Closed curiosityseeker closed 1 year ago
Nice proposal. Yes having a kde
is the good option.
Regarding the abstraction:
abi
@{HOME}/.config
-> @{user_config_dirs}
Some recommendations too:
Regarding sddm
, a profile in complain mode cannot break the software it confines. However, there are some major exception:
deny
rules are enforced even in complain mode. So for sddm
remove the deny
in deny capability net_admin,
this can help.attach_disconnected
(or the mediate_deleted
) flag.rPx
Once you push your PR, I will setup a KDE based VM to test it deeply.
Thanks!
Regarding sddm, a profile in complain mode cannot break the software it confines. However, there are some major exception:
Yes, I was aware of that. I had no time to check then. But indeed, allowing capability net_admin,
solved the problem.
I'm working on some profiles as a starting point to support KDE. Before continuing this work and submitting PRs I would like to coordinate with you how to precede. This is what I'm planning:
kde
group.Creation of a new
akonadi
abstraction which makes things a lot easier:I'm aware that some rules are already in other abstractions but adding those would make the profiles too permissive, IMO.
The profiles I'm working on are the following:
Would creating the suggested group and abstraction be okay for you?
Sidenote: I've also created a new
sddm
profile which works on my Arch KDE system. The available profile broke my system even in complain mode - that's why I'm still only installing specific profiles. I still have to synchronize both versions. I've also created asddm-helper
profile btw.