General issues - Githubissues

Jeroen0494 commented 1 year ago

Hi,

I'm currently unable to work on AppArmor profiles myself, but I know you're always happy with some error logs so here we go. Some of these are a bit older and might already be fixed:

ALLOWED pulseaudio dbus_method_call :1.2 send bus=system path=/org/bluez/hci0/dev_00_22_D9_00_1B_67/sep7/fd0 interface=org.bluez.MediaTransport1 member=Acquire peer_label=unconfined
ALLOWED upowerd dbus_signal :1.2 receive bus=system path=/org/bluez/hci0/dev_00_22_D9_00_1B_67/sep7/fd0 interface=org.freedesktop.DBus.Properties member=PropertiesChanged peer_label=unconfined
ALLOWED NetworkManager dbus_signal :1.2 receive bus=system path=/org/bluez/hci0/dev_00_22_D9_00_1B_67/sep7/fd0 interface=org.freedesktop.DBus.Properties member=PropertiesChanged peer_label=unconfined
ALLOWED pulseaudio dbus_signal :1.2 receive bus=system path=/org/bluez/hci0/dev_00_22_D9_00_1B_67/sep7/fd0 interface=org.freedesktop.DBus.Properties member=PropertiesChanged peer_label=unconfined
ALLOWED kded5 dbus_signal :1.2 receive bus=system path=/org/bluez/hci0/dev_00_22_D9_00_1B_67/sep7/fd0 interface=org.freedesktop.DBus.Properties member=PropertiesChanged peer_label=unconfined

ALLOWED mkinitramfs//kmod open /var/tmp/mkinitramfs_tMCt8P/usr/lib/modules/5.15.0-76-generic/updates/ comm=depmod requested_mask=r denied_mask=r
ALLOWED mkinitramfs//kmod open /var/tmp/mkinitramfs_tMCt8P/usr/lib/modules/5.15.0-76-generic/updates/dkms/ comm=depmod requested_mask=r denied_mask=r
ALLOWED mkinitramfs//kmod open /var/tmp/mkinitramfs_tMCt8P/usr/lib/modules/5.15.0-76-generic/updates/dkms/zzstd.ko comm=depmod requested_mask=r denied_mask=r
ALLOWED mkinitramfs//kmod open /var/tmp/mkinitramfs_tMCt8P/usr/lib/modules/5.15.0-76-generic/updates/dkms/zunicode.ko comm=depmod requested_mask=r denied_mask=r
ALLOWED mkinitramfs//kmod open /var/tmp/mkinitramfs_tMCt8P/usr/lib/modules/5.15.0-76-generic/updates/dkms/znvpair.ko comm=depmod requested_mask=r denied_mask=r
ALLOWED mkinitramfs//kmod open /var/tmp/mkinitramfs_tMCt8P/usr/lib/modules/5.15.0-76-generic/updates/dkms/spl.ko comm=depmod requested_mask=r denied_mask=r
ALLOWED mkinitramfs//kmod open /var/tmp/mkinitramfs_tMCt8P/usr/lib/modules/5.15.0-76-generic/updates/dkms/zcommon.ko comm=depmod requested_mask=r denied_mask=r
ALLOWED mkinitramfs//kmod open /var/tmp/mkinitramfs_tMCt8P/usr/lib/modules/5.15.0-76-generic/updates/dkms/icp.ko comm=depmod requested_mask=r denied_mask=r
ALLOWED mkinitramfs//kmod open /var/tmp/mkinitramfs_tMCt8P/usr/lib/modules/5.15.0-76-generic/updates/dkms/zavl.ko comm=depmod requested_mask=r denied_mask=r
ALLOWED mkinitramfs//kmod open /var/tmp/mkinitramfs_tMCt8P/usr/lib/modules/5.15.0-76-generic/updates/dkms/zlua.ko comm=depmod requested_mask=r denied_mask=r
ALLOWED mkinitramfs//kmod open /var/tmp/mkinitramfs_tMCt8P/usr/lib/modules/5.15.0-76-generic/updates/dkms/zfs.ko comm=depmod requested_mask=r denied_mask=r

ALLOWED locale-gen open /etc/nsswitch.conf comm=locale-gen requested_mask=r denied_mask=r
ALLOWED locale-gen open /etc/passwd comm=locale-gen requested_mask=r denied_mask=r
ALLOWED locale-gen exec /usr/bin/cat comm=locale-gen requested_mask=x denied_mask=x
ALLOWED locale-gen//null-/usr/bin/cat file_inherit /dev/pts/0 comm=cat requested_mask=wr denied_mask=wr
ALLOWED locale-gen//null-/usr/bin/cat file_inherit /dev/null comm=cat requested_mask=wr denied_mask=wr
ALLOWED locale-gen//null-/usr/bin/cat file_mmap /usr/bin/cat comm=cat requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/cat file_mmap /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 comm=cat requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/cat open /etc/ld.so.cache comm=cat requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/cat open /usr/lib/x86_64-linux-gnu/libc.so.6 comm=cat requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/cat file_mmap /usr/lib/x86_64-linux-gnu/libc.so.6 comm=cat requested_mask=rm denied_mask=rm
ALLOWED locale-gen//null-/usr/bin/cat open /usr/lib/locale/locale-archive comm=cat requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/cat open /var/lib/locales/supported.d/en comm=cat requested_mask=r denied_mask=r
ALLOWED locale-gen exec /usr/bin/sort comm=locale-gen requested_mask=x denied_mask=x
ALLOWED locale-gen//null-/usr/bin/sort file_inherit /dev/pts/0 comm=sort requested_mask=wr denied_mask=wr
ALLOWED locale-gen//null-/usr/bin/sort file_mmap /usr/bin/sort comm=sort requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/sort file_mmap /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 comm=sort requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/sort open /etc/ld.so.cache comm=sort requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/sort open /usr/lib/x86_64-linux-gnu/libc.so.6 comm=sort requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/sort file_mmap /usr/lib/x86_64-linux-gnu/libc.so.6 comm=sort requested_mask=rm denied_mask=rm
ALLOWED locale-gen//null-/usr/bin/sort open /usr/lib/locale/locale-archive comm=sort requested_mask=r denied_mask=r
ALLOWED locale-gen exec /usr/bin/perl comm=locale-gen requested_mask=x denied_mask=x
ALLOWED locale-gen//null-/usr/bin/perl file_inherit /dev/pts/0 comm=perl requested_mask=wr denied_mask=wr
ALLOWED locale-gen//null-/usr/bin/perl file_mmap /usr/bin/perl comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl file_mmap /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl open /etc/ld.so.cache comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl open /usr/lib/x86_64-linux-gnu/libm.so.6 comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl file_mmap /usr/lib/x86_64-linux-gnu/libm.so.6 comm=perl requested_mask=rm denied_mask=rm
ALLOWED locale-gen//null-/usr/bin/perl open /usr/lib/x86_64-linux-gnu/libc.so.6 comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl file_mmap /usr/lib/x86_64-linux-gnu/libc.so.6 comm=perl requested_mask=rm denied_mask=rm
ALLOWED locale-gen//null-/usr/bin/perl open /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0 comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl file_mmap /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0 comm=perl requested_mask=rm denied_mask=rm
ALLOWED locale-gen//null-/usr/bin/perl open /dev/urandom comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl open /usr/lib/locale/locale-archive comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl open /dev/null comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl open /usr/lib/x86_64-linux-gnu/perl-base/POSIX.pm comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl open /usr/lib/x86_64-linux-gnu/perl-base/strict.pm comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl open /usr/lib/x86_64-linux-gnu/perl-base/warnings.pm comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl open /usr/lib/x86_64-linux-gnu/perl-base/Fcntl.pm comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl open /usr/lib/x86_64-linux-gnu/perl-base/Exporter.pm comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl open /usr/lib/x86_64-linux-gnu/perl-base/XSLoader.pm comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl open /usr/lib/x86_64-linux-gnu/perl-base/auto/Fcntl/Fcntl.so comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl file_mmap /usr/lib/x86_64-linux-gnu/perl-base/auto/Fcntl/Fcntl.so comm=perl requested_mask=rm denied_mask=rm
ALLOWED locale-gen//null-/usr/bin/perl open /usr/lib/x86_64-linux-gnu/perl-base/auto/POSIX/POSIX.so comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl file_mmap /usr/lib/x86_64-linux-gnu/perl-base/auto/POSIX/POSIX.so comm=perl requested_mask=rm denied_mask=rm
ALLOWED locale-gen//null-/usr/bin/perl open /usr/lib/x86_64-linux-gnu/perl-base/Tie/Hash.pm comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl open /usr/lib/x86_64-linux-gnu/perl-base/Carp.pm comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl open /usr/lib/x86_64-linux-gnu/perl-base/overloading.pm comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl open /usr/lib/x86_64-linux-gnu/perl-base/warnings/register.pm comm=perl requested_mask=r denied_mask=r
ALLOWED locale-gen//null-/usr/bin/perl open /usr/lib/x86_64-linux-gnu/perl-base/Exporter/Heavy.pm comm=perl requested_mask=r denied_mask=r

ALLOWED appstreamcli open /usr/share/metainfo/org.rncbc.qjackctl.xml comm=appstreamcli requested_mask=r denied_mask=r class=file
ALLOWED apt-methods-gpgv open /etc/apt/trusted.gpg.d/org.kde.neon.net.launchpad.ppa.mozillateam.asc comm=apt-key requested_mask=r denied_mask=r class=file
ALLOWED apt-methods-gpgv signal comm=PK-Backend requested_mask=receive denied_mask=receive signal=int peer=packagekitd class=signal
ALLOWED apt-methods-http signal comm=PK-Backend requested_mask=receive denied_mask=receive signal=int peer=packagekitd class=signal
ALLOWED apt-methods-store signal comm=PK-Backend requested_mask=receive denied_mask=receive signal=int peer=packagekitd class=signal

ALLOWED boltd dbus_signal :1.2 receive bus=system path=/org/freedesktop/PolicyKit1/Authority interface=org.freedesktop.PolicyKit1.Authority member=Changed peer_label=polkitd
ALLOWED cron exec /etc/cron.daily/popularity-contest comm=sh requested_mask=x denied_mask=x class=file
ALLOWED dbus-daemon-launch-helper exec /usr/lib/kauth/libexec/backlighthelper comm=dbus-daemon-lau requested_mask=x denied_mask=x class=file

ALLOWED keepassxc connect /run/dbus/system_bus_socket comm=QDBusConnection requested_mask=wr denied_mask=wr class=file
ALLOWED keepassxc connect /run/user/1000/at-spi/bus_0 comm=QDBusConnection requested_mask=wr denied_mask=wr class=file
ALLOWED keepassxc connect /run/user/1000/bus comm=QDBusConnection requested_mask=wr denied_mask=wr class=file
ALLOWED keepassxc dbus_method_call org.freedesktop.DBus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=AddMatch peer_label=dbus-daemon
ALLOWED keepassxc dbus_method_call org.freedesktop.DBus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetNameOwner peer_label=dbus-daemon
ALLOWED keepassxc dbus_method_call org.freedesktop.DBus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=Hello peer_label=dbus-daemon
ALLOWED keepassxc dbus_method_call org.freedesktop.DBus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=RemoveMatch peer_label=dbus-daemon
ALLOWED keepassxc dbus_method_call org.freedesktop.login1 send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.DBus.Introspectable member=Introspect peer_label=systemd-logind
ALLOWED keepassxc dbus_method_call org.freedesktop.login1 send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=GetSession peer_label=systemd-logind
ALLOWED keepassxc file_perm /run/dbus/system_bus_socket comm=QDBusConnection requested_mask=r denied_mask=r class=file
ALLOWED keepassxc file_perm /run/user/1000/at-spi/bus_0 comm=QDBusConnection requested_mask=r denied_mask=r class=file
ALLOWED keepassxc file_perm /run/user/1000/bus comm=QDBusConnection requested_mask=r denied_mask=r class=file
ALLOWED keepassxc open /dev/urandom comm=keepassxc requested_mask=w denied_mask=w class=file
ALLOWED keepassxc open /home/jeroen/.cache/icon-cache.kcache comm=keepassxc requested_mask=wrc denied_mask=wrc class=file
ALLOWED keepassxc open /home/jeroen/.config/kdedefaults/kdeglobals comm=keepassxc requested_mask=r denied_mask=r class=file
ALLOWED keepassxc open /home/jeroen/.config/kdedefaults/kwinrc comm=keepassxc requested_mask=r denied_mask=r class=file
ALLOWED keepassxc open /home/jeroen/.config/kdeglobals comm=keepassxc requested_mask=r denied_mask=r class=file
ALLOWED keepassxc open /home/jeroen/.config/KeePassXCrc comm=keepassxc requested_mask=r denied_mask=r class=file
ALLOWED keepassxc open /home/jeroen/.config/kwinrc comm=keepassxc requested_mask=r denied_mask=r class=file
ALLOWED keepassxc open /sys/devices/pci0000:00/0000:00:02.0/revision comm=keepassxc requested_mask=r denied_mask=r class=file
ALLOWED keepassxc open /sys/devices/system/node/ comm=keepassxc requested_mask=r denied_mask=r class=file
ALLOWED keepassxc open /sys/devices/system/node/node0/meminfo comm=keepassxc requested_mask=r denied_mask=r class=file
ALLOWED keepassxc open /usr/bin/ comm=keepassxc requested_mask=r denied_mask=r class=file

ALLOWED NetworkManager dbus_signal :1.6 receive bus=system path=/org/bluez/hci0/dev_00_22_D9_00_1B_67/sep7/fd0 interface=org.freedesktop.DBus.Properties member=PropertiesChanged peer_label=unconfined
ALLOWED packagekitd capable comm=PK-Backend class=cap capability=4 capname=fsetid
ALLOWED packagekitd dbus_method_call :1.1 send bus=system path=/org/freedesktop/PolicyKit1/Authority interface=org.freedesktop.PolicyKit1.Authority member=CheckAuthorization peer_label=polkitd
ALLOWED packagekitd dbus_method_call :1.13 send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=Inhibit peer_label=systemd-logind
ALLOWED packagekitd dbus_method_call :1.2 send bus=system path=/org/freedesktop/PolicyKit1/Authority interface=org.freedesktop.PolicyKit1.Authority member=CheckAuthorization peer_label=polkitd
ALLOWED packagekitd dbus_method_call :1.280 receive bus=system path=/org/freedesktop/PackageKit interface=org.freedesktop.DBus.Properties member=GetAll peer_label=unconfined
ALLOWED packagekitd dbus_method_call :1.280 receive bus=system path=/org/freedesktop/PackageKit interface=org.freedesktop.PackageKit member=CreateTransaction peer_label=unconfined
ALLOWED packagekitd dbus_method_call :1.83 receive bus=system path=/org/freedesktop/PackageKit interface=org.freedesktop.PackageKit member=CreateTransaction peer_label=unconfined
ALLOWED packagekitd dbus_method_call :1.89 receive bus=system path=/org/freedesktop/PackageKit interface=org.freedesktop.PackageKit member=CreateTransaction peer_label=unconfined
ALLOWED packagekitd dbus_method_call org.freedesktop.DBus send bus=system path=/org/freedesktop/DBus/Bus interface=org.freedesktop.DBus member=GetConnectionUnixProcessID peer_label=dbus-daemon
ALLOWED packagekitd dbus_method_call org.freedesktop.login1 send bus=system path=/org/freedesktop/login1 interface=org.freedesktop.login1.Manager member=Inhibit peer_label=systemd-logind
ALLOWED packagekitd dbus_method_call org.freedesktop.PackageKit send bus=system path=/org/freedesktop/PackageKit interface=org.freedesktop.DBus.Introspectable member=Introspect peer_label=packagekitd
ALLOWED packagekitd dbus_method_call org.freedesktop.PackageKit send bus=system path=/org/freedesktop/PackageKit interface=org.freedesktop.PackageKit member=StateHasChanged peer_label=packagekitd
ALLOWED packagekitd dbus_signal org.freedesktop.DBus send bus=system path=/org/freedesktop/PackageKit interface=org.freedesktop.PackageKit member=TransactionListChanged peer_label=unconfined
ALLOWED packagekitd dbus_signal org.freedesktop.DBus send bus=system path=/org/freedesktop/PackageKit interface=org.freedesktop.PackageKit member=UpdatesChanged peer_label=unconfined
ALLOWED packagekitd exec /usr/sbin/dpkg-preconfigure comm=sh requested_mask=x denied_mask=x class=file
ALLOWED packagekitd open /dev/ptmx comm=PK-Backend requested_mask=wr denied_mask=wr class=file
ALLOWED packagekitd open /dev/pts/5 comm=PK-Backend requested_mask=wr denied_mask=wr class=file
ALLOWED packagekitd open /dev/pts/6 comm=PK-Backend requested_mask=wr denied_mask=wr class=file

