beroal
If your script installs profiles, it should check whether a profile already exists so it doesn't overwrite a custom profile made by a user. For example, Pacman (Arch Linux) does...
> Your mountpoint `/root/mnt/test` needs to be defined in `@{MOUNTS}`. Here you would need to add `/root/mnt` to `@{MOUNTS}`. I can mount other file system types to `/root/mnt/test` just fine...
You wrote that [KDE is supported](https://apparmor.pujol.io/). I'm not using SDDM, but that shouldn't cause Plasma to execute programs without profiles IMHO. Is something wrong with my setup?
An additional log for KDE Plasma, mainly because of `kde-powerdevil`. ``` apparmor="DENIED" operation="open" class="file" profile="greetd" name="/home/greeter/" comm="find" requested_mask="r" denied_mask="r" fsuid=972 ouid=972 FSUID="greeter" OUID="greeter" apparmor="DENIED" operation="open" class="file" profile="sway" name="/apparmor/.null" comm="sway" requested_mask="wr"...
Running Firefox and `kscreenlocker_greet`: ``` apparmor="DENIED" operation="open" class="file" profile="greetd" name="/home/greeter/" comm="find" requested_mask="r" denied_mask="r" fsuid=972 ouid=972 FSUID="greeter" OUID="greeter" apparmor="DENIED" operation="open" class="file" profile="sway" name="/apparmor/.null" comm="sway" requested_mask="wr" denied_mask="wr" fsuid=972 ouid=0 FSUID="greeter" OUID="root" apparmor="DENIED"...
``` apparmor="ALLOWED" operation="mknod" class="file" profile="gimp" name="/home/test58/.cache/thumbnails/normal/gimp-thumb-21550-9d038ccc" comm="gimp" requested_mask="c" denied_mask="c" fsuid=1020 ouid=1020 FSUID="test58" OUID="test58" apparmor="ALLOWED" operation="open" class="file" profile="gimp" name="/home/test58/.cache/thumbnails/normal/gimp-thumb-21550-9d038ccc" comm="gimp" requested_mask="wc" denied_mask="wc" fsuid=1020 ouid=1020 FSUID="test58" OUID="test58" apparmor="ALLOWED" operation="rename_src" class="file" profile="gimp" name="/home/test58/.cache/thumbnails/normal/gimp-thumb-21550-9d038ccc"...
When taking a screenshot in GIMP under KDE Plasma, I get the following log messages: ``` apparmor="DENIED" operation="open" class="file" profile="greetd" name="/home/greeter/" comm="find" requested_mask="r" denied_mask="r" fsuid=972 ouid=972 FSUID="greeter" OUID="greeter" apparmor="DENIED" operation="open"...
> If you don't mind, Filezilla is probably the next that will be removed. Actually, I do mind 😳. I have an `fzsftp` profile ready. However, it requests `capability sys_ptrace`...
> Meanwhile, they are required by default by FileZilla. So I don't thing it is a good idea to remove them. I used FileZilla alright without ``` / r, /*/...
> It can be an issue for new user as they can be legitimately afraid of breaking their system even if over 90% of the profiles are safe to use....