From ab15e29654c11d3321c15ab0e8734e2d0b218fbc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sommer?= <joerg@jo-so.de>
Date: Thu, 16 Sep 2021 09:33:53 +0200
Subject: [PATCH] Allow write access to /run/user/*/dconf/user

Gtk applications like Firefox request write access to the file
`/run/user/1000/dconf/user`. The code in `dconf_shm_open` opens the file
with `O_RDWR | O_CREAT`.

https://github.com/GNOME/dconf/blob/4057f8c84ff8c834dcd1cb82f946dd8cc49712ff/shm/dconf-shm.c#L68
(cherry picked from commit 318fb3044619034c14a5b7dbc7e700b039b8d9ae)
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 profiles/apparmor.d/abstractions/dconf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/profiles/apparmor.d/abstractions/dconf b/profiles/apparmor.d/abstractions/dconf
index c16dff72f..959cfd48b 100644
--- a/profiles/apparmor.d/abstractions/dconf
+++ b/profiles/apparmor.d/abstractions/dconf
@@ -6,7 +6,8 @@
 # be specified in a specific application's profile.
 
   @{etc_ro}/dconf/** r,
-  owner @{run}/user/*/dconf/user r,
+  # TODO: make w conditional when an override is available, so it can be moved to a portal.
+  owner @{run}/user/*/dconf/user rw,
   owner @{HOME}/.config/dconf/user r,
 
   # Include additions to the abstraction