Merge profiles: add QtWebEngineProcess path used by Arch Linux and other distros

Arch Linux qt6-webengine has `/usr/lib/qt6/QtWebEngineProcess` and qt5-webengine has `/usr/lib/qt/libexec/QtWebEngineProcess`. Fedora has `/usr/lib64/qt6/libexec/QtWebEngineProcess`. openSUSE Tumbleweed has `/usr/libexec/qt5/QtWebEngineProcess` and `/usr/libexec/qt6/QtWebEngineProcess`. Co-authored-by: Maxime Bélair <maxime.belair@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1726 Approved-by: Maxime Bélair <maxime.belair@canonical.com> Merged-by: John Johansen <john@jjmx.net>
2025-08-22 10:07:12 +00:00 · 2025-07-30 08:37:10 +00:00 · 2025-07-30 08:37:10 +00:00 · b40ac50f49
commit b40ac50f49
parent 87e0151c7c f1773f4083
2 changed files with 2 additions and 4 deletions
--- a/profiles/apparmor.d/QtWebEngineProcess
+++ b/profiles/apparmor.d/QtWebEngineProcess
@ -4,7 +4,7 @@
 abi <abi/4.0>,
 include <tunables/global>
-profile QtWebEngineProcess /usr/lib/@{multiarch}/qt{5,6}/libexec/QtWebEngineProcess flags=(unconfined) {
+profile QtWebEngineProcess /usr/lib{,64,exec}/{,@{multiarch}/}qt{,5,6}/{,libexec/}QtWebEngineProcess flags=(unconfined) {
  userns,
  @{exec_path} mr,
--- a/profiles/apparmor.d/plasmashell
+++ b/profiles/apparmor.d/plasmashell
@ -18,9 +18,7 @@ profile plasmashell /usr/bin/plasmashell {
  ptrace,
  # allow executing QtWebEngineProcess with full permissions including userns (using profile stacking to avoid no_new_privs issues)
-  /usr/lib/x86_64-linux-gnu/qt[56]/libexec/QtWebEngineProcess cx -> &plasmashell//QtWebEngineProcess,
+  priority=1 /usr/lib{,64,exec}/{,@{multiarch}/}qt{,5,6}/{,libexec/}QtWebEngineProcess cx -> &plasmashell//QtWebEngineProcess,
  /usr/libexec/qt[56]/QtWebEngineProcess                      cx -> &plasmashell//QtWebEngineProcess,
  /usr/lib/qt6/libexec/QtWebEngineProcess                     cx -> &plasmashell//QtWebEngineProcess,
  # allow to execute all other programs under their own profile, or to run unconfined
  /** pux,