profiles: add QtWebEngineProcess path used by Arch Linux and other distros

Arch Linux qt6-webengine has `/usr/lib/qt6/QtWebEngineProcess` and qt5-webengine has `/usr/lib/qt/libexec/QtWebEngineProcess`. Fedora has `/usr/lib64/qt6/libexec/QtWebEngineProcess`. openSUSE Tumbleweed has `/usr/libexec/qt5/QtWebEngineProcess` and `/usr/libexec/qt6/QtWebEngineProcess`. Co-authored-by: Maxime Bélair <maxime.belair@canonical.com>
2025-08-22 18:17:09 +00:00 · 2025-06-24 11:11:52 +03:00 · 2025-06-24 11:11:52 +03:00 · f1773f4083
commit f1773f4083
parent ad16a5c5c0
2 changed files with 2 additions and 4 deletions
--- a/profiles/apparmor.d/QtWebEngineProcess
+++ b/profiles/apparmor.d/QtWebEngineProcess
@ -4,7 +4,7 @@
 abi <abi/4.0>,
 include <tunables/global>

-profile QtWebEngineProcess /usr/lib/@{multiarch}/qt{5,6}/libexec/QtWebEngineProcess flags=(unconfined) {
+profile QtWebEngineProcess /usr/lib{,64,exec}/{,@{multiarch}/}qt{,5,6}/{,libexec/}QtWebEngineProcess flags=(unconfined) {
  userns,
  @{exec_path} mr,

--- a/profiles/apparmor.d/plasmashell
+++ b/profiles/apparmor.d/plasmashell
@ -18,9 +18,7 @@ profile plasmashell /usr/bin/plasmashell {
  ptrace,

  # allow executing QtWebEngineProcess with full permissions including userns (using profile stacking to avoid no_new_privs issues)
-  /usr/lib/x86_64-linux-gnu/qt[56]/libexec/QtWebEngineProcess cx -> &plasmashell//QtWebEngineProcess,
-  /usr/libexec/qt[56]/QtWebEngineProcess                      cx -> &plasmashell//QtWebEngineProcess,
-  /usr/lib/qt6/libexec/QtWebEngineProcess                     cx -> &plasmashell//QtWebEngineProcess,
+  priority=1 /usr/lib{,64,exec}/{,@{multiarch}/}qt{,5,6}/{,libexec/}QtWebEngineProcess cx -> &plasmashell//QtWebEngineProcess,

  # allow to execute all other programs under their own profile, or to run unconfined
  /** pux,