From 457dc141386bc3ddbb922950b465a29008f13363 Mon Sep 17 00:00:00 2001
From: Vincent43 <31109921+Vincent43@users.noreply.github.com>
Date: Thu, 4 Jan 2018 14:19:03 +0000
Subject: Apparmor: fix broken file dialogs in kde plasma

For some time apparmor started breaking file dialogs in kde plasma (gwenview, calibre, qbittorrent, etc). typical audit report below:

AVC apparmor="DENIED" operation="open" profile="firejail-default" name="/run/user/1000/#28520" pid=1997 comm="qbittorrent" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000

AVC apparmor="DENIED" operation="link" profile="firejail-default" name="/run/user/1000/qBittorrentZcaeTi.1.slave-socket" pid=3679 comm="qbittorrent" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 target="/run/user/1000/#79965"

This commit fixes this issue. Tested on Archlinux (linux 4.14.11, kde 5.11.5)
---
 etc/firejail-default | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'etc')

diff --git a/etc/firejail-default b/etc/firejail-default
index 5aacaec97..eb50d6c65 100644
--- a/etc/firejail-default
+++ b/etc/firejail-default
@@ -30,7 +30,8 @@ profile firejail-default flags=(attach_disconnected,mediate_deleted) {
 /{,var/}run/user/**/dconf/user rw,
 /{,var/}run/user/**/pulse/ rw,
 /{,var/}run/user/**/pulse/** rw,
-/{,var/}run/user/**/*.slave-socket rw,
+/{,var/}run/user/**/*.slave-socket rwl,
+/{,var/}run/user/**/#@{PID} rw,
 /{,var/}run/user/**/orcexec.* rwkm,
 /{,var/}run/firejail/mnt/fslogger r,
 /{,var/}run/firejail/appimage r,
-- 
cgit v1.2.3-54-g00ecf