tty and pts are part of abstractions/consoles
This commit is contained in:
Jeroen Rijken
Alex
parent
7ee9644325
commit
005dec1a53
59 changed files with 58 additions and 65 deletions
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}bin/archlinux-java
|
||||
profile archlinux-java @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
capability dac_read_search,
|
||||
|
||||
|
|
@ -25,7 +26,6 @@ profile archlinux-java @{exec_path} {
|
|||
/{usr/,}lib/jvm/default w,
|
||||
/{usr/,}lib/jvm/default-runtime w,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
# Inherit Silencer
|
||||
deny network inet6 stream,
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}bin/paccache
|
||||
profile paccache @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
capability dac_read_search,
|
||||
|
|
@ -35,7 +36,6 @@ profile paccache @{exec_path} {
|
|||
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/paccache>
|
||||
}
|
||||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}bin/pacdiff
|
||||
profile pacdiff @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
capability dac_read_search,
|
||||
capability mknod,
|
||||
|
|
@ -36,7 +37,6 @@ profile pacdiff @{exec_path} flags=(attach_disconnected) {
|
|||
/usr/{,**} r,
|
||||
/var/{,**} r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
# Inherit Silencer
|
||||
deny /apparmor/.null rw,
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /usr/share/libalpm/scripts/dconf-update
|
||||
profile pacman-hook-dconf @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
capability dac_read_search,
|
||||
|
||||
|
|
@ -20,7 +21,6 @@ profile pacman-hook-dconf @{exec_path} {
|
|||
|
||||
/etc/dconf/db/{,**} rw,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
# Inherit Silencer
|
||||
deny network inet6 stream,
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /usr/share/libalpm/scripts/depmod
|
||||
profile pacman-hook-depmod @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
capability dac_read_search,
|
||||
|
||||
|
|
@ -23,7 +24,6 @@ profile pacman-hook-depmod @{exec_path} {
|
|||
|
||||
/usr/lib/modules/*/{,**} rw,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
# Inherit Silencer
|
||||
deny network inet6 stream,
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /usr/share/libalpm/scripts/dkms
|
||||
profile pacman-hook-dkms @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
capability dac_read_search,
|
||||
capability mknod,
|
||||
|
|
@ -27,7 +28,6 @@ profile pacman-hook-dkms @{exec_path} {
|
|||
|
||||
/etc/dkms/{,*} r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
# Inherit Silencer
|
||||
deny network inet6 stream,
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /usr/share/libalpm/scripts/40-fontconfig-config
|
||||
profile pacman-hook-fontconfig @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
capability dac_read_search,
|
||||
|
||||
|
|
@ -21,7 +22,6 @@ profile pacman-hook-fontconfig @{exec_path} {
|
|||
/etc/fonts/conf.d/* rwl,
|
||||
/usr/share/fontconfig/conf.default/* r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
# Inherit Silencer
|
||||
deny network inet6 stream,
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /usr/share/libalpm/scripts/gio-querymodules
|
||||
profile pacman-hook-gio @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
capability dac_read_search,
|
||||
|
||||
|
|
@ -23,7 +24,6 @@ profile pacman-hook-gio @{exec_path} {
|
|||
|
||||
/usr/lib/gio/modules/ rw,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
# Inherit Silencer
|
||||
deny network inet6 stream,
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /usr/share/libalpm/scripts/gtk-update-icon-cache
|
||||
profile pacman-hook-gtk @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
capability dac_read_search,
|
||||
|
||||
|
|
@ -23,7 +24,6 @@ profile pacman-hook-gtk @{exec_path} {
|
|||
|
||||
/usr/share/icons/{,**} rw,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
# Inherit Silencer
|
||||
deny network inet6 stream,
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /usr/share/libalpm/scripts/mkinitcpio-install
|
||||
profile pacman-hook-mkinitcpio-install @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
capability dac_read_search,
|
||||
capability mknod,
|
||||
|
|
@ -32,7 +33,6 @@ profile pacman-hook-mkinitcpio-install @{exec_path} flags=(attach_disconnected)
|
|||
/ r,
|
||||
owner /boot/vmlinuz-* rw,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
# Inherit Silencer
|
||||
deny network inet6 stream,
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /usr/share/libalpm/scripts/mkinitcpio-remove
|
||||
profile pacman-hook-mkinitcpio-remove @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
capability dac_read_search,
|
||||
capability mknod,
|
||||
|
|
@ -28,7 +29,6 @@ profile pacman-hook-mkinitcpio-remove @{exec_path} {
|
|||
/boot/initramfs-*.img rw,
|
||||
/boot/initramfs-*-fallback.img rw,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
# Inherit Silencer
|
||||
deny network inet6 stream,
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /usr/share/libalpm/scripts/detect-old-perl-modules.sh
|
||||
profile pacman-hook-perl @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
capability dac_read_search,
|
||||
capability mknod,
|
||||
|
|
@ -23,7 +24,6 @@ profile pacman-hook-perl @{exec_path} {
|
|||
|
||||
/{usr/,}lib/perl[0-9]*/{,**} r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
# Inherit silencer
|
||||
deny network inet6 stream,
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /usr/share/libalpm/scripts/systemd-hook
|
||||
profile pacman-hook-systemd @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
capability dac_read_search,
|
||||
|
||||
|
|
@ -29,7 +30,6 @@ profile pacman-hook-systemd @{exec_path} {
|
|||
|
||||
/usr/ rw,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
# Inherit silencer
|
||||
deny network inet6 stream,
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ include <tunables/global>
|
|||
profile pacman-key @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/consoles>
|
||||
|
||||
capability dac_read_search,
|
||||
capability mknod,
|
||||
|
|
@ -35,7 +36,6 @@ profile pacman-key @{exec_path} {
|
|||
|
||||
/etc/pacman.d/gnupg/gpg.conf r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
profile gpg {
|
||||
include <abstractions/base>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue