felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

tty and pts are part of abstractions/consoles

Browse source
This commit is contained in:
Jeroen Rijken 2022-08-01 18:30:03 +02:00 committed by Alex
parent 7ee9644325
commit 005dec1a53
59 changed files with 58 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

3
apparmor.d/profiles-m-r/mount-zfs
View file

@ -9,14 +9,13 @@ include <tunables/global>
@{exec_path} = /{usr/,}{s,}bin/mount.zfs
profile mount-zfs @{exec_path} flags=(complain) {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/nameservice-strict>
capability sys_admin, # To mount anything.
@{exec_path} mr,
/dev/pts/[0-9]* rw,
@{MOUNTDIRS}/ r,
@{MOUNTS}/ r,
@{MOUNTS}/*/ r,

2
apparmor.d/profiles-m-r/needrestart-iucode-scan-versions
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}lib/needrestart/iucode-scan-versions
profile needrestart-iucode-scan-versions @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
@{exec_path} mr,
@ -29,7 +30,6 @@ profile needrestart-iucode-scan-versions @{exec_path} {
@{sys}/devices/system/cpu/cpu[0-9]*/microcode/processor_flags r,
/dev/tty rw,
include if exists <local/needrestart-iucode-scan-versions>
}

2
apparmor.d/profiles-m-r/pass
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/pass
profile pass @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/nameservice-strict>
@{exec_path} mr,
@ -65,7 +66,6 @@ profile pass @{exec_path} {
@{PROC}/sys/kernel/osrelease r,
@{PROC}/uptime r,
/dev/tty rw,
profile editor {
include <abstractions/base>

2
apparmor.d/profiles-m-r/pkttyagent
View file

@ -10,6 +10,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}bin/pkttyagent
profile pkttyagent @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/dbus-strict>
include <abstractions/nameservice-strict>
@ -39,7 +40,6 @@ profile pkttyagent @{exec_path} {
owner @{PROC}/@{pids}/stat r,
/dev/tty rw,
include if exists <local/pkttyagent>
}

2
apparmor.d/profiles-m-r/resolvconf
View file

@ -9,6 +9,7 @@ include <tunables/global>
@{exec_path} = /{usr/,}sbin/resolvconf
profile resolvconf @{exec_path} {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/nameservice-strict>
@{exec_path} mr,
@ -33,7 +34,6 @@ profile resolvconf @{exec_path} {
owner @{run}/resolvconf/{,**} rw,
owner @{run}/resolvconf/run-lock wk,
/dev/tty rw,
include if exists <local/resolvconf>
}