{exec_path} {
   include <abstractions/nameservice-strict>
   include <abstractions/openssl>
 
+  capability ipc_lock,
+
   network inet dgram,
   network inet6 dgram,
   network inet stream,