Comment 13 for bug 2065915

As per the discussion in https://irclogs.ubuntu.com/2024/07/09/%23ubuntu-security.txt
The recommendation from the security team is to not revert to the "flags=(unconfined)" profile if the profile is already confined. That means that we should only fix the multiarch issue.

Scarlett, you're right, just adding the variable @{multiarch} directly does not work in this case, because due to how the parser is currently implemented, @{multiarch} translates to *-linux-gnu* and the wildcard makes it conflict with the "/** pux," rule. That's the reason that it's hard coded in the plasmashell profile as well. We are currently working on fixing it in the parser but it's not available right now.

So for this case, we would have to add the other arch hard coded too. Something like the following diff, for every architecture we want to support.

@@ -18,6 +18,7 @@
   ptrace,

   /usr/lib/x86_64-linux-gnu/qt5/libexec/QtWebEngineProcess cx -> &plasmashell//QtWebEngineProcess,
+ /usr/lib/aarch64-linux-gnu/qt5/libexec/QtWebEngineProcess cx -> &plasmashell//QtWebEngineProcess,
   /** pux,
   /{,**} mrwlk,

Regarding dbus being denied, could you point those reports my way? I'm more than happy to help