Apparmor: fix broken file dialogs in kde plasma

For some time apparmor started breaking file dialogs in kde plasma (gwenview, calibre, qbittorrent, etc). typical audit report below:

AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/run/user/1000/#28520" pid=1997 comm="qbittorrent" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000

AVC apparmor="DENIED" operation="link" profile="firejail-default" name="/run/user/1000/qBittorrentZcaeTi.1.slave-socket" pid=3679 comm="qbittorrent" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 target="/run/user/1000/#79965"

This commit fixes this issue. Tested on Archlinux (linux 4.14.11, kde 5.11.5)

1 files changed, 2 insertions, 1 deletions

diff --git a/etc/firejail-default b/etc/firejail-default
index 5aacaec97..eb50d6c65 100644
--- a/etc/firejail-default
+++ b/etc/firejail-default
@@ -30,7 +30,8 @@ profile firejail-default flags=(attach_disconnected,mediate_deleted) {
 /{,var/}run/user/**/dconf/user rw,
 /{,var/}run/user/**/pulse/ rw,
 /{,var/}run/user/**/pulse/** rw,
-/{,var/}run/user/**/*.slave-socket rw,
+/{,var/}run/user/**/*.slave-socket rwl,
+/{,var/}run/user/**/#@{PID} rw,
 /{,var/}run/user/**/orcexec.* rwkm,
 /{,var/}run/firejail/mnt/fslogger r,
 /{,var/}run/firejail/appimage r,