#include <tunables/global>

/usr/share/discord/Discord {
#/usr/share/discord/Discord flags=(complain) {
	#include <abstractions/X>
	#include <abstractions/base>
	#include <abstractions/fonts>
	#include <abstractions/audio>
	#include <abstractions/consoles>
	#include <abstractions/mesa>
	#include <abstractions/dbus-session>
	#include <abstractions/nameservice>
	#include <abstractions/freedesktop.org>

	ptrace (trace,read) peer=/usr/share/discord/Discord,
	ptrace (read) peer=/usr/games/steam,
	deny ptrace (read) peer=/usr/lib/firefox/firefox,
	deny ptrace (read) peer=/usr/share/spotify/spotify,
	deny ptrace (read) peer=unconfined,

	capability sys_admin,
	capability sys_chroot,
	capability sys_ptrace,
	capability setgid,

	/usr/share/discord/** rix,

	owner @{HOME}/.config/discord/ rw,
	owner @{HOME}/.config/discord/** rwkm,
	owner @{HOME}/.pki/nssdb/{cert9.db,pkcs11.txt} r,

	@{PROC}/ r,
	@{PROC}/[0-9]*/cmdline r,
	owner @{PROC}/[0-9]*/stat r,
	owner @{PROC}/[0-9]*/statm r,
	owner @{PROC}/[0-9]*/fd/ r,
	owner @{PROC}/[0-9]*/task/ r,
	owner @{PROC}/[0-9]*/task/[0-9]*/status r,
	owner @{PROC}/[0-9]*/clear_refs w,
	owner @{PROC}/[0-9]*/setgroups w,
	owner @{PROC}/[0-9]*/gid_map w,
	owner @{PROC}/[0-9]*/uid_map w,

	@{sys}/bus/pci/devices/ r,
	@{sys}/devices/** r,

	/dev/ r,
	/dev/video[0-9]* rw,

	/tmp/ r,
	/var/tmp/ r,
	/tmp/.org.chromium.Chromium.*/ rw,
	/tmp/.org.chromium.Chromium.*/** rw,
	/dev/shm/.org.chromium.Chromium.* rw,
}