ALLOWED pulseaudio dbus_method_call :1.6 send bus=system path=/org/bluez/hci0/dev_00_22_D9_00_1B_67/sep7/fd0 interface=org.bluez.MediaTransport1 member=Acquire peer_label=unconfined
ALLOWED pulseaudio dbus_method_call :1.6 send bus=system path=/org/bluez/hci0/dev_00_22_D9_00_1B_67/sep7/fd0 interface=org.bluez.MediaTransport1 member=Release peer_label=unconfined
ALLOWED pulseaudio dbus_signal :1.6 receive bus=system path=/org/bluez/hci0/dev_00_22_D9_00_1B_67/sep7/fd0 interface=org.freedesktop.DBus.Properties member=PropertiesChanged peer_label=unconfined
ALLOWED sddm dbus_method_call :1.111 receive bus=system path=/org/freedesktop/DisplayManager/Seat0 interface=org.freedesktop.DBus.Introspectable member=Introspect peer_label=unconfined
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 file_mmap /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so comm=uim-toolbar requested_mask=rm denied_mask=rm class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 file_mmap /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 comm=uim-toolbar requested_mask=rm denied_mask=rm class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 file_mmap /usr/lib/x86_64-linux-gnu/libicudata.so.70.1 comm=uim-toolbar requested_mask=rm denied_mask=rm class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 file_mmap /usr/lib/x86_64-linux-gnu/libicuuc.so.70.1 comm=uim-toolbar requested_mask=rm denied_mask=rm class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 file_mmap /usr/lib/x86_64-linux-gnu/librsvg-2.so.2.48.0 comm=uim-toolbar requested_mask=rm denied_mask=rm class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 file_mmap /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.30 comm=uim-toolbar requested_mask=rm denied_mask=rm class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 file_mmap /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.13 comm=uim-toolbar requested_mask=rm denied_mask=rm class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /etc/ld.so.cache comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /etc/locale.alias comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /home/jeroen/.local/share/icons/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /home/jeroen/.local/share/icons/hicolor/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /home/jeroen/.local/share/icons/hicolor/16x16/apps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /home/jeroen/.local/share/icons/hicolor/icon-theme.cache comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /home/jeroen/.local/share/mime/mime.cache comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/lib/x86_64-linux-gnu/libicudata.so.70.1 comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/lib/x86_64-linux-gnu/libicuuc.so.70.1 comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/lib/x86_64-linux-gnu/librsvg-2.so.2.48.0 comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.30 comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.13 comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/local/share/icons/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/local/share/icons/hicolor/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/local/share/icons/hicolor/128x128/apps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/local/share/icons/hicolor/16x16/apps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/local/share/icons/hicolor/22x22/apps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/local/share/icons/hicolor/24x24/apps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/local/share/icons/hicolor/256x256/apps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/local/share/icons/hicolor/32x32/apps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/local/share/icons/hicolor/48x48/apps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/local/share/icons/hicolor/64x64/apps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/local/share/icons/hicolor/scalable/apps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/breeze_cursors/cursors/fleur comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/breeze-dark/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/breeze-dark/actions/12/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/breeze-dark/actions/16/application-exit.svg comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/breeze-dark/actions/16/configure.svg comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/breeze-dark/actions/16/document-edit.svg comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/breeze-dark/actions/16/format-text-bold.svg comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/breeze-dark/actions/16/help-contents.svg comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/breeze-dark/icon-theme.cache comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/breeze-dark/index.theme comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/breeze/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/breeze/actions/12/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/breeze/icon-theme.cache comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/breeze/index.theme comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/gnome/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/gnome/8x8/emblems/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/gnome/icon-theme.cache comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/gnome/index.theme comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/hicolor/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/hicolor/16x16/actions/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/icons/hicolor/icon-theme.cache comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/mime/mime.cache comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /usr/share/pixmaps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /var/lib/flatpak/exports/share/icons/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /var/lib/flatpak/exports/share/icons/hicolor/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /var/lib/flatpak/exports/share/icons/hicolor/16x16/apps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /var/lib/flatpak/exports/share/icons/hicolor/icon-theme.cache comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /var/lib/flatpak/exports/share/icons/hicolor/index.theme comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 getattr /var/lib/flatpak/exports/share/mime/mime.cache comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /etc/ld.so.cache comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /etc/locale.alias comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /home/jeroen/.local/share/icons/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /home/jeroen/.local/share/icons/hicolor/icon-theme.cache comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/lib/x86_64-linux-gnu/libicudata.so.70.1 comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/lib/x86_64-linux-gnu/libicuuc.so.70.1 comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/lib/x86_64-linux-gnu/librsvg-2.so.2.48.0 comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.30 comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.13 comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/local/share/icons/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/local/share/icons/hicolor/128x128/apps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/local/share/icons/hicolor/16x16/apps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/local/share/icons/hicolor/22x22/apps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/local/share/icons/hicolor/24x24/apps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/local/share/icons/hicolor/256x256/apps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/local/share/icons/hicolor/32x32/apps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/local/share/icons/hicolor/48x48/apps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/local/share/icons/hicolor/64x64/apps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/local/share/icons/hicolor/scalable/apps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/share/icons/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/share/icons/breeze_cursors/cursors/fleur comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/share/icons/breeze-dark/actions/16/application-exit.svg comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/share/icons/breeze-dark/actions/16/configure.svg comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/share/icons/breeze-dark/actions/16/document-edit.svg comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/share/icons/breeze-dark/actions/16/format-text-bold.svg comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/share/icons/breeze-dark/actions/16/help-contents.svg comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/share/icons/breeze-dark/icon-theme.cache comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/share/icons/breeze-dark/index.theme comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/share/icons/breeze/icon-theme.cache comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/share/icons/breeze/index.theme comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/share/icons/gnome/icon-theme.cache comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/share/icons/gnome/index.theme comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/share/icons/hicolor/icon-theme.cache comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /usr/share/pixmaps/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /var/lib/flatpak/exports/share/icons/ comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /var/lib/flatpak/exports/share/icons/hicolor/icon-theme.cache comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED ssh-agent//null-/usr/bin/im-launch//null-/usr/bin/env//null-/usr/bin/uim-toolbar-gtk3 open /var/lib/flatpak/exports/share/icons/hicolor/index.theme comm=uim-toolbar requested_mask=r denied_mask=r class=file
ALLOWED thermald open /sys/devices/virtual/powercap/intel-rapl-mmio/intel-rapl-mmio:0/constraint_0_power_limit_uw comm=thermald requested_mask=w denied_mask=w class=file
ALLOWED thermald open /sys/devices/virtual/powercap/intel-rapl-mmio/intel-rapl-mmio:0/constraint_0_time_window_us comm=thermald requested_mask=w denied_mask=w class=file
ALLOWED udisksd dbus_method_call :1.111 receive bus=system path=/ interface=org.freedesktop.DBus.Introspectable member=Introspect peer_label=unconfined
ALLOWED udisksd dbus_method_call :1.111 receive bus=system path=/ interface=org.freedesktop.DBus.Properties member=Get peer_label=unconfined
ALLOWED udisksd dbus_method_call :1.77 receive bus=system path=/ interface=org.freedesktop.DBus.Properties member=Get peer_label=plasmashell
ALLOWED udisksd dbus_method_call :1.85 receive bus=system path=/ interface=org.freedesktop.DBus.Introspectable member=Introspect peer_label=plasmashell
ALLOWED udisksd dbus_method_call :1.85 receive bus=system path=/ interface=org.freedesktop.DBus.Properties member=Get peer_label=plasmashell
ALLOWED upowerd dbus_signal :1.6 receive bus=system path=/org/bluez/hci0/dev_00_22_D9_00_1B_67/sep7/fd0 interface=org.freedesktop.DBus.Properties member=PropertiesChanged peer_label=unconfined
ALLOWED xdg-dbus-proxy connect /run/dbus/system_bus_socket comm=pool requested_mask=wr denied_mask=wr class=file
ALLOWED xdg-dbus-proxy dbus_method_call org.freedesktop.DBus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=Hello peer_label=dbus-daemon
ALLOWED xdg-dbus-proxy dbus_method_call org.freedesktop.NetworkManager send bus=system path=/org/freedesktop/NetworkManager interface=org.freedesktop.DBus.Properties member=GetAll peer_label=NetworkManager
ALLOWED xdg-dbus-proxy dbus_method_call org.freedesktop.NetworkManager send bus=system path=/org/freedesktop/NetworkManager/ActiveConnection/1 interface=org.freedesktop.DBus.Properties member=GetAll peer_label=NetworkManager
ALLOWED xdg-dbus-proxy dbus_method_call org.freedesktop.NetworkManager send bus=system path=/org/freedesktop/NetworkManager/ActiveConnection/2 interface=org.freedesktop.DBus.Properties member=GetAll peer_label=NetworkManager
ALLOWED xdg-dbus-proxy dbus_method_call org.freedesktop.NetworkManager send bus=system path=/org/freedesktop/NetworkManager/ActiveConnection/3 interface=org.freedesktop.DBus.Properties member=GetAll peer_label=NetworkManager
ALLOWED xdg-settings exec /usr/bin/kreadconfig5 comm=xdg-settings requested_mask=x denied_mask=x class=file
ALLOWED xdg-settings open /usr/local/share/applications/ comm=xdg-settings requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/bin/kreadconfig5 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libc.so.6 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libcap.so.2.44 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libdbus-1.so.3.19.13 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libdouble-conversion.so.3.1 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.3.4 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.32.1 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libicudata.so.70.1 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libicui18n.so.70.1 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libicuuc.so.70.1 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libKF5ConfigCore.so.5.106.0 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/liblz4.so.1.9.3 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/liblzma.so.5.2.5 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libm.so.6 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libpcre.so.3.13.3 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libpcre2-16.so.0.10.4 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.9 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libQt5DBus.so.5.15.9 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.30 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libsystemd.so.0.32.0 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libz.so.1.2.11 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 file_mmap /usr/lib/x86_64-linux-gnu/libzstd.so.1.4.8 comm=kreadconfig5 requested_mask=rm denied_mask=rm class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /etc/ld.so.cache comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /home/jeroen/.config/ comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /home/jeroen/.config/kdedefaults/kdeglobals comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /home/jeroen/.config/kdeglobals comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /opt/brave.com/brave/ comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/locale/locale-archive comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libc.so.6 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libcap.so.2.44 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libdbus-1.so.3.19.13 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libdouble-conversion.so.3.1 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.3.4 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.32.1 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libicudata.so.70.1 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libicui18n.so.70.1 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libicuuc.so.70.1 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libKF5ConfigCore.so.5.106.0 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/liblz4.so.1.9.3 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/liblzma.so.5.2.5 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libm.so.6 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libpcre.so.3.13.3 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libpcre2-16.so.0.10.4 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.9 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libQt5DBus.so.5.15.9 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.30 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libsystemd.so.0.32.0 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libz.so.1.2.11 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/lib/x86_64-linux-gnu/libzstd.so.1.4.8 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 getattr /usr/share/zoneinfo/Europe/Amsterdam comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /etc/ld.so.cache comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /home/jeroen/.config/kdedefaults/kdeglobals comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /home/jeroen/.config/kdeglobals comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/locale/locale-archive comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libc.so.6 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libcap.so.2.44 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libdbus-1.so.3.19.13 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libdouble-conversion.so.3.1 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.3.4 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.32.1 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libicudata.so.70.1 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libicui18n.so.70.1 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libicuuc.so.70.1 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libKF5ConfigCore.so.5.106.0 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/liblz4.so.1.9.3 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/liblzma.so.5.2.5 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libm.so.6 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libpcre.so.3.13.3 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libpcre2-16.so.0.10.4 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libQt5Core.so.5.15.9 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libQt5DBus.so.5.15.9 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.30 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libsystemd.so.0.32.0 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libz.so.1.2.11 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/lib/x86_64-linux-gnu/libzstd.so.1.4.8 comm=kreadconfig5 requested_mask=r denied_mask=r class=file
ALLOWED xdg-settings//null-/usr/bin/kreadconfig5 open /usr/share/zoneinfo/Europe/Amsterdam comm=kreadconfig5 requested_mask=r denied_mask=r class=file

ALLOWED unattended-upgrade open /etc/security/capability.conf comm=unattended-upgr requested_mask=r denied_mask=r
ALLOWED unattended-upgrade open /etc/vim/vimrc comm=unattended-upgr requested_mask=r denied_mask=r
ALLOWED unattended-upgrade open /etc/fwupd/daemon.conf comm=unattended-upgr requested_mask=r denied_mask=r
ALLOWED unattended-upgrade open /etc/fwupd/msr.conf comm=unattended-upgr requested_mask=r denied_mask=r
ALLOWED unattended-upgrade open /etc/fwupd/redfish.conf comm=unattended-upgr requested_mask=r denied_mask=r
ALLOWED unattended-upgrade open /etc/fwupd/remotes.d/dell-esrt.conf comm=unattended-upgr requested_mask=r denied_mask=r
ALLOWED unattended-upgrade open /etc/fwupd/remotes.d/lvfs-testing.conf comm=unattended-upgr requested_mask=r denied_mask=r
ALLOWED unattended-upgrade open /etc/fwupd/remotes.d/lvfs.conf comm=unattended-upgr requested_mask=r denied_mask=r
ALLOWED unattended-upgrade open /etc/fwupd/remotes.d/vendor-directory.conf comm=unattended-upgr requested_mask=r denied_mask=r
ALLOWED unattended-upgrade open /etc/fwupd/remotes.d/vendor.conf comm=unattended-upgr requested_mask=r denied_mask=r
ALLOWED unattended-upgrade open /etc/fwupd/thunderbolt.conf comm=unattended-upgr requested_mask=r denied_mask=r
ALLOWED unattended-upgrade open /etc/fwupd/uefi_capsule.conf comm=unattended-upgr requested_mask=r denied_mask=r
ALLOWED unattended-upgrade open /etc/pki/fwupd-metadata/GPG-KEY-Linux-Foundation-Metadata comm=unattended-upgr requested_mask=r denied_mask=r
ALLOWED unattended-upgrade open /etc/pki/fwupd-metadata/GPG-KEY-Linux-Vendor-Firmware-Service comm=unattended-upgr requested_mask=r denied_mask=r
ALLOWED unattended-upgrade open /etc/pki/fwupd-metadata/LVFS-CA.pem comm=unattended-upgr requested_mask=r denied_mask=r
ALLOWED unattended-upgrade open /etc/pki/fwupd/GPG-KEY-Linux-Foundation-Firmware comm=unattended-upgr requested_mask=r denied_mask=r
ALLOWED unattended-upgrade open /etc/pki/fwupd/GPG-KEY-Linux-Vendor-Firmware-Service comm=unattended-upgr requested_mask=r denied_mask=r
ALLOWED unattended-upgrade open /etc/pki/fwupd/LVFS-CA.pem comm=unattended-upgr requested_mask=r denied_mask=r

ALLOWED systemd-cgtop file_inherit /dev/pts/1 comm=systemd-cgtop requested_mask=wr denied_mask=wr
ALLOWED systemd-cgtop open /proc/1/cgroup comm=systemd-cgtop requested_mask=r denied_mask=r
ALLOWED systemd-cgtop open /proc/sys/kernel/osrelease comm=systemd-cgtop requested_mask=r denied_mask=r
ALLOWED systemd-cgtop open /proc/1/environ comm=systemd-cgtop requested_mask=r denied_mask=r

ALLOWED sysctl file_inherit /dev/pts/1 comm=sysctl requested_mask=wr denied_mask=wr

Also, since the switch to a custom generated libexec solution, a lot more programs have started misbehaving on my system. I think there are some missing paths. Is there a way to easily check which ones have been generated?

roddhjav commented 1 year ago

Most of you issue should be fixed now.

Also, since the switch to a custom generated libexec solution, a lot more programs have started misbehaving on my system. I think there are some missing paths. Is there a way to easily check which ones have been generated?

Can you tell me if you got some output when running: aa-log | grep error. Also, do you have some profiles that used to be confined and that are not confined anymore?

Jeroen0494 commented 1 year ago

Ubuntu has some libexec path's under multiarch:

jeroen@jeroen-XPS-13-9370:~$ aa-log -f /var/log/audit/audit.log.3 | grep libexec
ALLOWED kglobalaccel5//null-@{bin}/kstart getattr @{lib}/@{multiarch}/libexec/drkonqi-coredump-processor comm=kstart5 requested_mask=r denied_mask=r
ALLOWED kglobalaccel5//null-@{bin}/kstart//null-@{bin}/konsole getattr @{lib}/@{multiarch}/libexec/drkonqi-coredump-processor comm=konsole requested_mask=r denied_mask=r
jeroen@jeroen-XPS-13-9370:~$ aa-log -f /var/log/audit/audit.log.4 | grep libexec
ALLOWED ksmserver//null-@{lib}/@{multiarch}/libexec/kscreenlocker_greet open /var/cache/fontconfig/96ec562c-c213-4d76-a43e-33a27231e19b-le64.cache-7 comm=kscreenlocker_g requested_mask=r denied_mask=r
ALLOWED ksmserver//null-@{lib}/@{multiarch}/libexec/kscreenlocker_greet getattr /var/cache/fontconfig/96ec562c-c213-4d76-a43e-33a27231e19b-le64.cache-7 comm=kscreenlocker_g requested_mask=r denied_mask=r
[...]

I don't have many other examples right now, because all of the KDE errors are spamming my audit logs.

jeroen@jeroen-XPS-13-9370:~$ aa-log -f /var/log/audit/audit.log.3 | grep error
ALLOWED bluetoothd sendmsg owner run/systemd/notify info="Failed name lookup - disconnected path" comm=bluetoothd requested_mask=w denied_mask=w error=-13
ALLOWED bluetoothd sendmsg owner run/systemd/journal/dev-log info="Failed name lookup - disconnected path" comm=bluetoothd requested_mask=w denied_mask=w error=-13
ALLOWED bluetoothd connect owner run/dbus/system_bus_socket info="Failed name lookup - disconnected path" comm=bluetoothd requested_mask=wr denied_mask=wr error=-13

ALLOWED usbguard-daemon sendmsg owner run/systemd/journal/dev-log info="Failed name lookup - disconnected path" comm=usbguard-daemon requested_mask=w denied_mask=w error=-13

One example of a profile that stopped working is bluetoothd:

jeroen@jeroen-XPS-13-9370:~$ sudo journalctl -ru bluetoothd
-- No entries --
jeroen@jeroen-XPS-13-9370:~$ sudo systemctl status -l bluetoothd
Unit bluetoothd.service could not be found.
jeroen@jeroen-XPS-13-9370:~$ sudo systemctl status -l bluetooth
× bluetooth.service - Bluetooth service
     Loaded: loaded (/lib/systemd/system/bluetooth.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Tue 2023-09-05 15:39:04 CEST; 39min ago
       Docs: man:bluetoothd(8)
    Process: 6079 ExecStart=/usr/lib/bluetooth/bluetoothd (code=exited, status=1/FAILURE)
   Main PID: 6079 (code=exited, status=1/FAILURE)
        CPU: 120ms

sep 05 15:39:03 jeroen-XPS-13-9370 bluetoothd[6079]: D-Bus setup failed: Failed to connect to socket /run/dbus/system_bus_socket: Permission denied
sep 05 15:39:03 jeroen-XPS-13-9370 systemd[1]: bluetooth.service: Main process exited, code=exited, status=1/FAILURE
sep 05 15:39:03 jeroen-XPS-13-9370 systemd[1]: bluetooth.service: Failed with result 'exit-code'.
sep 05 15:39:03 jeroen-XPS-13-9370 systemd[1]: Failed to start Bluetooth service.
sep 05 15:39:04 jeroen-XPS-13-9370 systemd[1]: bluetooth.service: Scheduled restart job, restart counter is at 5.
sep 05 15:39:04 jeroen-XPS-13-9370 systemd[1]: Stopped Bluetooth service.
sep 05 15:39:04 jeroen-XPS-13-9370 systemd[1]: bluetooth.service: Start request repeated too quickly.
sep 05 15:39:04 jeroen-XPS-13-9370 systemd[1]: bluetooth.service: Failed with result 'exit-code'.
sep 05 15:39:04 jeroen-XPS-13-9370 systemd[1]: Failed to start Bluetooth service.
jeroen@jeroen-XPS-13-9370:~$ sudo apparmor_parser -R /etc/apparmor.d/bluetoothd
jeroen@jeroen-XPS-13-9370:~$ sudo systemctl restart bluetooth
jeroen@jeroen-XPS-13-9370:~$ sudo systemctl status -l bluetooth
● bluetooth.service - Bluetooth service
     Loaded: loaded (/lib/systemd/system/bluetooth.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2023-09-05 16:18:39 CEST; 3s ago
       Docs: man:bluetoothd(8)
   Main PID: 11065 (bluetoothd)
     Status: "Running"
      Tasks: 1 (limit: 18729)
     Memory: 1.2M
        CPU: 69ms
     CGroup: /system.slice/bluetooth.service
             └─11065 /usr/lib/bluetooth/bluetoothd

sep 05 16:18:40 jeroen-XPS-13-9370 bluetoothd[11065]: Endpoint registered: sender=:1.47 path=/MediaEndpoint/A2DPSink/aptx
sep 05 16:18:40 jeroen-XPS-13-9370 bluetoothd[11065]: Endpoint registered: sender=:1.47 path=/MediaEndpoint/A2DPSource/aptx
sep 05 16:18:40 jeroen-XPS-13-9370 bluetoothd[11065]: Endpoint registered: sender=:1.47 path=/MediaEndpoint/A2DPSink/sbc
sep 05 16:18:40 jeroen-XPS-13-9370 bluetoothd[11065]: Endpoint registered: sender=:1.47 path=/MediaEndpoint/A2DPSource/sbc
sep 05 16:18:40 jeroen-XPS-13-9370 bluetoothd[11065]: Endpoint registered: sender=:1.47 path=/MediaEndpoint/A2DPSink/sbc_xq_453
sep 05 16:18:40 jeroen-XPS-13-9370 bluetoothd[11065]: Endpoint registered: sender=:1.47 path=/MediaEndpoint/A2DPSource/sbc_xq_453
sep 05 16:18:40 jeroen-XPS-13-9370 bluetoothd[11065]: Endpoint registered: sender=:1.47 path=/MediaEndpoint/A2DPSink/sbc_xq_512
sep 05 16:18:40 jeroen-XPS-13-9370 bluetoothd[11065]: Endpoint registered: sender=:1.47 path=/MediaEndpoint/A2DPSource/sbc_xq_512
sep 05 16:18:40 jeroen-XPS-13-9370 bluetoothd[11065]: Endpoint registered: sender=:1.47 path=/MediaEndpoint/A2DPSink/sbc_xq_552
sep 05 16:18:40 jeroen-XPS-13-9370 bluetoothd[11065]: Endpoint registered: sender=:1.47 path=/MediaEndpoint/A2DPSource/sbc_xq_552

roddhjav commented 1 year ago

Thanks. The issue with bluetoothd and usbguard is easily solved (it used to be part of the project long time ago I think).

The other seems to be classic distribution path nightmare. Nothing strictly related with the variables change (actually, there are less issues of this kind now).

Jeroen0494 commented 1 year ago

Great, thanks. I've made a crude list of libexec path's on an Ubuntu 22.04 installation, I think all are covered now except for package specific ones:

jeroen@jeroen-XPS-13-9370:~$ sudo find /usr -type d -name "*libexec*"
/usr/libexec
/usr/lib/x86_64-linux-gnu/libexec
/usr/lib/x86_64-linux-gnu/qt5/libexec
/usr/lib/ruby/gems/2.7.0/gems/bundler-2.1.2/libexec
/usr/lib/ruby/gems/3.0.0/gems/erb-2.2.0/libexec
/usr/lib/ruby/gems/3.0.0/gems/bundler-2.2.22/libexec
/usr/lib/kauth/libexec
jeroen@jeroen-XPS-13-9370:~$ ls -l /
total 424
lrwxrwxrwx   1 root   root      7 nov 12  2022 bin -> usr/bin
drwx------   5 root   root   4096 sep  5 14:19 boot
drwxr-xr-x   2 root   root   4096 nov 10  2018 cdrom
drwxr-xr-x  23 root   root   4960 sep  5 16:17 dev
drwxr-xr-x 203 root   root  12288 sep  5 14:18 etc
drwxr-xr-x   3 jeroen root   4096 jun 19  2020 home
lrwxrwxrwx   1 root   root     34 sep  8  2020 initrd.img -> boot/initrd.img-4.15.0-117-generic
lrwxrwxrwx   1 root   root     34 sep  8  2020 initrd.img.old -> boot/initrd.img-4.15.0-115-generic
lrwxrwxrwx   1 root   root      7 nov 12  2022 lib -> usr/lib
lrwxrwxrwx   1 root   root      9 nov 12  2022 lib32 -> usr/lib32
lrwxrwxrwx   1 root   root      9 nov 12  2022 lib64 -> usr/lib64
lrwxrwxrwx   1 root   root     10 nov 12  2022 libx32 -> usr/libx32
drwx------   2 root   root  16384 nov 10  2018 lost+found
drwxr-xr-x   4 root   root   4096 mei  5  2019 media
drwxr-xr-x   4 root   root   4096 okt  5  2020 mnt
drwxr-xr-x   8 root   root   4096 mei 28 22:53 opt
dr-xr-xr-x 389 root   root      0 sep  5 15:37 proc
drwx------  18 root   root   4096 sep  5 16:18 root
drwxr-xr-x  44 root   root   1300 sep  5 16:17 run
lrwxrwxrwx   1 root   root      8 nov 12  2022 sbin -> usr/sbin
drwxr-xr-x   2 root   root   4096 nov  8  2018 srv
dr-xr-xr-x  13 root   root      0 sep  5 15:37 sys
drwxrwxrwt  37 root   root  20480 sep  5 21:40 tmp
drwxr-xr-x  16 root   root   4096 nov 12  2022 usr
drwxr-xr-x  13 root   root   4096 feb 16  2023 var

roddhjav / apparmor.d

General issues #191