feat(profiles): continue replacing [0-9]* by @{int}.
This commit is contained in:
Alexandre Pujol
parent
99e4c4622d
commit
00051bd2f0
100 changed files with 222 additions and 229 deletions
|
|
@ -30,7 +30,7 @@ profile mandb @{exec_path} flags=(complain) {
|
|||
/usr/{,share/}man/{,**} r,
|
||||
/usr/local/{,share/}man/{,**} r,
|
||||
|
||||
/usr/share/**/man/man[0-9]*/*.[0-9]*.gz r,
|
||||
/usr/share/**/man/man@{int}/*.@{int}.gz r,
|
||||
|
||||
owner @{user_share_dirs}/man/** rwk,
|
||||
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ profile mke2fs @{exec_path} {
|
|||
owner @{user_img_dirs}/{,**} rwk,
|
||||
|
||||
# For virt-resize
|
||||
owner /var/tmp/.guestfs-[0-9]*/** rwk,
|
||||
owner /var/tmp/.guestfs-@{int}/** rwk,
|
||||
|
||||
owner @{run}/blkid/blkid.tab{,-@{rand6}} rw,
|
||||
owner @{run}/blkid/blkid.tab.old rwl -> @{run}/blkid/blkid.tab,
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ profile monitorix @{exec_path} {
|
|||
@{PROC}/@{pids}/io r,
|
||||
|
||||
@{sys}/class/i2c-adapter/ r,
|
||||
@{sys}/devices/@{pci}/i2c-[0-9]*/name r,
|
||||
@{sys}/devices/@{pci}/i2c-@{int}/name r,
|
||||
@{sys}/class/hwmon/ r,
|
||||
@{sys}/devices/**/thermal*/{,**} r,
|
||||
@{sys}/devices/**/hwmon*/{,**} r,
|
||||
|
|
|
|||
|
|
@ -59,8 +59,8 @@ profile mount @{exec_path} flags=(attach_disconnected) {
|
|||
owner @{run}/mount/utab{,.*} rw,
|
||||
owner @{run}/mount/utab.lock wk,
|
||||
|
||||
/tmp/sanity-squashfs-[0-9]* rw,
|
||||
/tmp/syscheck-squashfs-[0-9]* rw,
|
||||
/tmp/sanity-squashfs-@{int} rw,
|
||||
/tmp/syscheck-squashfs-@{int} rw,
|
||||
|
||||
@{PROC}/@{pid}/mountinfo r,
|
||||
|
||||
|
|
|
|||
|
|
@ -10,12 +10,16 @@ include <tunables/global>
|
|||
@{exec_path} = @{bin}/obexautofs
|
||||
profile obexautofs @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/devices-usb>
|
||||
|
||||
network bluetooth seqpacket,
|
||||
network bluetooth stream,
|
||||
network bluetooth raw,
|
||||
network netlink raw,
|
||||
|
||||
mount fstype=fuse.obexautofs -> @{HOME}/*/,
|
||||
mount fstype=fuse.obexautofs -> @{HOME}/*/*/,
|
||||
|
||||
@{exec_path} mr,
|
||||
|
||||
@{bin}/fusermount{,3} rCx -> fusermount,
|
||||
|
|
@ -23,42 +27,31 @@ profile obexautofs @{exec_path} {
|
|||
owner @{HOME}/*/ r,
|
||||
owner @{HOME}/*/*/ r,
|
||||
|
||||
mount fstype=fuse.obexautofs -> @{HOME}/*/,
|
||||
mount fstype=fuse.obexautofs -> @{HOME}/*/*/,
|
||||
|
||||
@{sys}/bus/ r,
|
||||
@{sys}/class/ r,
|
||||
@{sys}/bus/usb/devices/ r,
|
||||
@{sys}/devices/@{pci}/usb@{int}/bConfigurationValue r,
|
||||
@{sys}/devices/@{pci}/usb@{int}/**/bConfigurationValue r,
|
||||
@{sys}/devices/@{pci}/usb@{int}/{uevent,busnum,devnum,speed,descriptors} r,
|
||||
@{sys}/devices/@{pci}/usb@{int}/**/{uevent,busnum,devnum,speed,descriptors} r,
|
||||
|
||||
@{run}/udev/data/+usb:* r,
|
||||
@{run}/udev/data/c18[0,8,9]:[0-9]* r, # USB devices & USB serial converters
|
||||
|
||||
/dev/bus/usb/ r,
|
||||
/dev/fuse rw,
|
||||
|
||||
|
||||
profile fusermount {
|
||||
include <abstractions/base>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
# To mount anything:
|
||||
capability sys_admin,
|
||||
|
||||
mount fstype={fuse,fuse.obexautofs} -> @{HOME}/*/,
|
||||
mount fstype={fuse,fuse.obexautofs} -> @{HOME}/*/*/,
|
||||
|
||||
@{bin}/fusermount{,3} mr,
|
||||
|
||||
/etc/fuse.conf r,
|
||||
|
||||
/dev/fuse rw,
|
||||
|
||||
mount fstype={fuse,fuse.obexautofs} -> @{HOME}/*/,
|
||||
mount fstype={fuse,fuse.obexautofs} -> @{HOME}/*/*/,
|
||||
|
||||
@{PROC}/@{pid}/mounts r,
|
||||
|
||||
/dev/fuse rw,
|
||||
|
||||
include if exists <local/obexautofs_fusermount>
|
||||
}
|
||||
|
||||
include if exists <local/obexautofs>
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ profile qemu-ga @{exec_path} {
|
|||
|
||||
owner @{PROC}/@{pid}/net/dev r,
|
||||
|
||||
/dev/vport[0-9]*p[0-9]* rw,
|
||||
/dev/vport@{int}p@{int} rw,
|
||||
|
||||
include if exists <local/qemu-ga>
|
||||
}
|
||||
|
|
@ -69,9 +69,9 @@ profile qnapi @{exec_path} {
|
|||
owner /tmp/#@{int} rw,
|
||||
owner /tmp/QNapi-*-rc wl -> /tmp/#@{int},
|
||||
owner /tmp/QNapi-*-rc.lock rwk,
|
||||
owner /tmp/QNapi.[0-9]*.tmp rw,
|
||||
owner /tmp/QNapi.[0-9]*.tmp.* rw,
|
||||
owner /tmp/QNapi.[0-9]*.tmp.* rwl -> /tmp/#@{int},
|
||||
owner /tmp/QNapi.@{int}.tmp rw,
|
||||
owner /tmp/QNapi.@{int}.tmp.* rw,
|
||||
owner /tmp/QNapi.@{int}.tmp.* rwl -> /tmp/#@{int},
|
||||
owner /tmp/QNapi.@{int} rw,
|
||||
|
||||
owner /dev/shm/#@{int} rw,
|
||||
|
|
|
|||
|
|
@ -66,8 +66,8 @@ profile quiterss @{exec_path} {
|
|||
|
||||
/dev/shm/#@{int} rw,
|
||||
|
||||
owner /tmp/qtsingleapp-quiter-[0-9]*-[0-9]* rw,
|
||||
owner /tmp/qtsingleapp-quiter-[0-9]*-[0-9]*-lockfile rwk,
|
||||
owner /tmp/qtsingleapp-quiter-@{int}-@{int} rw,
|
||||
owner /tmp/qtsingleapp-quiter-@{int}-@{int}-lockfile rwk,
|
||||
owner /var/tmp/etilqs_@{hex} rw,
|
||||
|
||||
# Allowed apps to open
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue