tty and pts are part of abstractions/consoles
This commit is contained in:
Jeroen Rijken
Alex
parent
7ee9644325
commit
005dec1a53
59 changed files with 58 additions and 65 deletions
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}{s,}bin/acpid
|
||||
profile acpid @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
capability dac_read_search,
|
||||
|
|
@ -33,7 +34,6 @@ profile acpid @{exec_path} flags=(attach_disconnected) {
|
|||
owner @{PROC}/@{pids}/loginuid r,
|
||||
|
||||
/dev/input/{,**} r,
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/acpid>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}lib/apparmor/apparmor.systemd
|
||||
profile apparmor.systemd @{exec_path} flags=(complain) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
capability mac_admin,
|
||||
|
|
@ -41,7 +42,6 @@ profile apparmor.systemd @{exec_path} flags=(complain) {
|
|||
@{PROC}/filesystems r,
|
||||
@{PROC}/mounts r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/apparmor.systemd>
|
||||
}
|
||||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}lib/code/extensions/git/dist/askpass.sh
|
||||
profile askpass @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
network inet dgram,
|
||||
network inet6 dgram,
|
||||
|
|
@ -25,7 +26,6 @@ profile askpass @{exec_path} {
|
|||
|
||||
owner /tmp/tmp.* rw,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/askpass>
|
||||
}
|
||||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}bin/augenrules
|
||||
profile augenrules @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
@{exec_path} mr,
|
||||
|
|
@ -19,7 +20,6 @@ profile augenrules @{exec_path} {
|
|||
|
||||
owner /tmp/aurules.* rw,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/augenrules>
|
||||
}
|
||||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /usr/share/aurpublish/*.hook
|
||||
profile aurpublish @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
|
||||
signal (receive) peer=git,
|
||||
|
||||
|
|
@ -25,7 +26,6 @@ profile aurpublish @{exec_path} {
|
|||
owner @{user_projects_dirs}/**/.SRCINFO rw,
|
||||
owner @{user_projects_dirs}/**/PKGBUILD r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/aurpublish>
|
||||
}
|
||||
|
|
@ -10,6 +10,7 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}bin/blueman-*
|
||||
profile blueman @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/audio>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/fontconfig-cache-read>
|
||||
|
|
@ -67,7 +68,6 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
|
|||
/dev/dri/card[0-9]* rw,
|
||||
/dev/rfkill r,
|
||||
/dev/shm/ r,
|
||||
/dev/tty rw,
|
||||
|
||||
profile open {
|
||||
include <abstractions/base>
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}bin/evince /{usr/,}lib/evinced
|
||||
profile evince @{exec_path} {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/gnome>
|
||||
include <abstractions/openssl>
|
||||
|
|
@ -40,7 +41,6 @@ profile evince @{exec_path} {
|
|||
owner @{PROC}/@{pid}/fd/ r,
|
||||
owner @{PROC}/@{pid}/mountinfo r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
include if exists <local/evince>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}bin/firecfg
|
||||
profile firecfg @{exec_path} flags=(attach_disconnected) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
||||
capability dac_read_search,
|
||||
|
|
@ -34,7 +35,6 @@ profile firecfg @{exec_path} flags=(attach_disconnected) {
|
|||
@{user_share_dirs}/applications/ r,
|
||||
@{user_share_dirs}/applications/*.desktop rw,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
deny /apparmor/.null rw,
|
||||
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ include <tunables/global>
|
|||
@{exec_path} = /{usr/,}bin/fwupdmgr
|
||||
profile fwupdmgr @{exec_path} flags=(attach_disconnected,complain) {
|
||||
include <abstractions/base>
|
||||
include <abstractions/consoles>
|
||||
include <abstractions/dbus-strict>
|
||||
include <abstractions/dconf-write>
|
||||
include <abstractions/nameservice-strict>
|
||||
|
|
@ -42,7 +43,6 @@ profile fwupdmgr @{exec_path} flags=(attach_disconnected,complain) {
|
|||
|
||||
owner @{PROC}/@{pid}/fd/ r,
|
||||
|
||||
/dev/tty rw,
|
||||
|
||||
profile dbus {
|
||||
include <abstractions/base>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue